[Free] 2018(Aug) Dumps4cert CompTIA SY0-401 Dumps with VCE and PDF Download 731-740

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 731 – (Topic 4)

Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?

  1. Check the referrer field in the HTTP header

  2. Disable Flash content

  3. Use only cookies for authentication

  4. Use only HTTPS URLs

Answer: A

Explanation:

XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is accomplished by changing values in the HTTP header and even in the user’s cookie to falsify access. It can be prevented by embedding additional authentication data into requests that allows the web application to detect requests from unauthorized locations. Examples are synchronizer token patterns, cookie-to-header tokens, and checking the HTTP Referrer header and the HTTP Origin header.

Question No: 732 – (Topic 4)

A company wants to ensure that all aspects if data are protected when sending to other sites within the enterprise. Which of the following would ensure some type of encryption is performed while data is in transit?

  1. SSH

  2. SHA1

  3. TPM

  4. MD5

Answer: C Explanation:

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

Question No: 733 – (Topic 4)

The librarian wants to secure the public Internet kiosk PCs at the back of the library. Which of the following would be the MOST appropriate? (Select TWO).

  1. Device encryption

  2. Antivirus

  3. Privacy screen

  4. Cable locks

  5. Remote wipe

Answer: B,D Explanation:

B: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources. Public systems are particularly prone to viruses.

D: Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep devices from being easy to steal.

Question No: 734 – (Topic 4)

An administrator is building a development environment and requests that three virtual servers are cloned and placed in a new virtual network isolated from the production network. Which of the following describes the environment the administrator is building?

  1. Cloud

  2. Trusted

  3. Sandbox

  4. Snapshot

Answer: C Explanation:

Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from being able to cause harm to production systems.

Question No: 735 – (Topic 4)

Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?

  1. Disk encryption

  2. Encryption policy

  3. Solid state drive

  4. Mobile device policy

Answer: A

Explanation:

Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

Question No: 736 – (Topic 4)

Which of the following application security testing techniques is implemented when an automated system generates random input data?

  1. Fuzzing

  2. XSRF

  3. Hardening

  4. Input validation

Answer: A Explanation:

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

Question No: 737 DRAG DROP – (Topic 4)

A security administrator is given the security and availability profiles for servers that are being deployed.

Match each RAID type with the correct configuration and MINIMUM number of drives.

Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions:

All drive definitions can be dragged as many times as necessary Not all placeholders may be filled in the RAID configuration boxes

If parity is required, please select the appropriate number of parity checkboxes Server profiles may be dragged only once

Instructions: If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

Dumps4Cert 2018 PDF and VCE

Answer:

Dumps4Cert 2018 PDF and VCE

Dumps4Cert 2018 PDF and VCE

Explanation:

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-07-28 at 3.35.06 PM.png

RAID-0 is known as striping. It is not a fault tolerant solution but does improve disk performance for read/write operations. Striping requires a minimum of two disks and does not use parity. RAID-0 can be used where performance is required over fault tolerance,

such as a media streaming server.

RAID-1 is known as mirroring because the same data is written to two disks so that the two disks have identical data. This is a fault tolerant solution that halves the storage space. A minimum of two disks are used in mirroring and does not use parity. RAID-1 can be used where fault tolerance is required over performance, such as on an authentication server.

RAID-5 is a fault tolerant solution that uses parity and striping. A minimum of three disks are required for RAID-5 with one disk’s worth of space being used for parity information. However, the parity information is distributed across all the disks. RAID-5 can recover from a sing disk failure.

RAID-6 is a fault tolerant solution that uses dual parity and striping. A minimum of four disks are required for RAID-6. Dual parity allows RAID-6 to recover from the simultaneous failure of up to two disks. Critical data should be stored on a RAID-6 system.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 34-36, 234-235

Question No: 738 – (Topic 4)

A hospital IT department wanted to secure its doctor’s tablets. The IT department wants operating system level security and the ability to secure the data from alteration. Which of the following methods would MOST likely work?

  1. Cloud storage

  2. Removal Media

  3. TPM

  4. Wiping

Answer: C Explanation:

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

Question No: 739 – (Topic 4)

An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

  1. XSRF Attacks

  2. Fuzzing

  3. Input Validations

  4. SQL Injections

Answer: B Explanation:

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

Question No: 740 – (Topic 4)

Which of the following can a security administrator implement on mobile devices that will help prevent unwanted people from viewing the data if the device is left unattended?

  1. Screen lock

  2. Voice encryption

  3. GPS tracking

  4. Device encryption

Answer: A Explanation:

Screen-lock is a security feature that requires the user to enter a PIN or a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications.

100% Dumps4cert Free Download!
SY0-401 PDF
100% Dumps4cert Pass Guaranteed!
SY0-401 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No