It is impossible to pass CompTIA SY0-401 exam without any help in the short term. Come to Pass4sure soon and find the most advanced, correct and guaranteed CompTIA SY0-401 practice questions. You will get a surprising result by our Up to the immediate present CompTIA Security+ Certification practice guides.
2021 Mar SY0-401 test question
Q121. The Chief Executive Officer (CEO) receives a suspicious voice mail warning of credit card fraud. No one else received the voice mail. Which of the following BEST describes this attack?
A. Whaling
B. Vishing
C. Spear phishing
D. Impersonation
Answer: A
Explanation:
Q122. Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device’s removable media in the event that the device is lost or stolen?
A. Hashing
B. Screen locks
C. Device password
D. Encryption
Answer: D
Explanation:
Encryption is used to ensure the confidentiality of information.
Q123. Which of the following uses both a public and private key?
A. RSA
B. AES
C. MD5
D. SHA
Answer: A
Explanation:
The RSA algorithm is an early public-key encryption system that uses large integers as the basis
for the process.
RSA uses both a public key and a secret.
RSA key generation process:
1.
Generate two large random primes, p and q, of approximately equal size such that their product, n = pq, is of the required bit length (such as 2048 bits, 4096 bits, and so forth). Let n = pq Let m = (p-1)(q-1)
2.
Choose a small number e, co-prime to m (note: Two numbers are co-prime if they have no common factors).
3.
Find d, such that de % m = 1
4.
Publish e and n as the public key. Keep d and n as the secret key.
Q124. The incident response team has received the following email message.
From: monitor@ext-company.com To: security@company.com Subject: Copyright infringement
A copyright infringement alert was triggered by IP address 13.10.66.5 at 09: 50: 01 GMT.
After reviewing the following web logs for IP 13.10.66.5, the team is unable to correlate and identify the incident.
09:
45: 33 13.10.66.5 http: //remote.site.com/login.asp?user=john
09:
50: 22 13.10.66.5 http: //remote.site.com/logout.asp?user=anne
10: 50: 01 13.10.66.5 http: //remote.site.com/access.asp?file=movie.mov
11: 02: 45 13.10.65.5 http: //remote.site.com/download.asp?movie.mov=ok
Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?
A. The logs are corrupt and no longer forensically sound.
B. Traffic logs for the incident are unavailable.
C. Chain of custody was not properly maintained.
D. Incident time offsets were not accounted for.
Answer: D
Explanation:
It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as well. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system.
Q125. NO: 36
Sara, a security technician, has received notice that a vendor coming in for a presentation will require access to a server outside of the network. Currently, users are only able to access remote sites through a VPN connection. How could Sara BEST accommodate the vendor?
A. Allow incoming IPSec traffic into the vendor’s IP address.
B. Set up a VPN account for the vendor, allowing access to the remote site.
C. Turn off the firewall while the vendor is in the office, allowing access to the remote site.
D. Write a firewall rule to allow the vendor to have access to the remote site.
Answer: D
Explanation:
Firewall rules are used to define what traffic is able pass between the firewall and the internal network. Firewall rules block the connection, allow the connection, or allow the connection only if it is secured. Firewall rules can be applied to inbound traffic or outbound traffic and any type of network.
Improved SY0-401 practice exam:
Q126. Which of the following is used by the recipient of a digitally signed email to verify the identity of the sender?
A. Recipient’s private key
B. Sender’s public key
C. Recipient’s public key
D. Sender’s private key
Answer: B
Explanation:
When the sender wants to send a message to the receiver. It’s important that this message not be altered. The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The recipient uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic. Thus the recipient uses the sender’s public key to verify the sender’s identity.
Q127. When using PGP, which of the following should the end user protect from compromise? (Select TWO).
A. Private key
B. CRL details
C. Public key
D. Key password
E. Key escrow
F. Recovery agent
Answer: A,D
Explanation:
A: In PGP only the private key belonging to the receiver can decrypt the session key.
PGP combines symmetric-key encryption and public-key encryption. The message is encrypted
using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is
used only once and is also called a session key.
D: PGP uses a passphrase to encrypt your private key on your machine. Your private key is
encrypted on your disk using a hash of your passphrase as the secret key. You use the
passphrase to decrypt and use your private key.
Q128. An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?
A. Generate a new private key based on AES.
B. Generate a new public key based on RSA.
C. Generate a new public key based on AES.
D. Generate a new private key based on RSA.
Answer: D
Explanation:
Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The private key is needed to produce, but it is not part of, the CSR. The private key is an RSA key. The private encryption key that will be used to protect sensitive information. Note: A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually created at the same time that you create the CSR.
Q129. A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application’s task. Which of the following is the security administrator practicing in this example?
A. Explicit deny
B. Port security
C. Access control lists
D. Implicit deny
Answer: C
Explanation:
Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.
Q130. Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues. Which of the following should the technician do?
A. Change the access point from WPA2 to WEP to determine if the encryption is too strong
B. Clear all access logs from the AP to provide an up-to-date access list of connected users
C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter
D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap
Answer: C
Explanation:
The users may be connecting to a rogue access point. The rogue access point could be hosting a wireless network that has the same SSID as the corporate wireless network. The only way to tell for sure if the access point the users are connecting to is the correct one is to check the MAC address. Every network card has a unique 48-bit address assigned. A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model. MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. A network node may have multiple NICs and each NIC must have a unique MAC address. MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64.