[Free] 2018(Jan) Dumps4cert Braindumps CompTIA SY0-401 Dumps with VCE and PDF 761-770

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Jan CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 761 – (Topic 4)

It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue?

  1. Device encryption

  2. Application control

  3. Content filtering

  4. Screen-locks

Answer: B Explanation:

Application control is the process of controlling what applications are installed on a device. This may reduce exposure to malicious software by limiting the user’s ability to install applications that come from unknown sources or have no work-related features.

Question No: 762 – (Topic 4)

Which of the following is the below pseudo-code an example of? IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT

  1. Buffer overflow prevention

  2. Input validation

  3. CSRF prevention

  4. Cross-site scripting prevention

Answer: B Explanation:

Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

Question No: 763 – (Topic 4)

When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?

  1. Deploying identical application firewalls at the border

  2. Incorporating diversity into redundant design

  3. Enforcing application white lists on the support workstations

  4. Ensuring the systems’ anti-virus definitions are up-to-date

Answer: B Explanation:

If you know there is a vulnerability that is specific to one vendor, you can improve availability by implementing multiple systems that include at least one system from a different vendor and so is not affected by the vulnerability.

Question No: 764 – (Topic 4)

Which of the following is an application security coding problem?

  1. Error and exception handling

  2. Patch management

  3. Application hardening

  4. Application fuzzing

Answer: A Explanation:

Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application.

Question No: 765 – (Topic 4)

Which of the following technical controls helps to prevent Smartphones from connecting to a corporate network?

  1. Application white listing

  2. Remote wiping

  3. Acceptable use policy

  4. Mobile device management

Answer: D Explanation:

Mobile device management (MDM) is allows for managing the mobile devices that employees use to access company resources. MDM is intended to improve security, provide monitoring, enable remote management, and support troubleshooting. It can be used to push or remove applications, manage data, and enforce configuration settings on these devices.

Question No: 766 – (Topic 4)

A technician has implemented a system in which all workstations on the network will receive security updates on the same schedule. Which of the following concepts does this illustrate?

  1. Patch management

  2. Application hardening

  3. White box testing

  4. Black box testing

Answer: A Explanation:

Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system before applying the updates on a production system, and scheduling updates.

Question No: 767 – (Topic 4)

After Matt, a user, enters his username and password at the login screen of a web enabled portal, the following appears on his screen:

`Please only use letters and numbers on these fields’ Which of the following is this an example of?

  1. Proper error handling

  2. Proper input validation

  3. Improper input validation

  4. Improper error handling

Answer: B Explanation:

Input validation is an aspect of secure coding and is intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

Question No: 768 – (Topic 4)

Which of the following can be used as an equipment theft deterrent?

  1. Screen locks

  2. GPS tracking

  3. Cable locks

  4. Whole disk encryption

Answer: C Explanation:

Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal.

Question No: 769 – (Topic 4)

Which of the following does full disk encryption prevent?

  1. Client side attacks

  2. Clear text access

  3. Database theft

  4. Network-based attacks

Answer: B Explanation:

Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

Question No: 770 – (Topic 4)

Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?

  1. Error and exception handling

  2. Application hardening

  3. Application patch management

  4. Cross-site script prevention

Answer: B Explanation:

Hardening is the process of securing a system by reducing its surface of vulnerability.

Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

100% Dumps4cert Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Dumps4cert Free Guaranteed!
SY0-401 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.