★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Our pass rate is high to 98.9% and the similarity percentage between our comptia security+ study guide sy0 401 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA sy0 401 study guide pdf exam in just one try? I am currently studying for the CompTIA security+ sy0 401 exam. Latest CompTIA sy0 401 practice test Test exam practice questions and answers, Try CompTIA sy0 401 braindump Brain Dumps First.

Q541. Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network? 

A. Cross-platform compatibility issues between personal devices and server-based applications 

B. Lack of controls in place to ensure that the devices have the latest system patches and signature files 

C. Non-corporate devices are more difficult to locate when a user is terminated 

D. Non-purchased or leased equipment may cause failure during the audits of company-owned assets 

Answer:

Explanation: 

With employees who want to bring their own devices you will have to make them understand why they cannot. You do not want them plugging in a flash drive, let alone a camera, smartphone, tablet computer, or other device, on which company fi les could get intermingled with personal files. Allowing this to happen can create situations where data can leave the building that shouldn’t as well as introduce malware to the system. Employees should not sync unauthorized smartphones to their work systems. Some smartphones use multiple wireless spectrums and unwittingly open up the possibility for an attacker in the parking lot to gain access through the phone to the internal network. Thus if you do not have controls in place then your network is definitely at risk. 


Q542. Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO). 

A. Disable the USB root hub within the OS. 

B. Install anti-virus software on the USB drives. 

C. Disable USB within the workstations BIOS. 

D. Apply the concept of least privilege to USB devices. 

E. Run spyware detection against all workstations. 

Answer: A,C 

Explanation: 

A: The USB root hub can be disabled from within the operating system. 

C: USB can also be configured and disabled in the system BIOS. 


Q543. A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons? 

A. SNMPv3 

B. TFTP 

C. SSH 

D. TLS 

Answer:

Explanation: 


Q544. A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior? 

A. Assign users passwords based upon job role. 

B. Enforce a minimum password age policy. 

C. Prevent users from choosing their own passwords. 

D. Increase the password expiration time frame. 

Answer:

Explanation: 

A minimum password age policy defines the period that a password must be used for before it can be changed. 


Q545. DRAG DROP 

You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan. 

Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit. 

Answer: 

Explanation: 

References: 

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, 

Indianapolis, 2014, p 369 


Q546. A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password? 

A. Ann’s user account has administrator privileges. 

B. Joe’s user account was not added to the group policy. 

C. Ann’s user account was not added to the group policy. 

D. Joe’s user account was inadvertently disabled and must be re-created. 

Answer:

Explanation: 

Group policy is used to manage Windows systems in a Windows network domain environment by means of a Group Policy Object (GPO). GPO’s include a number of settings related to credentials, which includes password expiration. Because Anne was not prompted to change her password, it could only mean that her user account was not added to the group policy. 


Q547. Each server on a subnet is configured to only allow SSH access from the administrator’s workstation. Which of the following BEST describes this implementation? 

A. Host-based firewalls 

B. Network firewalls 

C. Network proxy 

D. Host intrusion prevention 

Answer:

Explanation: 

A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet. These firewalls manage network traffic using filters to block certain ports and protocols while allowing others to pass through the system. 


Q548. A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of: 

A. escalation and notification. 

B. first responder. 

C. incident identification. 

D. incident mitigation. 

Answer:

Explanation: 


Q549. Which of the following would be used as a secure substitute for Telnet? 

A. SSH 

B. SFTP 

C. SSL 

D. HTTPS 

Answer:

Explanation: 

Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is available for use on Windows systems as well. This makes it the preferred method of security for Telnet and other cleartext oriented programs in the Unix environment. 


Q550. A security administrator would like to ensure that system administrators are not using the same password for both their privileged and non-privileged accounts. Which of the following security controls BEST accomplishes this goal? 

A. Require different account passwords through a policy 

B. Require shorter password expiration for non-privileged accounts 

C. Require shorter password expiration for privileged accounts 

D. Require a greater password length for privileged accounts 

Answer:

Explanation: