★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Want to know Actualtests SY0-401 Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Virtual CompTIA SY0-401 answers to Avant-garde SY0-401 questions at Actualtests. Gat a success with an absolute guarantee to pass CompTIA SY0-401 (CompTIA Security+ Certification) test on your first attempt.

2021 Jul comptia security+ get certified get ahead sy0-401 study guide download:

Q651. Which of the following is an example of a false positive? 

A. Anti-virus identifies a benign application as malware. 

B. A biometric iris scanner rejects an authorized user wearing a new contact lens. 

C. A user account is locked out after the user mistypes the password too many times. 

D. The IDS does not identify a buffer overflow. 

Answer: A 

Explanation: 

A false positive is an error in some evaluation process in which a condition tested for is mistakenly found to have been detected. In spam filters, for example, a false positive is a legitimate message mistakenly marked as UBE --unsolicited bulk email, as junk email is more formally known. Messages that are determined to be spam -- whether correctly or incorrectly -- may be rejected by a server or client-side spam filter and returned to the sender as bounce e-mail. One problem with many spam filtering tools is that if they are configured stringently enough to be effective, there is a fairly high chance of getting false positives. The risk of accidentally blocking an important message has been enough to deter many companies from implementing any anti-spam measures at all. False positives are also common in security systems. A host intrusion prevention system (HIPS), for example, looks for anomalies, such as deviations in bandwidth, protocols and ports. When activity varies outside of an acceptable range – for example, a remote application attempting to open a normally closed port -- an intrusion may be in progress. However, an anomaly, such as a sudden spike in bandwidth use, does not guarantee an actual attack, so this approach amounts to an educated guess and the chance for false positives can be high. False positives contrast with false negatives, which are results indicating mistakenly that some condition tested for is absent. 


Q652. A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room? 

A. Man-in-the-middle 

B. Tailgating 

C. Impersonation 

D. Spoofing 

Answer: C 

Explanation: 

Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat. 

In this question, by using the coworker’s card, the security administrator is ‘impersonating’ the coworker. The server room locking system and any logging systems will ‘think’ that the coworker has entered the server room. 


Q653. Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? (Select TWO). 

A. DAC 

B. ALE 

C. SLE 

D. ARO 

E. ROI 

Answer: B,C 

Explanation: 

ALE (Annual Loss Expectancy) is equal to the SLE (Single Loss Expectancy) times the annualized rate of occurrence. SLE (Single Loss Expectancy) is equal to asset value (AV) times exposure factor (EF). 


Q654. Which of the following should a company implement to BEST mitigate from zero-day malicious code executing on employees' computers? 

A. Least privilege accounts 

B. Host-based firewalls 

C. Intrusion Detection Systems 

D. Application white listing 

Answer: D 

Explanation: 


Q655. During which of the following phases of the Incident Response process should a security administrator define and implement general defense against malware? 

A. Lessons Learned 

B. Preparation 

C. Eradication 

D. Identification 

Answer: B 

Explanation: 

Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. It is important to stop malware before it ever gets hold of a system –thus you should know which malware is out there and take defensive measures - this means preparation to guard against malware infection should be done. 


SY0-401 practice

Most up-to-date pdf sy0-401:

Q656. A new virtual server was created for the marketing department. The server was installed on an existing host machine. Users in the marketing department report that they are unable to connect to the server. Technicians verify that the server has an IP address in the same VLAN as the marketing department users. Which of the following is the MOST likely reason the users are unable to connect to the server? 

A. The new virtual server’s MAC address was not added to the ACL on the switch 

B. The new virtual server’s MAC address triggered a port security violation on the switch 

C. The new virtual server’s MAC address triggered an implicit deny in the switch 

D. The new virtual server’s MAC address was not added to the firewall rules on the switch 

Answer: A 

Explanation: 

Configuring the switch to allow only traffic from computers based upon their physical address is known as MAC filtering. The physical address is known as the MAC address. Every network adapter has a unique MAC address hardcoded into the adapter. You can configure the ports of a switch to allow connections from computers with specific MAC addresses only and block all other MAC addresses. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network. 


Q657. After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window: 

<HTML> 

<body onload="document.getElementByID(‘badForm’).submit()"> 

<form id="badForm" action="shoppingsite.company.com/purchase.php" method="post" > 

<input name="Perform Purchase" value="Perform Purchase"/> 

</form> 

</body> 

</HTML> 

Which of the following has MOST likely occurred? 

A. SQL injection 

B. Cookie stealing 

C. XSRF 

D. XSS 

Answer: C 

Explanation: 

XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user’s knowledge. 


Q658. Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed? 

A. Bollards 

B. Video surveillance 

C. Proximity readers 

D. Fencing 

Answer: B 

Explanation: 


Q659. Which of the following would MOST likely involve GPS? 

A. Wardriving 

B. Protocol analyzer 

C. Replay attack 

D. WPS attack 

Answer: A 

Explanation: 


Q660. A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior? 

A. Assign users passwords based upon job role. 

B. Enforce a minimum password age policy. 

C. Prevent users from choosing their own passwords. 

D. Increase the password expiration time frame. 

Answer: B 

Explanation: 

A minimum password age policy defines the period that a password must be used for before it can be changed.