Pass CompTIA CompTIA Security+ Certification Exam Exam in First Attempt Guaranteed Updated Dump from Free4Dump!
Pass SYO-501 Exam with 715 Questions - Verified By Free4Dump
NEW QUESTION 30
A company is deploying smartphones for its mobile salesforce. These devices are for personal and business use but are owned by the company. Sales personnel will save new customer data via a custom application developed for the company. This application will integrate with the contact information stored in the smartphones and will populate new customer records onto it.
The customer application's data is encrypted at rest, and the application's connection to the back office system is considered secure. The Chief Information Security Officer (CISO) has concerns that customer contact information may be accidentally leaked due to the limited security capabilities of the devices and the planned controls.
Which of the following will be the MOST efficient security control to implement to lower this risk?
- A. Require complex passwords for authentication when accessing the contact information.
- B. Restrict contact information storage dataflow so it is only shared with the customer application.
- C. Restrict screen capture features on the devices when using the custom application and the contact information.
- D. Implement a mobile data loss agent on the devices to prevent any user manipulation with the contact information.
Answer: B
NEW QUESTION 31
A network engineer needs to allow an organization's users to conned their laptops to wired and wireless networks from multiple locations and facilities, while preventing unauthorized connections to the corporate networks. Which of the following should be Implemented to fulfill the engineer's requirements?
- A. Configure VLANs.
- B. Install a honeypot.
- C. Implement a VPN concentrator.
- D. Enable MAC filtering.
Answer: C
NEW QUESTION 32
A network administrator at a small office wants to simplify the configuration of mobile clients connecting to an encrypted wireless network. Which of the following should be implemented in the administrator does not want to provide the wireless password or he certificate to the employees?
- A. WPA2-PSK
- B. 802.1x
- C. WPS
- D. TKIP
Answer: C
NEW QUESTION 33
It determining when it may be necessary to perform a credentialed scan against a system instead of a non-credentialed scanner requirements is MOST likely to influence this decision?
- A. The scanner must be able to audit file system permissions.
- B. The scanner must be able to enumerate the host OS of devices scanned.
- C. The scanner must be able to footprint the network.
- D. The scanner must be able to check for open ports with listening services.
Answer: A
NEW QUESTION 34
New magnetic locks were ordered for an entire building. In accordance with company policy, employee safety is the top priority. In case of a fire where electricity is cut, which of the following should be taken into consideration when installing the new locks?
- A. Redundancy
- B. Fail secure
- C. Fault tolerance
- D. Fail safe
Answer: D
NEW QUESTION 35
A security engineer is setting up passwordless authentication for the first time.
INSTRUCTIONS
Use the minimum set of commands to set this up and verify that it works. Commands cannot be reused.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
Explanation
NEW QUESTION 36
An employer requires that employees use a key-generating app on their smartphones to log into corporate
applications. In terms of authentication of an individual, this type of access policy is BEST defined as:
- A. Something you know.
- B. Something you do.
- C. Something you are.
- D. Something you have.
Answer: D
NEW QUESTION 37
DRAG DROP
A Security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and Drop the applicable controls to each asset type.
Instructions: Controls can be used multiple times and not all placeholders needs to be filled. When you have completed the simul-ation, Please select Done to submit.
Answer:
Explanation:
Explanation:
Cable locks are used as a hardware lock mechanism - thus best used on a Data Center Terminal Server.
Network monitors are also known as sniffers - thus best used on a Data Center Terminal Server.
Install antivirus software. Antivirus software should be installed and definitions kept current on all hosts. Antivirus software should run on the server as well as on every workstation. In addition to active monitoring of incoming fi les, scans should be conducted regularly to catch any infections that have slipped through- thus best used on a Data Center Terminal Server.
Proximity readers are used as part of physical barriers which makes it more appropriate to use on a center's entrance to protect the terminal server.
Mentor app is an Apple application used for personal development and is best used on a mobile device such as a smart phone.
Remote wipe is an application that can be used on devices that are stolen to keep data safe. It is basically a command to a phone that will remotely clear the data on that phone.
This process is known as a remote wipe, and it is intended to be used if the phone is stolen or going to another user.
Should a device be stolen, GPS (Global Positioning System) tracking can be used to identify its location and allow authorities to find it - thus best used on a smart phone.
Screen Lock is where the display should be configured to time out after a short period of inactivity and the screen locked with a password. To be able to access the system again, the user must provide the password. After a certain number of attempts, the user should not be allowed to attempt any additional logons; this is called lockout - thus best used on a smart phone.
Strong Password since passwords are always important, but even more so when you consider that the device could be stolen and in the possession of someone who has unlimited access and time to try various values - thus best use strong passwords on a smartphone as it can be stolen more easily than a terminal server in a data center.
Device Encryption- Data should be encrypted on the device so that if it does fall into the wrong hands, it cannot be accessed in a usable form without the correct passwords. It is recommended to you use Trusted Platform Module (TPM) for all mobile devices where possible.
Use pop-up blockers. Not only are pop-ups irritating, but they are also a security threat.
Pop-ups (including pop-unders) represent unwanted programs running on the system, and they can jeopardize the system's well-being. This will be more effective on a mobile device rather than a terminal server.
Use host-based firewalls. A firewall is the first line of defense against attackers and malware. Almost every current operating system includes a firewall, and most are turned on by Default- thus best used on a Data Center Terminal Server.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 221, 222, 369, 418
http://www.mentor-app.com/
NEW QUESTION 38
A company is using a mobile device deployment model in which employees use their personal devices for work at their own discretion. Some of the problems the company is encountering include the following:
Which of the following is a deployment model that would help the company overcome these problems?
- A. COPE
- B. VDI
- C. CYOD
- D. BYOD
Answer: A
NEW QUESTION 39
A security administrator is implementing a new WAF solution and has placed some of the web servers behind the WAF, with the WAF set to audit mode. When reviewing the audit logs of external requests and posts to the web servers, the administrator finds the following entry:
Based on this data, which of the following actions should the administrator take?
- A. Create an alert to generate emails for abnormally high activity.
- B. Create a blocking policy based on the parameter values
- C. Alert the web server administrators to a misconfiguration
- D. Change the parameter name 'Account_Name' identified in the log.
Answer: A
NEW QUESTION 40
Which of the following documents would provide specific guidance regarding ports and protocols that should be disabled on an operating system?
- A. Secure configuration guide
- B. Application installation guides
- C. Regulatory requirements
- D. User manuals
Answer: A
Explanation:
Explanation
NEW QUESTION 41
The security administrator has installed a new firewall which implements an implicit DENY policy by default. Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks. 2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port 3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.
Hot Area:
Answer:
Explanation:
Explanation:
Section: Network Security
Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default. Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443. Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22 Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.
References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44 http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
NEW QUESTION 42
Which of the following would be considered multifactor authentication?
- A. Voice recognition and retina scan
- B. PIN and security question no :s
- C. Hardware token and smart card
- D. Strong password and fingerprint
Answer: D
NEW QUESTION 43
Drag and drop the correct protocol to its default port.
Answer:
Explanation:
Explanation
FTP uses TCP port 21. Telnet uses port 23.
SSH uses TCP port 22.
All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.
Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP).
Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP). SMTP uses TCP port 25.
Port 69 is used by TFTP.
SNMP
makes use of UDP ports 161 and 162. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
NEW QUESTION 44
An organization has implemented an IPSec VPN access for remote users.
Which of the following IPSec modes would be the MOST secure for this organization to implement?
- A. AH-only mode
- B. Transport mode
- C. Tunnel mode
- D. ESP-only mode
Answer: C
Explanation:
Explanation/Reference:
Explanation:
In both ESP and AH cases with IPSec Transport mode, the IP header is exposed. The IP header is not exposed in IPSec Tunnel mode.
NEW QUESTION 45
An analyst is trying to obtain a signed certificate from a CA by pasting a public key into the CA's web request form; however it does not work and an error is generated. Which of the following does the analyst need to paste into the web request form?
- A. A CSR
- B. A certificate Chain
- C. A private key
- D. The OID
Answer: D
NEW QUESTION 46
A security, who is analyzing the security of the company's web server, receives the following output:
Which of the following is the issue?
- A. Access violations
- B. Stored procedures
- C. Unencrypted credentials
- D. Code signing
Answer: C
NEW QUESTION 47
......
Penetration testers simulate SYO-501 exam: https://www.free4dump.com/SYO-501-braindumps-torrent.html
Free Test Engine For CompTIA Security+ Certification Exam Certification Exams: https://drive.google.com/open?id=1Gq807oCxhtx3GW-rccQ-oljsr74jjIsJ