Master the comptia security+ sy0 401 pdf CompTIA Security+ Certification content and be ready for exam day success quickly with this Pass4sure sy0 401 braindump pdf exam. We guarantee it!We make it a reality and give you real comptia security+ get certified get ahead sy0 401 study guide questions in our CompTIA security+ sy0 401 braindumps.Latest 100% VALID CompTIA sy0 401 practice exam Exam Questions Dumps at below page. You can use our CompTIA comptia security+ sy0 401 braindumps and pass your exam.

Q401. Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding? 

A. Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing. 

B. MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high. 

C. MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities. 

D. MOUs between two companies working together cannot be held to the same legal standards as SLAs. 

Answer:

Explanation: 

The Memorandum of Understanding This document is used in many settings in the information industry. It is a brief summary of which party is responsible for what portion of the work. For example, Company A may be responsible for maintaining the database server and Company B may be responsible for telecommunications. MOUs are not legally binding but they carry a degree of seriousness and mutual respect, stronger than a gentlemen’s agreement. Often, MOUs are the first steps towards a legal contract. 


Q402. Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed. 

Which of the following would be the BEST control to implement? 

A. File encryption 

B. Printer hardening 

C. Clean desk policies 

D. Data loss prevention 

Answer:

Explanation: 

Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. This would address the concerns of the auditors. 


Q403. The use of social networking sites introduces the risk of: 

A. Disclosure of proprietary information 

B. Data classification issues 

C. Data availability issues 

D. Broken chain of custody 

Answer:

Explanation: 

People and processes must be in place to prevent the unauthorized disclosure or proprietary information and sensitive information s these pose a security risk to companies. With social networking your company can be exposed to as many threats as the amount of users that make use of social networking and are not advised on security policy regarding the use of social networking. 


Q404. DRAG DROP 

Drag the items on the left to show the different types of security for the shown devices. Not all fields need to be filled. Not all items need to be used. 

Answer: 

Explanation: 

Mobile Device Security GPS tracking Remote wipe 

Device Encryption 

Strong password 

Server in Data Center Security 

FM-200 

Biometrics 

Proximity Badges 

Mantrap 

For mobile devices, at bare minimum you should have the following security measures in place: 

Screen lock, Strong password, Device encryption, Remote wipe/Sanitation, voice encryption, GPS tracking, Application control, Storage segmentation, Asset tracking as well as Device Access control. 

For servers in a data center your security should include: Fire extinguishers such as FM200 as part of fire suppression; Biometric, proximity badges, mantraps, HVAC, cable locks; these can all be physical security measures to control access to the server. 

References: 

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, 

Indianapolis, 2014, p 418 


Q405. A security administrator at a company which implements key escrow and symmetric encryption only, needs to decrypt an employee's file. The employee refuses to provide the decryption key to the file. Which of the following can the administrator do to decrypt the file? 

A. Use the employee's private key 

B. Use the CA private key 

C. Retrieve the encryption key 

D. Use the recovery agent 

Answer:

Explanation: 


Q406. A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default? 

A. 20 

B. 21 

C. 22 

D. 23 

Answer:

Explanation: 

When establishing an FTP session, clients start a connection to an FTP server that listens on TCP port 21 by default. 


Q407. A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices? 

A. Privacy Policy 

B. Security Policy 

C. Consent to Monitoring Policy 

D. Acceptable Use Policy 

Answer:

Explanation: 


Q408. Public keys are used for which of the following? 

A. Decrypting wireless messages 

B. Decrypting the hash of an electronic signature 

C. Bulk encryption of IP based email traffic 

D. Encrypting web browser traffic 

Answer:

Explanation: 

The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic. 


Q409. Several employee accounts appear to have been cracked by an attacker. Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO). 

A. Increase password complexity 

B. Deploy an IDS to capture suspicious logins 

C. Implement password history 

D. Implement monitoring of logins 

E. Implement password expiration 

F. Increase password length 

Answer: A,F 

Explanation: 

The more difficult a password is the more difficult it is to be cracked by an attacker. By increasing 

the password complexity you make it more difficult. 

Passwords that are too short can easily be cracked. The more characters used in a password, 

combined with the increased complexity will mitigate password cracking attacks. 


Q410. Which of the following is characterized by an attacker attempting to map out an organization’s staff hierarchy in order to send targeted emails? 

A. Whaling 

B. Impersonation 

C. Privilege escalation 

D. Spear phishing 

Answer:

Explanation: 

A whaling attack is targeted at company executives. Mapping out an organization’s staff hierarchy to determine who the people at the top are is also part of a whaling attack. Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles. Hackers who engage in whaling often describe these efforts as "reeling in a big fish," applying a familiar metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber threats.