Want to know Examcollection SY0-401 Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Downloadable CompTIA SY0-401 answers to Regenerate SY0-401 questions at Examcollection. Gat a success with an absolute guarantee to pass CompTIA SY0-401 (CompTIA Security+ Certification) test on your first attempt.
2021 Dec SY0-401 free draindumps
Q101. Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department’s server, and the accounting department should not have access to the HR department’s server. The network is separated by switches. Which of the following is designed to keep the HR department users from accessing the accounting department’s server and vice-versa?
A. ACLs
B. VLANs
C. DMZs
D. NATS
Answer: B
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.
Q102. Which of the following cryptographic algorithms is MOST often used with IPSec?
A. Blowfish
B. Twofish
C. RC4
D. HMAC
Answer: D
Explanation:
The HMAC-MD5-96 (also known as HMAC-MD5) encryption technique is used by IPSec to make sure that a message has not been altered.
Q103. Which of the following protocols is used by IPv6 for MAC address resolution?
A. NDP
B. ARP
C. DNS
D. NCP
Answer: A
Explanation:
The Neighbor Discovery Protocol (NDP) is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6).
Q104. Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults?
A. VLAN
B. Protocol security
C. Port security
D. VSAN
Answer: D
Explanation:
A storage area network (SAN) is a secondary network that offers storage isolation by consolidating storage devices such as hard drives, drive arrays, optical jukeboxes, and tape libraries. Virtualization can be used to further enhance the security of a SAN by using switches to create a VSAN. These switches act as routers controlling and filtering traffic into and out of the VSAN while allowing unrestricted traffic within the VSAN.
Q105. NO: 93
Multi-tenancy is a concept found in which of the following?
A. Full disk encryption
B. Removable media
C. Cloud computing
D. Data loss prevention
Answer: C
Explanation:
One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security.
Update SY0-401 exam answers:
Q106. A security administrator must implement a wireless encryption system to secure mobile devices’ communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?
A. RC4
B. AES
C. MD5
D. TKIP
Answer: A
Explanation:
RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS.
Q107. Which of the following was launched against a company based on the following IDS log?
122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A
AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)"
A. SQL injection
B. Buffer overflow attack
C. XSS attack
D. Online password crack
Answer: B
Explanation:
The username should be just a username; instead we can see it’s a long line of text with an HTTP command in it. This is an example of a buffer overflow attack. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Q108. Joe, the system administrator, is performing an overnight system refresh of hundreds of user computers. The refresh has a strict timeframe and must have zero downtime during business hours. Which of the following should Joe take into consideration?
A. A disk-based image of every computer as they are being replaced.
B. A plan that skips every other replaced computer to limit the area of affected users.
C. An offsite contingency server farm that can act as a warm site should any issues appear.
D. A back-out strategy planned out anticipating any unforeseen problems that may arise.
Answer: D
Explanation:
A backout is a reversion from a change that had negative consequences. It could be, for example, that everything was working fine until you installed a service pack on a production machine, and then services that were normally available were no longer accessible. The backout, in this instance, would revert the system to the state that it was in before the service pack was applied. Backout plans can include uninstalling service packs, hotfixes, and patches, but they can also include reversing a migration and using previous firmware. A key component to creating such a plan is identifying what events will trigger your implementing the backout.
Q109. Which of the following attacks allows access to contact lists on cellular phones?
A. War chalking
B. Blue jacking
C. Packet sniffing
D. Bluesnarfing
Answer: D
Explanation:
Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages --without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.
Q110. All of the following are valid cryptographic hash functions EXCEPT:
A. RIPEMD.
B. RC4.
C. SHA-512.
D. MD4.
Answer: B
Explanation:
RC4 is not a hash function. RC4 is popular with wireless and WEP/WPA encryption.