[Free] Download New Updated (February 2016) CompTIA SY0-401 Practice Tests 1061-1070

Ensurepass

QUESTION 1061

A technician wants to verify the authenticity of the system files of a potentially compromised system. Which of the following can the technician use to verify if a system file was compromised? (Select TWO).

 

A.

AES

B.

PGP

C.

SHA

D.

MD5

E.

ECDHE

 

Correct Answer: CD

 

 

QUESTION 1062

Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent penetration test reveals vulnerabilities on the network. Which of the following has been reported by the vulnerability scan?

 

A.

Passive scan

B.

Active scan

C.

False positive

D.

False negative

 

Correct Answer: D

 

 

QUESTION 1063

Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)?

 

A.

Co-hosted application

B.

Transitive trust

C.

Mutually exclusive access

D.

Dual authentication

Correct Answer: B

 

 

QUESTION 1064

During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization. Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization?

 

A.

Hostile takeovers

B.

Large scale natural disasters

C.

Malware and viruses

D.

Corporate espionage

 

Correct Answer: C

 

 

QUESTION 1065

Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing?

 

A.

OS hardening

B.

Application control

C.

Virtualization

D.

Sandboxing

 

Correct Answer: C

 

 

QUESTION 1066

An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users’ home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select TWO).

 

A.

Enforcing SELinux in the OS kernel is role-based access control

B.

Enforcing SELinux in the OS kernel is rule-based access control

C.

The policy added by the root user is mandatory access control

D.

Enforcing SELinux in the OS kernel is mandatory access control

E.

The policy added by the root user is role-based access control

F.

The policy added by the root user is rule-based access control

 

Correct Answer: DF

 

 


QUESTION 1067

A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices?

 

A.

Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED hardware.

B.

A malicious employee can gain the SED encryption keys through software extraction allowing access to other laptops.

C.

If the laptop does not use a Secure Boot BIOS, the SED hardware is not enabled allowing full  data access.

D.

Laptops that are placed in a sleep mode allow full data access when powered back on.

 

Correct Answer: D

 

 

QUESTION 1068

Establishing a method to erase or clear cluster tips is an example of securing which of the following?

 

A.

Data in transit

B.

Data at rest

C.

Data in use

D.

Data in motion

 

Correct Answer: B

 

 

QUESTION 1069

Which of the following documents outlines the technical and security requirements of an agreement between organizations?

 

A.

BPA

B.

RFQ

C.

ISA

D.

RFC

 

Correct Answer: C

 

 

QUESTION 1070

Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and report any findings. Which of the following is the FIRST step of action recommended in this scenario?

 

A.

Baseline Reporting

B.

Capability Maturity Model

C.

Code Review

D.

Quality Assurance and Testing

 

Correct Answer: C

 

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in SY0-401 Practice Tests (February 2016) and tagged , , , , , , , . Bookmark the permalink.