CompTIA CompTIA exam is one of the nearly all demanded exams to check whether a person master the essential topics of the CompTIA exam. Its never the easy work to pass your CompTIA CompTIA certification exam by on your own. However, Pass4sures CompTIA SY0-401 practice questions along with answers will help you to pass for the first test. CompTIA SY0-401 simulated tests are compiled under your supervision of qualified and knowledgeable IT professionals. CompTIA CompTIA exam preps which give you the most realistic along with comprehensive studying materials are generally award-winning of the same occupation. Get access to the free CompTIA SY0-401 exam braindumps upon Pass4sure website right now.

2021 Dec SY0-401 free practice test

Q641. A program displays: 

ERROR: this program has caught an exception and will now terminate. 

Which of the following is MOST likely accomplished by the program’s behavior? 

A. Operating system’s integrity is maintained 

B. Program’s availability is maintained 

C. Operating system’s scalability is maintained 

D. User’s confidentiality is maintained 

Answer:

Explanation: 

The purpose of error handling is to maintain the security and integrity of the system. Integrity is compromised when unauthorized modification occurs. 


Q642. On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. 

Which of the following is the MOST likely cause for this issue? 

A. Too many incorrect authentication attempts have caused users to be temporarily disabled. 

B. The DNS server is overwhelmed with connections and is unable to respond to queries. 

C. The company IDS detected a wireless attack and disabled the wireless network. 

D. The Remote Authentication Dial-In User Service server certificate has expired. 

Answer:

Explanation: 

The question states that the network uses 802.1x with PEAP. The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS). A RADIUS server will be configured with a digital certificate. When a digital certificate is created, an expiration period is configured by the Certificate Authority (CA). The expiration period is commonly one or two years. The question states that no configuration changes have been made so it’s likely that the certificate has expired. 


Q643. Which of the following disaster recovery strategies has the highest cost and shortest recovery time? 

A. Warm site 

B. Hot site 

C. Cold site 

D. Co-location site 

Answer:

Explanation: 

A hot site is a location that can provide operations within hours of a failure. This type of site would have servers, networks, and telecommunications equipment in place to reestablish service in a short time. Hot sites provide network connectivity, systems, and preconfigured software to meet the needs of an organization. Databases can be kept up-to-date using network connections. These types of facilities are expensive, and they’re primarily suitable for short-term situations. 


Q644. Deploying a wildcard certificate is one strategy to: 

A. Secure the certificate’s private key. 

B. Increase the certificate’s encryption key length. 

C. Extend the renewal date of the certificate. 

D. Reduce the certificate management burden. 

Answer:

Explanation: 

A wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. This saves money and reduces the management burden of managing multiple certificates, one for each subdomain. 

A single Wildcard certificate for *.example.com, will secure all these domains: payment.example.com contact.example.com 

login-secure.example.com 

www.example.com 

Because the wildcard only covers one level of subdomains (the asterisk doesn't match full stops), 

these domains would not be valid for the certificate: 

test.login.example.com 


Q645. Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new software? 

A. Application white listing 

B. Network penetration testing 

C. Application hardening 

D. Input fuzzing testing 

Answer:

Explanation: 

Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services. 


Updated SY0-401 test engine:

Q646. A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download? 

A. Backdoor 

B. Spyware 

C. Logic bomb 

D. DDoS 

E. Smurf 

Answer:

Explanation: Explanation Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users. 


Q647. A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date. 

Which of the following BEST describes this system type? 

A. NAT 

B. NIPS 

C. NAC 

D. DMZ 

Answer:

Explanation: 

Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control. 


Q648. A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO). 

A. SSH 

B. TFTP 

C. NTLM 

D. TKIP 

E. SMTP 

F. PGP/GPG 

Answer: A,F 

Explanation: 

We can use SSH to encrypt the transmission and PGP/GPG to encrypt the data at rest (on disk). 

A: Secure Shell (SSH) is a cryptographic protocol that can be used to secure network communication. It establishes a secure tunnel over an insecure network. 

F: Pretty Good Privacy (PGP) is a data encryption and decryption solution that can be used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. 


Q649. A malicious individual is attempting to write too much data to an application’s memory. Which of the following describes this type of attack? 

A. Zero-day 

B. SQL injection 

C. Buffer overflow 

D. XSRF 

Answer:

Explanation: 

Explanation: A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. 


Q650. Four weeks ago, a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff began to spread, the IDS alerted the network administrator that access to sensitive client files had risen far above normal. Which of the following kind of IDS is in use? 

A. Protocol based 

B. Heuristic based 

C. Signature based 

D. Anomaly based 

Answer:

Explanation: