★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Our CompTIA SY0-401 exam braindumps tend to be updated regularly according to the CompTIA real check. And you can appreciate the CompTIA changes for 120 days free after obtain. Please keep visiting our website and confirm if there are a number of latest CompTIA SY0-401 practice questions. Help to make your CompTIA SY0-401 exam dumps upgraded timely and make complete preparation for the CompTIA SY0-401 exam. Many of us also offer online after-sale service for 24 hours. Dons hesitate to contact us to seek for just about any help. Many of us will solve your troubles as shortly as possible.

2021 Mar SY0-401 question

Q601. Which of the following describes the purpose of an MOU? 

A. Define interoperability requirements 

B. Define data backup process 

C. Define onboard/offboard procedure 

D. Define responsibilities of each party 

Answer:

Explanation: 

MOU or Memorandum of Understanding is a document outlining which party is responsible for what portion of the work. 


Q602. A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a `listening’ state. No other ports are open. Which of the following services should be disabled to ensure secure communications? 

A. HTTPS 

B. HTTP 

C. RDP 

D. TELNET 

Answer:

Explanation: 

HTTP uses port 80. HTTP does not provide encrypted communications. Port 443 is used by HTTPS which provides secure encrypted communications. Port 3389 is used by RDP (Remote Desktop Protocol) which does provide encrypted communications. 


Q603. Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? 

PERMIT TCP ANY HOST 192.168.0.10 EQ 80 

PERMIT TCP ANY HOST 192.168.0.10 EQ 443 

A. It implements stateful packet filtering. 

B. It implements bottom-up processing. 

C. It failed closed. 

D. It implements an implicit deny. 

Answer:

Explanation: 

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present. 


Q604. Which of the following is a security risk regarding the use of public P2P as a method of collaboration? 

A. Data integrity is susceptible to being compromised. 

B. Monitoring data changes induces a higher cost. 

C. Users are not responsible for data usage tracking. 

D. Limiting the amount of necessary space for data storage. 

Answer:

Explanation: 

Peer-to-peer (P2P) networking is commonly used to share files such as movies and music, but you must not allow users to bring in devices and create their own little networks. All networking must be done through administrators and not on a P2P basis. Data integrity can easily be compromised when using public P2P networking. 


Q605. Matt, a developer, recently attended a workshop on a new application. The developer installs the new application on a production system to test the functionality. Which of the following is MOST likely affected? 

A. Application design 

B. Application security 

C. Initial baseline configuration 

D. Management of interfaces 

Answer:

Explanation: 

The initial baseline configuration of a computer system is an agreed configuration for the computer. For example, the initial baseline configuration will list what operating system he computer will run, what software applications and patches will be installed and what configuration settings should be applied to the system. In this question, we are installing a new software application on a server. After the installation of the software, the “configuration” of the server (installed software, settings etc) is now different from the initial baseline configuration. 


Up to date SY0-401 vce:

Q606. Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process? 

A. TACACS+ 

B. Secure LDAP 

C. RADIUS 

D. Kerberos 

Answer:

Explanation: 

The basic process of Kerberos authentication is as follows: 

The subject provides logon credentials. 

The Kerberos client system encrypts the password and transmits the protected credentials to the 

KDC. 

The KDC verifies the credentials and then creates a ticket-granting ticket (TGT—a hashed form of 

the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is 

encrypted and sent to the client. 

The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos 

realm. 

The subject requests access to resources on a network server. This causes the client to request a 

service ticket (ST) from the KDC. 

The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST 

includes a time stamp that indicates its valid lifetime. 

The client receives the ST. 

The client sends the ST to the network server that hosts the desired resource. 

The network server verifies the ST. If it’s verified, it initiates a communication session with the 

client. From this point forward, Kerberos is no longer involved. 


Q607. Which of the following devices is MOST likely being used when processing the following? 

1 PERMIT IP ANY ANY EQ 80 

2 DENY IP ANY ANY 

A. Firewall 

B. NIPS 

C. Load balancer 

D. URL filter 

Answer:

Explanation: 


Q608. A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected? 

A. Block cipher 

B. Stream cipher 

C. CRC 

D. Hashing algorithm 

Answer:

Explanation: 

With a block cipher the algorithm works on chunks of data—encrypting one and then moving to the 

next. 

Example: Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. 


Q609. Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies? 

A. To ensure that false positives are identified 

B. To ensure that staff conform to the policy 

C. To reduce the organizational risk 

D. To require acceptable usage of IT systems 

Answer:

Explanation: 

Once risks has been identified and assessed then there are five possible actions that should be taken. These are: Risk avoidance, Risk transference, Risk mitigation, Risk deterrence and Risk acceptance. Anytime you engage in steps to reduce risk, you are busy with risk mitigation and implementing IT security policy is a risk mitigation strategy. 


Q610. Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this? 

A. Disable default SSID broadcasting. 

B. Use WPA instead of WEP encryption. 

C. Lower the access point’s power settings. 

D. Implement MAC filtering on the access point. 

Answer:

Explanation: 

If MAC filtering is turned off, any wireless client that knows the values looked for (MAC addresses) can join the network. When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with users’ computers and enters those addresses. When a client attempts to connect and other values have been correctly entered, an additional check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is forbidden from doing so.