★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


The only strategy to get achievement in the CompTIA CompTIA exam will be that you must obtain reputable preparatory materials. We promise that will Pass4sure is the most direct pathway toward CompTIA CompTIA SY0-401 certificate. You will become victorious with full confidence. You can have a very free attempt in Pass4sure before an individual buy the actual CompTIA SY0-401 exam products. Our simulated tests are throughout multiple-choice the same since the real exam pattern. Your questions and answers produced by the certified professors provide you with the encounter of having the genuine test. 100% assure to pass the actual CompTIA CompTIA actual analyze.

2021 Dec sy0-401 practice exam:

Q101. A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner? 

A. Kill all system processes 

B. Enable the firewall 

C. Boot from CD/USB 

D. Disable the network connection 

Answer:

Explanation: 


Q102. During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO). 

A. SSL 1.0 

B. RC4 

C. SSL 3.0 

D. AES 

E. DES 

F. TLS 1.0 

Answer: A,E 

Explanation: 

TLS 1.0 and SSL 1.0 both have known vulnerabilities and have been replaced by later versions. Any systems running these ciphers should have them disabled. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication Netscape developed the original SSL protocol. Version 1.0 was never publicly released because of serious security flaws in the protocol; version 2.0, released in February 1995, "contained a number of security flaws which ultimately led to the design of SSL version 3.0”. TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0". TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security. TLS 1.1 and then TLS 1.2 were created to replace TLS 1.0. 


Q103. A company recently experienced data loss when a server crashed due to a midday power outage. 

Which of the following should be used to prevent this from occurring again? 

A. Recovery procedures 

B. EMI shielding 

C. Environmental monitoring 

D. Redundancy 

Answer:

Explanation: 

Redundancy refers to systems that either are duplicated or fail over to other systems in the event of a malfunction (in this case a power outage). Failover refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This strategy allows service to continue uninterrupted until the primary server can be restored. 


Q104. A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization? 

A. LDAP 

B. RADIUS 

C. Kerberos 

D. XTACACS 

Answer:

Explanation: 

The fundamental component of a Kerberos solution is the key distribution centre (KDC), which is responsible for verifying the identity of principles and granting and controlling access within a network environment through the use of secure cryptographic keys and tickets. 


Q105. A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a 'listening' state. No other ports are open. Which of the following services should be disabled to ensure secure communications? 

A. HTTPS 

B. HTTP 

C. RDP 

D. TELNET 

Answer:

Explanation: 


Improve pdf sy0-401:

Q106. An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this? 

A. TOTP 

B. Smart card 

C. CHAP 

D. HOTP 

Answer:

Explanation: 

Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. In this case, it’s every 30 seconds. 


Q107. A security administrator is reviewing the below output from a password auditing tool: 

P@ss. 

@pW1. 

S3cU4 

Which of the following additional policies should be implemented based on the tool’s output? 

A. Password age 

B. Password history 

C. Password length 

D. Password complexity 

Answer:

Explanation: 

The output shows that all the passwords are either 4 or 5 characters long. This is way too short, 8 characters are shown to be the minimum for password length. 


Q108. Sara, a security engineer, is testing encryption ciphers for performance. Which of the following ciphers offers strong encryption with the FASTEST speed? 

A. 3DES 

B. Blowfish 

C. Serpent 

D. AES256 

Answer:

Explanation: 

Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds. Blowfish is a fast, except when changing keys. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). 


Q109. Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO). 

A. Virtual switch 

B. NAT 

C. System partitioning 

D. Access-list 

E. Disable spanning tree 

F. VLAN 

Answer: A,F 

Explanation: 

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. A virtual switch is a software application that allows communication between virtual machines. A combination of the two would best satisfy the question. 


Q110. Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO). 

A. The CA’s public key 

B. Ann’s public key 

C. Joe’s private key 

D. Ann’s private key 

E. The CA’s private key 

F. Joe’s public key 

Answer: D,F 

Explanation: 

Joe wants to send a message to Ann. It’s important that this message not be altered. Joe will use the private key to create a digital signature. The message is, in effect, signed with the private key. Joe then sends the message to Ann. Ann will use the public key attached to the message to validate the digital signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key provided by Joe—the public key—to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus Ann would compare the signature area referred to as a message in the message with the calculated value digest (her private key in this case). If the values match, the message hasn’t been tampered with and the originator is verified as the person they claim to be.