Exam Code: SY0-401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass SY0-401 Exam.

2021 Jan SY0-401 free practice exam

Q431. A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate? 

A. Authentication 

B. Integrity 

C. Confidentiality 

D. Availability 

Answer: D 

Explanation: 

Failover refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This strategy allows service to continue uninterrupted until the primary server can be restored. In the case of a network, this means processing switches to another network path in the event of a network failure in the primary path. This means availability. 

Q432. Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability? 

A. Twofish 

B. Diffie-Hellman 

C. ECC 

D. RSA 

Answer: C 

Explanation: 

Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys of smaller size. 

Q433. An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a: 

A. stateful firewall 

B. packet-filtering firewall 

C. NIPS 

D. NAT 

Answer: D 

Explanation: 

NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request. 

Q434. Which of the following is an indication of an ongoing current problem? 

A. Alert 

B. Trend 

C. Alarm 

D. Trap 

Answer: C 

Explanation: 

An alarm indicates that something is wrong and needs to be resolved as soon as possible. Alarms usually continue to sound until the problem is resolved or the alarm is manually silenced. 

Q435. A company is concerned that a compromised certificate may result in a man-in-the-middle attack against backend financial servers. In order to minimize the amount of time a compromised certificate would be accepted by other servers, the company decides to add another validation step to SSL/TLS connections. Which of the following technologies provides the FASTEST revocation capability? 

A. Online Certificate Status Protocol (OCSP) 

B. Public Key Cryptography (PKI) 

C. Certificate Revocation Lists (CRL) 

D. Intermediate Certificate Authority (CA) 

Answer: A 

Explanation: 

Latest SY0-401 exam answers:

Q436. Which of the following attacks allows access to contact lists on cellular phones? 

A. War chalking 

B. Blue jacking 

C. Packet sniffing 

D. Bluesnarfing 

Answer: D 

Explanation: 

Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages --without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled. 

Q437. Upper management decides which risk to mitigate based on cost. This is an example of: 

A. Qualitative risk assessment 

B. Business impact analysis 

C. Risk management framework 

D. Quantitative risk assessment 

Answer: D 

Explanation: 

Quantitative analysis / assessment is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure. Quantitative assessments assign a dollar amount. 

Q438. During a recent investigation, an auditor discovered that an engineer’s compromised workstation was being used to connect to SCADA systems while the engineer was not logged in. The engineer is responsible for administering the SCADA systems and cannot be blocked from connecting to them. The SCADA systems cannot be modified without vendor approval which requires months of testing. 

Which of the following is MOST likely to protect the SCADA systems from misuse? 

A. Update anti-virus definitions on SCADA systems 

B. Audit accounts on the SCADA systems 

C. Install a firewall on the SCADA network 

D. Deploy NIPS at the edge of the SCADA network 

Answer: D 

Explanation: 

A supervisory control and data acquisition (SCADA) system is an industrial control system (ICS) that is used to control infrastructure processes, facility-based processes, or industrial processes. A network-based IPS (NIPS) is an intrusion detection and prevention system that scans network traffic in real time against a database of attack signatures. It is useful for detecting and responding to network-based attacks originating from outside the organization. 

Q439. Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30. 

Which of the following was used to perform this attack? 

A. SQL injection 

B. XML injection 

C. Packet sniffer 

D. Proxy 

Answer: B 

Explanation: 

When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the user’s input and sanitize it to make certain that it does not cause XPath to return more data than it should. 

Q440. Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO). 

A. Tethering 

B. Screen lock PIN 

C. Remote wipe 

D. Email password 

E. GPS tracking 

F. Device encryption 

Answer: C,F 

Explanation: 

C: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people. 

F: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.