Cause all that matters here is passing the CompTIA SY0-401 exam. Cause all that you need is a high score of SY0-401 CompTIA Security+ Certification exam. The only one thing you need to do is downloading Ucertify SY0-401 exam study guides now. We will not let you down with our money-back guarantee.
2021 Mar SY0-401 answers
Q181. Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device?
A. SMTP
B. SNMPv3
C. IPSec
D. SNMP
Answer: B
Explanation: Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.
Q182. A review of the company’s network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose?
A. ACL
B. IDS
C. UTM
D. Firewall
Answer: C
Explanation:
An all-in-one appliance, also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW), is one that provides a good foundation for security. A variety is available; those that you should be familiar with for the exam fall under the categories of providing URL filtering, content inspection, or malware inspection.
Malware inspection is the use of a malware scanner to detect unwanted software content in network traffic. If malware is detected, it can be blocked or logged and/or trigger an alert.
Q183. The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO’s direction but has mandated that key authentication systems be run within the organization’s network. Which of the following would BEST meet the CIO and CRO’s requirements?
A. Software as a Service
B. Infrastructure as a Service
C. Platform as a Service
D. Hosted virtualization service
Answer: A
Explanation:
Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.
Q184. Joe a company’s new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Joe recommend to remediate these issues?
A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company’s servers
B. Ensure the vulnerability scanner is configured to authenticate with a privileged account
C. Ensure the vulnerability scanner is attempting to exploit the weaknesses it discovers
D. Ensure the vulnerability scanner is conducting antivirus scanning
Answer: A
Explanation:
The vulnerability scanner is returning false positives because it is trying to scan servers that it
doesn’t have access to; for example, servers on the Internet.
We need to ensure that the local network servers only are scanned. We can do this by locating the
vulnerability scanner in a segmented VLAN that has access to the company’s servers.
A false positive is an error in some evaluation process in which a condition tested for is mistakenly
found to have been detected.
In spam filters, for example, a false positive is a legitimate message mistakenly marked as UBE --unsolicited bulk email, as junk email is more formally known. Messages that are determined to be
spam -- whether correctly or incorrectly -- may be rejected by a server or client-side spam filter
and returned to the sender as bounce e-mail.
One problem with many spam filtering tools is that if they are configured stringently enough to be
effective, there is a fairly high chance of getting false positives. The risk of accidentally blocking an
important message has been enough to deter many companies from implementing any anti-spam
measures at all.
False positives are also common in security systems. A host intrusion prevention system (HIPS),
for example, looks for anomalies, such as deviations in bandwidth, protocols and ports. When
activity varies outside of an acceptable range – for example, a remote application attempting to
open a normally closed port -- an intrusion may be in progress. However, an anomaly, such as a
sudden spike in bandwidth use, does not guarantee an actual attack, so this approach amounts to
an educated guess and the chance for false positives can be high.
False positives contrast with false negatives, which are results indicating mistakenly that some
condition tested for is absent.
Q185. According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
A. NIDS
B. DMZ
C. NAT
D. VLAN
Answer: D
Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.
Leading SY0-401 exam question:
Q186. Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?
A. 21/UDP
B. 21/TCP
C. 22/UDP
D. 22/TCP
Answer: D
Explanation:
SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.
Q187. An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses. This company should consider which of the following technologies?
A. IDS
B. Firewalls
C. DLP
D. IPS
Answer: C
Explanation:
Q188. A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks.
Which of the following practices is being implemented?
A. Mandatory vacations
B. Job rotation
C. Least privilege
D. Separation of duties
Answer: B
Explanation:
A job rotation policy defines intervals at which employees must rotate through positions.
Q189. A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue?
A. HTTP
B. DHCP
C. DNS
D. NetBIOS
Answer: C
Explanation:
DNS links IP addresses and human-friendly fully qualified domain names (FQDNs), which are made up of the Top-level domain (TLD), the registered domain name, and the Subdomain or hostname.
Therefore, if the DNS ports are blocked websites will not be reachable.
Q190. Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test?
A. The security company is provided with all network ranges, security devices in place, and logical maps of the network.
B. The security company is provided with no information about the corporate network or physical locations.
C. The security company is provided with limited information on the network, including all network diagrams.
D. The security company is provided with limited information on the network, including some subnet ranges and logical network diagrams.
Answer: B
Explanation:
The term black box testing is generally associated with application testing. However, in this question the term is used for network testing. Black box testing means testing something when you have no knowledge of the inner workings.
Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place.