Exam Code: SY0-401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass SY0-401 Exam.

2021 Mar SY0-401 answers

Q251. Several employees submit the same phishing email to the administrator. The administrator finds that the links in the email are not being blocked by the company’s security device. Which of the following might the administrator do in the short term to prevent the emails from being received? 

A. Configure an ACL 

B. Implement a URL filter 

C. Add the domain to a block list 

D. Enable TLS on the mail server 

Answer:

Explanation: 

Blocking e-mail is the same as preventing the receipt of those e-mails and this is done by applying a filter. But the filter must be configured to block it. Thus you should add that specific domain from where the e-mails are being sent to the list of addresses that is to be blocked. 


Q252. Mike, a network administrator, has been asked to passively monitor network traffic to the company’s sales websites. Which of the following would be BEST suited for this task? 

A. HIDS 

B. Firewall 

C. NIPS 

D. Spam filter 

Answer:

Explanation: 

Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. 


Q253. A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO). 

A. Fault tolerance 

B. Encryption 

C. Availability 

D. Integrity 

E. Safety 

F. Confidentiality 

Answer: D,E 

Explanation: 

Aspects such as fencing, proper lighting, locks, CCTV, Escape plans Drills, escape routes and 

testing controls form part of safety controls. 

Integrity refers to aspects such as hashing, digital signatures, certificates and non-repudiation – all 

of which has to do with data integrity. 


Q254. Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system? 

A. Biometrics 

B. PKI 

C. Single factor authentication 

D. Multifactor authentication 

Answer:

Explanation: 

Multifactor authentication requires a user to provide two or more authentication factors for authentication purposes. In this case, a smart card (something they have) is one and a PIN (something they know) is the second. 


Q255. Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following? 

A. Root Kit 

B. Spyware 

C. Logic Bomb 

D. Backdoor 

Answer:

Explanation: 

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission. Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures—and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers. 


Improved SY0-401 study guide:

Q256. Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file? 

A. Cognitive password 

B. Password sniffing 

C. Brute force 

D. Social engineering 

Answer:

Explanation: 

One way to recover a user’s forgotten password on a password protected file is to guess it. A brute force attack is an automated attempt to open the file by using many different passwords. 

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security. A brute force attack may also be referred to as brute force cracking. For example, a form of brute force attack known as a dictionary attack might try all the words in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers. An attack of this nature can be time- and resource-consuming. Hence the name "brute force attack;" success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm. 


Q257. Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter? 

A. Increased availability of network services due to higher throughput 

B. Longer MTBF of hardware due to lower operating temperatures 

C. Higher data integrity due to more efficient SSD cooling 

D. Longer UPS run time due to increased airflow 

Answer:

Explanation: 

The mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component. This measurement determines the component’s anticipated lifetime. If the MTBF of a cooling system is one year, you can anticipate that the system will last for a one-year period; this means that you should be prepared to replace or rebuild the system once a year. If the system lasts longer than the MTBF, your organization receives a bonus. MTBF is helpful in evaluating a system’s reliability and life expectancy. Thus longer MTBF due to lower operating temperatures is a definite advantage 


Q258. Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services? 

A. NIPS 

B. Content filter 

C. NIDS 

D. Host-based firewalls 

Answer:

Explanation: 


Q259. Certificates are used for: (Select TWO). 

A. Client authentication. 

B. WEP encryption. 

C. Access control lists. 

D. Code signing. 

E. Password hashing. 

Answer: A,D 

Explanation: 

Certificates are used in PKI to digitally sign data, information, files, email, code, etc. Certificates are also used in PKI for client authentication. 


Q260. A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure? 

A. IPsec 

B. SFTP 

C. BGP 

D. PPTP 

Answer:

Explanation: 

Layer 2 Tunneling Protocol (L2TP) came about through a partnership between Cisco and Microsoft with the intention of providing a more secure VPN protocol. L2TP is considered to be a more secure option than PPTP, as the IPSec protocol which holds more secure encryption algorithms, is utilized in conjunction with it. It also requires a pre-shared certificate or key. L2TP’s strongest level of encryption makes use of 168 bit keys, 3 DES encryption algorithm and requires two levels of authentication. L2TP has a number of advantages in comparison to PPTP in terms of providing data integrity and authentication of origin verification designed to keep hackers from compromising the system. However, the increased overhead required to manage this elevated security means that it performs at a slower pace than PPTP.