Proper study guides for Renewal CompTIA CompTIA Security+ Certification certified begins with CompTIA SY0-401 preparation products which designed to deliver the Certified SY0-401 questions by making you pass the SY0-401 test at your first time. Try the free SY0-401 demo right now.
2021 Dec SY0-401 question
Q471. After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely.
Which of the following is the MOST likely reason the PC technician is unable to ping those devices?
A. ICMP is being blocked
B. SSH is not enabled
C. DNS settings are wrong
D. SNMP is not configured properly
Answer: A
Explanation:
ICMP is a protocol that is commonly used by tools such as ping, traceroute, and pathping. ICMP offers no information If ICMP request queries go unanswered, or ICMP replies are lost or blocked.
Q472. Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?
A. The system is running 802.1x.
B. The system is using NAC.
C. The system is in active-standby mode.
D. The system is virtualized.
Answer: D
Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.
Q473. A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network?
A. A CRL
B. Make the RA available
C. A verification authority
D. A redundant CA
Answer: A
Explanation:
A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or
key.
By checking the CRL you can check if a particular certificate has been revoked.
Q474. Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?
A. Baseline reporting
B. Input validation
C. Determine attack surface
D. Design reviews
Answer: D
Explanation:
When implementing systems and software, an important step is the design of the systems and
software. The systems and software should be designed to ensure that the system works as
intended and is secure.
The design review assessment examines the ports and protocols used, the rules, segmentation,
and access control in the system or application. A design review is basically a check to ensure that
the design of the system meets the security requirements.
Q475. Which of the following is the GREATEST security risk of two or more companies working together under a Memorandum of Understanding?
A. Budgetary considerations may not have been written into the MOU, leaving an entity to absorb more cost than intended at signing.
B. MOUs have strict policies in place for services performed between the entities and the penalties for compromising a partner are high.
C. MOUs are generally loose agreements and therefore may not have strict guidelines in place to protect sensitive data between the two entities.
D. MOUs between two companies working together cannot be held to the same legal standards as SLAs.
Answer: C
Explanation:
The Memorandum of Understanding This document is used in many settings in the information industry. It is a brief summary of which party is responsible for what portion of the work. For example, Company A may be responsible for maintaining the database server and Company B may be responsible for telecommunications. MOUs are not legally binding but they carry a degree of seriousness and mutual respect, stronger than a gentlemen’s agreement. Often, MOUs are the first steps towards a legal contract.
Renew SY0-401 exam prep:
Q476. Which of the following is an indication of an ongoing current problem?
A. Alert
B. Trend
C. Alarm
D. Trap
Answer: C
Explanation:
An alarm indicates that something is wrong and needs to be resolved as soon as possible. Alarms usually continue to sound until the problem is resolved or the alarm is manually silenced.
Q477. Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?
A. Trusted OS
B. Host software baselining
C. OS hardening
D. Virtualization
Answer: D
Explanation:
Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same hardware. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation.
Q478. Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?
A. Buffer overflow
B. Pop-up blockers
C. Cross-site scripting
D. Fuzzing
Answer: A
Explanation:
Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits.
Q479. Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?
A. Near field communication
B. IV attack
C. Evil twin
D. Replay attack
Answer: B
Explanation:
An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or “number occurring once,” as an encryption program uses it only once per session. An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV attack. A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. For example if a one-letter word exists in a message, it may be either “a” or “I” but it can’t be “e” because the word “e” is non-sensical in English, while “a” has a meaning and “I” has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence corresponding to
each letter.
Using an initialization vector changes the binary sequence corresponding to each letter, enabling
the letter “a” to be represented by a particular sequence in the first instance, and then represented
by a completely different binary sequence in the second instance.
WEP (Wireless Equivalent Privacy) is vulnerable to an IV attack. Because RC4 is a stream cipher,
the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain
text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy
network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there
is a 50% probability the same IV will repeat after 5000 packets.
Q480. A company hired Joe, an accountant. The IT administrator will need to create a new account for
Joe. The company uses groups for ease of management and administration of user accounts.
Joe will need network access to all directories, folders and files within the accounting department.
Which of the following configurations will meet the requirements?
A. Create a user account and assign the user account to the accounting group.
B. Create an account with role-based access control for accounting.
C. Create a user account with password reset and notify Joe of the account creation.
D. Create two accounts: a user account and an account with full network administration rights.
Answer: B
Explanation:
Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to objects is granted based on the required tasks of that role. The IT administrator should, therefore, create an account with role-based access control for accounting for Joe.