All About SY0-401 practice Apr 2021

You will have immediate access on the free downloadable CompTIA SY0-401 simulated tests soon after purchasing. It?¡¥s the shortcut to suit your needs to get certified inside a low value. Make complete use of the spare time to practise the CompTIA SY0-401 on the internet study components. Our cheapest and latest CompTIA SY0-401 exam braindumps would be the resourceful supplies for the CompTIA real test. You should select a single that meets the studying requirements.

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

2021 Apr SY0-401 sample question

Q671. The security administrator notices a user logging into a corporate Unix server remotely as root. 

Which of the following actions should the administrator take? 

A. Create a firewall rule to block SSH 

B. Delete the root account 

C. Disable remote root logins 

D. Ensure the root account has a strong password 



Q672. A way to assure data at-rest is secure even in the event of loss or theft is to use: 

A. Full device encryption. 

B. Special permissions on the file system. 

C. Trusted Platform Module integration. 

D. Access Control Lists. 



Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. 

Q673. Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this? 

A. Hoax 

B. Phishing 

C. Vishing 

D. Whaling 



Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone. The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to "verify identity" or to "ensure that fraud does not occur." If the attack is carried out by telephone, caller ID spoofing can cause the victim's set to indicate a legitimate source, such as a bank or a government agency. 

Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many legitimate customer services, vishing scams are often outsourced to other countries, which may render sovereign law enforcement powerless. 

Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal activity, no matter what the medium or apparent source. Rather than calling a number given in any unsolicited message, a consumer should directly call the institution named, using a number that is known to be valid, to verify all recent activity and to ensure that the account information has not been tampered with. 

Q674. Which of the following fire suppression systems is MOST likely used in a datacenter? 

A. FM-200 

B. Dry-pipe 

C. Wet-pipe 

D. Vacuum 



FM200 is a gas and the principle of a gas system is that it displaces the oxygen in the room, thereby removing this essential component of a fi re. in a data center is is the preferred choice of fire suppressant. 

Q675. A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication works fine, but VLAN 12 does not. Which of the following MUST happen before the server can communicate on VLAN 12? 

A. The server's network switch port must be enabled for 802.11x on VLAN 12. 

B. The server's network switch port must use VLAN Q-in-Q for VLAN 12. 

C. The server's network switch port must be 802.1q untagged for VLAN 12. 

D. The server's network switch port must be 802.1q tagged for VLAN 12. 



Renewal SY0-401 exams:

Q676. Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure? 

A. Trust Model 

B. Recovery Agent 

C. Public Key 

D. Private Key 



In a bridge trust model allows lower level domains to access resources in a separate PKI through the root CA. A trust Model is collection of rules that informs application on how to decide the legitimacy of a 

Digital Certificate. 

In a bridge trust model, a peer-to-peer relationship exists among the root CAs. The root CAs can 

communicate with one another, allowing cross certification. This arrangement allows a certification 

process to be established between organizations or departments. 

Each intermediate CA trusts only the CAs above and below it, but the CA structure can be 

expanded without creating additional layers of CAs. 

Q677. Which of the following is a best practice for error and exception handling? 

A. Log detailed exception but display generic error message 

B. Display detailed exception but log generic error message 

C. Log and display detailed error and exception messages 

D. Do not log or display error or exception messages 



A detailed explanation of the error is not helpful for most end users but might provide information that is useful to a hacker. It is therefore better to display a simple but helpful message to the end user and log the detailed information to an access-restricted log file for the administrator and programmer who would need as much information as possible about the problem in order to rectify it. 

Q678. Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either "good", "unknown", or "revoked"? 




D. RA 



The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'. If it cannot process the request, it may return an error code. 

Q679. A software developer wants to prevent stored passwords from being easily decrypted. When the password is stored by the application, additional text is added to each password before the password is hashed. This technique is known as: 

A. Symmetric cryptography. 

B. Private key cryptography. 

C. Salting. 

D. Rainbow tables. 



Salting can be used to strengthen the hashing when the passwords were encrypted. Though hashing is a one-way algorithm it does not mean that it cannot be hacked. One method to hack a hash is though rainbow tables and salt is the counter measure to rainbow tables. With salt a password that you typed in and that has been encrypted with a hash will yield a letter combination other than what you actually types in when it is rainbow table attacked. 

Q680. Joe, a newly hired employee, has a corporate workstation that has been compromised due to several visits to P2P sites. Joe insisted that he was not aware of any company policy that prohibits the use of such web sites. Which of the following is the BEST method to deter employees from the improper use of the company’s information systems? 

A. Acceptable Use Policy 

B. Privacy Policy 

C. Security Policy 

D. Human Resource Policy 



Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.