http://www.examsberg.com/SY0-401-exam-dumps.

html
 SY0-401 CompTIA Security+
Certification Exam Question
Answer

http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 1
A company is rolling out a new e-commerce website. The security a
nalyst wants to reduce the risk of the new website being comprised
by confirming that system patches are up to date, application hot fix
es are current, and unneeded ports and services have been disabled.
To do this, the security analyst will perform a:

A. Vulnerability assessment
B. White box test
C. Penetration test
D. Peer review

Correct Answer: A
http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 2
Joe, a security analyst, is attempting to determine if a new server m
eets the security requirements of his organization. As a step in this p
rocess, he attempts to identify a lack of security controls and to iden
tify common misconfigurations on the server. Which of the following
is Joe attempting to complete?

A. Black hat testing

B. Vulnerability scanning
C. Black box testing
D. Penetration testing

Correct Answer: B
http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 3
Which of the following attacks initiates a connection by sending spe
cially crafted packets in which multiple TCP flags are set to 1?

A. Replay
B. Smurf
C. Xmas
D. Fraggle

Correct Answer: C

http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 4
The IT department has been tasked with reducing the risk of sensitiv
e information being shared with unauthorized entities from compute
rs it is saved on, without impeding the ability of the employees to a
ccess the internet. Implementing which of the following would be th
e best way to accomplish this objective?

A. Host-based firewalls
B. DLP
C. URL filtering
D. Pop-up blockers

Correct Answer: B
http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 5
A server crashes at 6 pm. Senior management has determined that
data must be restored within two hours of a server crash. Additionall
y, a loss of more than one hour worth of data is detrimental to the
company's financial well-being. Which of the following is the RTO?

A. 7pm
B. 8pm
C. 9pm
D. 10pm

Correct Answer: B

http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 6
To mitigate the risk of intrusion, an IT Manager is concerned with usi
ng secure versions of protocols and services whenever possible. In a
ddition, the security technician is required to monitor the types of tr
affic being generated. Which of the following tools is the technician
MOST likely to use?

A. Port scanner
B. Network analyzer
C. IPS
D. Audit Logs

Correct Answer: B
http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 7

A company hosts a web server that requires entropy in encryption i

nitialization and authentication. To meet this goal, the company wou
ld like to select a block cipher mode of operation that allows an arbi
trary length IV and supports authenticated encryption. Which of the
following would meet these objectives?

A. CFB
B. GCM
C. ECB
D. CBC

Correct Answer: B
http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 8
During a company-wide initiative to harden network security, it is dis
covered that end users who have laptops cannot be removed from t
he local administrator group. Which of the following could be used t
o help mitigate the risk of these machines becoming compromised?

A. Security log auditing

B. Firewalls
C. HIPS
D. IDS

Correct Answer: B

http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 9
An administrator receives a security alert that appears to be from o
ne of the company's vendors. The email contains information and i
nstructions for patching a serious flaw that has not been publicly an
nounced. Which of the following can an employee use to validate t
he authenticity if the email?

A. Hashing algorithm
B. Ephemeral Key
C. SSL certificate chain
D. Private key
E. Digital signature

Correct Answer: E
http://www.examsberg.com/SY0-401-exam-dumps.html
QUESTION 10
A bank is planning to implement a third factor to protect customer
ATM transactions. Which of the following could the bank implement
?

A. SMS
B. Fingerprint
C. Chip and Pin
D. OTP

Correct Answer: B

http://www.examsberg.com/SY0-401-exam-dumps.html
http://www.examsberg.com/SY0-401-exam-dumps.html