★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Want to know Examcollection SY0-401 Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Verified CompTIA SY0-401 answers to Far out SY0-401 questions at Examcollection. Gat a success with an absolute guarantee to pass CompTIA SY0-401 (CompTIA Security+ Certification) test on your first attempt.

2021 Apr SY0-401 test questions

Q41. Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file? 

A. Cognitive password 

B. Password sniffing 

C. Brute force 

D. Social engineering 

Answer:

Explanation: 

One way to recover a user’s forgotten password on a password protected file is to guess it. A brute force attack is an automated attempt to open the file by using many different passwords. 

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security. A brute force attack may also be referred to as brute force cracking. For example, a form of brute force attack known as a dictionary attack might try all the words in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers. An attack of this nature can be time- and resource-consuming. Hence the name "brute force attack;" success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm. 


Q42. DRAG DROP 

Drag and drop the correct protocol to its default port. 

Answer: 

Explanation: 

FTP uses TCP port 21. 

Telnet uses port 23. 

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, 

and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file-transfer facility 

based on SSH and Remote Copy Protocol (RCP). Secure FTP (SFTP) is a secured alternative to 

standard File Transfer Protocol (FTP). 

SMTP uses TCP port 25. 

Port 69 is used by TFTP. 

SNMP makes use of UDP ports 161 and 162. 

References: 

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 42, 45, 

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers 


Q43. Which of the following should a security technician implement to identify untrusted certificates? 

A. CA 

B. PKI 

C. CRL 

D. Recovery agent 

Answer:

Explanation: 

Untrusted certificates and keys are revoked and put into the CRL. Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. 


Q44. A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend? 

A. CHAP 

B. TOTP 

C. HOTP 

D. PAP 

Answer:

Explanation: Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. Therefore, the password will only be valid for a predefined time interval. 


Q45. A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an: 

A. Logic bomb. 

B. Backdoor. 

C. Adware application. 

D. Rootkit. 

Answer:

Explanation: 

There has been a security breach on a computer system. The security administrator should now check for the existence of a backdoor. A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission. Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures—and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers. 


Most up-to-date SY0-401 free exam questions:

Q46. Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash? 

A. Input validation 

B. Exception handling 

C. Application hardening 

D. Fuzzing 

Answer:

Explanation: 

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. 


Q47. Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files? 

A. Failed authentication attempts 

B. Network ping sweeps 

C. Host port scans 

D. Connections to port 22 

Answer:

Explanation: 

Log analysis is the art and science of reviewing audit trails, log files, or other forms of computer-

generated records for evidence of policy violations, malicious events, downtimes, bottlenecks, or 

other issues of concern. 

SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP, 

SHTTP, SCP, SExec, and slogin. 


Q48. The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following? 

A. Stream ciphers 

B. Transport encryption 

C. Key escrow 

D. Block ciphers 

Answer:

Explanation: 

Transport encryption is the process of encrypting data ready to be transmitted over an insecure network. A common example of this would be online banking or online purchases where sensitive information such as account numbers or credit card numbers is transmitted. 

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL). 


Q49. Upper management decides which risk to mitigate based on cost. This is an example of: 

A. Qualitative risk assessment 

B. Business impact analysis 

C. Risk management framework 

D. Quantitative risk assessment 

Answer:

Explanation: 

Quantitative analysis / assessment is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure. Quantitative assessments assign a dollar amount. 


Q50. A systems engineer has been presented with storage performance and redundancy requirements for a new system to be built for the company. The storage solution must be designed to support the highest performance and must also be able to support more than one drive failure. Which of the following should the engineer choose to meet these requirements? 

A. A mirrored striped array with parity 

B. A mirrored mirror array 

C. A striped array 

D. A striped array with parity 

Answer:

Explanation: