Want to know Actualtests sy0 401 practice test Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Download CompTIA sy0 401 practice exam answers to Abreast of the times sy0 401 study guide pdf questions at Actualtests. Gat a success with an absolute guarantee to pass CompTIA comptia security+ study guide sy0 401 (CompTIA Security+ Certification) test on your first attempt.

Q261. Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches? 

A. DIAMETER 

B. RADIUS 

C. TACACS+ 

D. Kerberos 

Answer:

Explanation: 

TACACS+ is an authentication, authorization, and accounting (AAA) service that makes us of TCP only. 


Q262. Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database? 

A. Event 

B. SQL_LOG 

C. Security 

D. Access 

Answer:

Explanation: 

Event logs include Application logs, such as those where SQL Server would write entries. This is where you would see logs with details of someone trying to access a SQL database. 


Q263. Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts? 

Host 192.168.1.123 

[00:00:01]Successful Login: 015 192.168.1.123 : local 

[00:00:03]Unsuccessful Login: 022 214.34.56.006 :RDP 192.168.1.124 

[00:00:04]UnSuccessful Login: 010 214.34.56.006 :RDP 192.168.1.124 

[00:00:07]UnSuccessful Login: 007 214.34.56.006 :RDP 192.168.1.124 

[00:00:08]UnSuccessful

 Login: 003 214.34.56.006 :RDP 192.168.1.124 

A. Reporting 

B. IDS 

C. Monitor system logs 

D. Hardening 

Answer:

Explanation: 


Q264. A company hosts its public websites internally. The administrator would like to make some changes to the architecture. 

The three goals are: 

(1)

 reduce the number of public IP addresses in use by the web servers 

 (2)

 drive all the web traffic through a central point of control 

 (3)

 mitigate automated attacks that are based on IP address scanning 

Which of the following would meet all three goals? 

A. Firewall 

B. Load balancer 

C. URL filter 

D. Reverse proxy 

Answer:

Explanation: 


Q265. Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts? 

Host 192.168.1.123 

[00:

 00: 01]Successful Login: 015 192.168.1.123 : local 

 [00:

 00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124 

 [00:

 00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124 

 [00:

 00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124 

 [00:

 00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124 

A. 

Reporting 

B. 

IDS 

C. 

Monitor system logs 

D. 

Hardening 

Answer:

Explanation: 

We can see a number of unsuccessful login attempts using a Remote Desktop Connection (using the RDP protocol) from a computer with the IP address 192.168.1.124. Someone successfully logged in locally. This is probably an authorized login (for example, Joe logging in). Hardening is the process of securing a system. We can harden (secure) the system by either disallowing remote desktop connections altogether or by restricting which IPs are allowed to initiate remote desktop connections. 


Q266. After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data. 

Which of the following controls support this goal? 

A. Contingency planning 

B. Encryption and stronger access control 

C. Hashing and non-repudiation 

D. Redundancy and fault tolerance 

Answer:

Explanation: 

Encryption is used to protect data/contents/documents. Access control refers to controlling who accesses any data/contents/documents and to exercise authorized control to the accessing of that data. 


Q267. A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff? 

A. Virtualization 

B. Subnetting 

C. IaaS 

D. SaaS 

Answer:

Explanation: 

Virtualization allows a single set of hardware to host multiple virtual machines. 


Q268. Which of the following provides the BEST application availability and is easily expanded as demand grows? 

A. Server virtualization 

B. Load balancing 

C. Active-Passive Cluster 

D. RAID 6 

Answer:

Explanation: 

Load balancing is a way of providing high availability by splitting the workload across multiple computers. 


Q269. During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server? 

A. SPIM 

B. Backdoor 

C. Logic bomb 

D. Rootkit 

Answer:

Explanation: 

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection. The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network. 


Q270. Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices? 

A. Remote wiping enabled for all removable storage devices 

B. Full-disk encryption enabled for all removable storage devices 

C. A well defined acceptable use policy 

D. A policy which details controls on removable storage use 

Answer:

Explanation: