Actualtests sy0 401 practice test Questions are updated and all comptia security+ study guide sy0 401 answers are verified by experts. Once you have completely prepared with our security+ sy0 401 exam prep kits you will be ready for the real sy0 401 study guide pdf exam without a problem. We have Renovate CompTIA comptia sy0 401 dumps study guide. PASSED comptia security+ sy0 401 pdf First attempt! Here What I Did.
Q351. Deploying a wildcard certificate is one strategy to:
A. Secure the certificate’s private key.
B. Increase the certificate’s encryption key length.
C. Extend the renewal date of the certificate.
D. Reduce the certificate management burden.
Answer: D
Explanation:
A wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. This saves money and reduces the management burden of managing multiple certificates, one for each subdomain.
A single Wildcard certificate for *.example.com, will secure all these domains: payment.example.com contact.example.com
login-secure.example.com
www.example.com
Because the wildcard only covers one level of subdomains (the asterisk doesn't match full stops),
these domains would not be valid for the certificate:
test.login.example.com
Q352. An administrator is concerned that a company’s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform?
A. Vulnerability scan
B. Risk assessment
C. Virus scan
D. Network sniffer
Answer: A
Explanation:
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. Vulnerabilities include computer systems that do not have the latest security patches installed. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
Q353. Joe a company’s new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Joe recommend to remediate these issues?
A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company’s servers
B. Ensure the vulnerability scanner is configured to authenticate with a privileged account
C. Ensure the vulnerability scanner is attempting to exploit the weaknesses it discovers
D. Ensure the vulnerability scanner is conducting antivirus scanning
Answer: A
Explanation:
The vulnerability scanner is returning false positives because it is trying to scan servers that it
doesn’t have access to; for example, servers on the Internet.
We need to ensure that the local network servers only are scanned. We can do this by locating the
vulnerability scanner in a segmented VLAN that has access to the company’s servers.
A false positive is an error in some evaluation process in which a condition tested for is mistakenly
found to have been detected.
In spam filters, for example, a false positive is a legitimate message mistakenly marked as UBE --unsolicited bulk email, as junk email is more formally known. Messages that are determined to be
spam -- whether correctly or incorrectly -- may be rejected by a server or client-side spam filter
and returned to the sender as bounce e-mail.
One problem with many spam filtering tools is that if they are configured stringently enough to be
effective, there is a fairly high chance of getting false positives. The risk of accidentally blocking an
important message has been enough to deter many companies from implementing any anti-spam
measures at all.
False positives are also common in security systems. A host intrusion prevention system (HIPS),
for example, looks for anomalies, such as deviations in bandwidth, protocols and ports. When
activity varies outside of an acceptable range – for example, a remote application attempting to
open a normally closed port -- an intrusion may be in progress. However, an anomaly, such as a
sudden spike in bandwidth use, does not guarantee an actual attack, so this approach amounts to
an educated guess and the chance for false positives can be high.
False positives contrast with false negatives, which are results indicating mistakenly that some
condition tested for is absent.
Q354. A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO).
A. SSH
B. TFTP
C. NTLM
D. TKIP
E. SMTP
F. PGP/GPG
Answer: A,F
Explanation:
We can use SSH to encrypt the transmission and PGP/GPG to encrypt the data at rest (on disk).
A: Secure Shell (SSH) is a cryptographic protocol that can be used to secure network communication. It establishes a secure tunnel over an insecure network.
F: Pretty Good Privacy (PGP) is a data encryption and decryption solution that can be used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
Q355. A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?
A. VLAN
B. Subnet
C. VPN
D. DMZ
Answer: D
Explanation:
A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military operation is not permitted.
Q356. After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?
A. Host based firewall
B. Initial baseline configurations
C. Discretionary access control
D. Patch management system
Answer: D
Explanation:
Q357. Which of the following practices reduces the management burden of access management?
A. Password complexity policies
B. User account audit
C. Log analysis and review
D. Group based privileges
Answer: D
Explanation: Granting permissions to all members of a group is quicker than individually assigning them to each user. This means an administrator will spend less time on assigning permissions to users who require the same access privileges.
Q358. To ensure proper evidence collection, which of the following steps should be performed FIRST?
A. Take hashes from the live system
B. Review logs
C. Capture the system image
D. Copy all compromised files
Answer: C
Explanation:
Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. This is essential since the collection of evidence process may result in some mishandling and changing the exploited state.
Q359. Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company’s network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?
A. line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password
B. line console 0 password password line vty 0 4 password P@s5W0Rd
C. line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd
D. line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd
Answer: C
Explanation:
The VTY lines are the Virtual Terminal lines of the router, used solely to control inbound Telnet connections. They are virtual, in the sense that they are a function of software - there is no hardware associated with them. Two numbers follow the keyword VTY because there is more than one VTY line for router access. The default number of lines is five on many Cisco routers. Here, I’m configuring one password for all terminal (VTY) lines. I can specify the actual terminal or VTY line numbers as a range. The syntax that you’ll see most often, vty 0 4, covers all five terminal access lines.
Q360. Digital certificates can be used to ensure which of the following? (Select TWO).
A. Availability
B. Confidentiality
C. Verification
D. Authorization
E. Non-repudiation
Answer: B,E
Explanation:
Digital Signatures is used to validate the integrity of the message and the sender. Digital certificates refer to cryptography which is mainly concerned with Confidentiality, Integrity, Authentication, Nonrepudiation and Access Control. Nonrepudiation prevents one party from denying actions they carried out.