COMPTIA NEWS: SY0-401 Exam Questions has been Updated Today! Get Latest SY0-401 VCE and SY0-401 PDF Instantly! Welcome to Download the Newest Braindump2go SY0-401 VCE&SY0-401 PDF Dumps: (1220 Q&As)

2015 Timesaving Comprehensive Guides For CompTIA SY0-401 Exam: Using Latst Released Braindump2go SY0-401 Practice Tests Questions, Quickly Pass SY0-401 Exam 100%! Following Questions and Answers are all the New Published By CompTIA Official Exam Center!

Exam Code: SY0-401
Exam Name: CompTIA Security+
Certification Provider: CompTIA
Corresponding Certification: CompTIA Security+

SY0-401 Dump,SY0-401 PDF,SY0-401 VCE,SY0-401 Braindump,SY0-401 Study Guide,SY0-401 Study Guide PDF,SY0-401 Objectives,SY0-401 Practice Test,SY0-401 Practice Exam,SY0-401 Performance Based Questions,SY0-401 Exam Questions,SY0-401 Exam Dumps,SY0-401 Exam PDF,SY0-401 Dumps Free,SY0-401 Dumps PDF

Three of the primary security control types that can be implemented are.

A.    Supervisory, subordinate, and peer.
B.    Personal, procedural, and legal.
C.    Operational, technical, and management.
D.    Mandatory, discretionary, and permanent.

Answer: C
The National Institute of Standards and Technology (NIST) places controls into various types. The control types fall into three categories: Management, Operational, and Technical.

Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?

A.    Authentication
B.    Blacklisting
C.    Whitelisting
D.    Acceptable use policy

Answer: C
White lists are closely related to ACLs and essentially, a white list is a list of items that are allowed.

To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?

A.    Management
B.    Administrative
C.    Technical
D.    Operational

Answer: C
controls such as preventing unauthorized access to PC’s and applying screensavers that lock the PC after five minutes of inactivity is a technical control type, the same as Identification and Authentication, Access Control, Audit and Accountability as well as System and Communication Protection.

Which of the following is a management control?

A.    Logon banners
B.    Written security policy
C.    SYN attack prevention
D.    Access Control List (ACL)

Answer: B
Management control types include risk assessment, planning, systems and Services Acquisition as well as Certification, Accreditation and Security Assessment; and written security policy falls in this category.

Which of the following can result in significant administrative overhead from incorrect reporting?

A.    Job rotation
B.    Acceptable usage policies
C.    False positives
D.    Mandatory vacations

Answer: C
False positives are essentially events that are mistakenly flagged and are not really events to be concerned about. This causes a significant administrative overhead because the reporting is what results in the false positives.

A vulnerability scan is reporting that patches are missing on a server.
After a review, it is determined that the application requiring the patch does not exist on the operating system.
Which of the following describes this cause?

A.    Application hardening
B.    False positive
C.    Baseline code review
D.    False negative

Answer: B
False positives are essentially events that are mistakenly flagged and are not really events to be concerned about.

Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?

A.    True negatives
B.    True positives
C.    False positives
D.    False negatives

Answer: C
False positives are essentially events that are mistakenly flagged and are not really events to be concerned about.

Which of the following is an example of a false negative?

A.    The IDS does not identify a buffer overflow.
B.    Anti-virus identifies a benign application as malware.
C.    Anti-virus protection interferes with the normal operation of an application.
D.    A user account is locked out after the user mistypes the password too many times.

Answer: A
With a false negative, you are not alerted to a situation when you should be alerted.

A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?

A.    Command shell restrictions
B.    Restricted interface
C.    Warning banners
D.    Session output pipe to /dev/null

Answer: C
Within Microsoft Windows, you have the ability to put signs (in the form of onscreen pop-up banners) that appear before the login telling similar information–authorized access only, violators will be prosecuted, and so forth. Such banners convey warnings or regulatory information to the user that they must “accept” in order to use the machine or network.
You need to make staff aware that they may legally be prosecuted and a message is best given via a banner so that all staff using workstation will get notification.

Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO).

A.    Acceptable use policy
B.    Risk acceptance policy
C.    Privacy policy
D.    Email policy
E.    Security policy

Answer: AC
Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document that outlines how data collected is secured. It should encompass information regarding the information the company collects, privacy choices you have based on your account, potential information sharing of your data with other parties, security measures in place, and enforcement. Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.

For those who feel the overwhelming anxiety before their SY0-401 exam,Braindump2go Latest updated SY0-401 Exam Dumps will help you Pass 100% in a short time preparation! SY0-401 Exam Dumps PDF & VCE Full Version Instant Download!

FREE DOWNLOAD: NEW UPDATED SY0-401 PDF Dumps & SY0-401 VCE Dumps from Braindump2go: (1220 Q&A)