Our pass rate is high to 98.9% and the similarity percentage between our sy0 401 vce study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA sy0 401 braindump exam in just one try? I am currently studying for the CompTIA comptia security+ sy0 401 exam. Latest CompTIA comptia security+ sy0 401 pdf Test exam practice questions and answers, Try CompTIA comptia security+ sy0 401 Brain Dumps First.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
Q651. Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?
A. WEP
B. MAC filtering
C. Disabled SSID broadcast
D. TKIP
Answer: B
Explanation:
MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network. While giving a wireless network some additional protection, MAC filtering can be circumvented by scanning a valid MAC (via airodumping) and then spoofing one's own MAC into a validated one.
Q652. Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?
PERMIT TCP ANY HOST 192.168.0.10 EQ 80
PERMIT TCP ANY HOST 192.168.0.10 EQ 443
A. It implements stateful packet filtering.
B. It implements bottom-up processing.
C. It failed closed.
D. It implements an implicit deny.
Answer: D
Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.
Q653. Ann has taken over as the new head of the IT department. One of her first assignments was to implement AAA in preparation for the company’s new telecommuting policy. When she takes inventory of the organizations existing network infrastructure, she makes note that it is a mix of several different vendors. Ann knows she needs a method of secure centralized access to the company’s network resources. Which of the following is the BEST service for Ann to implement?
A. RADIUS
B. LDAP
C. SAML
D. TACACS+
Answer: A
Explanation:
The Remote Authentication Dial In User Service (RADIUS) networking protocol offers centralized Authentication, Authorization, and Accounting (AAA) management for users who make use of a network service.
Q654. The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO).
A. Fire- or water-proof safe.
B. Department door locks.
C. Proximity card.
D. 24-hour security guard.
E. Locking cabinets and drawers.
Answer: A,E
Explanation:
Using a safe and locking cabinets to protect backup media, documentation, and any other physical artifacts that could do harm if they fell into the wrong hands would form part of keeping employees desks clean as in a clean desk policy.
Q655. A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen?
A. Application control
B. Remote wiping
C. GPS
D. Screen-locks
Answer: B
Explanation:
Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.
Q656. DRAG DROP
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.
Answer:
Explanation:
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex,
Indianapolis, 2014, p 369
Q657. A company is preparing to decommission an offline, non-networked root certificate server. Before sending the server’s drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO).
A. Disk hashing procedures
B. Full disk encryption
C. Data retention policies
D. Disk wiping procedures
E. Removable media encryption
Answer: B,D
Explanation:
B: Full disk encryption is when the entire volume is encrypted; the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer’s security. Full disk encryption is sometimes referred to as hard drive encryption.
D: Disk wiping is the process of overwriting data on the repeatedly, or using a magnet to alter the magnetic structure of the disks. This renders the data unreadable.
Q658. Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:
A. user accounts may be inadvertently locked out.
B. data on the USB drive could be corrupted.
C. data on the hard drive will be vulnerable to log analysis.
D. the security controls on the USB drive can be bypassed.
Answer: D
Explanation:
A common access mechanism to data on encrypted USB hard drives is a password. If a weak password is used, someone could guess the password and bypass the security controls on the USB drive to access the data.
Q659. Which of the following would allow the organization to divide a Class C IP address range into several ranges?
A. DMZ
B. Virtual LANs
C. NAT
D. Subnetting
Answer: D
Explanation:
Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.
Q660. A security administrator must implement a secure key exchange protocol that will allow company clients to autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following MUST be implemented?
A. SHA-256
B. AES
C. Diffie-Hellman
D. 3DES
Answer: C
Explanation:
