Exam Code: SY0-401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass SY0-401 Exam.

2021 Dec SY0-401 exam answers

Q91. A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO). 

A. Password age 

B. Password hashing 

C. Password complexity 

D. Password history 

E. Password length 

Answer: A,D 

Explanation: 

D: Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a user from changing his password to any of his previous 5 passwords. 

A: When a user is forced to change his password due to a maximum password age period expiring, he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the same password for at least 30 days. 


Q92. A security administrator must implement a system that will support and enforce the following file system access control model: FILE NAME SECURITY LABEL Employees.doc Confidential Salary.xls Confidential 

OfficePhones.xls Unclassified 

PersonalPhones.xls Restricted 

Which of the following should the security administrator implement? 

A. White and black listing 

B. SCADA system 

C. Trusted OS 

D. Version control 

Answer:

Explanation: 


Q93. A network administrator recently updated various network devices to ensure redundancy throughout the network. If an interface on any of the Layer 3 devices were to go down, traffic will still pass through another interface and the production environment would be unaffected. This type of configuration represents which of the following concepts? 

A. High availability 

B. Load balancing 

C. Backout contingency plan 

D. Clustering 

Answer:

Explanation: 

High availability (HA) refers to the measures used to keep services and systems operational during an outage. In short, the goal is to provide all services to all users, where they need them and when they need them. With high availability, the goal is to have key services available 99.999 percent of the time (also known as five nines availability). 


Q94. Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server? 

A. HIPS 

B. NIDS 

C. HIDS 

D. NIPS 

Answer:

Explanation: 

This question is asking which of the following is designed to stop an intrusion on a specific server. To stop an intrusion on a specific server, you would use a HIPS (Host Intrusion Prevention System). The difference between a HIPS and other intrusion prevention systems is that a HIPS is a software intrusion prevention systems that is installed on a ‘specific server’. 

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. 

A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion. 


Q95. The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. 

Which of the following risk mitigation strategies is MOST important to the security manager? 

A. User permissions 

B. Policy enforcement 

C. Routine audits 

D. Change management 

Answer:

Explanation: 

After you have implemented security controls based on risk, you must perform routine audits. These audits should include reviews of user rights and permissions as well as specific events. You should pay particular attention to false positives and negatives. 


Renewal SY0-401 free exam:

Q96. A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. 

Which of the following is the BEST approach for implementation of the new application on the virtual server? 

A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location. 

B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application. 

C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location. 

D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application. 

Answer:

Explanation: 

Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications. However, the snapshot should be taken before the application or update is installed. 


Q97. A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user’s host: 

Old `hosts’ file: 

127.0.0.1 localhost 

New `hosts’ file: 

127.0.0.1 localhost 

5.5.5.5 www.comptia.com 

Which of the following attacks has taken place? 

A. Spear phishing 

B. Pharming 

C. Phishing 

D. Vishing 

Answer:

Explanation: 

We can see in this question that a fraudulent entry has been added to the user’s hosts file. This will point the URL: www.comptia.com to 5.5.5.5 instead of the correct IP address. Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server (or hosts file) by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing. 


Q98. Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide? 

A. No competition with the company’s official social presence 

B. Protection against malware introduced by banner ads 

C. Increased user productivity based upon fewer distractions 

D. Elimination of risks caused by unauthorized P2P file sharing 

Answer:

Explanation: 

Banner, or header information messages sent with data to find out about the system(s) does happen. Banners often identify the host, the operating system running on it, and other information that can be useful if you are going to attempt to later breach the security of it. 


Q99. A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed? 

A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls. 

B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities. 

C. Exploit security controls to determine vulnerabilities and misconfigurations. 

D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls. 

Answer:

Explanation: 

We need to determine if vulnerabilities exist by passively testing security controls. A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise. 


Q100. A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model? 

A. Software as a Service 

B. DMZ 

C. Remote access support 

D. Infrastructure as a Service 

Answer:

Explanation: 

Software as a Service (SaaS) allows for on-demand online access to specific software applications or suites without having to install it locally. This will allow the data center to continue providing network and security services.