CompTIA Security+ Certification Examination Amount: SY0-401
Linked Certifications: CompTIA
Accessible languages: English language, Malay, Chinese, Simple spanish, Ruskies, Malay, Dutch, Colonial
Examination Term : CompTIA Security+ Certification
Answers : [productnum] Q&As
Revise Time frame: [productupdatetime]
Expense: [productprice]

2021 Jan SY0-401 free download

Q421. A user ID and password together provide which of the following? 

A. Authorization 

B. Auditing 

C. Authentication 

D. Identification 

Answer:

Explanation: 

Authentication generally requires one or more of the following: 

Something you know: a password, code, PIN, combination, or secret phrase. 

Something you have: a smart card, token device, or key. 

Something you are: a fingerprint, a retina scan, or voice recognition; often referred to as 

biometrics, discussed later in this chapter. 

Somewhere you are: a physical or logical location. 

Something you do: typing rhythm, a secret handshake, or a private knock. 


Q422. Which of the following uses port 22 by default? (Select THREE). 

A. SSH 

B. SSL 

C. TLS 

D. SFTP 

E. SCP 

F. FTPS 

G. SMTP 

H. SNMP 

Answer: A,D,E 

Explanation: 

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. 


Q423. In which of the following steps of incident response does a team analyse the incident and determine steps to prevent a future occurrence? 

A. Mitigation 

B. Identification 

C. Preparation 

D. Lessons learned 

Answer:

Explanation: 

Incident response procedures involves in chronological order: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Thus lessons are only learned after the mitigation occurred. For only then can you ‘step back’ and analyze the incident to prevent the same occurrence in future. 


Q424. A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password? 

A. Ann’s user account has administrator privileges. 

B. Joe’s user account was not added to the group policy. 

C. Ann’s user account was not added to the group policy. 

D. Joe’s user account was inadvertently disabled and must be re-created. 

Answer:

Explanation: 

Group policy is used to manage Windows systems in a Windows network domain environment by means of a Group Policy Object (GPO). GPO’s include a number of settings related to credentials, which includes password expiration. Because Anne was not prompted to change her password, it could only mean that her user account was not added to the group policy. 


Q425. Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization? 

A. It should be enforced on the client side only. 

B. It must be protected by SSL encryption. 

C. It must rely on the user’s knowledge of the application. 

D. It should be performed on the server side. 

Answer:

Explanation: 

Client-side validation should only be used to improve user experience, never for security purposes. A client-side input validation check can improve application performance by catching malformed input on the client and, therefore, saving a roundtrip to the server. However, client side validation can be easily bypassed and should never be used for security purposes. Always use server-side validation to protect your application from malicious attacks. 


Leading SY0-401 latest exam:

Q426. Which of the following is characterized by an attack against a mobile device? 

A. Evil twin 

B. Header manipulation 

C. Blue jacking 

D. Rogue AP 

Answer:

Explanation: 

A bluejacking attack is where unsolicited messages are sent to mobile devices using Bluetooth. Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames. 


Q427. A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that: 

A. HDD hashes are accurate. 

B. the NTP server works properly. 

C. chain of custody is preserved. 

D. time offset can be calculated. 

Answer:

Explanation: 

It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as well. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system. 


Q428. A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application? 

A. Black box testing 

B. White box testing 

C. Gray box testing 

D. Design review 

Answer:

Explanation: 

In this question, we know the tester has some knowledge of the application because the tester developed a plug-in module for it. However, the tester does not have detailed information about the entire application. Therefore, this is a grey-box test. Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has limited knowledge of the internal details of the program. A gray box is a device, program or system whose workings are partially understood. Gray box testing can be contrasted with black box testing, a scenario in which the tester has no knowledge or access to the internal workings of a program, or white box testing, a scenario in which the internal particulars are fully known. Gray box testing is commonly used in penetration tests. Gray box testing is considered to be non-intrusive and unbiased because it does not require that the tester have access to the source code. With respect to internal processes, gray box testing treats a program as a black box that must be analyzed from the outside. During a gray box test, the person may know how the system components interact but not have detailed knowledge about internal program functions and operation. A clear distinction exists between the developer and the tester, thereby minimizing the risk of personnel conflicts. 

Topic 4, Application, Data and Host Security 


Q429. The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available? 

A. Cloud computing 

B. Full disk encryption 

C. Data Loss Prevention 

D. HSM 

Answer:

Explanation: 

Cloud computing means hosting services and data on the Internet instead of hosting it locally. There is thus no issue when the company’s server is taken offline. 


Q430. The administrator receives a call from an employee named Joe. Joe says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then says that he can get to the sports site on this phone. Which of the following might the administrator need to configure? 

A. The access rules on the IDS 

B. The pop up blocker in the employee’s browser 

C. The sensitivity level of the spam filter 

D. The default block page on the URL filter 

Answer:

Explanation: 

A URL filter is used to block access to a site based on all or part of a URL. There are a number of URL-filtering tools that can acquire updated master URL block lists from vendors, as well as allow administrators to add or remove URLs from a custom list.