What can get from Dumpsbase CompTIA SY0-401 exam dumps? You can get the latest CompTIA Security+ Certification SY0-401 exam dumps questions for you to prepare the test well. Dumpsbase SY0-401 exam dumps are edited by CompTIA certified experts, who have taken CompTIA SY0-401 exam and passed it successfully.
CompTIA SY0-401 Exam Type and Score
Generally, each CompTIA exam questions have different types, such as Multiple choice, Multiple response, Fill in the blank, Drag and drop, Exhibits and Performance-based. When you take CompTIA CompTIA Security+ SY0-401 exam, you may see some or all of these question types. After you complete CompTIA SY0-401 exam, the score will be shown on your screen immediately.
SY0-401 Dumps Free Update Service
Dumpsbase provide free update for CompTIA CompTIA Security+ SY0-401 dumps in one year from the date of purchase. During this period, you can contact us to get free update for CompTIA Security+ Certification SY0-401 exam dumps questions via email or online live support. If it is out of a year, we can also provide a coupon code for you to re-purchase CompTIA SY0-401 exam dumps.
Question No : 1
Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?
A. Incident management
B. Clean desk policy
C. Routine audits
D. Change management
Question No : 2
A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them.
Question No : 3
The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?
A. Business Impact Analysis
B. First Responder
C. Damage and Loss Control
D. Contingency Planning
Question No : 4
A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal?
B. Environmental monitoring
D. EMI shielding
Question No : 5
A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?
A. Account lockout policy
B. Account password enforcement
C. Password complexity enabled
D. Separation of duties
Question No : 6
Which of the following means of wireless authentication is easily vulnerable to spoofing?
A. MAC Filtering
B. WPA - LEAP
C. WPA - PEAP
D. Enabled SSID
Question No : 7
Joe, the system administrator, is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Joe take into consideration?
A. A disk-based image of every computer as they are being replaced.
B. A plan that skips every other replaced computer to limit the area of affected users.
C. An offsite contingency server farm that can act as a warm site should any issues appear.
D. A back-out strategy planned out anticipating any unforeseen problems that may arise.
Question No : 8
Which of the following concepts is a term that directly relates to customer privacy considerations?
A. Data handling policies
B. Personally identifiable information
C. Information classification
D. Clean desk policies
Question No : 9
An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame.
Which of the following strategies would the administrator MOST likely implement?
A. Full backups on the weekend and incremental during the week
B. Full backups on the weekend and full backups every day
C. Incremental backups on the weekend and differential backups every day
D. Differential backups on the weekend and full backups every day
Question No : 10
Topic 2, Compliance and Operational Security
Three of the primary security control types that can be implemented are.
A. Supervisory, subordinate, and peer.
B. Personal, procedural, and legal.
C. Operational, technical, and management.
D. Mandatory, discretionary, and permanent.
Question No : 11
Which of the following concepts are included on the three sides of the "security triangle"? (Select THREE).
Answer: A, B, C
Question No : 12
A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO).
A. Patch Audit Policy
B. Change Control Policy
C. Incident Management Policy
D. Regression Testing Policy
E. Escalation Policy
F. Application Audit Policy
Answer: B, D
Question No : 13
The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?
A. Lessons Learned
Question No : 14
Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?
Question No : 15
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?
A. Eye Witness
B. Data Analysis of the hard drive
C. Chain of custody
D. Expert Witness
Question No : 16
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?
A. Matt should implement access control lists and turn on EFS.
B. Matt should implement DLP and encrypt the company database.
C. Matt should install Truecrypt and encrypt the company server.
D. Matt should install TPMs and encrypt the company database.
Question No : 17
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
A. Conduct surveys and rank the results.
B. Perform routine user permission reviews.
C. Implement periodic vulnerability scanning.
D. Disable user accounts that have not been used within the last two weeks.
Question No : 18
Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?
A. Email scanning
B. Content discovery
C. Database fingerprinting
D. Endpoint protection
Question No : 19
In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?
A. Business Impact Analysis
B. IT Contingency Plan
C. Disaster Recovery Plan
D. Continuity of Operations
Question No : 20
Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process?
A. Separation of Duties
B. Mandatory Vacations
C. Discretionary Access Control
D. Job Rotation
18 Jun, 2018 2:25pm
Hello, just passed SY0-401 exam.
18 Jun, 2018 1:49am
I passed it with 94%.
17 Jun, 2018 3:01pm
Real questions! Real dumps! Thank you!
Glad to receive your SY0-401 dumps.
16 Jun, 2018 5:58am
I took SY0-401 exam last Friday and passed it.
15 Jun, 2018 4:54am
This is Jane, i have passed SY0-401 exam.
15 Jun, 2018 12:05am
I passed SY0-401 exam with score 420 at bangalore, india.
Some similar or invalid comments have been hidden.