A Review Of Highest Quality SY0-401 paper


The article at Testaimer.com going over http://www.testaimer.com/SY0-401-test is very comprehensive.

Q551. Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of. 

A. Scarcity 

B. Familiarity 

C. Intimidation 

D. Trust 

Answer:

Explanation: 

Scarcity, in the area of social psychology, works much like scarcity in the area of economics. Simply put, humans place a higher value on an object that is scarce, and a lower value on those that are abundant. The thought that we, as humans, want something we cannot have drives us to desire the object even more. This idea is deeply embedded in the intensely popular, “Black Friday” shopping extravaganza that U.S. consumers participate in every year on the day after Thanksgiving. More than getting a bargain on a hot gift idea, shoppers thrive on the competition itself, in obtaining the scarce product. 

In this question, people want the brand new latest version of a smartphone. The temptation of being one of the first to get the new phone will tempt people into clicking the link in the email. 


Q552. Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access? 

A. Registration 

B. CA 

C. CRL 

D. Recovery agent 

Answer:

Explanation: 

Certificates or keys for the terminated employee should be put in the CRL. 

A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or 

key. 

By checking the CRL you can check if a particular certificate has been revoked. 


Q553. NO: 81 

A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. 

Which of the following should the administrator use to test the patching process quickly and often? 

A. Create an incremental backup of an unpatched PC 

B. Create an image of a patched PC and replicate it to servers 

C. Create a full disk image to restore after each installation 

D. Create a virtualized sandbox and utilize snapshots 

Answer:

Explanation: 

Sandboxing is the process of isolating a system before installing new applications or patches on it 

so as to restrict the software from being able to cause harm to production systems. 

Before the patch is installed, a snapshot of the system should be taken. Snapshots are backups 

that can be used to quickly recover from poor updates, and errors arising from newly installed 

applications. 


Q554. Which of the following is a requirement when implementing PKI if data loss is unacceptable? 

A. Web of trust 

B. Non-repudiation 

C. Key escrow 

D. Certificate revocation list 

Answer:

Explanation: 

Key escrow is a database of stored keys that later can be retrieved. Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee’s private messages have been called into question. 


Q555. Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database? 

A. Event 

B. SQL_LOG 

C. Security 

D. Access 

Answer:

Explanation: 

Event logs include Application logs, such as those where SQL Server would write entries. This is where you would see logs with details of someone trying to access a SQL database. 


Q556. Which of the following security concepts can prevent a user from logging on from home during the weekends? 

A. Time of day restrictions 

B. Multifactor authentication 

C. Implicit deny 

D. Common access card 

Answer:

Explanation: 

Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion. 


Q557. Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab? 

A. Armored virus 

B. Polymorphic malware 

C. Logic bomb 

D. Rootkit 

Answer:

Explanation: 

An armored virus is a type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult. An Armored Virus may also protect itself from antivirus programs, making it more difficult to trace. To do this, the Armored Virus attempts to trick the antivirus program into believing its location is somewhere other than where it really is on the system. 


Q558. Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO). 

A. 10.4.4.125 

B. 10.4.4.158 

C. 10.4.4.165 

D. 10.4.4.189 

E. 10.4.4.199 

Answer: C,D 

Explanation: 

With the given subnet mask, a maximum number of 30 hosts between IP addresses 10.4.4.161 and 10.4.4.190 are allowed. Therefore, option C and D would be hosts on the same subnet, and the other options would not. 

References: http://www.subnetonline.com/pages/subnet-calculators/ip-subnet-calculator.php 


Q559. The datacenter design team is implementing a system, which requires all servers installed in racks to face in a predetermined direction. AN infrared camera will be used to verify that servers are properly racked. Which of the following datacenter elements is being designed? 

A. Hot and cold aisles 

B. Humidity control 

C. HVAC system 

D. EMI shielding 

Answer:

Explanation: 

There are often multiple rows of servers located in racks in server rooms. The rows of servers are known as aisles, and they can be cooled as hot aisles and cold aisles. With a hot aisle, hot air outlets are used to cool the equipment, whereas with cold aisles, cold air intake is used to cool the equipment. Combining the two, you have cold air intake from below the aisle and hot air outtake above it, providing constant circulation. Infrared cameras are heat detection measures thus it is hot and cold aisle design elements. 


Q560. Input validation is an important security defense because it: 

A. rejects bad or malformed data. 

B. enables verbose error reporting. 

C. protects mis-configured web servers. 

D. prevents denial of service attacks. 

Answer:

Explanation: 

Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.