401 SEC+ Exam Guaranteed Pass: Multiple
Questions & Correct Answers from Premier
Scholars Worldwide for Exam Success
A security analyst implemented group-based privileges within the company active
directory. Which of the following account management techniques should be undertaken
regularly to ensure least privilege principles?
A. Leverage role-based access controls.
B. Perform user group clean-up.
C. Verify smart card access controls.
D. Verify SHA-256 for password hashes - -correct ans- -Answer: B
Explanation:
Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user,
group and computer objects accumulating over time and placing security and compliance
objectives in jeopardy. You would therefore need to regularly clean-up these settings.
Privilege creep among long-term employees can be mitigated by which of the following
procedures?
A. User permission reviews
B. Mandatory vacations
C. Separation of duties
D. Job function rotation - -correct ans- -Answer: A
Explanation:
Privilege creep is the steady build-up of access rights beyond what a user requires to
perform his/her task. Privilege creep can be decreased by conducting sporadic access
rights reviews,which will confirm each user's need to access specific roles and rights in an
effort to find and rescind excess privileges
,A recent audit of a company's identity management system shows that 30% of active
accounts belong to people no longer with the firm. Which of the following should be
performed to help avoid this scenario? (Select TWO).
A. Automatically disable accounts that have not been utilized for at least 10 days.
B. Utilize automated provisioning and de-provisioning processes where possible.
C. Request that employees provide a list of systems that they have access to prior to
leaving the firm.
D. Perform regular user account review / revalidation process.
E. Implement a process where new account creations require management approval. - -
correct ans- -Answer: B,D
Explanation:
Provisioning and de-provisioning processes can occur manually or automatically. Since the
manual processes are so time consuming, the automated option should be used as it is
more efficient. Revalidating user accounts would determine which users are no longer
active
In order for network monitoring to work properly, you need a PC and a network card running
in what mode?
A. Launch
B. Exposed
C. Promiscuous
D. Sweep - -correct ans- -Answer: C
Explanation:
Promiscuous mode allows the network card to look at any packet that it sees on the
network. This even includes packets that are not addressed to that network card.
, Which of the following techniques enables a highly secured organization to assess security
weaknesses in real time?
A. Access control lists
B. Continuous monitoring
C. Video surveillance
D. Baseline reporting - -correct ans- -Answer: B
Explanation:
Continuous monitoring point toward the never-ending review of what resources a user
actually accesses, which is critical for preventing insider threats. Because the process is
never-ending, assessments happen in real time
A new intern was assigned to the system engineering department, which consists of the
system architect and system software developer's teams. These two teams have separate
privileges. The intern requires privileges to view the system architectural drawings and
comment on some software development projects. Which of the following methods should
the system administrator implement?
A. Group based privileges
B. Generic account prohibition
C. User access review
D. Credential management - -correct ans- -Answer: A
Explanation:
You can assign permissions to access resources either to a user or a group. The most
efficient way is to assign permissions to a group (group based privileges). By assigning the
intern's user account to both groups, the intern will inherit the permissions assigned to
those groups.
A system administrator needs to ensure that certain departments have more restrictive
controls to their shared folders than other departments. Which of the following security
controls would be implemented to restrict those departments?
Questions & Correct Answers from Premier
Scholars Worldwide for Exam Success
A security analyst implemented group-based privileges within the company active
directory. Which of the following account management techniques should be undertaken
regularly to ensure least privilege principles?
A. Leverage role-based access controls.
B. Perform user group clean-up.
C. Verify smart card access controls.
D. Verify SHA-256 for password hashes - -correct ans- -Answer: B
Explanation:
Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user,
group and computer objects accumulating over time and placing security and compliance
objectives in jeopardy. You would therefore need to regularly clean-up these settings.
Privilege creep among long-term employees can be mitigated by which of the following
procedures?
A. User permission reviews
B. Mandatory vacations
C. Separation of duties
D. Job function rotation - -correct ans- -Answer: A
Explanation:
Privilege creep is the steady build-up of access rights beyond what a user requires to
perform his/her task. Privilege creep can be decreased by conducting sporadic access
rights reviews,which will confirm each user's need to access specific roles and rights in an
effort to find and rescind excess privileges
,A recent audit of a company's identity management system shows that 30% of active
accounts belong to people no longer with the firm. Which of the following should be
performed to help avoid this scenario? (Select TWO).
A. Automatically disable accounts that have not been utilized for at least 10 days.
B. Utilize automated provisioning and de-provisioning processes where possible.
C. Request that employees provide a list of systems that they have access to prior to
leaving the firm.
D. Perform regular user account review / revalidation process.
E. Implement a process where new account creations require management approval. - -
correct ans- -Answer: B,D
Explanation:
Provisioning and de-provisioning processes can occur manually or automatically. Since the
manual processes are so time consuming, the automated option should be used as it is
more efficient. Revalidating user accounts would determine which users are no longer
active
In order for network monitoring to work properly, you need a PC and a network card running
in what mode?
A. Launch
B. Exposed
C. Promiscuous
D. Sweep - -correct ans- -Answer: C
Explanation:
Promiscuous mode allows the network card to look at any packet that it sees on the
network. This even includes packets that are not addressed to that network card.
, Which of the following techniques enables a highly secured organization to assess security
weaknesses in real time?
A. Access control lists
B. Continuous monitoring
C. Video surveillance
D. Baseline reporting - -correct ans- -Answer: B
Explanation:
Continuous monitoring point toward the never-ending review of what resources a user
actually accesses, which is critical for preventing insider threats. Because the process is
never-ending, assessments happen in real time
A new intern was assigned to the system engineering department, which consists of the
system architect and system software developer's teams. These two teams have separate
privileges. The intern requires privileges to view the system architectural drawings and
comment on some software development projects. Which of the following methods should
the system administrator implement?
A. Group based privileges
B. Generic account prohibition
C. User access review
D. Credential management - -correct ans- -Answer: A
Explanation:
You can assign permissions to access resources either to a user or a group. The most
efficient way is to assign permissions to a group (group based privileges). By assigning the
intern's user account to both groups, the intern will inherit the permissions assigned to
those groups.
A system administrator needs to ensure that certain departments have more restrictive
controls to their shared folders than other departments. Which of the following security
controls would be implemented to restrict those departments?
