It is more faster and easier to pass the CompTIA SY0-401 exam by using Best Quality CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Avant-garde SY0-401 Exam and find the same core area SY0-401 questions with professionally verified answers, then PASS your exam with a high score now.

2021 Jan SY0-401 testing engine

Q371. A company hosts its public websites internally. The administrator would like to make some changes to the architecture. 

The three goals are: 

(1)

 reduce the number of public IP addresses in use by the web servers 

 (2)

 drive all the web traffic through a central point of control 

 (3)

 mitigate automated attacks that are based on IP address scanning 

Which of the following would meet all three goals? 

A. Firewall 

B. Load balancer 

C. URL filter 

D. Reverse proxy 

Answer:

Explanation: 


Q372. Which of the following is a step in deploying a WPA2-Enterprise wireless network? 

A. Install a token on the authentication server 

B. Install a DHCP server on the authentication server 

C. Install an encryption key on the authentication server 

D. Install a digital certificate on the authentication server 

Answer:

Explanation: 

When setting up a wireless network, you’ll find two very different modes of Wi-Fi Protected Access (WPA) security, which apply to both the WPA and WPA2 versions. The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK) mode. It doesn’t require anything beyond the wireless router or access points (APs) and uses a single passphrase or password for all users/devices. The other is the Enterprise mode —which should be used by businesses and organizations—and 

is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides better security and key 

management, and supports other enterprise-type functionality, such as VLANs and NAP. 

However, it requires an external authentication server, called a Remote Authentication Dial In User 

Service (RADIUS) server to handle the 802.1X authentication of users. 

To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X, 

here’s the basic overall steps: 

Choose, install, and configure a RADIUS server, or use a hosted service. 

Create a certificate authority (CA), so you can issue and install a digital certificate onto the 

RADIUS server, which may be done as a part of the RADIUS server installation and configuration. 

Alternatively, you could purchase a digital certificate from a public CA, such as GoDaddy or 

Verisign, so you don’t have to install the server certificate on all the clients. If using EAP-TLS, 

you’d also create digital certificates for each end-user. 

On the server, populate the RADIUS client database with the IP address and shared secret for 

each AP. 

On the server, populate user data with usernames and passwords for each end-user. 

On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server IP 

address and the shared secret you created for that particular AP. 

On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and set the 

802.1X authentication settings. 


Q373. Which of the following BEST describes part of the PKI process? 

A. User1 decrypts data with User2’s private key 

B. User1 hashes data with User2’s public key 

C. User1 hashes data with User2’s private key 

D. User1 encrypts data with User2’s public key 

Answer:

Explanation: 

In a PKI the sender encrypts the data using the receiver's public key. The receiver decrypts the 

data using his own private key. 

PKI is a two-key, asymmetric system with four main components: certificate authority (CA), 

registration authority (RA), RSA (the encryption algorithm), and digital certificates. Messages are 

encrypted with a public key and decrypted with a private key. 

A PKI example: 

1.

 You want to send an encrypted message to Jordan, so you request his public key. 

2.

 Jordan responds by sending you that key. 

3.

 You use the public key he sends you to encrypt the message. 

4.

 You send the message to him. 

5.

 Jordan uses his private key to decrypt the message. 


Q374. Which of the following security concepts can prevent a user from logging on from home during the weekends? 

A. Time of day restrictions 

B. Multifactor authentication 

C. Implicit deny 

D. Common access card 

Answer:

Explanation: 

Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion. 


Q375. A computer is found to be infected with malware and a technician re-installs the operating system. The computer remains infected with malware. This is an example of: 

A. a rootkit. 

B. a MBR infection. 

C. an exploit kit. 

D. Spyware. 

Answer:

Explanation: 


Improved SY0-401 torrent:

Q376. Which of the following BEST represents the goal of a vulnerability assessment? 

A. To test how a system reacts to known threats 

B. To reduce the likelihood of exploitation 

C. To determine the system’s security posture 

D. To analyze risk mitigation strategies 

Answer:

Explanation: 

A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates. 

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. 


Q377. Users are encouraged to click on a link in an email to obtain exclusive access to the newest version of a popular Smartphone. This is an example of. 

A. Scarcity 

B. Familiarity 

C. Intimidation 

D. Trust 

Answer:

Explanation: 

Scarcity, in the area of social psychology, works much like scarcity in the area of economics. Simply put, humans place a higher value on an object that is scarce, and a lower value on those that are abundant. The thought that we, as humans, want something we cannot have drives us to desire the object even more. This idea is deeply embedded in the intensely popular, “Black Friday” shopping extravaganza that U.S. consumers participate in every year on the day after Thanksgiving. More than getting a bargain on a hot gift idea, shoppers thrive on the competition itself, in obtaining the scarce product. 

In this question, people want the brand new latest version of a smartphone. The temptation of being one of the first to get the new phone will tempt people into clicking the link in the email. 


Q378. A distributed denial of service attack can BEST be described as: 

A. Invalid characters being entered into a field in a database application. 

B. Users attempting to input random or invalid data into fields within a web browser application. 

C. Multiple computers attacking a single target in an organized attempt to deplete its resources. 

D. Multiple attackers attempting to gain elevated privileges on a target system. 

Answer:

Explanation: 

A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. 

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack. 


Q379. Which of the following solutions provides the most flexibility when testing new security controls prior to implementation? 

A. Trusted OS 

B. Host software baselining 

C. OS hardening 

D. Virtualization 

Answer:

Explanation: 


Q380. It has been discovered that students are using kiosk tablets intended for registration and scheduling to play games and utilize instant messaging. Which of the following could BEST eliminate this issue? 

A. Device encryption 

B. Application control 

C. Content filtering 

D. Screen-locks 

Answer:

Explanation: