Exam Code: SY0-401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass SY0-401 Exam.

2021 Dec SY0-401 exam cram

Q601. Which of the following file systems is from Microsoft and was included with their earliest operating systems? 

A. NTFS 

B. UFS 

C. MTFS 

D. FAT 

Answer:

Explanation: 

File Allocation Table (FAT) is a file system created by Microsoft and used for its earliest DOS operating systems. 


Q602. A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO). 

A. Deploy a honeypot 

B. Disable unnecessary services 

C. Change default passwords 

D. Implement an application firewall 

E. Penetration testing 

Answer: B,C 

Explanation: 


Q603. Which of the following can be performed when an element of the company policy cannot be enforced by technical means? 

A. Develop a set of standards 

B. Separation of duties 

C. Develop a privacy policy 

D. User training 

Answer:

Explanation: 

User training is an important aspect of maintaining safety and security. It helps improve users’ security awareness in terms of prevention, enforcement, and threats. It is of critical importance when element of the company policy cannot be enforced by technical means. 


Q604. Which of the following is BEST carried out immediately after a security breach is discovered? 

A. Risk transference 

B. Access control revalidation 

C. Change management 

D. Incident management 

Answer:

Explanation: 

Incident management is the steps followed when security incident occurs. 


Q605. A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO). 

A. SSH 

B. TFTP 

C. NTLM 

D. TKIP 

E. SMTP 

F. PGP/GPG 

Answer: A,F 

Explanation: 

We can use SSH to encrypt the transmission and PGP/GPG to encrypt the data at rest (on disk). 

A: Secure Shell (SSH) is a cryptographic protocol that can be used to secure network communication. It establishes a secure tunnel over an insecure network. 

F: Pretty Good Privacy (PGP) is a data encryption and decryption solution that can be used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. 


Improve SY0-401 exam fees:

Q606. A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people's first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data? 

A. PII 

B. PCI 

C. Low 

D. Public 

Answer:

Explanation: 


Q607. Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms? 

A. Signature based IPS 

B. Signature based IDS 

C. Application based IPS 

D. Anomaly based IDS 

Answer:

Explanation: 

Most intrusion detection systems (IDS) are what is known as signature-based. This means that they operate in much the same way as a virus scanner, by searching for a known identity - or signature - for each specific intrusion event. And, while signature-based IDS is very efficient at sniffing out known s of attack, it does, like anti-virus software, depend on receiving regular signature updates, to keep in touch with variations in hacker technique. In other words, signature-based IDS is only as good as its database of stored signatures. Any organization wanting to implement a more thorough - and hence safer - solution, should consider what we call anomaly-based IDS. By its nature, anomaly-based IDS is a rather more complex creature. In network traffic terms, it captures all the headers of the IP packets running towards the network. From this, it filters out all known and legal traffic, including web traffic to the organization's web server, mail traffic to and from its mail server, outgoing web traffic from company employees and DNS traffic to and from its DNS server. 

There are other equally obvious advantages to using anomaly-based IDS. For example, because it detects any traffic that is new or unusual, the anomaly method is particularly good at identifying sweeps and probes towards network hardware. It can, therefore, give early warnings of potential intrusions, because probes and scans are the predecessors of all attacks. And this applies equally to any new service installed on any item of hardware - for example, Telnet deployed on a network router for maintenance purposes and forgotten about when the maintenance was finished. This makes anomaly-based IDS perfect for detecting anything from port anomalies and web anomalies to mis-formed attacks, where the URL is deliberately mis-typed. 


Q608. A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles? 

A. Leverage role-based access controls. 

B. Perform user group clean-up. 

C. Verify smart card access controls. 

D. Verify SHA-256 for password hashes. 

Answer:

Explanation: Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user, group and computer objects accumulating over time and placing security and compliance objectives in jeopardy. You would therefore need to regularly clean-up these settings. 


Q609. Which of the following security concepts identifies input variables which are then used to perform boundary testing? 

A. Application baseline 

B. Application hardening 

C. Secure coding 

D. Fuzzing 

Answer:

Explanation: 

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. 


Q610. Which of the following would Jane, an administrator, use to detect an unknown security vulnerability? 

A. Patch management 

B. Application fuzzing 

C. ID badge 

D. Application configuration baseline 

Answer:

Explanation: 

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.