It is more faster and easier to pass the CompTIA SY0-401 exam by using Real CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Up to the minute SY0-401 Exam and find the same core area SY0-401 questions with professionally verified answers, then PASS your exam with a high score now.

2021 Nov SY0-401 exam

Q621. Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party? 

A. The data should be encrypted prior to transport 

B. This would not constitute unauthorized data sharing 

C. This may violate data ownership and non-disclosure agreements 

D. Acme Corp should send the data to ABC Services’ vendor instead 

Answer:

Explanation: 

With sending your data to a third party is already a risk since the third party may have a different policy than yours. Data ownership and non-disclosure is already a risk that you will have to accept since the data will be sent for debugging /troubleshooting purposes which will result in definite disclosure of the data. 


Q622. A large corporation has data centers geographically distributed across multiple continents. The company needs to securely transfer large amounts of data between the data center. The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit. Which of the following represents the BEST cryptographic solution? 

A. Driving a van full of Micro SD cards from data center to data center to transfer data 

B. Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN 

C. Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN 

D. Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server 

Answer:

Explanation: 

A virtual private network (VPN) is an encrypted communication tunnel that connects two systems over an untrusted network, such as the Internet. They provide security for both authentication and data transmission through a process called encapsulation. Secure Sockets Layer (SSL) can be used to exchange the VPN keys securely. SSL is used to establish secure TCP communication between two machines by encrypting the communication. 


Q623. Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure? 

A. Error and exception handling 

B. Application hardening 

C. Application patch management 

D. Cross-site script prevention 

Answer:

Explanation: 

Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services. 


Q624. TION NO: 74 

Which of the following can be used as an equipment theft deterrent? 

A. Screen locks 

B. GPS tracking 

C. Cable locks 

D. Whole disk encryption 

Answer:

Explanation: 

Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal. 


Q625. Which of the following techniques describes the use of application isolation during execution to prevent system compromise if the application is compromised? 

A. Least privilege 

B. Sandboxing 

C. Black box 

D. Application hardening 

Answer:

Explanation: 

Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential malware that may be embedded in the new application from being able to cause harm to production systems. 


Renewal SY0-401 testing engine:

Q626. According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this? 

A. NIDS 

B. DMZ 

C. NAT 

D. VLAN 

Answer:

Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. 


Q627. In the case of a major outage or business interruption, the security office has documented the expected loss of earnings, potential fines and potential consequence to customer service. Which of the following would include the MOST detail on these objectives? 

A. Business Impact Analysis 

B. IT Contingency Plan 

C. Disaster Recovery Plan 

D. Continuity of Operations 

Answer:

Explanation: 

Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization. 


Q628. A network administrator is asked to send a large file containing PII to a business associate. 

Which of the following protocols is the BEST choice to use? 

A. SSH 

B. SFTP 

C. SMTP 

D. FTP 

Answer:

Explanation: 

SFTP encrypts authentication and data traffic between the client and server by making use of SSH to provide secure FTP communications. As a result, SFTP offers protection for both the authentication traffic and the data transfer taking place between a client and server. 


Q629. The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing? 

A. Black box 

B. Penetration 

C. Gray box 

D. White box 

Answer:

Explanation: 

Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place. 


Q630. A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO). 

A. FTP service should be disabled 

B. HTTPS service should be disabled 

C. SSH service should be disabled 

D. HTTP service should disabled 

E. Telnet service should be disabled 

Answer: C,D 

Explanation: 

Port 80 is used by HTTP. Port 22 is used by SSH. By disabling the HTTP and Telnet services, you will prevent access to the router on ports 80 and 22.