Proper study guides for Improve CompTIA CompTIA Security+ Certification certified begins with CompTIA SY0-401 preparation products which designed to deliver the 100% Correct SY0-401 questions by making you pass the SY0-401 test at your first time. Try the free SY0-401 demo right now.
2021 Dec SY0-401 download
Q1. Which of the following is BEST carried out immediately after a security breach is discovered?
A. Risk transference
B. Access control revalidation
C. Change management
D. Incident management
Answer: D
Explanation:
Incident management is the steps followed when security incident occurs.
Q2. Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?
A. Disk encryption
B. Encryption policy
C. Solid state drive
D. Mobile device policy
Answer: A
Explanation:
Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
Q3. Which of the following is a step in deploying a WPA2-Enterprise wireless network?
A. Install a token on the authentication server
B. Install a DHCP server on the authentication server
C. Install an encryption key on the authentication server
D. Install a digital certificate on the authentication server
Answer: D
Explanation:
When setting up a wireless network, you’ll find two very different modes of Wi-Fi Protected Access (WPA) security, which apply to both the WPA and WPA2 versions. The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK) mode. It doesn’t require anything beyond the wireless router or access points (APs) and uses a single passphrase or password for all users/devices. The other is the Enterprise mode —which should be used by businesses and organizations—and
is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides better security and key
management, and supports other enterprise-type functionality, such as VLANs and NAP.
However, it requires an external authentication server, called a Remote Authentication Dial In User
Service (RADIUS) server to handle the 802.1X authentication of users.
To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X,
here’s the basic overall steps:
Choose, install, and configure a RADIUS server, or use a hosted service.
Create a certificate authority (CA), so you can issue and install a digital certificate onto the
RADIUS server, which may be done as a part of the RADIUS server installation and configuration.
Alternatively, you could purchase a digital certificate from a public CA, such as GoDaddy or
Verisign, so you don’t have to install the server certificate on all the clients. If using EAP-TLS,
you’d also create digital certificates for each end-user.
On the server, populate the RADIUS client database with the IP address and shared secret for
each AP.
On the server, populate user data with usernames and passwords for each end-user.
On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server IP
address and the shared secret you created for that particular AP.
On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and set the
802.1X authentication settings.
Q4. Recent data loss on financial servers due to security breaches forced the system administrator to harden their systems. Which of the following algorithms with transport encryption would be implemented to provide the MOST secure web connections to manage and access these servers?
A. SSL
B. TLS
C. HTTP
D. FTP
Answer: B
Explanation:
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL in the future. TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As of February 2015, the latest versions of all major web browsers support TLS 1.0, 1.1, and 1.2, have them enabled by default.
Q5. Which of the following authentication services uses a ticket granting system to provide access?
A. RADIUS
B. LDAP
C. TACACS+
D. Kerberos
Answer: D
Explanation:
The basic process of Kerberos authentication is as follows:
The subject provides logon credentials.
The Kerberos client system encrypts the password and transmits the protected credentials to the
KDC.
The KDC verifies the credentials and then creates a ticket-granting ticket (TGT—a hashed form of
the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is
encrypted and sent to the client.
The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos
realm.
The subject requests access to resources on a network server. This causes the client to request a
service ticket (ST) from the KDC.
The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST
includes a time stamp that indicates its valid lifetime.
The client receives the ST.
The client sends the ST to the network server that hosts the desired resource.
The network server verifies the ST. If it’s verified, it initiates a communication session with the
client. From this point forward, Kerberos is no longer involved.
Most recent SY0-401 exam question:
Q6. Which of the following application attacks is used to gain access to SEH?
A. Cookie stealing
B. Buffer overflow
C. Directory traversal
D. XML injection
Answer: B
Explanation:
Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns. If it has been altered, the program exits with a segmentation fault. Microsoft's implementation of Data Execution Prevention (DEP) mode explicitly protects the pointer to the Structured Exception Handler (SEH) from being overwritten. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Q7. LDAP and Kerberos are commonly used for which of the following?
A. To perform queries on a directory service
B. To store usernames and passwords for Federated Identity
C. To sign SSL wildcard certificates for subdomains
D. To utilize single sign-on capabilities
Answer: D
Explanation:
Single sign-on is usually achieved via the Lightweight Directory Access Protocol (LDAP), although Kerberos can also be used.
Q8. The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?
A. Implement a honeynet
B. Perform a penetration test
C. Examine firewall logs
D. Deploy an IDS
Answer: A
Explanation:
A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The Honeynet Project, a non-profit research organization dedicated to computer security and information sharing, actively promotes the deployment of honeynets. In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However, because the honeynet doesn't actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security, and any outbound activity is likely evidence that a system has been compromised. For this reason, the suspect information is much more apparent than it would be in an actual network, where it would have to be found amidst all the legitimate network data. Applications within a honeynet are often given names such as "Finances" or "Human Services" to make them sound appealing to the attacker.
A virtual honeynet is one that, while appearing to be an entire network, resides on a single server.
Q9. Which of the following is a best practice when a mistake is made during a forensics examination?
A. The examiner should verify the tools before, during, and after an examination.
B. The examiner should attempt to hide the mistake during cross-examination.
C. The examiner should document the mistake and workaround the problem.
D. The examiner should disclose the mistake and assess another area of the disc.
Answer: C
Explanation:
Every step in an incident response should be documented, including every action taken by end users and the incident-response team.
Q10. Which of the following protocols is MOST likely to be leveraged by users who need additional information about another user?
A. LDAP
B. RADIUS
C. Kerberos
D. TACACS+
Answer: A
Explanation: