[Free] 2018(June) Ensurepass CompTIA SY0-401 Dumps with VCE and PDF 841-850

Ensurepass.com : Ensure you pass the IT Exams
2018 May CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 841 – (Topic 4)

A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO).

  1. SSH

  2. TFTP

  3. NTLM

  4. TKIP

  5. SMTP

  6. PGP/GPG

Answer: A,F Explanation:

We can use SSH to encrypt the transmission and PGP/GPG to encrypt the data at rest (on disk).

A: Secure Shell (SSH) is a cryptographic protocol that can be used to secure network communication. It establishes a secure tunnel over an insecure network.

F: Pretty Good Privacy (PGP) is a data encryption and decryption solution that can be used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.

Question No: 842 – (Topic 4)

A Human Resources user is issued a virtual desktop typically assigned to Accounting

employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices?

  1. Black listing applications

  2. Operating System hardening

  3. Mandatory Access Control

  4. Patch Management

Answer: B Explanation:

Operating System hardening is the process of securing the operating system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

Question No: 843 – (Topic 4)

A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task?

  1. Secure coding

  2. Fuzzing

  3. Exception handling

  4. Input validation

Answer: B Explanation:

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

Question No: 844 – (Topic 4)

An administrator finds that non-production servers are being frequently compromised, production servers are rebooting at unplanned times and kernel versions are several

releases behind the version with all current security fixes. Which of the following should the administrator implement?

  1. Snapshots

  2. Sandboxing

  3. Patch management

  4. Intrusion detection system

Answer: C Explanation:

Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities.

Question No: 845 – (Topic 4)

An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?

  1. Cluster tip wiping

  2. Individual file encryption

  3. Full disk encryption

  4. Storage retention

Answer: A Explanation:

A computer hard disk is divided into small segments called clusters. A file usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted.

Question No: 846 – (Topic 4)

Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of

the code, is BEST described as which of the following?

  1. Output sanitization

  2. Input validation

  3. Application hardening

  4. Fuzzing

Answer: B Explanation:

Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

Question No: 847 – (Topic 4)

A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs.

Which of the following should the administrator use to test the patching process quickly and often?

  1. Create an incremental backup of an unpatched PC

  2. Create an image of a patched PC and replicate it to servers

  3. Create a full disk image to restore after each installation

  4. Create a virtualized sandbox and utilize snapshots

Answer: D Explanation:

Sandboxing is the process of isolating a system before installing new applications or patches on it so as to restrict the software from being able to cause harm to production systems.

Before the patch is installed, a snapshot of the system should be taken. Snapshots are backups that can be used to quickly recover from poor updates, and errors arising from newly installed applications.

Question No: 848 – (Topic 4)

Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?

  1. It should be enforced on the client side only.

  2. It must be protected by SSL encryption.

  3. It must rely on the user’s knowledge of the application.

  4. It should be performed on the server side.

Answer: D Explanation:

Client-side validation should only be used to improve user experience, never for security purposes. A client-side input validation check can improve application performance by catching malformed input on the client and, therefore, saving a roundtrip to the server.

However, client side validation can be easily bypassed and should never be used for security purposes. Always use server-side validation to protect your application from malicious attacks.

Question No: 849 – (Topic 4)

Which of the following is an important step in the initial stages of deploying a host-based firewall?

  1. Selecting identification versus authentication

  2. Determining the list of exceptions

  3. Choosing an encryption algorithm

  4. Setting time of day restrictions

Answer: B Explanation:

A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet. These firewalls manage network traffic using filters to block certain ports and protocols while allowing others to pass through the system.

Question No: 850 – (Topic 4)

Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need?

  1. Implement voice encryption, pop-up blockers, and host-based firewalls.

  2. Implement firewalls, network access control, and strong passwords.

  3. Implement screen locks, device encryption, and remote wipe capabilities.

  4. Implement application patch management, antivirus, and locking cabinets.

Answer: C

Explanation: Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications.

Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.

100% Ensurepass Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
SY0-401 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.