★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


The studying materials will be updated promptly according to the adjustments on the SY0-401 exam. We will present the latest simulated test questions which can be in action with the current Pass4sure exam. Whats more, the products you acquire will be updated in time inside 120 days for free of charge. Its our own duty to spare absolutely no efforts to offer just about all customers the most effective after-sale service. We are able to provide 24h customer support for you to determine out your questions timely after receiving them. With this reason, you are able to contact us from anytime if you have any difficulties about CompTIA SY0-401 certification. To some large level, the satisfaction of the customers is actually our expectation and has great contribution to our development.

2021 Nov security+ sy0-401 vce:

Q641. An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users' home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select TWO). 

A. Enforcing SELinux in the OS kernel is role-based access control 

B. Enforcing SELinux in the OS kernel is rule-based access control 

C. The policy added by the root user is mandatory access control 

D. Enforcing SELinux in the OS kernel is mandatory access control 

E. The policy added by the root user is role-based access control 

F. The policy added by the root user is rule-based access control 

Answer: D,F 

Explanation: 


Q642. The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help? 

A. Account Disablements 

B. Password Expiration 

C. Password Complexity 

D. Password Recovery 

Answer:

Explanation: 

People tend to forget their own passwords and because a user’s password in not stored on the operating system, only a hash value is kept and most operating systems allows the administrator to change the value meaning that the password can then be recovered. If you allow end users to reset their own accounts then the password recovery process is helped along. 


Q643. Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate? 

A. Certification authority 

B. Key escrow 

C. Certificate revocation list 

D. Registration authority 

Answer:

Explanation: 

A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. 


Q644. A security engineer is asked by the company’s development team to recommend the most secure method for password storage. 

Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO). 

A. PBKDF2 

B. MD5 

C. SHA2 

D. Bcrypt 

E. AES 

F. CHAP 

Answer: A,D 

Explanation: 

A: PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5 v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key. 

D: bcrypt is a key derivation function for passwords based on the Blowfish cipher. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. The bcrypt function is the default password hash algorithm for BSD and many other systems. 

References: 

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, 

Indianapolis, 2014, pp 109-110, 139, 143, 250, 255-256, 256 


Q645. Four weeks ago, a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff began to spread, the IDS alerted the network administrator that access to sensitive client files had risen far above normal. Which of the following kind of IDS is in use? 

A. Protocol based 

B. Heuristic based 

C. Signature based 

D. Anomaly based 

Answer:

Explanation: 


Renew comptia security+ review guide exam sy0-401 pdf:

Q646. Which of the following risk concepts requires an organization to determine the number of failures per year? 

A. SLE 

B. ALE 

C. MTBF 

D. Quantitative analysis 

Answer:

Explanation: 

ALE is the annual loss expectancy value. This is a monetary measure of how much loss you could expect in a year. 


Q647. Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO). 

A. Acceptable use of social media 

B. Data handling and disposal 

C. Zero day exploits and viruses 

D. Phishing threats and attacks 

E. Clean desk and BYOD 

F. Information security awareness 

Answer: D,F 

Explanation: 

Managers/ i.e. executives in the company are concerned with more global issues in the organization, including enforcing security policies and procedures. Managers should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies. Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they are not trained to lookout for these attacks. 


Q648. In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered? 

A. Continuous security monitoring 

B. Baseline configuration and host hardening 

C. Service Level Agreement (SLA) monitoring 

D. Security alerting and trending 

Answer:

Explanation: 

The company is investing in a Governance, Risk, and Compliance (GRC) system to provide overall security posture coverage. This is great for testing the security posture. However, to be effective and ensure the company always has a good security posture, you need to monitor the security continuously. 

Once a baseline security configuration is documented, it is critical to monitor it to see that this baseline is maintained or exceeded. A popular phrase among personal trainers is “that which gets measured gets improved.” Well, in network security, “that which gets monitored gets secure.” Continuous monitoring means exactly that: ongoing monitoring. This may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations. 


Q649. DRAG DROP 

A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them. 

Answer: 

Explanation: 

When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone. Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts. 

Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and expenses associated with the investigation. 

References: 

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, 

Indianapolis, 2014, p 453 


Q650. Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device? 

A. Man-in-the-middle 

B. Bluejacking 

C. Bluesnarfing 

D. Packet sniffing 

Answer:

Explanation: 

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames.