★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


People today skilled or even a novice to any CompTIA vocation, needs to know very well what skills get them to be easy for firms. Recruiters look for ways to opt for future workers with any firm foundation for skills meant for helpful functionality. Along with the CompTIA organization provides while using the perfect exercise program pertaining to cleaning this sort of SY0-401 assessments.

2021 Dec comptia security+ review guide exam sy0-401:

Q71. Which of the following is the BEST concept to maintain required but non-critical server availability? 

A. SaaS site 

B. Cold site 

C. Hot site 

D. Warm site 

Answer:

Explanation: 

Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization with which yours has a reciprocal agreement. Another term for a warm site/reciprocal site is active/active model. 


Q72. Which of the following tools will allow a technician to detect security-related TCP connection anomalies? 

A. Logical token 

B. Performance monitor 

C. Public key infrastructure 

D. Trusted platform module 

Answer:

Explanation: 

Performance Monitor in a Windows system can monitor many different ‘counters’. For TCP network connections, you can monitor specific TCP related counters including the following: Connection Failures Connections Active Connections Established Connections Passive Connections Reset Segments Received/sec Segments Retransmitted/sec Segments Sent/sec Total Segments/sec 

By monitoring the counters listed above, you will be able to detect security-related TCP connection anomalies. 


Q73. A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks? 

A. Replay 

B. DDoS 

C. Smurf 

D. Ping of Death 

Answer:

Explanation: 

A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 

For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve. 

Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Eve has captured this value and tries to use it on another session; Bob sends a different session token, and when Eve replies with the captured value it will be different from Bob's computation. Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication. One-time passwords are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking systems. Bob can also send nonces but should then include a message authentication code (MAC), which Alice should check. Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers, with the trade-off being that replay attacks, if they are performed quickly enough i.e. within that 'reasonable' limit, could succeed. 


Q74. Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens? 

A. TACACS+ 

B. Smartcards 

C. Biometrics 

D. Kerberos 

Answer:

Explanation: 

ACACS allows a client to accept a username and password and send a query to a TACACS authentication server. It would determine whether to accept or deny the authentication request and send a response back. The TIP would then allow access or not based upon the response, not tokens. 


Q75. Which of the following is used to certify intermediate authorities in a large PKI deployment? 

A. Root CA 

B. Recovery agent 

C. Root user 

D. Key escrow 

Answer:

Explanation: 

The root CA certifies other certification authorities to publish and manage certificates within the organization. In a hierarchical trust model, also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren’t. This arrangement allows a high level of control at all levels of the hierarchical tree. . 


Update security+ + practice tests sy0-401:

Q76. Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO). 

A. Scanning printing of documents. 

B. Scanning of outbound IM (Instance Messaging). 

C. Scanning copying of documents to USB. 

D. Scanning of SharePoint document library. 

E. Scanning of shared drives. 

F. Scanning of HTTP user traffic. 

Answer: B,F 

Explanation: 

DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Outbound IM and HTTP user traffic refers to data over a network which falls within the DLP strategy. 


Q77. A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement? 

A. SaaS 

B. MaaS 

C. IaaS 

D. PaaS 

Answer:

Explanation: 

Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud. 


Q78. CORRECT TEXT 

A security administrator discovers that an attack has been completed against a node on the corporate network. All available logs were collected and stored. 

You must review all network logs to discover the scope of the attack, check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. The environment is a critical production environment; perform the LEAST disruptive actions on the network, while still performing the appropriate incid3nt responses. 

Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. Not all actions may be used, and order is not important. If at anytime you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue. 

Answer: Database server was attacked, actions should be to capture network traffic and Chain of Custody. 


Q79. A small company has recently purchased cell phones for managers to use while working outside if the office. 

The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the company’s requirements? 

A. Screen-lock 

B. Disable removable storage 

C. Full device encryption 

D. Remote wiping 

Answer:

Explanation: Explanation Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications. 


Q80. Which of the following concepts allows an organization to group large numbers of servers together in order to deliver a common service? 

A. Clustering 

B. RAID 

C. Backup Redundancy 

D. Cold site 

Answer:

Explanation: 

Anytime you connect multiple computers to work/act together as a single server, it is known as 

clustering. Clustered systems utilize parallel processing (improving performance and availability) 

and add redundancy (but also add costs). 

Clustering is done whenever you connect multiple computers to work and act together as a single 

server. It is meant to utilize parallel processing and can also add to redundancy.