CompTIA SY0-401 Actual Free Exam Questions & Community Discussion

Ann a new security specialist is attempting to access the internet using the company's open wireless network. The wireless network is not encrypted: however, once associated, ANN cannot access the internet or other company resources. In an attempt to troubleshoot, she scans the wireless network with NMAP, discovering the only other device on the wireless network is a firewall. Which of the following BEST describes the company's wireless network solution?

Joe an application developer is building an external facing marketing site. There is an area on the page where clients may submit their feedback to articles that are posted. Joe filters client-side JAVA input. Which of the following is Joe attempting to prevent?

A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO).

Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?

A corporation has experienced several media leaks of proprietary data on various web forums. The posts were made during business hours and it is believed that the culprit is posting during work hours from a corporate machine. The Chief Information Officer (CIO) wants to scan internet traffic and keep records for later use in legal proceedings once the culprit is found. Which of the following provides the BEST solution?

When of the following technologies would be MOST appropriate to utilize when testing a new software patch before a company-wide deplyment?

The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?

During a company-wide initiative to harden network security, it is discovered that end users who have laptops cannot be removed from the local administrator group. Which of the following could be used to help mitigate the risk of these machines becoming compromised?

A security technician would like an application to use random salts to generate short lived encryption leys during the secure communication handshake process to increase communication security. Which of the following concepts would BEST meet this goal?

Which of the following password attacks is MOST likely to crack the largest number of randomly generated passwords?

A software developer is responsible for writing the code on an accounting application.
Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks.
Which of the following practices is being implemented?

Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops?

Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal?