[Free] 2018(May) EnsurePass Pass4sure CompTIA SY0-401 Dumps with VCE and PDF 741-750

Ensurepass.com : Ensure you pass the IT Exams
2018 May CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 741 – (Topic 4)

The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as:

  1. Stabilizing

  2. Reinforcing

  3. Hardening

  4. Toughening

Answer: C Explanation:

Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

Question No: 742 – (Topic 4)

A team of firewall administrators have access to a `master password list’ containing service account passwords. Which of the following BEST protects the master password list?

  1. File encryption

  2. Password hashing

  3. USB encryption

  4. Full disk encryption

Answer: A Explanation:

File encryption can be used to protect the contents of individual files. It uses randomly generated symmetric encryption keys for the file and stores the key in an encrypted form using the user’s public key on the encrypted file.

Question No: 743 – (Topic 4)

Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?

  1. Unexpected input

  2. Invalid output

  3. Parameterized input

  4. Valid output

Answer: A Explanation:

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

Question No: 744 – (Topic 4)

A network administrator noticed various chain messages have been received by the company.

Which of the following security controls would need to be implemented to mitigate this issue?

  1. Anti-spam

  2. Antivirus

  3. Host-based firewalls

  4. Anti-spyware

Answer: A

Explanation: A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM).

Question No: 745 – (Topic 4)

Which of the following is built into the hardware of most laptops but is not setup for centralized management by default?

  1. Whole disk encryption

  2. TPM encryption

  3. USB encryption

  4. Individual file encryption

Answer: B Explanation:

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded

in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

Question No: 746 – (Topic 4)

Which of the following can be performed when an element of the company policy cannot be enforced by technical means?

  1. Develop a set of standards

  2. Separation of duties

  3. Develop a privacy policy

  4. User training

Answer: D Explanation:

User training is an important aspect of maintaining safety and security. It helps improve users’ security awareness in terms of prevention, enforcement, and threats. It is of critical importance when element of the company policy cannot be enforced by technical means.

Question No: 747 – (Topic 4)

After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window:

lt;HTMLgt;

lt;body onload=quot;document.getElementByID(‘badForm’).submit()quot;gt;

lt;form id=quot;badFormquot; action=quot;shoppingsite.company.com/purchase.phpquot; method=quot;postquot; gt;

lt;input name=quot;Perform Purchasequot; value=quot;Perform Purchasequot;/gt;

lt;/formgt;

lt;/bodygt;

lt;/HTMLgt;

Which of the following has MOST likely occurred?

  1. SQL injection

  2. Cookie stealing

  3. XSRF

  4. XSS

Answer: C Explanation:

XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user’s knowledge.

Question No: 748 – (Topic 4)

Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?

  1. Hard drive encryption

  2. Infrastructure as a service

  3. Software based encryption

  4. Data loss prevention

Answer: A Explanation:

Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. It should be implemented using a hardware-based solution for greater speed.

Question No: 749 – (Topic 4)

An IT security technician is actively involved in identifying coding issues for her company.

Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?

  1. Vulnerability scanning

  2. Denial of service

  3. Fuzzing

  4. Port scanning

Answer: C Explanation:

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

Question No: 750 – (Topic 4)

Establishing a method to erase or clear cluster tips is an example of securing which of the following?

  1. Data in transit

  2. Data at rest

  3. Data in use

  4. Data in motion

Answer: B Explanation:

A computer hard disk is divided into small segments called clusters. A file stored on a hard disk usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted. Data stored on the hard drive is called data at rest.

100% Ensurepass Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply