★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/SY0-401-dumps.html
It is more faster and easier to pass the CompTIA SY0-401 exam by using Virtual CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Refresh SY0-401 Exam and find the same core area SY0-401 questions with professionally verified answers, then PASS your exam with a high score now.
2021 Oct comptia security+ all-in-one exam guide (exam sy0-401) pdf:
Q491. Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete’s access to this site?
A. Internet content filter
B. Firewall
C. Proxy server
D. Protocol analyzer
Answer: A
Explanation:
Web filtering software is designed to restrict or control the content a reader is authorised to access, especially when utilised to restrict material delivered over the Internet via the Web, e-mail, or other means.
Q492. Which of the following was based on a previous X.500 specification and allows either unencrypted authentication or encrypted authentication through the use of TLS?
A. Kerberos
B. TACACS+
C. RADIUS
D. LDAP
Answer: D
Explanation:
The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard
application protocol for accessing and maintaining distributed directory information services over
an Internet Protocol (IP) network. Directory services play an important role in developing intranet
and Internet applications by allowing the sharing of information about users, systems, networks,
services, and applications throughout the network. As examples, directory services may provide
any organized set of records, often with a hierarchical structure, such as a corporate email
directory. Similarly, a telephone directory is a list of subscribers with an address and a phone
number.
A common usage of LDAP is to provide a "single sign on" where one password for a user is
shared between many services, such as applying a company login code to web pages (so that
staff log in only once to company computers, and then are automatically logged into the company
intranet).
LDAP is based on a simpler subset of the standards contained within the X.500 standard.
Because of this relationship, LDAP is sometimes called X.500-lite.
A client starts an LDAP session by connecting to an LDAP server, called a Directory System
Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS. Global Catalog is
available by default on ports 3268, and 3269 for LDAPS. The client then sends an operation
request to the server, and the server sends responses in return.
The client may request the following operations:
StartTLS — use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection
Q493. Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a system with speed as its primary consideration?
A. Hard drive encryption
B. Infrastructure as a service
C. Software based encryption
D. Data loss prevention
Answer: A
Explanation:
Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. It should be implemented using a hardware-based solution for greater speed.
Q494. Users are utilizing thumb drives to connect to USB ports on company workstations. A technician is concerned that sensitive files can be copied to the USB drives. Which of the following mitigation techniques would address this concern? (Select TWO).
A. Disable the USB root hub within the OS.
B. Install anti-virus software on the USB drives.
C. Disable USB within the workstations BIOS.
D. Apply the concept of least privilege to USB devices.
E. Run spyware detection against all workstations.
Answer: A,C
Explanation:
A: The USB root hub can be disabled from within the operating system.
C: USB can also be configured and disabled in the system BIOS.
Q495. A company replaces a number of devices with a mobile appliance, combining several functions.
Which of the following descriptions fits this new implementation? (Select TWO).
A. Cloud computing
B. Virtualization
C. All-in-one device
D. Load balancing
E. Single point of failure
Answer: C,E
Explanation:
The disadvantages of combining everything into one include a potential single point of failure, and the dependence on the one vendor. The all –in-one device represents a single point of failure risk being taken on.
Avant-garde lead2pass sy0-401 vce:
Q496. The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?
A. WEP
B. WPA2 CCMP
C. Disable SSID broadcast and increase power levels
D. MAC filtering
Answer: B
Explanation:
CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This initialization vector makes cracking a bit more difficult.
Q497. An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation?
A. Testing controls
B. Risk assessment
C. Signed AUP
D. Routine audits
Answer: A
Explanation:
Q498. A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this?
A. Multi-factor authentication
B. Smart card access
C. Same Sign-On
D. Single Sign-On
Answer: D
Explanation:
Single sign-on means that once a user (or other subject) is authenticated into a realm, re-authentication is not required for access to resources on any realm entity. Single sign-on is able to internally translate and store credentials for the various mechanisms, from the credential used for original authentication.
Q499. Which of the following concepts is a term that directly relates to customer privacy considerations?
A. Data handling policies
B. Personally identifiable information
C. Information classification
D. Clean desk policies
Answer: B
Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. This has a direct relation to customer privacy considerations.
Q500. Ann, a security administrator, has concerns regarding her company’s wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be.
Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current functionality for clients?
A. Enable MAC filtering on the wireless access point.
B. Configure WPA2 encryption on the wireless access point.
C. Lower the antenna’s broadcasting power.
D. Disable SSID broadcasting.
Answer: C
Explanation:
Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far.