★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


It is impossible to pass CompTIA SY0-401 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed CompTIA SY0-401 practice questions. You will get a surprising result by our Up to the minute CompTIA Security+ Certification practice guides.

2021 Oct comptia security+ review guide exam sy0-401:

Q281. During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required? 

A. Conditional rules under which certain systems may be accessed 

B. Matrix of job titles with required access privileges 

C. Clearance levels of all company personnel 

D. Normal hours of business operation 

Answer: B 

Explanation: 

Role-based access control is a model where access to resources is determines by job role rather than by user account. 

Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer-system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department. 

To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role. 


Q282. After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being described? 

A. Trusted OS 

B. Mandatory access control 

C. Separation of duties 

D. Single sign-on 

Answer: D 

Explanation: 

Single sign-on means that once a user (or other subject) is authenticated into a realm, re-authentication is not required for access to resources on any realm entity. The question states that when Ann logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. This describes an SSO scenario. 


Q283. To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended? 

A. SHA 

B. MD5 

C. Blowfish 

D. AES 

Answer: D 

Explanation: 

Explanation: AES (Advanced Encryption Standard) has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES) which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is used to encrypt data, not to verify data integrity. 


Q284. When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability? 

A. Deploying identical application firewalls at the border 

B. Incorporating diversity into redundant design 

C. Enforcing application white lists on the support workstations 

D. Ensuring the systems’ anti-virus definitions are up-to-date 

Answer: B 

Explanation: 

If you know there is a vulnerability that is specific to one vendor, you can improve availability by implementing multiple systems that include at least one system from a different vendor and so is not affected by the vulnerability. 

Topic 5, Access Control and Identity Management 


Q285. Which of the following would a security administrator use to verify the integrity of a file? 

A. Time stamp 

B. MAC times 

C. File descriptor 

D. Hash 

Answer: D 

Explanation: 

Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables and it is a one-way transformation in order to validate the integrity of data. 


SY0-401 exams

Renovate sy0-401 simulations:

Q286. Elastic cloud computing environments often reuse the same physical hardware for multiple customers over time as virtual machines are instantiated and deleted. This has important implications for which of the following data security concerns? 

A. Hardware integrity 

B. Data confidentiality 

C. Availability of servers 

D. Integrity of data 

Answer: B 

Explanation: 

Data that is not kept separate or segregated will impact on that data’s confidentiality maybe being compromised. Be aware of the fact that your data is only as safe as the data with which it is integrated. For example, assume that your client database is hosted on a server that another company is also using to test an application that they are creating. If their application obtains root-level access at some point (such as to change passwords) and crashes at that point, then the user running the application could be left with root permissions and conceivably be to access data on the server for which they are not authorized, such as your client database. Data segregation is crucial; keep your data on secure servers. 


Q287. A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address? 

A. Identification 

B. Authorization 

C. Access control 

D. Authentication 

Answer: A 


Q288. Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection? 

A. Honeynet 

B. Vulnerability scanner 

C. Port scanner 

D. Protocol analyzer 

Answer: A 

Explanation: 


Q289. Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed? 

A. Bollards 

B. Video surveillance 

C. Proximity readers 

D. Fencing 

Answer: B 

Explanation: 

Video surveillance is making use of a camera, or CCTV that is able to record everything it sees and is always running. This way you will be able to check exactly who enters secure areas. 


Q290. Which of the following is a control that allows a mobile application to access and manipulate information which should only be available by another application on the same mobile device (e.g. a music application posting the name of the current song playing on the device on a social media site)? 

A. Co-hosted application 

B. Transitive trust 

C. Mutually exclusive access 

D. Dual authentication 

Answer: B 

Explanation: