The Secret of sy0 401 practice test

It is more faster and easier to pass the CompTIA comptia security+ sy0 401 pdf exam by using High quality CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Abreast of the times sy0 401 vce Exam and find the same core area comptia security+ study guide sy0 401 questions with professionally verified answers, then PASS your exam with a high score now.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q11. Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption? 

A. Blowfish 

B. DES 

C. SHA256 

D. HMAC 

Answer:

Explanation: 

Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). Among the alternatives listed above, it is the only cipher that can use a 128-bit key and which does provide additional security through a symmetric key. 


Q12. Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank’s website, but not login. Which is the following is MOST likely the issue? 

A. The IP addresses of the clients have change 

B. The client certificate passwords have expired on the server 

C. The certificates have not been installed on the workstations 

D. The certificates have been installed on the CA 

Answer:

Explanation: 

The computer certificates must be installed on the upgraded client computers. 


Q13. A company requires that a user’s credentials include providing something they know and something they are in order to gain access to the network. Which of the following types of authentication is being described? 

A. Biometrics 

B. Kerberos 

C. Token 

D. Two-factor 

Answer:

Explanation: Two-factor authentication is when two different authentication factors are provided for authentication purposes. In this case, “something they know and something they are”. 


Q14. Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment? 

A. NoSQL databases are not vulnerable to XSRF attacks from the application server. 

B. NoSQL databases are not vulnerable to SQL injection attacks. 

C. NoSQL databases encrypt sensitive information by default. 

D. NoSQL databases perform faster than SQL databases on the same hardware. 

Answer:

Explanation: 


Q15. Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts? 

A. Availability 

B. Integrity 

C. Accounting 

D. Confidentiality 

Answer:

Explanation: 

Integrity means ensuring that data has not been altered. Hashing and message authentication codes are the most common methods to accomplish this. In addition, ensuring nonrepudiation via digital signatures supports integrity. 


Q16. HOTSPOT 

Select the appropriate attack from each drop down list to label the corresponding illustrated attack 

Instructions: Attacks may only be used once, and will disappear from drop down list if selected. 

When you have completed the simulation, please select the Done button to submit. 

Answer: 

Explanation: 

References: 

http://searchsecurity.techtarget.com/definition/spear-phishing http://www.webopedia.com/TERM/V/vishing.html http://www.webopedia.com/TERM/P/phishing.html 

http://www.webopedia.com/TERM/P/pharming.html 


Q17. A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior? 

A. Assign users passwords based upon job role. 

B. Enforce a minimum password age policy. 

C. Prevent users from choosing their own passwords. 

D. Increase the password expiration time frame. 

Answer:

Explanation: 

A minimum password age policy defines the period that a password must be used for before it can be changed. 


Q18. Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server? 

A. HIPS 

B. NIDS 

C. HIDS 

D. NIPS 

Answer:

Explanation: 

This question is asking which of the following is designed to stop an intrusion on a specific server. To stop an intrusion on a specific server, you would use a HIPS (Host Intrusion Prevention System). The difference between a HIPS and other intrusion prevention systems is that a HIPS is a software intrusion prevention systems that is installed on a ‘specific server’. 

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. 

A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion. 


Q19. A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following? 

A. Peer to Peer 

B. Mobile devices 

C. Social networking 

D. Personally owned devices 

Answer:

Explanation: 

There many companies that allow full use of social media in the workplace, believing that the marketing opportunities it holds outweigh any loss in productivity. What they are unknowingly minimizing are the threats that exist. Rather than being all new threats, the social networking/media threats tend to fall in the categories of the same old tricks used elsewhere but in a new format. A tweet can be sent with a shortened URL so that it does not exceed the 140-character limit set by Twitter; unfortunately, the user has no idea what the shortened URL leads to. This makes training your employees regarding the risks social networking entails essential. 


Q20. After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Joe’s desktop remain encrypted when moved to external media or other network based storage? 

A. Whole disk encryption 

B. Removable disk encryption 

C. Database record level encryption 

D. File level encryption 

Answer:

Explanation: 

Encryption is used to ensure the confidentiality of information. In this case you should make use of file level encryption. File level encryption is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.