最新的CompTIA Security+ Certification - SY0-401免費考試真題
問題1
A company hires a penetration testing team to test its overall security posture. The organization has not disclosed any information to the penetration testing team and has allocated five days for testing. Which of the following types of testing will the penetration testing team have to conduct?
正確答案: A
問題2
While performing surveillance activities an attacker determines that an organization is using
8 02.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security controls?
8 02.1X to secure LAN access. Which of the following attack mechanisms can the attacker utilize to bypass the identified network security controls?
正確答案: C
問題3
On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge. Which of the following does this describe?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題4
Joe must send Ann a message and provide Ann with assurance that he was the actual sender. Which of the following will Joe need to use to BEST accomplish the objective?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題5
A company's BYOD policy requires the installation of a company provide mobile agent on their on their personally owned devices which would allow auditing when an employee wants to connect a device to the corporate email system. Which of the following concerns will MOST affect the decision to use a personal device to receive company email?
正確答案: B
問題6
A company has a corporate infrastructure where end users manage their own certificate keys. Which of the following is considered the MOST secure way to handle master keys associated with these certificates?
正確答案: B
問題7
The process of applying a salt and cryptographic hash to a password then repeating the process many times is known as which of the following?
正確答案: D
問題8
A company plans to expand by hiring new engineers who work in highly specialized areas.
Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?
Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題9
A project manager is working with an architectural firm that focuses on physical security.
The project manager would like to provide requirements that support the primary goal of safely. Based on the project manager's desires, which of the following controls would the BEST to incorporate into the facility design?
The project manager would like to provide requirements that support the primary goal of safely. Based on the project manager's desires, which of the following controls would the BEST to incorporate into the facility design?
正確答案: A
問題10
Which of the following is an attack vector that can cause extensive physical damage to a datacenter without physical access?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題11
A security administrator has been tasked with setting up a new internal wireless network that must use end to end TLS. Which of the following may be used to meet this objective?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題12
During a data breach cleanup, it is discovered that not all of the sites involved have the necessary data wiping tools. The necessary tools are quickly distributed to the required technicians, but when should this problem best be revisited?
正確答案: B
問題13
A company wishes to prevent unauthorized employee access to the data center. Which of the following is the MOST secure way to meet this goal?
正確答案: A
問題14
An organization has a need for security control that identifies when an organizational system has been unplugged and a rouge system has been plugged in. The security control must also provide the ability to supply automated notifications. Which of the following would allow the organization to BEST meet this business requirement?
正確答案: C
