It is more faster and easier to pass the CompTIA SY0-401 exam by using Top Quality CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Renewal SY0-401 Exam and find the same core area SY0-401 questions with professionally verified answers, then PASS your exam with a high score now.
2021 Jan SY0-401 download
Q61. Ann, a security administrator, wishes to replace their RADIUS authentication with a more secure protocol, which can utilize EAP. Which of the following would BEST fit her objective?
A. CHAP
B. SAML
C. Kerberos
D. Diameter
Answer: D
Explanation:
Diameter is an authentication, authorization, and accounting protocol that replaces the RADIUS protocol. Diameter Applications extend the base protocol by including new commands and/or attributes, such as those for use of the Extensible Authentication Protocol (EAP).
Q62. Which of the following is a difference between TFTP and FTP?
A. TFTP is slower than FTP.
B. TFTP is more secure than FTP.
C. TFTP utilizes TCP and FTP uses UDP.
D. TFTP utilizes UDP and FTP uses TCP.
Answer: D
Explanation:
FTP employs TCP ports 20 and 21 to establish and maintain client-to-server communications, whereas TFTP makes use of UDP port 69.
Q63. Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent?
A. Warm site
B. Load balancing
C. Clustering
D. RAID
Answer: C
Explanation:
Anytime you connect multiple computers to work/act together as a single server, it is known as
clustering. Clustered systems utilize parallel processing (improving performance and availability)
and add redundancy.
Server clustering is used to provide failover capabilities / redundancy in addition to scalability as
demand increases.
Q64. An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:
A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT
Answer: D
Explanation:
NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request.
Q65. Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO).
A. Tethering
B. Screen lock PIN
C. Remote wipe
D. Email password
E. GPS tracking
F. Device encryption
Answer: C,F
Explanation:
C: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.
F: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
Update SY0-401 free practice questions:
Q66. An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation?
A. Testing controls
B. Risk assessment
C. Signed AUP
D. Routine audits
Answer: A
Explanation:
Q67. Which of the following is BEST used as a secure replacement for TELNET?
A. HTTPS
B. HMAC
C. GPG
D. SSH
Answer: D
Explanation:
SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.
Q68. Which of the following can result in significant administrative overhead from incorrect reporting?
A. Job rotation
B. Acceptable usage policies
C. False positives
D. Mandatory vacations
Answer: C
Explanation:
False positives are essentially events that are mistakenly flagged and are not really events to be concerned about. This causes a significant administrative overhead because the reporting is what results in the false positives.
Q69. Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?
A. HTTPS
B. WEP
C. WPA
D. WPA 2
Answer: B
Explanation:
WEP offers no end-to-end TLS encryption.
The WEP process consists of a series of steps as follows:
The wireless client sends an authentication request.
The Access Point (AP) sends an authentication response containing clear-text (uh-oh!) challenge
text.
The client takes the challenge text received and encrypts it using a static WEP key.
The client sends the encrypted authentication packet to the AP.
The AP encrypts the challenge text using its own static WEP key and compares the result to the
authentication packet sent by the client. If the results match, the AP begins the association
process for the wireless client.
The big issue with WEP is the fact that it is very susceptible to a Man in the Middle attack. The
attacker captures the clear-text challenge and then the authentication packet reply. The attacker
then reverses the RC4 encryption in order to derive the static WEP key. Yikes!
As you might guess, the designers attempted to strengthen WEP using the approach of key
lengths. The native Windows client supported a 104-bit key as opposed to the initial 40-bit key.
The fundamental weaknesses in the WEP process still remained however.
Q70. A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?
A. Time of day restrictions
B. Group based privileges
C. User assigned privileges
D. Domain admin restrictions
Answer: B
Explanation:
The question states that the sales department has a high employee turnover. You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). Then when a new employee starts, you simply add the new user account to the appropriate groups. The user then inherits all the permissions assigned to the groups.