Act now and download your CompTIA SY0-401 test today! Do not waste time for the worthless CompTIA SY0-401 tutorials. Download Replace CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA SY0-401 with a classic professional.
2021 Nov SY0-401 test
Q261. A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following would provide the IT department with the BEST solution?
A. Attach cable locks to each laptop
B. Require each customer to sign an AUP
C. Install a GPS tracking device onto each laptop
D. Install security cameras within the perimeter of the café
Answer: A
Explanation:
All laptop cases include a built-in security slot in which a cable lock can be inserted to prevent it from easily being removed from the premises.
Topic 3, Threats and Vulnerabilities
Q262. A security analyst needs to ensure all external traffic is able to access the company’s front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?
A. DMZ
B. Cloud computing
C. VLAN
D. Virtualization
Answer: A
Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
Q263. A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?
A. NAT and DMZ
B. VPN and IPSec
C. Switches and a firewall
D. 802.1x and VLANs
Answer: D
Explanation:
802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection-management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC).
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. By default, all ports on a switch are part of VLAN 1. But as the switch administrator changes the VLAN assignment on a port-by-port basis, various ports can be grouped together and be distinct from other VLAN port designations. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.
Q264. Mike, a network administrator, has been asked to passively monitor network traffic to the company’s sales websites. Which of the following would be BEST suited for this task?
A. HIDS
B. Firewall
C. NIPS
D. Spam filter
Answer: C
Explanation:
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity.
Q265. Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?
A. Logic bomb
B. Worm
C. Trojan
D. Adware
Answer: C
Explanation:
In computers, a Trojan is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.
Abreast of the times SY0-401 exam question:
Q266. The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?
A. WEP
B. WPA2 CCMP
C. Disable SSID broadcast and increase power levels
D. MAC filtering
Answer: B
Explanation:
CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This initialization vector makes cracking a bit more difficult.
Q267. Which of the following would allow the organization to divide a Class C IP address range into several ranges?
A. DMZ
B. Virtual LANs
C. NAT
D. Subnetting
Answer: D
Explanation:
Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.
Q268. Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann's administrative capabilities. Which of the following systems should be deployed?
A. Role-based
B. Mandatory
C. Discretionary
D. Rule-based
Answer: C
Explanation:
Q269. A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an employee using a laptop during the mall business hours, but there are still concerns regarding the physical safety of the equipment while it is not in use. Which of the following controls would BEST address this security concern?
A. Host-based firewall
B. Cable locks
C. Locking cabinets
D. Surveillance video
Answer: C
Explanation:
Q270. Which of the following was based on a previous X.500 specification and allows either unencrypted authentication or encrypted authentication through the use of TLS?
A. Kerberos
B. TACACS+
C. RADIUS
D. LDAP
Answer: D
Explanation:
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard
application protocol for accessing and maintaining distributed directory information services over
an Internet Protocol (IP) network. Directory services play an important role in developing intranet
and Internet applications by allowing the sharing of information about users, systems, networks,
services, and applications throughout the network. As examples, directory services may provide
any organized set of records, often with a hierarchical structure, such as a corporate email
directory. Similarly, a telephone directory is a list of subscribers with an address and a phone
number.
A common usage of LDAP is to provide a "single sign on" where one password for a user is
shared between many services, such as applying a company login code to web pages (so that
staff log in only once to company computers, and then are automatically logged into the company
intranet).
LDAP is based on a simpler subset of the standards contained within the X.500 standard.
Because of this relationship, LDAP is sometimes called X.500-lite.
A client starts an LDAP session by connecting to an LDAP server, called a Directory System
Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS. Global Catalog is
available by default on ports 3268, and 3269 for LDAPS. The client then sends an operation
request to the server, and the server sends responses in return.
The client may request the following operations:
StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection