★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Act now and download your CompTIA SY0-401 test today! Do not waste time for the worthless CompTIA SY0-401 tutorials. Download Regenerate CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA SY0-401 with a classic professional.

2021 Dec comptia security+ sy0-401 exam cram:

Q521. Which of the following solutions provides the most flexibility when testing new security controls prior to implementation? 

A. Trusted OS 

B. Host software baselining 

C. OS hardening 

D. Virtualization 

Answer:

Explanation: 

Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same hardware. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation. 


Q522. Which of the following represents a cryptographic solution where the encrypted stream cannot be captured by a sniffer without the integrity of the stream being compromised? 

A. Elliptic curve cryptography. 

B. Perfect forward secrecy. 

C. Steganography. 

D. Quantum cryptography. 

Answer:

Explanation: 


Q523. The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following? 

A. Rainbow tables attacks 

B. Brute force attacks 

C. Birthday attacks 

D. Cognitive passwords attacks 

Answer:

Explanation: 

Social Networking Dangers are ‘amplified’ in that social media networks are designed to mass distribute personal messages. If an employee reveals too much personal information it would be easy for miscreants to use the messages containing the personal information to work out possible passwords. 


Q524. A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident? 

A. MAC Spoofing 

B. Session Hijacking 

C. Impersonation 

D. Zero-day 

Answer:

Explanation: 


Q525. A small company wants to employ PKI. The company wants a cost effective solution that must be simple and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST option? 

A. PGP, because it employs a web-of-trust that is the most trusted form of PKI. 

B. PGP, because it is simple to incorporate into a small environment. 

C. X.509, because it uses a hierarchical design that is the most trusted form of PKI. 

D. X.509, because it is simple to incorporate into a small environment. 

Answer:

Explanation: 


Latest comptia security+ get certified get ahead sy0-401 practice test questions pdf:

Q526. Which of the following pseudocodes can be used to handle program exceptions? 

A. If program detects another instance of itself, then kill program instance. 

B. If user enters invalid input, then restart program. 

C. If program module crashes, then restart program module. 

D. If user’s input exceeds buffer length, then truncate the input. 

Answer:

Explanation: 

Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture all errors and exceptions that could cause the application or its modules to crash. Restarting the application or module would ensure that the application reverts back to a secure state. 


Q527. The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud? 

A. HPM technology 

B. Full disk encryption 

C. DLP policy 

D. TPM technology 

Answer:

Explanation: 

Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. The Software as a Service (SaaS) applications are remotely run over the Web and as such requires DLP monitoring. 


Q528. While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO). 

A. 20 

B. 21 

C. 22 

D. 68 

E. 69 

Answer: A,B 

Explanation: 


Q529. A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability? 

A. Host-based firewall 

B. IDS 

C. IPS 

D. Honeypot 

Answer:

Explanation: 

An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content. 


Q530. A security technician wishes to gather and analyze all Web traffic during a particular time period. 

Which of the following represents the BEST approach to gathering the required data? 

A. Configure a VPN concentrator to log all traffic destined for ports 80 and 443. 

B. Configure a proxy server to log all traffic destined for ports 80 and 443. 

C. Configure a switch to log all traffic destined for ports 80 and 443. 

D. Configure a NIDS to log all traffic destined for ports 80 and 443. 

Answer:

Explanation: 

A proxy server is in essence a device that acts on behalf of others and in security terms all internal user interaction with the Internet should be controlled through a proxy server. This makes a proxy server the best tool to gather the required data.