Want to know Testking SY0-401 Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Breathing CompTIA SY0-401 answers to Replace SY0-401 questions at Testking. Gat a success with an absolute guarantee to pass CompTIA SY0-401 (CompTIA Security+ Certification) test on your first attempt.

2021 Dec SY0-401 exam cost

Q251. A company has decided to move large data sets to a cloud provider in order to limit the costs of new infrastructure. Some of the data is sensitive and the Chief Information Officer wants to make sure both parties have a clear understanding of the controls needed to protect the data. 

Which of the following types of interoperability agreement is this? 

A. ISA 

B. MOU 

C. SLA 

D. BPA 

Answer:

Explanation: 

ISA/ Interconnection Security Agreement is an agreement between two organizations that have connected systems. The agreement documents the technical requirements of the connected systems. 


Q252. Which of the following could cause a browser to display the message below? 

"The security certificate presented by this website was issued for a different website’s address." 

A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs. 

B. The website is using a wildcard certificate issued for the company’s domain. 

C. HTTPS://127.0.01 was used instead of HTTPS://localhost. 

D. The website is using an expired self signed certificate. 

Answer:

Explanation: 

PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates. In typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information). Users, or their software on their behalf, check that the private key used to sign some certificate matches the public key in the CA's certificate. Since CA certificates are often signed by other, "higher-ranking," CAs, there must necessarily be a highest CA, which provides the ultimate in attestation authority in that particular PKI scheme. Localhost is a hostname that means this computer and may be used to access the computer's own network services via its loopback network interface. Using the loopback interface bypasses local network interface hardware. In this case the HTTPS://127.0.01 was used and not HTTPS//localhost 


Q253. An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to implement this process? 

A. Employee is required to share their password with authorized staff prior to leaving the firm 

B. Passwords are stored in a reversible form so that they can be recovered when needed 

C. Authorized employees have the ability to reset passwords so that the data is accessible 

D. All employee data is exported and imported by the employee prior to them leaving the firm 

Answer:

Explanation: 

Since a user’s password isn’t stored on most operating systems (only a hash value is kept), most operating systems allow the administrator (or authorized person in this case) to change the value then the information/files/documents can be accessed. This is the safest way of recovery by an authorized person and is not dependent on those who leave the firm. 


Q254. Which of the following best practices makes a wireless network more difficult to find? 

A. Implement MAC filtering 

B. UseWPA2-PSK 

C. Disable SSID broadcast 

D. Power down unused WAPs 

Answer:

Explanation: 

Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use. 


Q255. A company replaces a number of devices with a mobile appliance, combining several functions. 

Which of the following descriptions fits this new implementation? (Select TWO). 

A. Cloud computing 

B. Virtualization 

C. All-in-one device 

D. Load balancing 

E. Single point of failure 

Answer: C,E 

Explanation: 

The disadvantages of combining everything into one include a potential single point of failure, and the dependence on the one vendor. The all –in-one device represents a single point of failure risk being taken on. 


Latest SY0-401 practice question:

Q256. Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company? 

A. Privacy Policy 

B. Least Privilege 

C. Acceptable Use 

D. Mandatory Vacations 

Answer:

Explanation: 

A mandatory vacation policy requires all users to take time away from work to refresh. But not only does mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels as well as an opportunity to discover fraud. 


Q257. The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the following? 

A. The risks associated with the large capacity of USB drives and their concealable nature 

B. The security costs associated with securing the USB drives over time 

C. The cost associated with distributing a large volume of the USB pens 

D. The security risks associated with combining USB drives and cell phones on a network 

Answer:

Explanation: 

USB drive and other USB devices represent a security risk as they can be used to either bring malicious code into a secure system or to copy and remove sensitive data out of the system. 


Q258. Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate? 

A. Certification authority 

B. Key escrow 

C. Certificate revocation list 

D. Registration authority 

Answer:

Explanation: 

A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. 


Q259. Which of the following common access control models is commonly used on systems to ensure a "need to know" based on classification levels? 

A. Role Based Access Controls 

B. Mandatory Access Controls 

C. Discretionary Access Controls 

D. Access Control List 

Answer:

Explanation: 

Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security restriction where some objects are restricted unless the subject has a need to know them. 


Q260. NO: 104 

A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized? (Select TWO). 

A. RDP 

B. SNMP 

C. FTP 

D. SCP 

E. SSH 

Answer: D,E 

Explanation: 

SSH is used to establish a command-line, text-only interface connection with a server, router, 

switch, or similar device over any distance. 

Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy 

Protocol (RCP). SCP is commonly used on Linux and Unix platforms.