CompTIA SY0-401 Online Practice
Questions and Exam Preparation
SY0-401 Exam Details
Exam Code
:SY0-401
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1789 Q&As
Last Updated
:Dec 14, 2021
CompTIA SY0-401 Online Questions &
Answers
Question 131:
After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).
A. Recovery B. User assigned privileges C. Lockout D. Disablement E. Group based privileges F. Password expiration G. Password complexity
F. Password expiration G. Password complexity
Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some character type complexity, the more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days.
Question 132:
A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal?
A. AES B. IPSec C. PGP D. SSH
D. SSH
With SSH you can use automatically generated public-private key pairs to encrypt a network connection, and then use password authentication to log on. Or you can use a manually generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password.
Question 133:
A company's employees were victims of a spear phishing campaign impersonating the CEO. The company would now like to implement a solution to improve the overall security posture by assuring their employees that email originated from the CEO. Which of the following controls could they implement to BEST meet this goal?
A. Spam filter B. Digital signatures C. Antivirus software D. Digital certificates
B. Digital signatures
A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document. The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security, a digital signature is intended to solve the problem of tampering and impersonation in digital communications. Digital signatures can provide the added assurances of evidence to origin, identity and status of an electronic document, transaction or message, as well as acknowledging informed consent by the signer. Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.
Question 134:
Joe an application developer is building an external facing marketing site. There is an area on the page where clients may submit their feedback to articles that are posted. Joe filters client-side JAVA input. Which of the following is Joe attempting to prevent?
A. SQL injections B. Watering holes C. Cross site scripting D. Pharming
C. Cross site scripting
Question 135:
a company is deploying an new video conferencing system to be used by the executive team for board meetings. The security engineer has been asked to choose the strongest available asymmetric cipher to be used for encryption of board papers, and chose the strongest available stream cipher to be configured for video streaming. Which of the following ciphers should be chosen? (Select two)
A. RSA B. RC4 C. 3DES D. HMAC E. SJA-256
A. RSA B. RC4
Question 136:
Which of the following should be done before resetting a user's password due to expiration?
A. Verify the user's domain membership. B. Verify the user's identity. C. Advise the user of new policies. D. Verify the proper group membership.
B. Verify the user's identity.
When resetting a password, users have to establish their identity by answering a series of personal questions, using a hardware authentication token, or responding to a password notification e-mail. Users can then either specify a new, unlocked password, or ask that a randomly generated one be provided. This can be done from their workstation login prompt, or through a telephone call.
Question 137:
Pete, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct?
A. Gray Box Testing B. Black Box Testing C. Business Impact Analysis D. White Box Testing
A. Gray Box Testing
Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has limited knowledge of the internal details of the program. A gray box is a device, program or system whose workings are partially understood. Gray box testing can be contrasted with black box testing, a scenario in which the tester has no knowledge or access to the internal workings of a program, or white box testing, a scenario in which the internal particulars are fully known. Gray box testing is commonly used in penetration tests. Gray box testing is considered to be non-intrusive and unbiased because it does not require that the tester have access to the source code. With respect to internal processes, gray box testing treats a program as a black box that must be analyzed from the outside. During a gray box test, the person may know how the system components interact but not have detailed knowledge about internal program functions and operation. A clear distinction exists between the developer and the tester, thereby minimizing the risk of personnel conflicts.
Question 138:
Which of the following would be used as a secure substitute for Telnet?
A. SSH B. SFTP C. SSL D. HTTPS
A. SSH
Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is available for use on Windows systems as well. This makes it the preferred method of security for Telnet and other cleartext oriented programs in the Unix environment.
Question 139:
An administrator is configuring a network for all users in a single building. Which of the following design elements would be used to segment the network based on organizational groups? (Select two)
A. NAC B. NAT C. Subnetting D. VLAN E. DMZ F. VPN
B. NAT C. Subnetting
Question 140:
A security administrator must implement a wireless encryption system to secure mobile devices' communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?
A. RC4 B. AES C. MD5 D. TKIP
A. RC4
RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-401 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.