SY0-401 Exam Details

  • Exam Code
    :SY0-401
  • Exam Name
    :CompTIA Security+
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :1789 Q&As
  • Last Updated
    :Dec 14, 2021

CompTIA SY0-401 Online Questions & Answers

  • Question 121:

    After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window:

    Which of the following has MOST likely occurred?

    A. SQL injection
    B. Cookie stealing
    C. XSRF
    D. XSS

  • Question 122:

    A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of

    192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred?

    A. Brute force password attack
    B. Cross-site request forgery
    C. Cross-site scripting
    D. Fuzzing

  • Question 123:

    A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices?

    A. Black listing applications
    B. Operating System hardening
    C. Mandatory Access Control
    D. Patch Management

  • Question 124:

    Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?

    A. Single sign on
    B. IPv6
    C. Secure zone transfers
    D. VoIP

  • Question 125:

    In an effort to test the effectiveness of an organization's security awareness training, a penetrator tester crafted an email and sent it to all of the employees to see how many of them clicked on the enclosed links. Which of the following is being tested?

    A. How many employees are susceptible to a SPAM attack
    B. How many employees are susceptible to a cross-site scripting attack
    C. How many employees are susceptible to a phishing attack
    D. How many employees are susceptible to a vishing attack

  • Question 126:

    An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA?

    A. CSR
    B. Recovery agent
    C. Private key
    D. CRL

  • Question 127:

    A security administrator finds that an intermediate CA within the company was recently breached. The certificates held on this system were lost during the attack, and it is suspected that the attackers had full access to the system. Which of the following is the NEXT action to take in this scenario?

    A. Use a recovery agent to restore the certificates used by the intermediate CA
    B. Revoke the certificate for the intermediate CA
    C. Recover the lost keys from the intermediate CA key escrow
    D. Issue a new certificate for the root CA

  • Question 128:

    Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?

    A. Security logs
    B. Protocol analyzer
    C. Audit logs
    D. Honeypot

  • Question 129:

    Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information Officer (CIO) is concerned about disclosure of confidential information. Which of the following is the MOST secure method to dispose of these hard drives?

    A. Degaussing
    B. Physical Destruction
    C. Lock up hard drives in a secure safe
    D. Wipe

  • Question 130:

    The security consultant is assigned to test a client's new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?

    A. Black box
    B. Penetration
    C. Gray box
    D. White box

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your SY0-401 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.