CompTIA SY0-401 Online Practice
Questions and Exam Preparation
SY0-401 Exam Details
Exam Code
:SY0-401
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1789 Q&As
Last Updated
:Dec 14, 2021
CompTIA SY0-401 Online Questions &
Answers
Question 211:
A security administrator wants to check user password complexity. Which of the following is the
BEST tool to use?
A. Password history B. Password logging C. Password cracker D. Password hashing
C. Password cracker
The most important countermeasure against password crackers is to use long, complex passwords, which are changed regularly. Password-cracking tools compare hashes from potential passwords with the hashes stored in the accounts database. Each potential password is hashed, and that hash value is compared with the accounts database. If a match is found, the password-cracker tool has discovered a password for a user account.
Question 212:
A security technician has been tasked with opening ports on a firewall to allow users to browse the internet. Which of the following ports should be opened on the firewall? (Select Three)
A. 22 B. 53 C. 80 D. 110 E. 443 F. 445 G. 8080
C. 80 E. 443 G. 8080
Question 213:
A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?
A. Symmetric encryption B. Non-repudiation C. Steganography D. Hashing
C. Steganography
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.
Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse
interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a
secret message is being sent, as well as concealing the contents of the message.
Question 214:
A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate.
Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?
A. 1 B. 2 C. 3 D. 4
C. 3
Three different types of authentication factors have been used in this question:
Something you know ?username and password.
Something you have - client side certificate.
Somewhere you are - authentication to the VPN is only allowed from the U.S. territory.
Question 215:
A company hired Joe, an accountant. The IT administrator will need to create a new account for
Joe. The company uses groups for ease of management and administration of user accounts.
Joe will need network access to all directories, folders and files within the accounting department.
Which of the following configurations will meet the requirements?
A. Create a user account and assign the user account to the accounting group. B. Create an account with role-based access control for accounting. C. Create a user account with password reset and notify Joe of the account creation. D. Create two accounts: a user account and an account with full network administration rights.
B. Create an account with role-based access control for accounting.
Role-based Access Control is basically based on a user's job description. When a user is assigned a specific role in an environment, that user's access to objects is granted based on the required tasks of that role. The IT administrator should, therefore, create an account with role-based access control for accounting for Joe.
Question 216:
Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Joe had already been working for two hours before leaving the premises.
A security technician was asked to prepare a report of files that had changed since last night's integrity scan.
Which of the following could the technician use to prepare the report? (Select TWO).
A. PGP B. MD5 C. ECC D. AES E. Blowfish F. HMAC
B. MD5 F. HMAC
B: MD5 can be used to locate the data which has changed. The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.
F: A common method of verifying integrity involves adding a message authentication code (MAC) to the message. HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key.
Question 217:
The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?
A. WEP B. WPA2 CCMP C. Disable SSID broadcast and increase power levels D. MAC filtering
B. WPA2 CCMP
CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This initialization vector makes cracking a bit more difficult.
Question 218:
Establishing a published chart of roles, responsibilities, and chain of command to be used during a disaster is an example of which of the following?
A. Fault tolerance B. Succession planning C. Business continuity testing D. Recovery point objectives
B. Succession planning
Succession planning outlines those internal to the organization that has the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.
Question 219:
A datacenter has suffered repeated burglaries which led to equipment theft and arson. In the past, the thieves have demonstrated a determination to bypass any installed safeguards. After mantraps were installed to prevent tailgating, the thieves crashed through the wall of datacenter with a vehicle after normal business hours. Which of the following options could improve the safety and security of the datacenter further? (Select two)
A. Cipher locks B. CCTV C. Escape routes D. K rated fencing E. Fm200 fire suppression
A. Cipher locks D. K rated fencing
Question 220:
A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?
A. Implement privacy policies B. Enforce mandatory vacations C. Implement a security policy D. Enforce time of day restrictions
B. Enforce mandatory vacations
A mandatory vacation policy requires all users to take time away from work to refresh. And in the same time it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfy the need to have replication or duplication at all levels in addition to affording the company an opportunity to discover fraud for when others do the same job in the absence of the regular staff member then there is transparency.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-401 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.