COMPTIA NEWS: SY0-401 Exam Questions has been Updated Today! Get Latest SY0-401 VCE and SY0-401 PDF Instantly! Welcome to Download the Newest Braindump2go SY0-401 VCE&SY0-401 PDF Dumps: http://www.braindump2go.com/sy0-401.html (1220 Q&As)

Quick and Effective CompTIA SY0-401 Exam Preparation Options – Braindump2go new released SY0-401 Exam Dumps Questions! CompTIA Official SY0-401 relevant practice tests are available for Instant downloading at Braindump2go! PDF and VCE Formates, easy to use and install! 100% Success Achievement Guaranteed!

Exam Code: SY0-401
Exam Name: CompTIA Security+
Certification Provider: CompTIA
Corresponding Certification: CompTIA Security+

SY0-401 Dump,SY0-401 PDF,SY0-401 VCE,SY0-401 Braindump,SY0-401 Study Guide,SY0-401 Study Guide PDF,SY0-401 Objectives,SY0-401 Practice Test,SY0-401 Practice Exam,SY0-401 Performance Based Questions,SY0-401 Exam Questions,SY0-401 Exam Dumps,SY0-401 Exam PDF,SY0-401 Dumps Free,SY0-401 Dumps PDF

QUESTION 141
Which of the following is the BEST approach to perform risk mitigation of user access control rights?

A.    Conduct surveys and rank the results.
B.    Perform routine user permission reviews.
C.    Implement periodic vulnerability scanning.
D.    Disable user accounts that have not been used within the last two weeks.

Answer: B
Explanation:
Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. User permissions may be the most basic aspect of security and is best coupled with a principle of least privilege. And related to permissions is the concept of the access control list (ACL). An ACL is literally a list of who can access what resource and at what level. Thus the best risk mitigation steps insofar as access control rights are concerned, is the regular/routine review of user permissions.

QUESTION 142
An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?

A.    User rights reviews
B.    Least privilege and job rotation
C.    Change management
D.    Change Control

Answer: A
Explanation:
A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. This means that a user rights review will reveal whether user accounts have been assigned according to their `new’ job descriptions , or if there are privilege creep culprits after transfers has occurred.

QUESTION 143
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation.
Which of the following BEST describes the procedure and security rationale for performing such reviews?

A.    Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.
B.    Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.
C.    Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.
D.    Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.

Answer: A
Explanation:
Reviewing user permissions and group memberships form part of a privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation.

QUESTION 144
Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials.
The security analyst has been tasked to update the security policy.
Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?

A.    User rights and permissions review
B.    Configuration management
C.    Incident management
D.    Implement security controls on Layer 3 devices

Answer: A
Explanation:
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions. Also reviewing user rights and permissions will afford the security analyst the opportunity to put the principle of least privilege in practice as well as update the security policy

QUESTION 145
Which of the following assets is MOST likely considered for DLP?

A.    Application server content
B.    USB mass storage devices
C.    Reverse proxy
D.    Print server

Answer: B
Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.
A USB presents the most likely device to be used to steal data because of its physical size.

QUESTION 146
The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?

A.    HPM technology
B.    Full disk encryption
C.    DLP policy
D.    TPM technology

Answer: C
Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. The Software as a Service (SaaS) applications are remotely run over the Web and as such requires DLP monitoring.

QUESTION 147
Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?

A.    Email scanning
B.    Content discovery
C.    Database fingerprinting
D.    Endpoint protection

Answer: D
Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. DLP systems share commonality with network intrusion prevention systems. Endpoint protection provides security and management over both physical and virtual environments.

QUESTION 148
A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information?

A.    Automatically encrypt impacted outgoing emails
B.    Automatically encrypt impacted incoming emails
C.    Monitor impacted outgoing emails
D.    Prevent impacted outgoing emails

Answer: A
Explanation:
Encryption is done to protect confidentiality and integrity of data. It also provides authentication, nonrepudiation and access control to the data. Since all emails go through a DLP scanner and it is outgoing main that requires protection then the best option is to put a system in place that will encrypt the outgoing emails automatically.

QUESTION 149
Which of the following is a best practice when a mistake is made during a forensics examination?

A.    The examiner should verify the tools before, during, and after an examination.
B.    The examiner should attempt to hide the mistake during cross-examination.
C.    The examiner should document the mistake and workaround the problem.
D.    The examiner should disclose the mistake and assess another area of the disc.

Answer: C
Explanation:
Every step in an incident response should be documented, including every action taken by end users and the incident-response team.

QUESTION 150
An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?

A.    Using a software file recovery disc
B.    Mounting the drive in read-only mode
C.    Imaging based on order of volatility
D.    Hashing the image after capture

Answer: B
Explanation:
Mounting the drive in read-only mode will prevent any executable commands from being executed. This is turn will have the least impact on potential evidence using the drive in question.


All the 1220 Questions and Answers in Braindump2go SY0-401 Exam Dumps are the latest SY0-401 Real Exam Questions not just SY0-401 Practice Tests Questions! Braindump2gp CompTIA SY0-401 Exam Dumps PDF&VCE Guarantees you 100% Pass SY0-401 Exam! Braindump2go Can Provide the Latest SY0-401 Dumps Questions from CompTIA Official Exam Center for You!


FREE DOWNLOAD: NEW UPDATED SY0-401 PDF Dumps & SY0-401 VCE Dumps from Braindump2go: http://www.braindump2go.com/sy0-401.html (1220 Q&A)