Exam Code: SY0-401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass SY0-401 Exam.

2021 Dec SY0-401 exam answers

Q211. The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future? 

A. Job rotation 

B. Separation of duties 

C. Mandatory Vacations 

D. Least Privilege 

Answer:

Explanation: 

Separation of duties means that users are granted only the permissions they need to do their work and no more. More so it means that you are employing best practices. The segregation of duties and separation of environments is a way to reduce the likelihood of misuse of systems or information. A separation of duties policy is designed to reduce the risk of fraud and to prevent other losses in an organization. 


Q212. A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. 

Which of the following is the BEST approach for implementation of the new application on the virtual server? 

A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location. 

B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application. 

C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location. 

D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application. 

Answer:

Explanation: 

Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications. However, the snapshot should be taken before the application or update is installed. 


Q213. Which of the following is a best practice for error and exception handling? 

A. Log detailed exception but display generic error message 

B. Display detailed exception but log generic error message 

C. Log and display detailed error and exception messages 

D. Do not log or display error or exception messages 

Answer:

Explanation: 

A detailed explanation of the error is not helpful for most end users but might provide information that is useful to a hacker. It is therefore better to display a simple but helpful message to the end user and log the detailed information to an access-restricted log file for the administrator and programmer who would need as much information as possible about the problem in order to rectify it. 


Q214. A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend? 

A. CHAP 

B. TOTP 

C. HOTP 

D. PAP 

Answer:

Explanation: Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. Therefore, the password will only be valid for a predefined time interval. 


Q215. Which of the following is mainly used for remote access into the network? 

A. XTACACS 

B. TACACS+ 

C. Kerberos 

D. RADIUS 

Answer:

Explanation: 

Most gateways that control access to the network have a RADIUS client component that communicates with the RADIUS server. Therefore, it can be inferred that RADIUS is primarily used for remote access. 


Up to the minute SY0-401 exam question:

Q216. Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection? 

A. HIPS 

B. Antivirus 

C. NIDS 

D. ACL 

Answer:

Explanation: 

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. 

Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. A Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. As a zero-day attack is an unknown vulnerability (a vulnerability that does not have a fix or a patch to prevent it), the best defence would be an intrusion prevention system. 


Q217. Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues. Which of the following should the technician do? 

A. Change the access point from WPA2 to WEP to determine if the encryption is too strong 

B. Clear all access logs from the AP to provide an up-to-date access list of connected users 

C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter 

D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap 

Answer:

Explanation: 

The users may be connecting to a rogue access point. The rogue access point could be hosting a wireless network that has the same SSID as the corporate wireless network. The only way to tell for sure if the access point the users are connecting to is the correct one is to check the MAC address. Every network card has a unique 48-bit address assigned. A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model. MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. A network node may have multiple NICs and each NIC must have a unique MAC address. MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64. 


Q218. Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following? 

A. Clustering 

B. RAID 

C. Load balancing 

D. Virtualization 

Answer:

Explanation: 

Anytime you connect multiple computers to work/act together as a single server, it is known as clustering. Clustered systems utilize parallel processing (improving performance and availability) and add redundancy (but also add costs). 


Q219. Which of the following devices will help prevent a laptop from being removed from a certain location? 

A. Device encryption 

B. Cable locks 

C. GPS tracking 

D. Remote data wipes 

Answer:

Explanation: 

Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal. 


Q220. During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic? 

A. FTP 

B. DNS 

C. Email 

D. NetBIOS 

Answer:

Explanation: 

DNS (Domain Name System) uses port 53.