★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Pinpoint of SY0-401 practice test materials and pack for CompTIA certification for IT examinee, Real Success Guaranteed with Updated SY0-401 pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!

2021 Jul security plus sy0-401:

Q41. A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews? 

A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned. 

B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively. 

C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced. 

D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources. 

Answer: A 

Explanation: 

Reviewing user permissions and group memberships form part of a privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation. 


Q42. Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device? 

A. Authentication 

B. Blacklisting 

C. Whitelisting 

D. Acceptable use policy 

Answer: C 

Explanation: 

White lists are closely related to ACLs and essentially, a white list is a list of items that are allowed. 


Q43. A security administrator must implement a system to allow clients to securely negotiate encryption keys with the company’s server over a public unencrypted communication channel. 

Which of the following implements the required secure key negotiation? (Select TWO). 

A. PBKDF2 

B. Symmetric encryption 

C. Steganography 

D. ECDHE 

E. Diffie-Hellman 

Answer: D,E 

Explanation: 

Elliptic curve Diffie–Hellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or better yet, to derive another key which can then be used to encrypt subsequent communications using a symmetric key cipher. It is a variant of the Diffie–Hellman protocol using elliptic curve cryptography. Note: Adding an ephemeral key to Diffie-Hellman turns it into DHE (which, despite the order of the acronym, stands for Ephemeral Diffie-Hellman). Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE (again, overlook the order of the acronym letters, it is called Ephemeral Elliptic Curve Diffie-Hellman). It is the ephemeral component of each of these that provides the perfect forward secrecy. 


Q44. A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. 

Which of the following is the BEST approach for implementation of the new application on the virtual server? 

A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location. 

B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application. 

C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location. 

D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application. 

Answer: C 

Explanation: 

Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications. However, the snapshot should be taken before the application or update is installed. 


Q45. Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate? 

A. Taking screenshots 

B. System image capture 

C. Chain of custody 

D. Order of volatility 

Answer: B 

Explanation: 

A system image would be a snapshot of what exists at the moment. Thus capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. 


SY0-401 practice question

Replace sy0-401 exam price:

Q46. HOTSPOT 

The security administrator has installed a new firewall which implements an implicit DENY policy by default Click on the firewall and configure it to allow ONLY the following communication. 

1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks. 

2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port 

3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port. 

Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit. 

Answer: 


Q47. Using proximity card readers instead of the traditional key punch doors would help to mitigate: 

A. Impersonation 

B. Tailgating 

C. Dumpster diving 

D. Shoulder surfing 

Answer: D 

Explanation: 

Using a traditional key punch door, a person enters a code into a keypad to unlock the door. Someone could be watching the code being entered. They would then be able to open the door by entering the code. The process of watching the key code being entered is known as shoulder surfing. 

Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. 


Q48. Which of the following is best practice to put at the end of an ACL? 

A. Implicit deny 

B. Time of day restrictions 

C. Implicit allow 

D. SNMP string 

Answer: A 

Explanation: 

An implicit deny clause is implied at the end of each ACL. This implies that if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. The implicit deny clause is set by the system. 


Q49. Joe, a network security engineer, has visibility to network traffic through network monitoring tools. 

However, he’s concerned that a disgruntled employee may be targeting a server containing the company’s financial records. Which of the following security mechanism would be MOST appropriate to confirm Joe’s suspicion? 

A. HIDS 

B. HIPS 

C. NIPS 

D. NIDS 

Answer: A 

Explanation: 

A host-based IDS (HIDS) is an intrusion detection system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application activity for signs of intrusion. It is useful for detecting attacks that originate outside the organization as well as attacks by internal users logged on to the system. 


Q50. Which of the following protocols provides transport security for virtual terminal emulation? 

A. TLS 

B. SSH 

C. SCP 

D. S/MIME 

Answer: B 

Explanation: 

Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is available for use on Windows systems as well. This makes it the preferred method of security for Telnet and other cleartext oriented programs in the Unix environment.