10 tips on security+ sy0-401

Refined of SY0-401 simulations materials and vce for CompTIA certification for candidates, Real Success Guaranteed with Updated SY0-401 pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!

2021 May SY0-401 Study Guide Questions:

Q141. A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place? 

A. War chalking 

B. Bluejacking 

C. War driving 

D. Bluesnarfing 

Answer: B 


The question states that the ‘attack’ took place on public transport and was received on a smartphone. Therefore, it is most likely that the image was sent using Bluetooth. Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames. 

Q142. Digital signatures are used for ensuring which of the following items? (Select TWO). 

A. Confidentiality 

B. Integrity 

C. Non-Repudiation 

D. Availability 

E. Algorithm strength 

Answer: B,C 


A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Nonrepudiation prevents one party from denying actions that they carried out and in the electronic world nonrepudiation measures can be a two-key cryptographic system and the involvement of a third party to verify the validity. This respected third party ‘vouches’ for the individuals in the two-key system. Thus non-repudiation also impacts on integrity. 

Q143. In which of the following steps of incident response does a team analyse the incident and determine steps to prevent a future occurrence? 

A. Mitigation 

B. Identification 

C. Preparation 

D. Lessons learned 

Answer: D 


Incident response procedures involves in chronological order: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Thus lessons are only learned after the mitigation occurred. For only then can you ‘step back’ and analyze the incident to prevent the same occurrence in future. 

SY0-401  simulations

Far out lead2pass sy0-401:

Q144. While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO). 

A. 20 

B. 21 

C. 22 

D. 68 

E. 69 

Answer: A,B 


Q145. Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to? 





Answer: A 


PAP transmits the username and password to the authentication server in plain text. MSCHAPv2 is utilized as an authentication option for RADIUS servers that are used for Wi-Fi security using the WPA-Enterprise protocol. 

Q146. A server with the IP address of has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs: 

These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring? 


B. DDoS 

C. DoS 

D. Xmas 

Answer: B 


A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. 

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack. 

SY0-401  simulations

Breathing comptia security+ certification practice exams second edition (exam sy0-401):

Q147. A security manager must remain aware of the security posture of each system. Which of the following supports this requirement? 

A. Training staff on security policies 

B. Establishing baseline reporting 

C. Installing anti-malware software 

D. Disabling unnecessary accounts/services 

Answer: B 


The IT baseline protection approach is a methodology to identify and implement computer security 

measures in an organization. The aim is the achievement of an adequate and appropriate level of 

security for IT systems. This is known as a baseline. 

A baseline report compares the current status of network systems in terms of security updates, 

performance or other metrics to a predefined set of standards (the baseline). 

Q148. A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment? 

A. Chain of custody 

B. Tracking man hours 

C. Record time offset 

D. Capture video traffic 

Answer: C 


It is quite common for workstation as well as server times to be off slightly from actual time. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system. There is no mention that this was done by the incident response team. 

Q149. Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent? 

A. Buffer overflow 

B. Pop-up blockers 

C. Cross-site scripting 

D. Fuzzing 

Answer: A 


Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits. 

Q150. Which of the following should an administrator implement to research current attack methodologies? 

A. Design reviews 

B. Honeypot 

C. Vulnerability scanner 

D. Code reviews 

Answer: B 


A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study 

the attack to research current attack methodologies. 

According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main 


The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning 

where the system has weaknesses that need to be redesigned. 

The hacker can be caught and stopped while trying to obtain root access to the system. 

By studying the activities of hackers, designers can better create more secure systems that are 

potentially invulnerable to future hackers. 

There are two main types of honeypots: 

Production - A production honeypot is one used within an organization's environment to help 

mitigate risk. 

Research – A research honeypot add value to research in computer security by providing a 

platform to study the threat. 

see more SY0-401 dumps