Point Checklist: comptia security+ study guide sy0 401

♥♥ 2018 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html

Master the sy0 401 pdf CompTIA Security+ Certification content and be ready for exam day success quickly with this Ucertify sy0 401 practice test vce. We guarantee it!We make it a reality and give you real sy0 401 dump questions in our CompTIA sy0 401 practice test braindumps.Latest 100% VALID CompTIA sy0 401 practice test Exam Questions Dumps at below page. You can use our CompTIA comptia security+ get certified get ahead sy0 401 study guide braindumps and pass your exam.

Q121. A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as: 

A. Black box testing 

B. White box testing 

C. Black hat testing 

D. Gray box testing 



Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place. 

Q122. Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. 

Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. 

Which of the following should Sara do to address the risk? 

A. Accept the risk saving $10,000. 

B. Ignore the risk saving $5,000. 

C. Mitigate the risk saving $10,000. 

D. Transfer the risk saving $5,000. 



Risk transference involves sharing some of the risk burden with someone else, such as an insurance company. The cost of the security breach over a period of 5 years would amount to $30,000 and it is better to save $5,000. 

Q123. Identifying residual risk is MOST important to which of the following concepts? 

A. Risk deterrence 

B. Risk acceptance 

C. Risk mitigation 

D. Risk avoidance 



Risk acceptance is often the choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition. To truly qualify as acceptance, it cannot be a risk where the administrator or manager is unaware of its existence; it has to be an identified risk for which those involved understand the potential cost or damage and agree to accept it. Residual risk is always present and will remain a risk thus it should be accepted (risk acceptance) 

Q124. The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the following? 

A. The risks associated with the large capacity of USB drives and their concealable nature 

B. The security costs associated with securing the USB drives over time 

C. The cost associated with distributing a large volume of the USB pens 

D. The security risks associated with combining USB drives and cell phones on a network 



USB drive and other USB devices represent a security risk as they can be used to either bring malicious code into a secure system or to copy and remove sensitive data out of the system. 

Q125. Which of the following protocols provides transport security for virtual terminal emulation? 







Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is available for use on Windows systems as well. This makes it the preferred method of security for Telnet and other cleartext oriented programs in the Unix environment. 

Q126. ION NO: 93 Which of the following is an advantage of implementing individual file encryption on a hard drive which already deploys full disk encryption? 

A. Reduces processing overhead required to access the encrypted files 

B. Double encryption causes the individually encrypted files to partially lose their properties 

C. Individually encrypted files will remain encrypted when copied to external media 

D. File level access control only apply to individually encrypted files in a fully encrypted drive 



With full disk encryption a file is encrypted as long as it remains on the disk. This is because the data on the disk is decrypted when the user logs on, thus the data is in a decrypted form when it is copied to another disk. Individually encrypted files on the other hand remain encrypted. 

Q127. A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO). 

A. Detect security incidents 

B. Reduce attack surface of systems 

C. Implement monitoring controls 

D. Hardening network devices 

E. Prevent unauthorized access 

Answer: A,C 


By monitoring security logs, installing security cameras and analyzing trend reports, the security analyst is implementing monitoring controls. With the monitoring controls in place, by monitoring the security logs, reviewing the footage from the security cameras and analyzing trend reports, the security analyst is able to detect security incidents. 

Q128. Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company’s information systems? 

A. Acceptable Use Policy 

B. Privacy Policy 

C. Security Policy 

D. Human Resource Policy 



Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. 

Q129. Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks? 

A. Malicious logic 

B. Cross-site scripting 

C. SQL injection 

D. Buffer overflow 



Q130. Ann is an employee in the accounting department and would like to work on files from her home computer. She recently heard about a new personal cloud storage service with an easy web interface. Before uploading her work related files into the cloud for access, which of the following is the MOST important security concern Ann should be aware of? 

A. Size of the files 

B. Availability of the files 

C. Accessibility of the files from her mobile device 

D. Sensitivity of the files 



Click to learn more regarding http://www.exam4collection.com/vce/SY0-401/