Download New Updated (July) CompTIA SY0-401 Actual Test 591-600

Ensurepass

 

 

QUESTION 591

Ann, a security analyst, is preparing for an upcoming security audit. To ensure that she identifies unapplied security controls and patches without attacking or compromising the system, Ann would use which of the following?

 

A.

Vulnerability scanning

B.

SQL injection

C.

Penetration testing

D.

Antivirus update

 

Correct Answer: A

 

 

QUESTION 592

Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?

 

A.

Routine log audits

B.

Job rotation

C.

Risk likelihood assessment

D.

Separation of duties

 

Correct Answer: A

 

 

QUESTION 593

Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO).

 

A.

110

B.

137

C.

139

D.

143

E.

161

F.

443

 

Correct Answer: BC

 

 

QUESTION 594

Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?

 

A.

Disable default SSID broadcasting.

B.

Use WPA instead of WEP encryption.

C.

Lower the access point’s power settings.

D.

Implement MAC filtering on the access point.

 

Correct Answer: D

 

 

QUESTION 595

After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described?

 

A.

Trusted OS

B.

Mandatory access control

C.

Separation of duties

D.

Single sign-on

 

Correct Answer: D

 

 

QUESTION 596

Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?

 

A.

Disk encryption

B.

Encryption policy

C.

Solid state drive

D.

Mobile device policy

 

Correct Answer: A

 

 

QUESTION 597

When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;–” and “or 1=1 –“) were input instead of the expected letters and numbers. Which of the following is the MOST likely reason for the unusual results?

 

A.

The user is attempting to highjack the web server session using an open-source browser.

B.

The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.

C.

The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.

D.

The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

 

Correct Answer: D

 

 

QUESTION 598

When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).

 

A.

Methods and templates to respond to press requests, institutional and regulatory reporting requirements.

B.

Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.

C.

Developed recovery strategies, test plans, post-test evaluation and update processes.

D.

Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential.

E.

Methods to review and report on system logs, incident response, and incident handling.

 

Correct Answer: AB

 

 

QUESTION 599

Key elements of a business impact analysis should include which of the following tasks?

 

A.

Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.

B.

Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.

C.

Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.

D.

Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.

 

Correct Answer: D

 

 

QUESTION 600

End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:

 

A.

Date of birth.

B.

First and last name.

C.

Phone number.

D.

Employer name.

 

Correct Answer: A

 

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in SY0-401 Real Tests (July) and tagged , , , , , , . Bookmark the permalink.