Braindump2go Releases New CompTIA SY0-401 Exam Dumps Free Version! (111-120)
COMPTIA NEWS: SY0-401 Exam Questions has been Updated Today! Get Latest SY0-401 VCE and SY0-401 PDF Instantly! Welcome to Download the Newest Braindump2go SY0-401 VCE&SY0-401 PDF Dumps: http://www.braindump2go.com/sy0-401.html (1220 Q&As) Quick and Effective CompTIA SY0-401 Exam Preparation Options - Braindump2go new released SY0-401 Exam Dumps Questions! CompTIA Official SY0-401 relevant practice tests are available for Instant downloading at Braindump2go! PDF and VCE Formates, easy to use and install! 100% Success Achievement Guaranteed! Exam Code: SY0-401 Exam Name: CompTIA Security+ Certification Provider: CompTIA Corresponding Certification: CompTIA Security+ SY0-401 Dump,SY0-401 PDF,SY0-401 VCE,SY0-401 Braindump,SY0-401 Study Guide,SY0-401 Study Guide PDF,SY0-401 Objectives,SY0-401 Practice Test,SY0-401 Practice Exam,SY0-401 Performance Based Questions,SY0-401 Exam Questions,SY0-401 Exam Dumps,SY0-401 Exam PDF,SY0-401 Dumps Free,SY0-401 Dumps PDF QUESTION 111 Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company's information systems? A. Acceptable Use Policy B. Privacy Policy C. Security Policy D. Human Resource Policy Answer: A Explanation: Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. QUESTION 112 Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Pete do NEXT? A. Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant. B. Tell the application development manager to code the application to adhere to the company's password policy. C. Ask the application development manager to submit a risk acceptance memo so that the issue can be documented. D. Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded. Answer: B Explanation: Since the application is violating the security policy it should be coded differently to comply with the password policy. QUESTION 113 A major security risk with co-mingling of hosts with different security requirements is: A. Security policy violations. B. Zombie attacks. C. Password compromises. D. Privilege creep. Answer: A Explanation: The entire network is only as strong as the weakest host. Thus with the co-mingling of hosts with different security requirements would be risking security policy violations. QUESTION 114 Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies? A. To ensure that false positives are identified B. To ensure that staff conform to the policy C. To reduce the organizational risk D. To require acceptable usage of IT systems Answer: C Explanation: Once risks has been identified and assessed then there are five possible actions that should be taken. These are: Risk avoidance, Risk transference, Risk mitigation, Risk deterrence and Risk acceptance. Anytime you engage in steps to reduce risk, you are busy with risk mitigation and implementing IT security policy is a risk mitigation strategy. QUESTION 115 Which of the allow Pete, a security analyst, to trigger a security alert reduce the risk of employees working in collusion to embezzle funds from their company? A. Privacy Policy B. Least Privilege C. Acceptable Use D. Mandatory Vacations Answer: D Explanation: A mandatory vacation policy requires all users to take time away from work to refresh. But not only does mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels as well as an opportunity to discover fraud. QUESTION 116 Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together? A. Least privilege access B. Separation of duties C. Mandatory access control D. Mandatory vacations Answer: D Explanation: A mandatory vacation policy requires all users to take time away from work to refresh. Mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels. Mandatory vacations also provide an opportunity to discover fraud. In this case mandatory vacations can prevent the two members from colluding to steal the information that they have access to. QUESTION 117 One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following? A. Mandatory access B. Rule-based access control C. Least privilege D. Job rotation Answer: C Explanation: A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more. QUESTION 118 A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall? A. Mandatory vacations B. Job rotation C. Least privilege D. Time of day restrictions Answer: C Explanation: A least privilege policy is to give users only the permissions that they need to do their work and no more. That is only allowing security administrators to be able to make changes to the firewall by practicing the least privilege principle. QUESTION 119 Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles? A. User rights reviews B. Incident management C. Risk based controls D. Annual loss expectancy Answer: A Explanation: A least privilege policy should be used when assigning permissions. Give users only the permissions and rights that they need to do their work and no more. QUESTION 120 An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk? A. (Threats X vulnerability X asset value) x controls gap B. (Threats X vulnerability X profit) x asset value C. Threats X vulnerability X control gap D. Threats X vulnerability X asset value Answer: D Explanation: Threats X vulnerability X asset value is equal to asset value (AV) times exposure factor (EF). This is used to calculate a risk. All 1220 CompTIA SY0-401 Exam Dumps Questions are the New Checked and Updated! In recent years, the SY0-401 certification has become a global standard for many successful IT companies. Looking to become a certified CompTIA professional? Download Braindump2go 2015 Latest Released SY0-401 Exam Dumps Full Version and Pass SY0-401 100%! FREE DOWNLOAD: NEW UPDATED SY0-401 PDF Dumps & SY0-401 VCE Dumps from Braindump2go: http://www.braindump2go.com/sy0-401.html (1220 Q&A)
|