[Free] 2018(Apr) EnsurePass Braindumps CompTIA SY0-401 Dumps with VCE and PDF 291-300

Ensurepass.com : Ensure you pass the IT Exams
2018 Apr CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 291 – (Topic 2)

Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding?

  1. Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing.

  2. MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high.

  3. MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.

  4. MOUs between two companies working together cannot be held to the same legal standards as SLAs.

Answer: C Explanation:

The Memorandum of Understanding This document is used in many settings in the information industry. It is a brief summary of which party is responsible for what portion of

the work. For example, Company A may be responsible for maintaining the database server and Company B may be responsible for telecommunications. MOUs are not legally binding but they carry a degree of seriousness and mutual respect, stronger than a gentlemen’s agreement. Often, MOUs are the first steps towards a legal contract.

Question No: 292 – (Topic 2)

Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete?

  1. Succession planning

  2. Disaster recovery

  3. Separation of duty

  4. Removing single loss expectancy

Answer: A Explanation:

Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.

Question No: 293 – (Topic 2)

A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?

  1. Procedure and policy management

  2. Chain of custody management

  3. Change management

  4. Incident management

Answer: D Explanation:

incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The events that could occur include security breaches.

Question No: 294 – (Topic 2)

Which of the following is BEST carried out immediately after a security breach is discovered?

  1. Risk transference

  2. Access control revalidation

  3. Change management

  4. Incident management

Answer: D Explanation:

Incident management is the steps followed when security incident occurs.

Question No: 295 – (Topic 2)

When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).

  1. Methods and templates to respond to press requests, institutional and regulatory reporting requirements.

  2. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.

  3. Developed recovery strategies, test plans, post-test evaluation and update processes.

  4. Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential.

  5. Methods to review and report on system logs, incident response, and incident handling.

Answer: A,B Explanation:

A: External emergency communications that should fit into your business continuity plan include notifying family members of an injury or death, discussing the disaster with the media, and providing status information to key clients and stakeholders. Each message needs to be prepared with the audience (e.g., employees, media, families, government regulators) in mind; broad general announcements may be acceptable in the initial aftermath of an incident, but these will need to be tailored to the audiences in subsequent releases.

B: A typical emergency communications plan should be extensive in detail and properly planned by a business continuity planner. Internal alerts are sent using either email, overhead building paging systems, voice messages or text messages to cell/smartphones with instructions to evacuate the building and relocate at assembly points, updates on the status of the situation, and notification of when it#39;s safe to return to work.

Question No: 296 – (Topic 2)

Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees?

  1. Routine audits

  2. Account expirations

  3. Risk assessments

  4. Change management

Answer: A Explanation:

Routine audits are carried out after you have implemented security controls based on risk. These audits include aspects such as user rights and permissions and specific events.

Question No: 297 – (Topic 2)

Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?

  1. To ensure that false positives are identified

  2. To ensure that staff conform to the policy

  3. To reduce the organizational risk

  4. To require acceptable usage of IT systems

Answer: C Explanation:

Once risks has been identified and assessed then there are five possible actions that should be taken. These are: Risk avoidance, Risk transference, Risk mitigation, Risk deterrence and Risk acceptance. Anytime you engage in steps to reduce risk, you are busy with risk mitigation and implementing IT security policy is a risk mitigation strategy.

Question No: 298 – (Topic 2)

Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process?

  1. Separation of Duties

  2. Mandatory Vacations

  3. Discretionary Access Control

  4. Job Rotation

Answer: A Explanation:

Separation of duties means that users are granted only the permissions they need to do their work and no more.

Question No: 299 – (Topic 2)

In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives?

  1. Business Impact Analysis

  2. IT Contingency Plan

  3. Disaster Recovery Plan

  4. Continuity of Operations

Answer: A Explanation:

Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization.

Question No: 300 – (Topic 2)

A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?

  1. Availability

  2. Integrity

  3. Confidentiality

  4. Fire suppression

Answer: A Explanation:

Availability means simply to make sure that the data and systems are available for authorized users. Data backups, redundant systems, and disaster recovery plans all support availability; as does environmental support by means of HVAC.

100% Ensurepass Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply