★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


When you visit Testking.net, please stop in our house page and possess a seem carefully. You will find all the important contents which may look in the true CompTIA SY0-401 exam. And if you dont know the way to prepare for that SY0-401 exam, our professionals will help you, or you can learn form our CompTIA SY0-401 study manual. Testking is the merely one site that gives with every one of the CompTIA CompTIA preparation materials. Should you be a busy worker, youd much better take part in our CompTIA SY0-401 coaching course. It is just a quickest and appear way for you personally to get the actual CompTIA SY0-401 certification.

2021 Sep security+ + practice tests sy0-401:

Q551. A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used? 

A. RADIUS 

B. SAML 

C. TACACS+ 

D. LDAP 

Answer: D 

Explanation: 

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number. 

An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol): dn: cn=John Doe,dc=example,dc=com cn: John Doe givenName: John sn: Doe telephoneNumber: +1 888 555 6789 telephoneNumber: +1 888 555 1232 mail: john@example.com manager: cn=Barbara Doe,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top "dn" is the distinguished name of the entry; it is neither an attribute nor a part of the entry. "cn=John Doe" is the entry's RDN (Relative Distinguished Name), and "dc=example,dc=com" is the DN of the parent entry, where "dc" denotes 'Domain Component'. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like "cn" for common name, "dc" for domain component, "mail" for e-mail address, and "sn" for surname. 


Q552. Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent? 

A. Warm site 

B. Load balancing 

C. Clustering 

D. RAID 

Answer: C 

Explanation: 

Anytime you connect multiple computers to work/act together as a single server, it is known as 

clustering. Clustered systems utilize parallel processing (improving performance and availability) 

and add redundancy. 

Server clustering is used to provide failover capabilities / redundancy in addition to scalability as 

demand increases. 


Q553. Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks? 

A. 802.1x 

B. Data encryption 

C. Password strength 

D. BGP 

Answer: A 

Explanation: 

IEEE 802.1X (also known as Dot1x) is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols. It provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. 

802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN 

-though the term 'supplicant' is also used interchangeably to refer to the software running on the client that provides credentials to the authenticator. The authenticator is a network device, such as an Ethernet switch or wireless access point; and the authentication server is typically a host running software supporting the RADIUS and EAP protocols. The authenticator acts like a security guard to a protected network. The supplicant (i.e., client device) is not allowed access through the authenticator to the protected side of the network until the supplicant’s identity has been validated and authorized. An analogy to this is providing a valid visa at the airport's arrival immigration before being allowed to enter the country. With 802.1X port-based authentication, the supplicant provides credentials, such as user name/password or digital certificate, to the authenticator, and the authenticator forwards the credentials to the authentication server for verification. If the authentication server determines the credentials are valid, the supplicant (client device) is allowed to access resources located on the protected side of the network. 


Q554. Which of the following should be done before resetting a user’s password due to expiration? 

A. Verify the user’s domain membership. 

B. Verify the user’s identity. 

C. Advise the user of new policies. 

D. Verify the proper group membership. 

Answer: B 

Explanation: 

When resetting a password, users have to establish their identity by answering a series of personal questions, using a hardware authentication token, or responding to a password notification e-mail. Users can then either specify a new, unlocked password, or ask that a randomly generated one be provided. This can be done from their workstation login prompt, or through a telephone call. 


Q555. Which of the following secure file transfer methods uses port 22 by default? 

A. FTPS 

B. SFTP 

C. SSL 

D. S/MIME 

Answer: B 

Explanation: 

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. 


SY0-401 answers

Renew security+ + certification sy0-401:

Q556. A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts? 

A. Implement Group Policy to add the account to the users group on the hosts 

B. Add the account to the Domain Administrator group 

C. Add the account to the Users group on the hosts 

D. Implement Group Policy to add the account to the Power Users group on the hosts. 

Answer: A 

Explanation: 

Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). This means that if the GPO is linked to the domain, all Users groups in the domain will include the service account. 


Q557. Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops? 

A. TPM 

B. HSM 

C. CPU 

D. FPU 

Answer: A 

Explanation: 

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. 


Q558. A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place? 

A. War chalking 

B. Bluejacking 

C. War driving 

D. Bluesnarfing 

Answer: B 

Explanation: 

The question states that the ‘attack’ took place on public transport and was received on a smartphone. Therefore, it is most likely that the image was sent using Bluetooth. Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames. 


Q559. The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware? 

A. TwoFish 

B. SHA-512 

C. Fuzzy hashes 

D. HMAC 

Answer: C 

Explanation: 

Hashing is used to ensure that a message has not been altered. It can be useful for positively identifying malware when a suspected file has the same hash value as a known piece of malware. However, modifying a single bit of a malicious file will alter its hash value. To counter this, a continuous stream of hash values is generated for rolling block of code. This can be used to determine the similarity between a suspected file and known pieces of malware. 


Q560. RC4 is a strong encryption protocol that is generally used with which of the following? 

A. WPA2 CCMP 

B. PEAP 

C. WEP 

D. EAP-TLS 

Answer: C 

Explanation: