[Free] 2018(Apr) EnsurePass Braindumps CompTIA SY0-401 Dumps with VCE and PDF 461-470

Ensurepass.com : Ensure you pass the IT Exams
2018 Apr CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 461 – (Topic 2)

Which of the following is the MOST important step for preserving evidence during forensic procedures?

  1. Involve law enforcement

  2. Chain of custody

  3. Record the time of the incident

  4. Report within one hour of discovery

Answer: B Explanation:

Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. The evidence must always be within your custody, or you’re open to dispute about possible evidence tampering. Thus to preserve evidence during a forensic procedure the chain of custody is of utmost importance.

Question No: 462 – (Topic 2)

The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter’s HVAC. Which of the following can be implemented?

  1. Cold site

  2. Load balancing

  3. Warm site

  4. Hot site

Answer: C Explanation:

Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization with which yours has a reciprocal agreement.

Question No: 463 – (Topic 2)

Upper management decides which risk to mitigate based on cost. This is an example of:

  1. Qualitative risk assessment

  2. Business impact analysis

  3. Risk management framework

  4. Quantitative risk assessment

Answer: D Explanation:

Quantitative analysis / assessment is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure. Quantitative assessments assign a dollar amount.

Question No: 464 – (Topic 2)

Joe is the accounts payable agent for ABC Company. Joe has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts?

  1. Mandatory vacation

  2. Job rotation

  3. Separation of duties

  4. Replacement

Answer: A Explanation:

A mandatory vacation policy requires all users to take time away from work to refresh. Mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels. Mandatory vacations also provide an opportunity to discover fraud. In this case mandatory vacations can allow the company to review all the new accounts.

Question No: 465 – (Topic 2)

Which of the following provides the LEAST availability?

  1. RAID 0

  2. RAID 1

  3. RAID 3

  4. RAID 5

Answer: A Explanation:

RAID, or redundant array of independent disks (RAID). RAID allows your existing servers to have more than one hard drive so that if the main hard drive fails, the system keeps functioning. RAID 0 is disk striping. It uses multiple drives and maps them together as a single physical drive. This is done primarily for performance, not for fault tolerance. If any drive in a RAID 0 array fails, the entire logical drive becomes unusable.

Question No: 466 – (Topic 2)

Used in conjunction, which of the following are PII? (Select TWO).

  1. Marital status

  2. Favorite movie

  3. Pet’s name

  4. Birthday

  5. Full name

Answer: D,E Explanation:

Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. A birthday together with a full name makes it personally identifiable information.

Question No: 467 – (Topic 2)

Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the

executives? (Select TWO).

  1. Acceptable use of social media

  2. Data handling and disposal

  3. Zero day exploits and viruses

  4. Phishing threats and attacks

  5. Clean desk and BYOD

  6. Information security awareness

Answer: D,F Explanation:

Managers/ i.e. executives in the company are concerned with more global issues in the organization, including enforcing security policies and procedures. Managers should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies.

Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they are not trained to lookout for these attacks.

Question No: 468 – (Topic 2)

A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with which of the following security controls?

  1. Integrity

  2. Availability

  3. Confidentiality

  4. Safety

Answer: D Explanation:

Fencing is used to increase physical security and safety. Locks are used to keep those who are unauthorized out.

Question No: 469 – (Topic 2)

A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?

  1. Encryption

  2. Digital signatures

  3. Steganography

  4. Hashing

  5. Perfect forward secrecy

Answer: B Explanation:

A digital signature is an electronic mechanism to prove that a message was sent from a specific user (that is, it provides for non-repudiation) and that the message wasn’t changed while in transit (it also provides integrity). Thus digital signatures will meet the stated requirements.

Question No: 470 – (Topic 2)

A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire?

  1. The certificate will be added to the Certificate Revocation List (CRL).

  2. Clients will be notified that the certificate is invalid.

  3. The ecommerce site will not function until the certificate is renewed.

  4. The ecommerce site will no longer use encryption.

Answer: B Explanation:

A similar process to certificate revocation will occur when a certificate is allowed to expire. Notification will be sent out to clients of the invalid certificate. The process of revoking a certificate begins when the CA is notified that a particular certificate needs to be revoked. This must be done whenever the private key becomes known. The owner of a certificate can request that it be revoked at any time, or the administrator can make the request.

100% Ensurepass Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
SY0-401 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.