Exambible offers free demo for comptia sy0 401 exam. "CompTIA Security+ Certification", also known as comptia security+ sy0 401 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA comptia security+ study guide sy0 401 exam, will help you answer those questions. The sy0 401 practice exam Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA sy0 401 braindump exams and revised by experts!


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q651. The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO). 

A. Fire- or water-proof safe. 

B. Department door locks. 

C. Proximity card. 

D. 24-hour security guard. 

E. Locking cabinets and drawers. 

Answer: A,E 

Explanation: 

Using a safe and locking cabinets to protect backup media, documentation, and any other physical artifacts that could do harm if they fell into the wrong hands would form part of keeping employees desks clean as in a clean desk policy. 


Q652. In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified? 

A. Security control frameworks 

B. Best practice 

C. Access control methodologies 

D. Compliance activity 

Answer:

Explanation: 

Best practices are based on what is known in the industry and those methods that have consistently shown superior results over those achieved by other means. Furthermore best practices are applied to all aspects in the work environment. 


Q653. Which of the following technologies uses multiple devices to share work? 

A. Switching 

B. Load balancing 

C. RAID 

D. VPN concentrator 

Answer:

Explanation: 

Load balancing is a way of providing high availability by splitting the workload across multiple computers. 


Q654. Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab? 

A. Armored virus 

B. Polymorphic malware 

C. Logic bomb 

D. Rootkit 

Answer:

Explanation: 

An armored virus is a type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult. An Armored Virus may also protect itself from antivirus programs, making it more difficult to trace. To do this, the Armored Virus attempts to trick the antivirus program into believing its location is somewhere other than where it really is on the system. 


Q655. Which of the following provides the BEST application availability and is easily expanded as demand grows? 

A. Server virtualization 

B. Load balancing 

C. Active-Passive Cluster 

D. RAID 6 

Answer:

Explanation: 

Load balancing is a way of providing high availability by splitting the workload across multiple computers. 


Q656. A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting? 

A. DoS 

B. Account lockout 

C. Password recovery 

D. Password complexity 

Answer:

Explanation: 

B: Account lockout automatically disables an account due to repeated failed log on attempts. The hacker must have executed a script to repeatedly try logging on to the remote accounts, forcing the account lockout policy to activate. 


Q657. An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to integrate the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal? 

A. Unified Threat Management 

B. Virtual Private Network 

C. Single sign on 

D. Role-based management 

Answer:

Explanation: 

Unified Threat Management (UTM) is, basically, the combination of a firewall with other abilities. 

These abilities include intrusion prevention, antivirus, content filtering, etc. Advantages of 

combining everything into one: 

You only have one product to learn. 

You only have to deal with a single vendor. 

IT provides reduced complexity. 


Q658. While rarely enforced, mandatory vacation policies are effective at uncovering: 

A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems. 

B. Collusion between two employees who perform the same business function. 

C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team. 

D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight. 

Answer:

Explanation: 

Least privilege (privilege reviews) and job rotation is done when mandatory vacations are implemented. Then it will uncover areas where the system administrators neglected to check all users’ privileges since the other users must fill in their positions when they are on their mandatory vacation. 


Q659. Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device? 

A. Man-in-the-middle 

B. Bluejacking 

C. Bluesnarfing 

D. Packet sniffing 

Answer:

Explanation: 

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames. 


Q660. A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources. Which of the following technologies would be used to accomplish this goal? 

A. NIDS 

B. NAC 

C. DLP 

D. DMZ 

E. Port Security 

Answer:

Explanation: