Ucertify provides 100% no cost CompTIA SY0-401 braindumps which promise your good results at the 1st attempt. No a lot more other internet sites can offer this promise. You will have immediate access in order to our downloadable SY0-401 test engine software. Get the perfect CompTIA CompTIA training materials and also make entire preparation for the SY0-401 exam. You can find everything available that may appear in the CompTIA SY0-401 exam. Our CompTIA CompTIA exam questions and answers are generally in details and inside depth. We develop an interactive platform pertaining to all the candidates. It is possible to visit the webpage, and also talk with the other. So you can make progress quicker and also easier.

2021 Mar SY0-401 free practice questions

Q331. Which of the following would allow the organization to divide a Class C IP address range into several ranges? 

A. DMZ 

B. Virtual LANs 

C. NAT 

D. Subnetting 

Answer:

Explanation: 

Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections. 


Q332. During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO). 

A. SSL 1.0 

B. RC4 

C. SSL 3.0 

D. AES 

E. DES 

F. TLS 1.0 

Answer: A,E 

Explanation: 

TLS 1.0 and SSL 1.0 both have known vulnerabilities and have been replaced by later versions. Any systems running these ciphers should have them disabled. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication Netscape developed the original SSL protocol. Version 1.0 was never publicly released because of serious security flaws in the protocol; version 2.0, released in February 1995, "contained a number of security flaws which ultimately led to the design of SSL version 3.0”. TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0". TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security. TLS 1.1 and then TLS 1.2 were created to replace TLS 1.0. 


Q333. Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new software? 

A. Application white listing 

B. Network penetration testing 

C. Application hardening 

D. Input fuzzing testing 

Answer:

Explanation: 

Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services. 


Q334. A security administrator wants to deploy a physical security control to limit an individual’s access into a sensitive area. Which of the following should be implemented? 

A. Guards 

B. CCTV 

C. Bollards 

D. Spike strip 

Answer:

Explanation: 

A guard can be intimidating and respond to a situation and in a case where you want to limit an individual’s access to a sensitive area a guard would be the most effective. 


Q335. An active directory setting restricts querying to only secure connections. Which of the following ports should be selected to establish a successful connection? 

A. 389 

B. 440 

C. 636 

D. 3286 

Answer:

Explanation: 


Up to the immediate present SY0-401 exam price:

Q336. An organization has three divisions: Accounting, Sales, and Human Resources. Users in the Accounting division require access to a server in the Sales division, but no users in the Human Resources division should have access to resources in any other division, nor should any users in the Sales division have access to resources in the Accounting division. Which of the following network segmentation schemas would BEST meet this objective? 

A. Create two VLANS, one for Accounting and Sales, and one for Human Resources. 

B. Create one VLAN for the entire organization. 

C. Create two VLANs, one for Sales and Human Resources, and one for Accounting. 

D. Create three separate VLANS, one for each division. 

Answer:

Explanation: 


Q337. An auditor’s report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors’ accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding? 

A. Disable unnecessary contractor accounts and inform the auditor of the update. 

B. Reset contractor accounts and inform the auditor of the update. 

C. Inform the auditor that the accounts belong to the contractors. 

D. Delete contractor accounts and inform the auditor of the update. 

Answer:

Explanation: 

A disabled account cannot be used. It is ‘disabled’. Whenever an employee leaves a company, the employee’s user account should be disabled. The question states that the accounts are contractors’ accounts who would be returning in three months. Therefore, it would be easier to keep the accounts rather than deleting them which would require that the accounts are recreated in three months time. By disabling the accounts, we can ensure that the accounts cannot be used; in three months when the contractors are back, we can simply re-enable the accounts. 


Q338. A technician is investigating intermittent switch degradation. The issue only seems to occur when the building’s roof air conditioning system runs. Which of the following would reduce the connectivity issues? 

A. Adding a heat deflector 

B. Redundant HVAC systems 

C. Shielding 

D. Add a wireless network 

Answer:

Explanation: 

EMI can cause circuit overload, spikes, or even electrical component failure. In the question it is mentioned that switch degradation occurs when the building’s roof air-conditioning system is also running. All electromechanical systems emanate EMI. Thus you could alleviate the problem using EMI shielding. 


Q339. A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room? 

A. Man-in-the-middle 

B. Tailgating 

C. Impersonation 

D. Spoofing 

Answer:

Explanation: 

Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat. 

In this question, by using the coworker’s card, the security administrator is ‘impersonating’ the coworker. The server room locking system and any logging systems will ‘think’ that the coworker has entered the server room. 


Q340. Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. 

After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue? 

A. Spam filter 

B. Protocol analyzer 

C. Web application firewall 

D. Load balancer 

Answer:

Explanation: 

A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a typical host system. In either case, a protocol analyzer is first a packet capturing tool that can collect network traffic and store it in memory or onto a storage device. Once a packet is captured, it can be analyzed either with complex automated tools and scripts or manually.