Act now and download your CompTIA SY0-401 test today! Do not waste time for the worthless CompTIA SY0-401 tutorials. Download Improve CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA SY0-401 with a classic professional.
2021 Jan SY0-401 exam answers
Q391. A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?
A. Symmetric encryption
B. Non-repudiation
C. Steganography
D. Hashing
Answer: C
Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
Q392. Which of the following provides a static record of all certificates that are no longer valid?
A. Private key
B. Recovery agent
C. CRLs
D. CA
Answer: C
Explanation:
The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release. When a potential user attempts to access a server, the server allows or denies access based on the CRL entry for that particular user.
Q393. Which of the following mitigation strategies is established to reduce risk when performing updates to business critical systems?
A. Incident management
B. Server clustering
C. Change management
D. Forensic analysis
Answer: C
Explanation:
Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. In this case ‘performing updates to business critical systems.
Q394. Which of the following could a security administrator implement to mitigate the risk of tailgating for a large organization?
A. Train employees on correct data disposal techniques and enforce policies.
B. Only allow employees to enter or leave through one door at specified times of the day.
C. Only allow employees to go on break one at a time and post security guards 24/7 at each entrance.
D. Train employees on risks associated with social engineering attacks and enforce policies.
Answer: D
Explanation:
Tailgating is the term used for someone being so close to you when you enter a building that they are able to come in right behind you without needing to use a key, a card, or any other security device. Many social engineering intruders needing physical access to a site will use this method of gaining entry. Educate users to beware of this and other social engineering ploys and prevent them from happening.
Q395. Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server?
A. SSLv2
B. SSHv1
C. RSA
D. TLS
Answer: D
Explanation:
HTTP Secure HTTP Secure (HTTPS) is the protocol used for “secure” web pages that users should see when they must enter personal information such as credit card numbers, passwords, and other identifiers. It combines HTTP with SSL/TLS to provide encrypted communication. Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL, and it is also referred to as SSL 3.1.
Avant-garde SY0-401 latest exam:
Q396. A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:
A. escalation and notification.
B. first responder.
C. incident identification.
D. incident mitigation.
Answer: A
Explanation:
Q397. NO: 81
A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs.
Which of the following should the administrator use to test the patching process quickly and often?
A. Create an incremental backup of an unpatched PC
B. Create an image of a patched PC and replicate it to servers
C. Create a full disk image to restore after each installation
D. Create a virtualized sandbox and utilize snapshots
Answer: D
Explanation:
Sandboxing is the process of isolating a system before installing new applications or patches on it
so as to restrict the software from being able to cause harm to production systems.
Before the patch is installed, a snapshot of the system should be taken. Snapshots are backups
that can be used to quickly recover from poor updates, and errors arising from newly installed
applications.
Q398. Which of the following is required to allow multiple servers to exist on one physical server?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Virtualization
D. Infrastructure as a Service (IaaS)
Answer: C
Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.
Q399. Which of the following is the LEAST volatile when performing incident response procedures?
A. Registers
B. RAID cache
C. RAM
D. Hard drive
Answer: D
Explanation:
An example of OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts. Of the options stated in the question the hard drive would be the least volatile.
Q400. An advantage of virtualizing servers, databases, and office applications is:
A. Centralized management.
B. Providing greater resources to users.
C. Stronger access control.
D. Decentralized management.
Answer: A
Explanation:
Virtualization consists of allowing one set of hardware to host multiple virtual Machines and in the case of software and applications; one host is all that is required. This makes centralized management a better prospect.