web analytics

Braindump2go Free Microsoft Dumps Questions Collection

Latest Real Exam Questions and Answers to help you pass Microsoft and other Hot exam 100%!

Official New Updated SY0-401 Free Dumps Shared By Braindump2go (111-120)

COMPTIA NEWS: SY0-401 Exam Questions has been Updated Today! Get Latest SY0-401 VCE and SY0-401 PDF Instantly! Welcome to Download the Newest Braindump2go SY0-401 VCE&SY0-401 PDF Dumps: http://www.braindump2go.com/sy0-401.html (1220 Q&As)

2015 CompTIA SY0-401 Certification Exam is coming! Getting a Laest SY0-401 Practice Test is very important for an Exam Candiate! Braindump2go New Updated SY0-401 Exam Questions Well Formatted in PDF and VCE versions, providing you convenience and excellence both at the same time! Free Questions and Answer are provided Following:

Exam Code: SY0-401
Exam Name: CompTIA Security+
Certification Provider: CompTIA
Corresponding Certification: CompTIA Security+

SY0-401 Dump,SY0-401 PDF,SY0-401 VCE,SY0-401 Braindump,SY0-401 Study Guide,SY0-401 Study Guide PDF,SY0-401 Objectives,SY0-401 Practice Test,SY0-401 Practice Exam,SY0-401 Performance Based Questions,SY0-401 Exam Questions,SY0-401 Exam Dumps,SY0-401 Exam PDF,SY0-401 Dumps Free,SY0-401 Dumps PDF

QUESTION 111
Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company’s information systems?

A.    Acceptable Use Policy
B.    Privacy Policy
C.    Security Policy
D.    Human Resource Policy

Answer: A
Explanation:
Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.

QUESTION 112
Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company’s password policy. Which of the following should Pete do NEXT?

A.    Contact the Chief Information Officer and ask them to change the company password policy so that the application is made compliant.
B.    Tell the application development manager to code the application to adhere to the company’s password policy.
C.    Ask the application development manager to submit a risk acceptance memo so that the issue can be documented.
D.    Inform the Chief Information Officer of non-adherence to the security policy so that the developers can be reprimanded.

Answer: B
Explanation:
Since the application is violating the security policy it should be coded differently to comply with the password policy.

QUESTION 113
A major security risk with co-mingling of hosts with different security requirements is:

A.    Security policy violations.
B.    Zombie attacks.
C.    Password compromises.
D.    Privilege creep.

Answer: A
Explanation:
The entire network is only as strong as the weakest host. Thus with the co-mingling of hosts with different security requirements would be risking security policy violations.

QUESTION 114
Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?

A.    To ensure that false positives are identified
B.    To ensure that staff conform to the policy
C.    To reduce the organizational risk
D.    To require acceptable usage of IT systems

Answer: C
Explanation:
Once risks has been identified and assessed then there are five possible actions that should be taken. These are: Risk avoidance, Risk transference, Risk mitigation, Risk deterrence and Risk acceptance. Anytime you engage in steps to reduce risk, you are busy with risk mitigation and implementing IT security policy is a risk mitigation strategy.

QUESTION 115
Which of the allow Pete, a security analyst, to trigger a security alert reduce the risk of employees working in collusion to embezzle funds from their company?

A.    Privacy Policy
B.    Least Privilege
C.    Acceptable Use
D.    Mandatory Vacations

Answer: D
Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. But not only does mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels as well as an opportunity to discover fraud.

QUESTION 116
Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?

A.    Least privilege access
B.    Separation of duties
C.    Mandatory access control
D.    Mandatory vacations

Answer: D
Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. Mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels. Mandatory vacations also provide an opportunity to discover fraud. In this case mandatory vacations can prevent the two members from colluding to steal the information that they have access to.

QUESTION 117
One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?

A.    Mandatory access
B.    Rule-based access control
C.    Least privilege
D.    Job rotation

Answer: C
Explanation:
A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more.

QUESTION 118
A security administrator notices that a specific network administrator is making unauthorized changes to the firewall every Saturday morning. Which of the following would be used to mitigate this issue so that only security administrators can make changes to the firewall?

A.    Mandatory vacations
B.    Job rotation
C.    Least privilege
D.    Time of day restrictions

Answer: C
Explanation:
A least privilege policy is to give users only the permissions that they need to do their work and no more. That is only allowing security administrators to be able to make changes to the firewall by practicing the least privilege principle.

QUESTION 119
Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?

A.    User rights reviews
B.    Incident management
C.    Risk based controls
D.    Annual loss expectancy

Answer: A
Explanation:
A least privilege policy should be used when assigning permissions. Give users only the permissions and rights that they need to do their work and no more.

QUESTION 120
An IT security manager is asked to provide the total risk to the business. Which of the following calculations would he security manager choose to determine total risk?

A.    (Threats X vulnerability X asset value) x controls gap
B.    (Threats X vulnerability X profit) x asset value
C.    Threats X vulnerability X control gap
D.    Threats X vulnerability X asset value

Answer: D
Explanation:
Threats X vulnerability X asset value is equal to asset value (AV) times exposure factor (EF).
This is used to calculate a risk.


Want to be SY0-401 certified? Using Braindump2go New Released SY0-401 Exam Dumps Now! We Promise you a 100% Success Passing Exam SY0-401 Or We will return your money back instantly!


FREE DOWNLOAD: NEW UPDATED SY0-401 PDF Dumps & SY0-401 VCE Dumps from Braindump2go: http://www.braindump2go.com/sy0-401.html (1220 Q&A)

, , , , , , , , , , , , , ,

Comments are currently closed.