Ensurepass

 

QUESTION 581

Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server.

However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server?

 

A.

DMZ

B.

Honeynet

C.

VLAN

D.

Honeypot

 

Correct Answer: D

 

 

QUESTION 582

Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?

 

A.

Security logs

B.

Protocol analyzer

C.

Audit logs

D.

Honeypot

 

Correct Answer: D

 

QUESTION 583

Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?

 

A.

Privacy Policy

B.

Least Privilege

C.

Acceptable Use

D.

Mandatory Vacations

 

Correct Answer: D

 

 

QUESTION 584

Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results?

 

A.

True negatives

B.

True positives

C.

False positives

D.

False negatives

 

Correct Answer: C

 

 

QUESTION 585

Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO).

 

A.

Acceptable use policy

B.

Risk acceptance policy

C.

Privacy policy

D.

Email policy

E.

Security policy

 

Correct Answer: AC

 

 

QUESTION 586

A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:

 

A.

Black box testing

B.

White box testing

C.

Black hat testing

D.

Gray box testing

 

Correct Answer: A

 

 

 

 

QUESTION 587

Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?

 

A.

Honeypot

B.

Port scanner

C.

Protocol analyzer

D.

Vulnerability scanner

 

Correct Answer: C

 

 

QUESTION 588

Ann is starting a disaster recovery program. She has gathered specifics and team members for a meeting on site. Which of the following types of tests is this?

 

A.

Structured wa
lk through

B.

Full Interruption test

C.

Check list test

D.

Table top exercise

 

Correct Answer: A

 

 

QUESTION 589

An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?

 

A.

Add reverse encryption

B.

Password complexity

C.

Increase password length

D.

Allow single sign on

 

Correct Answer: B

 

 

QUESTION 590

Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?

 

A.

Product baseline report

B.

Input validation

C.

Patch regression testing

D.

Code review

 

Correct Answer: D

 

 

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.