많은 사이트에서  CompTIA SY0-401 (CompTIA Security+ Certification) 시험대비덤프를 제공해드리는데Pass4Test를 최강 추천합니다. Pass4Test의  CompTIA SY0-401 (CompTIA Security+ Certification) 덤프에는 실제시험문제의 기출문제와 예상문제가 수록되어있어 그 품질 하나 끝내줍니다.적중율 좋고 가격저렴한 고품질 덤프는 Pass4Test에 있습니다.

The CompTIA Security+ Certification is aimed at an IT security professional who
has:

> A minimum of 2 years experience in IT administration with a focus
on security

> Day to day technical information security experience

> Broad knowledge of security concerns and implementation including the
topics in the domain list below



SY0-401 Domain | % of Examination

1.0 Network Security 20%

2.0 Compliance and Operational Security 18%

3.0 Threats and Vulnerabilities 20%

4.0 Application, Data and Host
Security 15%

5.0 Access Control and Identity Management 15%

6.0
Cryptography 12% 

NO.1 Which of the following is a security risk regarding the use of public P2P
as a method of

collaboration?

A. Data integrity is susceptible to being
compromised.

B. Monitoring data changes induces a higher cost.

C. Users
are not responsible for data usage tracking.

D. Limiting the amount of
necessary space for data storage.

Answer: A



NO.2 The security
administrator is implementing a malware storage system to archive all
malware

seen by the company into a central database. The malware must be
categorized and stored based on

similarities in the code. Which of the
following should the security administrator use to identify

similar
malware?

A. TwoFish

B. SHA-512

C. Fuzzy hashes

D. HMAC

Answer:
C



NO.3 Which of the following BEST describes a demilitarized zone?

A.
A buffer zone between protected and unprotected networks.

B. A network where
all servers exist and are monitored.

C. A sterile, isolated network segment
with access lists.

D. A private network that is protected by a firewall and a
VLAN.

Answer: A



NO.4 Mandatory vacations are a security control which
can be used to uncover which of the

following?

A. Fraud committed by a
system administrator

B. Poor password security among users

C. The need for
additional security staff

D. Software vulnerabilities in vendor
code

Answer: A



NO.5 A software firm posts patches and updates to a
publicly accessible FTP site. The software firm

also posts digitally signed
checksums of all patches and updates. The firm does this to address:

A.
Integrity of downloaded software.

B. Availability of the FTP site.

C.
Confidentiality of downloaded software.

D. Integrity of the server
logs.

Answer: A



NO.6 A datacenter requires that staff be able to
identify whether or not items have been removed

from the facility. Which of
the following controls will allow the organization to provide
automated

notification of item removal?

A. CCTV

B. Environmental
monitoring

C. RFID

D. EMI shielding

Answer: C



NO.7 A company
uses PGP to ensure that sensitive email is protected. Which of the following
types

of cryptography is being used here for the key exchange?

A.
Symmetric

B. Session-based

C. Hashing

D. Asymmetric

Answer:
A



NO.8 An administrator has a network subnet dedicated to a group of
users. Due to concerns

regarding data and network security, the administrator
desires to provide network access for this

group only. Which of the following
would BEST address this desire?

A. Install a proxy server between the users'
computers and the switch to filter inbound network

traffic.

B. Block
commonly used ports and forward them to higher and unused port numbers.

C.
Configure the switch to allow only traffic from computers based upon their
physical address.

D. Install host-based intrusion detection software to
monitor incoming DHCP Discover

requests.

Answer: C