★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Choose Examcollection SY0-401 together with down load SY0-401 analyze questions to get your SY0-401 test qualifications. Examcollection SY0-401 exercise thoughts are intended with thoughts, as well as actual, reasonable together with approved explanations. Each of our SY0-401 exercise test provide you with a screening experience unheard of. Each of our SY0-401 exercise analyze thoughts together with SY0-401 usually are studying under existing together with busy I . t professionals who make use of their very own expertise in organizing everyone certified for future years.

2021 Nov security+ + sy0-401:

Q381. Which of the following is described as an attack against an application using a malicious file? 

A. Client side attack 

B. Spam 

C. Impersonation attack 

D. Phishing attack 

Answer:

Explanation: 

In this question, a malicious file is used to attack an application. If the application is running on a 

client computer, this would be a client side attack. Attacking a service or application on a server 

would be a server side attack. 

Client-side attacks target vulnerabilities in client applications interacting with a malicious data. The 

difference is the client is the one initiating the bad connection. 

Client-side attacks are becoming more popular. This is because server side attacks are not as 

easy as they once were according to apache.org. 

Attackers are finding success going after weaknesses in desktop applications such as browsers, 

media players, common office applications and e-mail clients. 

To defend against client-side attacks keep-up the most current application patch levels, keep 

antivirus software updated and keep authorized software to a minimum. 


Q382. Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network? 

A. Application white listing 

B. Remote wiping 

C. Acceptable use policy 

D. Mobile device management 

Answer:

Explanation: 

Mobile device management (MDM) is allows for managing the mobile devices that employees use to access company resources. MDM is intended to improve security, provide monitoring, enable remote management, and support troubleshooting. It can be used to push or remove applications, manage data, and enforce configuration settings on these devices. 


Q383. A security technician would like to obscure sensitive data within a file so that it can be transferred without causing suspicion. Which of the following technologies would BEST be suited to accomplish this? 

A. Transport Encryption 

B. Stream Encryption 

C. Digital Signature 

D. Steganography 

Answer:

Explanation: 


Q384. The practice of marking open wireless access points is called which of the following? 

A. War dialing 

B. War chalking 

C. War driving 

D. Evil twin 

Answer:

Explanation: 

War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection, usually offering an Internet connection so that others can benefit from the free wireless access. The open connections typically come from the access points of wireless networks located within buildings to serve enterprises. The chalk symbols indicate the type of access point that is available at that specific spot. 


Q385. Identifying a list of all approved software on a system is a step in which of the following practices? 

A. Passively testing security controls 

B. Application hardening 

C. Host software baselining 

D. Client-side targeting 

Answer:

Explanation: 

Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components, operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the required level of security is being maintained. 


Up to the minute security plus sy0-401 study guide:

Q386. Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO). 

A. Tethering 

B. Screen lock PIN 

C. Remote wipe 

D. Email password 

E. GPS tracking 

F. Device encryption 

Answer: C,F 

Explanation: 

C: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people. 

F: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. 


Q387. Which of the following would Jane, an administrator, use to detect an unknown security vulnerability? 

A. Patch management 

B. Application fuzzing 

C. ID badge 

D. Application configuration baseline 

Answer:

Explanation: 

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. 


Q388. Which of the following technologies uses multiple devices to share work? 

A. Switching 

B. Load balancing 

C. RAID 

D. VPN concentrator 

Answer:

Explanation: 

Load balancing is a way of providing high availability by splitting the workload across multiple computers. 


Q389. In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified? 

A. Security control frameworks 

B. Best practice 

C. Access control methodologies 

D. Compliance activity 

Answer:

Explanation: 

Best practices are based on what is known in the industry and those methods that have consistently shown superior results over those achieved by other means. Furthermore best practices are applied to all aspects in the work environment. 


Q390. Sara, a company’s security officer, often receives reports of unauthorized personnel having access codes to the cipher locks of secure areas in the building. Sara should immediately implement which of the following? 

A. Acceptable Use Policy 

B. Physical security controls 

C. Technical controls 

D. Security awareness training 

Answer:

Explanation: 

Security awareness and training include explaining policies, procedures, and current threats to both users and management. A security awareness and training program can do much to assist in your efforts to improve and maintain security. A good security awareness training program for the entire organization should cover the following areas: Importance of security; Responsibilities of people in the organization; Policies and procedures; Usage policies; Account and password-selection criteria as well as Social engineering prevention.