★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Act now and download your CompTIA SY0-401 test today! Do not waste time for the worthless CompTIA SY0-401 tutorials. Download Replace CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA SY0-401 with a classic professional.

2021 Mar SY0-401 test

Q291. A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security? 

A. Assign users manually and perform regular user access reviews 

B. Allow read only access to all folders and require users to request permission 

C. Assign data owners to each folder and allow them to add individual users to each folder 

D. Create security groups for each folder and assign appropriate users to each group 

Answer:

Explanation: 

Creating a security group for each folder and assigning necessary users to each group would only allow users belonging to the folder’s security group access to the folder. It will make assigning folder privileges much easier, while also being more secure. 


Q292. Pete, the system administrator, is reviewing his disaster recovery plans. He wishes to limit the downtime in the event of a disaster, but does not have the budget approval to implement or maintain an offsite location that ensures 99.99% availability. Which of the following would be Pete’s BEST option? 

A. Use hardware already at an offsite location and configure it to be quickly utilized. 

B. Move the servers and data to another part of the company’s main campus from the server room. 

C. Retain data back-ups on the main campus and establish redundant servers in a virtual environment. 

D. Move the data back-ups to the offsite location, but retain the hardware on the main campus for redundancy. 

Answer:

Explanation: 

A warm site provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational. Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization with which yours has a reciprocal agreement. Warm sites may be for your exclusive use, but they don’t have to be. A warm site requires more advanced planning, testing, and access to media for system recovery. Warm sites represent a compromise between a hot site, which is very expensive, and a cold site, which isn’t preconfigured. 


Q293. A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data? 

A. Database field encryption 

B. File-level encryption 

C. Data loss prevention system 

D. Full disk encryption 

Answer:

Explanation: 

Database encryption makes use of cryptography functions that are built into the database software to encrypt the data stored in the data base. This often offers granular encryption options which allows for the encryptions of the entire database, specific database tables, or specific database fields, such as a credit card number field. 


Q294. Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic? 

A. Sniffer 

B. Router 

C. Firewall 

D. Switch 

Answer:

Explanation: 

Ip tables are a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. 


Q295. A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address? 

A. Identification 

B. Authorization 

C. Access control 

D. Authentication 

Answer:


Abreast of the times SY0-401 exam question:

Q296. A security administrator wants to implement a solution which will allow some applications to run under the user's home directory and only have access to files stored within the same user's folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users? 

A. OS Virtualization 

B. Trusted OS 

C. Process sandboxing 

D. File permission 

Answer:

Explanation: 


Q297. Which of the following could cause a browser to display the message below? 

"The security certificate presented by this website was issued for a different website’s address." 

A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs. 

B. The website is using a wildcard certificate issued for the company’s domain. 

C. HTTPS://127.0.01 was used instead of HTTPS://localhost. 

D. The website is using an expired self signed certificate. 

Answer:

Explanation: 

PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates. In typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information). Users, or their software on their behalf, check that the private key used to sign some certificate matches the public key in the CA's certificate. Since CA certificates are often signed by other, "higher-ranking," CAs, there must necessarily be a highest CA, which provides the ultimate in attestation authority in that particular PKI scheme. Localhost is a hostname that means this computer and may be used to access the computer's own network services via its loopback network interface. Using the loopback interface bypasses local network interface hardware. In this case the HTTPS://127.0.01 was used and not HTTPS//localhost 


Q298. DRAG DROP 

A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and drop the applicable controls to each asset type. 

Instructions: Controls can be used multiple times and not all placeholders need to be filled. When you have completed the simulation, please select the Done button to submit. 

Answer: 

Explanation: 

References: 

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, 

Indianapolis, 2014, pp 221, 222, 369, 418 

http://www.mentor-app.com/ 


Q299. Which of the following protocols encapsulates an IP packet with an additional IP header? 

A. SFTP 

B. IPSec 

C. HTTPS 

D. SSL 

Answer:

Explanation: 

Authentication Header (AH) is a member of the IPsec protocol suite. AH operates directly on top of IP, using IP protocol number 51. 


Q300. Although a vulnerability scan report shows no vulnerabilities have been discovered, a subsequent penetration test reveals vulnerabilities on the network. Which of the following has been reported by the vulnerability scan? 

A. Passive scan 

B. Active scan 

C. False positive 

D. False negative 

Answer:

Explanation: