Act now and download your CompTIA SY0-401 test today! Do not waste time for the worthless CompTIA SY0-401 tutorials. Download Latest CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA SY0-401 with a classic professional.
2021 Nov SY0-401 exam price
Q241. Which of the following network design elements allows for many internal devices to share one public IP address?
A. DNAT
B. PAT
C. DNS
D. DMZ
Answer: B
Explanation:
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network's router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP address with a different port number. Although both computers are sharing the same public IP address and accessing the Internet at the same time, the router knows exactly which computer to send specific packets to because each computer has a unique internal address.
Q242. Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?
A. NIPS
B. HIDS
C. HIPS
D. NIDS
Answer: A
Explanation:
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it
Q243. Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts?
A. Availability
B. Integrity
C. Accounting
D. Confidentiality
Answer: B
Explanation:
Integrity means ensuring that data has not been altered. Hashing and message authentication codes are the most common methods to accomplish this. In addition, ensuring nonrepudiation via digital signatures supports integrity.
Q244. The datacenter manager is reviewing a problem with a humidity factor that is too low. Which of the following environmental problems may occur?
A. EMI emanations
B. Static electricity
C. Condensation
D. Dry-pipe fire suppression
Answer: B
Explanation:
Humidity control prevents the buildup of static electricity in the environment. If the humidity drops much below 50 percent, electronic components are extremely vulnerable to damage from electrostatic shock.
Q245. Which of the following is being tested when a company’s payroll server is powered off for eight hours?
A. Succession plan
B. Business impact document
C. Continuity of operations plan
D. Risk assessment plan
Answer: C
Explanation:
Continuity of operations plan is the effort to ensure the continued performance of critical business functions during a wide range of potential emergencies.
Refresh SY0-401 practice question:
Q246. A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. Which of the following is the BEST approach for implementation of the new application on the virtual server?
A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location.
B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application.
C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location.
D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application.
Answer: C
Explanation:
Q247. Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?
A. It should be enforced on the client side only.
B. It must be protected by SSL encryption.
C. It must rely on the user’s knowledge of the application.
D. It should be performed on the server side.
Answer: D
Explanation:
Client-side validation should only be used to improve user experience, never for security purposes. A client-side input validation check can improve application performance by catching malformed input on the client and, therefore, saving a roundtrip to the server. However, client side validation can be easily bypassed and should never be used for security purposes. Always use server-side validation to protect your application from malicious attacks.
Q248. Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?
A. Root Kit
B. Spyware
C. Logic Bomb
D. Backdoor
Answer: D
Explanation:
A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission. Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures—and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.
Q249. Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective?
A. CHAP
B. SAML
C. Kerberos
D. Diameter
Answer: D
Explanation:
Diameter is an authentication, authorization, and accounting protocol that replaces the RADIUS protocol. Diameter Applications extend the base protocol by including new commands and/or attributes, such as those for use of the Extensible Authentication Protocol (EAP).
Q250. An IT security technician is actively involved in identifying coding issues for her company.
Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?
A. Vulnerability scanning
B. Denial of service
C. Fuzzing
D. Port scanning
Answer: C
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.