How to pass security+ + sy0-401 in Jul 2016

SY0-401 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

Exambible older CompTIA lecturers as well as specialists can accept that Exambible CompTIA SY0-401 exam answers and questions are nearly proper. The actual complete fee regarding CompTIA Security+ Certification has been nearly 95 %. Over al, were able to demonstrate the SY0-401 examine components made beneficial reference regarding CompTIA prospects. Our SY0-401 pdf well worth the examinees sparing no effort to study. It is possible to guess your boot you will have good result from the Exambible CompTIA Security+ Certification apply tests.

2016 Jul security+ sy0-401 practice test:

Q191. Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process? 

A. Separation of Duties 

B. Mandatory Vacations 

C. Discretionary Access Control 

D. Job Rotation 

Answer: A 


Separation of duties means that users are granted only the permissions they need to do their work and no more. 

Q192. A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis? 

A. Insufficient encryption methods 

B. Large scale natural disasters 

C. Corporate espionage 

D. Lack of antivirus software 

Answer: D 


The most common threat to computers is computer viruses. A computer can become infected with a virus through day-to-day activities such as browsing web sites or emails. As browsing and opening emails are the most common activities performed by all users, computer viruses represent the most likely risk to a business. 

Q193. The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information? 

A. Implement a honeynet 

B. Perform a penetration test 

C. Examine firewall logs 

D. Deploy an IDS 

Answer: A 


A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The Honeynet Project, a non-profit research organization dedicated to computer security and information sharing, actively promotes the deployment of honeynets. In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However, because the honeynet doesn't actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security, and any outbound activity is likely evidence that a system has been compromised. For this reason, the suspect information is much more apparent than it would be in an actual network, where it would have to be found amidst all the legitimate network data. Applications within a honeynet are often given names such as "Finances" or "Human Services" to make them sound appealing to the attacker. 

A virtual honeynet is one that, while appearing to be an entire network, resides on a single server. 

Q194. A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up. 

Which of the following BEST allows the analyst to restrict user access to approved devices? 

A. Antenna placement 

B. Power level adjustment 

C. Disable SSID broadcasting 

D. MAC filtering 

Answer: D 


A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. 

Q195. Methods to test the responses of software and web applications to unusual or unexpected inputs are known as: 

A. Brute force. 

B. HTML encoding. 

C. Web crawling. 

D. Fuzzing. 

Answer: D 


Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

Updated lead2pass sy0-401:

Q196. A security administrator implements access controls based on the security classification of the data and need-to-know information. Which of the following BEST describes this level of access control? 

A. Implicit deny 

B. Role-based Access Control 

C. Mandatory Access Controls 

D. Least privilege 

Answer: C 


Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security restriction where some objects are restricted unless the subject has a need to know them. 

Q197. Protecting the confidentiality of a message is accomplished by encrypting the message with which of the following? 

A. Sender's private key 

B. Recipient's public key 

C. Sender's public key 

D. Recipient's private key 

Answer: B 


Q198. Which of the following should an administrator implement to research current attack methodologies? 

A. Design reviews 

B. Honeypot 

C. Vulnerability scanner 

D. Code reviews 

Answer: B 


A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study 

the attack to research current attack methodologies. 

According to the, a Honeypot luring a hacker into a system has several main 


The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning 

where the system has weaknesses that need to be redesigned. 

The hacker can be caught and stopped while trying to obtain root access to the system. 

By studying the activities of hackers, designers can better create more secure systems that are 

potentially invulnerable to future hackers. 

There are two main types of honeypots: 

Production - A production honeypot is one used within an organization's environment to help 

mitigate risk. 

Research – A research honeypot add value to research in computer security by providing a 

platform to study the threat. 

Q199. The incident response team has received the following email message. 

From: To: Subject: Copyright infringement 

A copyright infringement alert was triggered by IP address at 09: 50: 01 GMT. 

After reviewing the following web logs for IP, the team is unable to correlate and identify the incident. 


 45: 33 http: // 


 50: 22 http: // 

10: 50: 01 http: // 

11: 02: 45 http: // 

Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident? 

A. The logs are corrupt and no longer forensically sound. 

B. Traffic logs for the incident are unavailable. 

C. Chain of custody was not properly maintained. 

D. Incident time offsets were not accounted for. 

Answer: D 


It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as well. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system. 

Q200. Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes? 

A. Switches 

B. Protocol analyzers 

C. Routers 

D. Web security gateways 

Answer: B 


A Protocol Analyzer is a hardware device or more commonly a software program used to capture 

network data communications sent between devices on a network. By capturing and analyzing the 

packets, Pete will be able to determine the type, source, and flags of the packets traversing a 

network for troubleshooting purposes. 

Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) 

from Microsoft and Wireshark (formerly Ethereal). 

see more CompTIA Security+ Certification