★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Exam Code: SY0-401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass SY0-401 Exam.

2021 Dec comptia security+ sy0-401 exam cram:

Q141. A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model? 

A. Software as a Service 

B. DMZ 

C. Remote access support 

D. Infrastructure as a Service 

Answer:

Explanation: 

Software as a Service (SaaS) allows for on-demand online access to specific software applications or suites without having to install it locally. This will allow the data center to continue providing network and security services. 


Q142. A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack? 

A. Typo squatting 

B. Session hijacking 

C. Cross-site scripting 

D. Spear phishing 

Answer:

Explanation: 

Typosquatting, also called URL hijacking or fake url, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter). 

The typosquatter's URL will usually be one of four kinds, all similar to the victim site address: (In the following, the intended website is "example.com") 

.

A common misspelling, or foreign language spelling, of the intended site: exemple.com 

.

A misspelling based on typing errors: xample.com or examlpe.com 

.

A differently phrased domain name: examples.com 

.

A different top-level domain: example.org Once in the typosquatter's site, the user may also be tricked into thinking that they are in fact in the real site; through the use of copied or similar logos, website layouts or content. 


Q143. Configuring the mode, encryption methods, and security associations are part of which of the following? 

A. IPSec 

B. Full disk encryption 

C. 802.1x 

D. PKI 

Answer:

Explanation: 

IPSec can operate in tunnel mode or transport mode. It uses symmetric cryptography to provide encryption security. Furthermore, it makes use of Internet Security Association and Key Management Protocol (ISAKMP). 


Q144. Which of the following is a concern when encrypting wireless data with WEP? 

A. WEP displays the plain text entire key when wireless packet captures are reassembled 

B. WEP implements weak initialization vectors for key transmission 

C. WEP uses a very weak encryption algorithm 

D. WEP allows for only four pre-shared keys to be configured 

Answer:

Explanation: 

The initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers to crack the WEP secret key. This is known as an IV attack. 


Q145. The security administrator at ABC company received the following log information from an external party: 

10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal 

10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force 

10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan 

The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack? 

A. A NIDS was used in place of a NIPS. 

B. The log is not in UTC. 

C. The external party uses a firewall. 

D. ABC company uses PAT. 

Answer:

Explanation: 

PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port number assignment. The log information shows the IP address, not the port number, making it impossible to pin point the exact source. 


Leading comptia security+ certification practice exams second edition (exam sy0-401):

Q146. Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes? 

A. Switches 

B. Protocol analyzers 

C. Routers 

D. Web security gateways 

Answer:

Explanation: 

A Protocol Analyzer is a hardware device or more commonly a software program used to capture 

network data communications sent between devices on a network. By capturing and analyzing the 

packets, Pete will be able to determine the type, source, and flags of the packets traversing a 

network for troubleshooting purposes. 

Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) 

from Microsoft and Wireshark (formerly Ethereal). 


Q147. A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage? 

A. Biometrics 

B. Mandatory access control 

C. Single sign-on 

D. Role-based access control 

Answer:

Explanation: 

This question is asking about “authorization”, not authentication. 

Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications. 

MAC can also be deployed in private sector or corporate business environments. Such cases typically involve the following four security domain levels (in order from least sensitive to most sensitive): 

Public Sensitive Private Confidential 

A MAC environment works by assigning subjects a clearance level and assigning objects a sensitivity label—in other words, everything is assigned a classification marker. Subjects or users are assigned clearance levels. The name of the clearance level is the same as the name of the sensitivity label assigned to objects or resources. A person (or other subject, such as a program or a computer system) must have the same or greater assigned clearance level as the resources they wish to access. In this manner, access is granted or restricted based on the rules of classification (that is, sensitivity labels and clearance levels). MAC is named as it is because the access control it imposes on an environment is mandatory. Its assigned classifications and the resulting granting and restriction of access can’t be altered by users. Instead, the rules that define the environment and judge the assignment of sensitivity labels and clearance levels control authorization. MAC isn’t a very granularly controlled security environment. An improvement to MAC includes the use of need to know: a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but they’re compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain). The need to know is a rule in and of itself, which states that access is granted only to users who have been assigned work tasks that require access to the cordoned-off object. Even if users have the proper level of clearance, without need to know, they’re denied access. Need to know is the MAC equivalent of the principle of least privilege from DAC 


Q148. Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO). 

A. Separation of duties 

B. Job rotation 

C. Mandatory vacation 

D. Time of day restrictions 

E. Least privilege 

Answer: A,E 

Explanation: 


Q149. After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO). 

A. Recovery 

B. User assigned privileges 

C. Lockout 

D. Disablement 

E. Group based privileges 

F. Password expiration 

G. Password complexity 

Answer: F,G 

Explanation: 

Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some character type complexity, the more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days. 


Q150. Which of the following is a hardware based encryption device? 

A. EFS 

B. TrueCrypt 

C. TPM 

D. SLE 

Answer:

Explanation: 

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.