A SY0-401 query documents will help you to examine you which will may help you to correct ones goof ups plus grow from them. In addition there are quite a few stores which have been in a position to provide fulltime SY0-401 practicing for making you to pass through the actual SY0-401 evaluation. These types of SY0-401 qualifications happen to be held on the internet. Theyre worthwhile considering the quantity of added benefits that you will be likely to reap. Supplies a wealth of facts.
2021 Apr SY0-401 exam prep
Q381. A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?
A. Create a dynamic PAT from port 80 on the outside interface to the internal interface on port 8080
B. Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port 80
C. Create a static PAT from port 80 on the outside interface to the internal interface on port 8080
D. Create a static PAT from port 8080 on the outside interface to the server IP address on port 80
Answer: C
Explanation:
Q382. Use of group accounts should be minimized to ensure which of the following?
A. Password security
B. Regular auditing
C. Baseline management
D. Individual accountability
Answer: D
Explanation:
Holding users accountable for their actions is part of security, and can only be achieved by users having their own user accounts. To adequately provide accountability, the use of shared or group accounts should be discouraged.
Q383. Which of the following was based on a previous X.500 specification and allows either unencrypted authentication or encrypted authentication through the use of TLS?
A. Kerberos
B. TACACS+
C. RADIUS
D. LDAP
Answer: D
Explanation:
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard
application protocol for accessing and maintaining distributed directory information services over
an Internet Protocol (IP) network. Directory services play an important role in developing intranet
and Internet applications by allowing the sharing of information about users, systems, networks,
services, and applications throughout the network. As examples, directory services may provide
any organized set of records, often with a hierarchical structure, such as a corporate email
directory. Similarly, a telephone directory is a list of subscribers with an address and a phone
number.
A common usage of LDAP is to provide a "single sign on" where one password for a user is
shared between many services, such as applying a company login code to web pages (so that
staff log in only once to company computers, and then are automatically logged into the company
intranet).
LDAP is based on a simpler subset of the standards contained within the X.500 standard.
Because of this relationship, LDAP is sometimes called X.500-lite.
A client starts an LDAP session by connecting to an LDAP server, called a Directory System
Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS. Global Catalog is
available by default on ports 3268, and 3269 for LDAPS. The client then sends an operation
request to the server, and the server sends responses in return.
The client may request the following operations:
StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
Q384. A security analyst noticed a colleague typing the following command:
`Telnet some-host 443’
Which of the following was the colleague performing?
A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack.
B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.
C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead.
D. A mistaken port being entered because telnet servers typically do not listen on port 443.
Answer: B
Explanation:
B: The Telnet program parameters are: telnet <hostname> <port>
<hostname> is the name or IP address of the remote server to connect to.
<port> is the port number of the service to use for the connection.
TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL
port. By running the Telnet some-host 443 command, the security analyst is checking that routing
is done properly and not blocked by a firewall.
Q385. A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented?
A. Mandatory access control
B. Discretionary access control
C. Rule based access control
D. Role based access control
Answer: A
Explanation:
Mandatory Access Control (MAC) allows access to be granted or restricted based on the rules of classification. MAC in corporate business environments involve the following four sensitivity levels Public Sensitive Private Confidential
MAC assigns subjects a clearance level and assigns objects a sensitivity label. The name of the clearance level must be the same as the name of the sensitivity label assigned to objects or resources. In this case the file is marked confidential, and the user does not have that clearance level and cannot access the file.
Improve SY0-401 simulations:
Q386. Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?
A. Least privilege
B. Job rotation
C. Mandatory vacations
D. Separation of duties
Answer: B
Explanation:
A job rotation policy defines intervals at which employees must rotate through positions. Similar in purpose to mandatory vacations, it helps to ensure that the company does not become too dependent on one person and it does afford the company with the opportunity to place another person in that same job.
Q387. Which of the following allows an organization to store a sensitive PKI component with a trusted third party?
A. Trust model
B. Public Key Infrastructure
C. Private key
D. Key escrow
Answer: D
Explanation:
Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow data can be kept at a trusted third party.
Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees' private communications, or governments, who may wish to be able to view the contents of encrypted communications.
Q388. Which of the following is the LEAST volatile when performing incident response procedures?
A. Registers
B. RAID cache
C. RAM
D. Hard drive
Answer: D
Explanation:
An example of OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts. Of the options stated in the question the hard drive would be the least volatile.
Q389. DRAG DROP
You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan.
Instructions: All objects must be used and all place holders must be filled. Order does not matter. When you have completed the simulation, please select the Done button to submit.
Answer:
Explanation:
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex,
Indianapolis, 2014, p 369
Q390. Ann an employee is visiting Joe, an employee in the Human Resources Department. While talking to Joe, Ann notices a spreadsheet open on Joe’s computer that lists the salaries of all employees in her department. Which of the following forms of social engineering would BEST describe this situation?
A. Impersonation
B. Dumpster diving
C. Tailgating
D. Shoulder surfing
Answer: D
Explanation:
Ann was able to see the Spreadsheet on Joe’s computer. This direct observation is known as shoulder surfing.
Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.