Exam Code: SY0-401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass SY0-401 Exam.

2021 Mar SY0-401 exam answers

Q421. Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server? 

A. $500 

B. $5,000 

C. $25,000 

D. $50,000 

Answer:

Explanation: 

SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. (5000 x 10) x 0.1 = 5000 


Q422. Which of the following concepts describes the use of a one way transformation in order to validate the integrity of a program? 

A. Hashing 

B. Key escrow 

C. Non-repudiation 

D. Steganography 

Answer:

Explanation: 

Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash 

tables and its main characteristics are: 

It must be one-way – it is not reversible. 

Variable-length input produces fixed-length output – whether you have two characters or 2 million, 

the hash size is the same. 

The algorithm must have few or no collisions – in hashing two different inputs does not give the 

same output. 


Q423. A security manager must remain aware of the security posture of each system. Which of the following supports this requirement? 

A. Training staff on security policies 

B. Establishing baseline reporting 

C. Installing anti-malware software 

D. Disabling unnecessary accounts/services 

Answer:

Explanation: 

The IT baseline protection approach is a methodology to identify and implement computer security 

measures in an organization. The aim is the achievement of an adequate and appropriate level of 

security for IT systems. This is known as a baseline. 

A baseline report compares the current status of network systems in terms of security updates, 

performance or other metrics to a predefined set of standards (the baseline). 


Q424. An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised? 

A. A password that has not changed in 180 days 

B. A single account shared by multiple users 

C. A user account with administrative rights 

D. An account that has not been logged into since creation 

Answer:

Explanation: 


Q425. A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts? 

A. Implement Group Policy to add the account to the users group on the hosts 

B. Add the account to the Domain Administrator group 

C. Add the account to the Users group on the hosts 

D. Implement Group Policy to add the account to the Power Users group on the hosts. 

Answer:

Explanation: 

Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). This means that if the GPO is linked to the domain, all Users groups in the domain will include the service account. 


Up to the immediate present SY0-401 test question:

Q426. Matt, a forensic analyst, wants to obtain the digital fingerprint for a given message. The message is 160-bits long. Which of the following hashing methods would Matt have to use to obtain this digital fingerprint? 

A. SHA1 

B. MD2 

C. MD4 

D. MD5 

Answer:

Explanation: 

The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol. This algorithm produces a 160-bit hash value. SHA (1 or 2) is preferred over Message Digest Algorithm. 


Q427. Which of the following is the BEST approach to perform risk mitigation of user access control rights? 

A. Conduct surveys and rank the results. 

B. Perform routine user permission reviews. 

C. Implement periodic vulnerability scanning. 

D. Disable user accounts that have not been used within the last two weeks. 

Answer:

Explanation: 

Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. User permissions may be the most basic aspect of security and is best coupled with a principle of least privilege. And related to permissions is the concept of the access control list (ACL). An ACL is literally a list of who can access what resource and at what level. Thus the best risk mitigation steps insofar as access control rights are concerned, is the regular/routine review of user permissions. 


Q428. Which of the following would prevent a user from installing a program on a company-owned mobile device? 

A. White-listing 

B. Access control lists 

C. Geotagging 

D. Remote wipe 

Answer:

Explanation: 

Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list. 


Q429. Which of the following was based on a previous X.500 specification and allows either unencrypted authentication or encrypted authentication through the use of TLS? 

A. Kerberos 

B. TACACS+ 

C. RADIUS 

D. LDAP 

Answer:

Explanation: 

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard 

application protocol for accessing and maintaining distributed directory information services over 

an Internet Protocol (IP) network. Directory services play an important role in developing intranet 

and Internet applications by allowing the sharing of information about users, systems, networks, 

services, and applications throughout the network. As examples, directory services may provide 

any organized set of records, often with a hierarchical structure, such as a corporate email 

directory. Similarly, a telephone directory is a list of subscribers with an address and a phone 

number. 

A common usage of LDAP is to provide a "single sign on" where one password for a user is 

shared between many services, such as applying a company login code to web pages (so that 

staff log in only once to company computers, and then are automatically logged into the company 

intranet). 

LDAP is based on a simpler subset of the standards contained within the X.500 standard. 

Because of this relationship, LDAP is sometimes called X.500-lite. 

A client starts an LDAP session by connecting to an LDAP server, called a Directory System 

Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS. Global Catalog is 

available by default on ports 3268, and 3269 for LDAPS. The client then sends an operation 

request to the server, and the server sends responses in return. 

The client may request the following operations: 

StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection 


Q430. Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card? 

A. WEP 

B. MAC filtering 

C. Disabled SSID broadcast 

D. TKIP 

Answer:

Explanation: 

MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network. While giving a wireless network some additional protection, MAC filtering can be circumvented by scanning a valid MAC (via airodumping) and then spoofing one's own MAC into a validated one.