It is impossible to pass CompTIA SY0-401 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed CompTIA SY0-401 practice questions. You will get a surprising result by our Updated CompTIA Security+ Certification practice guides.
2021 Dec SY0-401 study guide
Q261. A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles?
A. Leverage role-based access controls.
B. Perform user group clean-up.
C. Verify smart card access controls.
D. Verify SHA-256 for password hashes.
Answer: B
Explanation: Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user, group and computer objects accumulating over time and placing security and compliance objectives in jeopardy. You would therefore need to regularly clean-up these settings.
Q262. Which of the following identifies certificates that have been compromised or suspected of being compromised?
A. Certificate revocation list
B. Access control list
C. Key escrow registry
D. Certificate authority
Answer: A
Explanation:
Certificates that have been compromised or are suspected of being compromised are revoked. A CRL is a locally stored record containing revoked certificates and revoked keys.
Q263. A security administrator is aware that a portion of the company’s Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform?
A. Patch management assessment
B. Business impact assessment
C. Penetration test
D. Vulnerability assessment
Answer: C
Explanation:
Penetration testing is the most intrusive type of testing because you are actively trying to circumvent the system’s security controls to gain access to the system. It is also used to determine the degree to which the systems can be used to gain access to the company intranet (the degree of access to local network resources). Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings. The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents. Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.
Pen test strategies include:
Targeted testing Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test being carried out.
External testing This type of pen test targets a company's externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access.
Internal testing This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.
Blind testing A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.
Double blind testing Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.
Q264. A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?
A. Implement privacy policies
B. Enforce mandatory vacations
C. Implement a security policy
D. Enforce time of day restrictions
Answer: B
Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. And in the same time it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfy the need to have replication or duplication at all levels in addition to affording the company an opportunity to discover fraud for when others do the same job in the absence of the regular staff member then there is transparency.
Q265. A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the:
A. badge reader was improperly installed.
B. system was designed to fail open for life-safety.
C. system was installed in a fail closed configuration.
D. system used magnetic locks and the locks became demagnetized.
Answer: B
Explanation:
It describes a design the lock to fail open for life safety, causing the door to stay open when power is lost – in this case the proximity badge reader was ripped off the wall.
Update SY0-401 actual test:
Q266. Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?
A. TCP port 443 and IP protocol 46
B. TCP port 80 and TCP port 443
C. TCP port 80 and ICMP
D. TCP port 443 and SNMP
Answer: B
Explanation:
HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall.
Q267. Requiring technicians to report spyware infections is a step in which of the following?
A. Routine audits
B. Change management
C. Incident management
D. Clean desk policy
Answer: C
Explanation:
Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets).
Q268. Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?
A. Input validation
B. Exception handling
C. Application hardening
D. Fuzzing
Answer: D
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.
Q269. Which of the following would prevent a user from installing a program on a company-owned mobile device?
A. White-listing
B. Access control lists
C. Geotagging
D. Remote wipe
Answer: A
Explanation:
Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list.
Q270. Which of the following security concepts identifies input variables which are then used to perform boundary testing?
A. Application baseline
B. Application hardening
C. Secure coding
D. Fuzzing
Answer: D
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.