★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


You will have quick access for you to our CompTIA SY0-401 exam merchandise after confirming your payment at Pass4sure. The particular CompTIA SY0-401 practice questions with verified answers are compiled as well as revised by each of our subject matter specialists. Our experts possess make excellent contributions to each of our CompTIA CompTIA exam products. Weve many clients who have obtained your CompTIA SY0-401 certification. We are proud of the higher passing ratio since we start.

2021 Nov lead2pass sy0-401:

Q51. Pete, the system administrator, wishes to monitor and limit users’ access to external websites. 

Which of the following would BEST address this? 

A. Block all traffic on port 80. 

B. Implement NIDS. 

C. Use server load balancers. 

D. Install a proxy server. 

Answer:

Explanation: 

A proxy is a device that acts on behalf of other(s). In the interest of security, all internal user interaction with the Internet should be controlled through a proxy server. The proxy server should automatically block known malicious sites. The proxy server should cache often-accessed sites to improve performance. 


Q52. After a security incident involving a physical asset, which of the following should be done at the beginning? 

A. Record every person who was in possession of assets, continuing post-incident. 

B. Create working images of data in the following order: hard drive then RAM. 

C. Back up storage devices so work can be performed on the devices immediately. 

D. Write a report detailing the incident and mitigation suggestions. 

Answer:

Explanation: 

Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user. 


Q53. A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend? 

A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna. 

B. Change the encryption used so that the encryption protocol is CCMP-based. 

C. Disable the network's SSID and configure the router to only access store devices based on MAC addresses. 

D. Increase the access point's encryption from WEP to WPA TKIP. 

Answer:

Explanation: 


Q54. A customer service department has a business need to send high volumes of confidential information to customers electronically. All emails go through a DLP scanner. Which of the following is the BEST solution to meet the business needs and protect confidential information? 

A. Automatically encrypt impacted outgoing emails 

B. Automatically encrypt impacted incoming emails 

C. Monitor impacted outgoing emails 

D. Prevent impacted outgoing emails 

Answer:

Explanation: 

Encryption is done to protect confidentiality and integrity of data. It also provides authentication, nonrepudiation and access control to the data. Since all emails go through a DLP scanner and it is outgoing main that requires protection then the best option is to put a system in place that will encrypt the outgoing emails automatically. 


Q55. Which of the following should be enabled in a laptop’s BIOS prior to full disk encryption? 

A. USB 

B. HSM 

C. RAID 

D. TPM 

Answer:

Explanation: 

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. 


Far out security+ sy0-401 cheat sheet:

Q56. Which of the following is the primary security concern when deploying a mobile device on a network? 

A. Strong authentication 

B. Interoperability 

C. Data security 

D. Cloud storage technique 

Answer:

Explanation: 

Mobile devices, such as laptops, tablet computers, and smartphones, provide security challenges above those of desktop workstations, servers, and such in that they leave the office and this increases the odds of their theft which makes data security a real concern. At a bare minimum, the following security measures should be in place on mobile devices: Screen lock, Strong password, Device encryption, Remote Wipe or Sanitation, voice encryption, GPS tracking, Application control, storage segmentation, asses tracking and device access control. 


Q57. Which of the following common access control models is commonly used on systems to ensure a "need to know" based on classification levels? 

A. Role Based Access Controls 

B. Mandatory Access Controls 

C. Discretionary Access Controls 

D. Access Control List 

Answer:

Explanation: 

Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security restriction where some objects are restricted unless the subject has a need to know them. 


Q58. A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080? 

A. Create a dynamic PAT from port 80 on the outside interface to the internal interface on port 8080 

B. Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port 80 

C. Create a static PAT from port 80 on the outside interface to the internal interface on port 8080 

D. Create a static PAT from port 8080 on the outside interface to the server IP address on port 80 

Answer:

Explanation: 


Q59. An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue? 

A. WEP 

B. CCMP 

C. TKIP 

D. RC4 

Answer:

Explanation: 

CCMP is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. 


Q60. Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic? 

A. Subnetting 

B. NAT 

C. Quality of service 

D. NAC 

Answer:

Explanation: 

Quality of Service (QoS) facilitates the deployment of media-rich applications, such as video conferencing and Internet Protocol (IP) telephony, without adversely affecting network throughput.