Youd better possess a test just before buying the SY0-401 products. This particular step may make you alert to your weak and also strong factors of the SY0-401 exam preparation. Commit more occasion on the weak details. We present free downloadable Pdf files and also Test Motor software. You can download all of them on your PC and also make full preparation for the CompTIA SY0-401 real exam.

2021 Dec SY0-401 practice test

Q361. A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services? 

A. Bind server 

B. Apache server 

C. Exchange server 

D. RADIUS server 

Answer:

Explanation: 

BIND (Berkeley Internet Name Domain) is the most widely used Domain Name System (DNS) software on the Internet. It includes the DNS server component contracted for name daemon. This is the only option that directly involves DNS. 


Q362. A review of the company’s network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose? 

A. ACL 

B. IDS 

C. UTM 

D. Firewall 

Answer:

Explanation: 

An all-in-one appliance, also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW), is one that provides a good foundation for security. A variety is available; those that you should be familiar with for the exam fall under the categories of providing URL filtering, content inspection, or malware inspection. 

Malware inspection is the use of a malware scanner to detect unwanted software content in network traffic. If malware is detected, it can be blocked or logged and/or trigger an alert. 


Q363. Pete, a developer, writes an application. Jane, the security analyst, knows some things about the 

overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct? 

A. Gray Box Testing 

B. Black Box Testing 

C. Business Impact Analysis 

D. White Box Testing 

Answer:

Explanation: 

Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has limited knowledge of the internal details of the program. A gray box is a device, program or system whose workings are partially understood. Gray box testing can be contrasted with black box testing, a scenario in which the tester has no knowledge or access to the internal workings of a program, or white box testing, a scenario in which the internal particulars are fully known. Gray box testing is commonly used in penetration tests. Gray box testing is considered to be non-intrusive and unbiased because it does not require that the tester have access to the source code. With respect to internal processes, gray box testing treats a program as a black box that must be analyzed from the outside. During a gray box test, the person may know how the system components interact but not have detailed knowledge about internal program functions and operation. A clear distinction exists between the developer and the tester, thereby minimizing the risk of personnel conflicts. 


Q364. HOTSPOT 

The security administrator has installed a new firewall which implements an implicit DENY policy by default. Click on the firewall and configure it to allow ONLY the following communication. 

1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks. 

2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port 

3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port. 

Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit. 

Answer: 

Explanation: 

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443. Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the 

default SCP port, which is TCP Port 22 

Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing 

servers located on the secure network over the default TFTP port, which is Port 69. 

References: 

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 26, 44. 

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers 


Q365. Establishing a method to erase or clear cluster tips is an example of securing which of the following? 

A. Data in transit 

B. Data at rest 

C. Data in use 

D. Data in motion 

Answer:

Explanation: 


Abreast of the times SY0-401 exams:

Q366. How often, at a MINIMUM, should Sara, an administrator, review the accesses and rights of the users on her system? 

A. Annually 

B. Immediately after an employee is terminated 

C. Every five years 

D. Every time they patch the server 

Answer:

Explanation: 

Reviewing the accesses and rights of the users on a system at least annually is acceptable practice. More frequently would be desirable but too frequently would be a waste of administrative time. 


Q367. Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication. 

Which of the following is an authentication method Jane should use? 

A. WPA2-PSK 

B. WEP-PSK 

C. CCMP 

D. LEAP 

Answer:

Explanation: 

A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access. The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic WEP keys and mutual authentication (between a wireless client and a RADIUS server). LEAP allows for clients to reauthenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP. 


Q368. Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts? 

Host 192.168.1.123 

[00:00:01]Successful Login: 015 192.168.1.123 : local 

[00:00:03]Unsuccessful Login: 022 214.34.56.006 :RDP 192.168.1.124 

[00:00:04]UnSuccessful Login: 010 214.34.56.006 :RDP 192.168.1.124 

[00:00:07]UnSuccessful Login: 007 214.34.56.006 :RDP 192.168.1.124 

[00:00:08]UnSuccessful

 Login: 003 214.34.56.006 :RDP 192.168.1.124 

A. Reporting 

B. IDS 

C. Monitor system logs 

D. Hardening 

Answer:

Explanation: 


Q369. Which of the following algorithms has well documented collisions? (Select TWO). 

A. AES 

B. MD5 

C. SHA 

D. SHA-256 

E. RSA 

Answer: B,C 

Explanation: 

B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use. 

C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, "Federal agencies should stop using SHA-1 for...applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010", though that was later relaxed. Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output. Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA-1 in particular both have published techniques more efficient than brute force for finding collisions. 


Q370. Which of the following security strategies allows a company to limit damage to internal systems and provides loss control? 

A. Restoration and recovery strategies 

B. Deterrent strategies 

C. Containment strategies 

D. Detection strategies 

Answer:

Explanation: 

Containment strategies is used to limit damages, contain a loss so that it may be controlled, much like quarantine, and loss incident isolation.