★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/SY0-401-dumps.html
Our professionals are working hard on providing you together with the reliable along with current CompTIA certification practice questions. The CompTIA SY0-401 stimulated tests protect all the SY0-401 key exam questions. Although the CompTIA certification genuine exam is very demanding, you will end up being confident enough to pass the SY0-401 exam. Simply because participating our CompTIA CompTIA coaching camp is a quick and productive way towards success.
2021 Sep comptia security+ pdf sy0-401:
Q81. Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?
A. Single sign on
B. IPv6
C. Secure zone transfers
D. VoIP
Answer: C
Explanation:
C: A primary DNS server has the "master copy" of a zone, and secondary DNS servers keep copies of the zone for redundancy. When changes are made to zone data on the primary DNS server, these changes must be distributed to the secondary DNS servers for the zone. This is done through zone transfers. If you allow zone transfers to any server, all the resource records in the zone are viewable by any host that can contact your DNS server. Thus you will need to secure the zone transfers to stop an attacker from mapping out your addresses and devices on your network.
Q82. A security administrator is concerned about the strength of user’s passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?
A. Increase the password length requirements
B. Increase the password history
C. Shorten the password expiration period
D. Decrease the account lockout time
Answer: C
Explanation:
Reducing the password expiration period will require passwords to be changed at the end of that period. A password needs to be changed if it doesn’t meet the compliance requirements of the company’s password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to possible compromise as a result of a system intrusion. This will give online password attackers less time to crack the weak passwords.
Q83. A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication works fine, but VLAN 12 does not. Which of the following MUST happen before the server can communicate on VLAN 12?
A. The server's network switch port must be enabled for 802.11x on VLAN 12.
B. The server's network switch port must use VLAN Q-in-Q for VLAN 12.
C. The server's network switch port must be 802.1q untagged for VLAN 12.
D. The server's network switch port must be 802.1q tagged for VLAN 12.
Answer: D
Explanation:
Q84. When a new network drop was installed, the cable was run across several fluorescent lights. The users of the new network drop experience intermittent connectivity. Which of the following environmental controls was MOST likely overlooked during installation?
A. Humidity sensors
B. EMI shielding
C. Channel interference
D. Cable kinking
Answer: B
Explanation:
Shielding refers to the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities. In this case you are experiencing intermittent connectivity since Electro Magnetic Interference (EMI) was not taken into account when running the cables over fluorescent lighting.
Q85. An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?
A. Business continuity planning
B. Quantitative assessment
C. Data classification
D. Qualitative assessment
Answer: C
Explanation:
Information classification is done by confidentiality and comprises of three categories, namely: public use, internal use and restricted use. Knowing how to apply these categories and matching it up with the appropriate data handling will address the situation of the data ‘unknown sensitivity’
Updated lead2pass sy0-401 vce:
Q86. A large bank has moved back office operations offshore to another country with lower wage costs in an attempt to improve profit and productivity. Which of the following would be a customer concern if the offshore staff had direct access to their data?
A. Service level agreements
B. Interoperability agreements
C. Privacy considerations
D. Data ownership
Answer: C
Explanation:
Q87. An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:
A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT
Answer: D
Explanation:
NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request.
Q88. A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices?
A. Black listing applications
B. Operating System hardening
C. Mandatory Access Control
D. Patch Management
Answer: B
Explanation:
Q89. Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports?
A. 25
B. 53
C. 143
D. 443
Answer: D
Explanation:
Q90. Which of the following BEST represents the goal of a vulnerability assessment?
A. To test how a system reacts to known threats
B. To reduce the likelihood of exploitation
C. To determine the system’s security posture
D. To analyze risk mitigation strategies
Answer: C
Explanation:
A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security.