CompTIA SY0-401 ExamCompTIA Security+ Certification

Total Question: 1781 Last Updated: November 01,2017
  • Updated SY0-401 Dumps
  • Based on Real SY0-401 Exams Scenarios
  • Free SY0-401 pdf Demo Available
  • Check out our SY0-401 Dumps in a new PDF format
  • Instant SY0-401 download
  • Guarantee SY0-401 success in first attempt

Price: $65.95 $29.99

Buy Now Free Trial

Quick Guide: security+ sy0 401

Exam Code: comptia security+ study guide sy0 401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass comptia security+ study guide sy0 401 Exam.

Q71. During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use? 

A. Port scanner 

B. Network sniffer 

C. Protocol analyzer 

D. Process list 



Different services use different ports. When a service is enabled on a computer, a network port is opened for that service. For example, enabling the HTTP service on a web server will open port 80 on the server. By determining which ports are open on a remote server, we can determine which services are running on that server. A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it. A port scan or portscan can be defined as a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port. While not a nefarious process in and of itself, it is one used by hackers to probe target machine services with the aim of exploiting a known vulnerability of that service. However the majority of uses of a port scan are not attacks and are simple probes to determine services available on a remote machine. 

Q72. Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network? 







Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it 

Q73. Which of the following provides a static record of all certificates that are no longer valid? 

A. Private key 

B. Recovery agent 

C. CRLs 

D. CA 



The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release. When a potential user attempts to access a server, the server allows or denies access based on the CRL entry for that particular user. 

Q74. Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process? 

A. Separation of Duties 

B. Mandatory Vacations 

C. Discretionary Access Control 

D. Job Rotation 



Separation of duties means that users are granted only the permissions they need to do their work and no more. 

Q75. Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company’s network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement? 

A. line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password 

B. line console 0 password password line vty 0 4 password P@s5W0Rd 

C. line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd 

D. line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd 



The VTY lines are the Virtual Terminal lines of the router, used solely to control inbound Telnet connections. They are virtual, in the sense that they are a function of software - there is no hardware associated with them. Two numbers follow the keyword VTY because there is more than one VTY line for router access. The default number of lines is five on many Cisco routers. Here, I’m configuring one password for all terminal (VTY) lines. I can specify the actual terminal or VTY line numbers as a range. The syntax that you’ll see most often, vty 0 4, covers all five terminal access lines. 

Q76. A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating? 

A. Succession plan 

B. Continuity of operation plan 

C. Disaster recovery plan 

D. Business impact analysis 



Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization. 

Q77. Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring? 

A. A user has plugged in a personal access point at their desk to connect to the network wirelessly. 

B. The company is currently experiencing an attack on their internal DNS servers. 

C. The company’s WEP encryption has been compromised and WPA2 needs to be implemented instead. 

D. An attacker has installed an access point nearby in an attempt to capture company information. 



The question implies that users should be required to enter their domain credentials upon connection to the wireless network. The fact that they are connecting to a wireless network without being prompted for their domain credentials and they are unable to access network resources suggests they are connecting to a rogue wireless network. A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points. 

Q78. An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack? 

A. Integer overflow 

B. Cross-site scripting 

C. Zero-day 

D. Session hijacking 

E. XML injection 



The vulnerability is undocumented and unknown. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. 

Q79. It is MOST important to make sure that the firewall is configured to do which of the following? 

A. Alert management of a possible intrusion. 

B. Deny all traffic and only permit by exception. 

C. Deny all traffic based on known signatures. 

D. Alert the administrator of a possible intrusion. 



Q80. Which of the following BEST describes the weakness in WEP encryption? 

A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. 

Once enough packets are captured an XOR operation can be performed and the asymmetric keys 

can be derived. 

B. The WEP key is stored in plain text and split in portions across 224 packets of random data. 

Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain 

text key. 

C. The WEP key has a weak MD4 hashing algorithm used. 

A simple rainbow table can be used to generate key possibilities due to MD4 collisions. 

D. The WEP key is stored with a very small pool of random numbers to make the cipher text. 

As the random numbers are often reused it becomes easy to derive the remaining WEP key. 



WEP is based on RC4, but due to errors in design and implementation, WEP is weak in a number of areas, two of which are the use of a static common key and poor implementation of initiation vectors (IVs). When the WEP key is discovered, the attacker can join the network and then listen in on all other wireless client communications. 

Related SY0-401 Articles

best-it-exam-    | for-our-work-    | hottst-on-sale-    | it-sale-    | tast-dumps-us-    | test-king-number-    | pass-do-it-    | just-do-it-    | pass-with-us-    | passresults-everything-    | passtutor-our-dumps-    | realtests-us-exam-    | latest-update-source-for-    | cbtnuggets-sale-exam    | experts-revised-exam    | certguide-sale-exam    | test4actual-sale-exam    | get-well-prepared-    | certkiller-sale-exam    | buy-discount-dumps    | how-to-get-prepared-for-the    | in-an-easy-way    | brain-dumps-sale    | with-pass-exam-guarantee    | accurate-study-material    | at-first-try    | 100%-successful-rate    | get-certification-easily    | material-provider-exam    | real-exam-practice    | with-pass-score-guarantee    | certification-material-provider    | for-certification-professionals    | get-your-certification-successfully    | 100%-Pass-Rate    | in-pdf-file    | practice-exam-for    | it-study-guides    | study-material-sku    | study-guide-pdf    | prep-guide-demo    | certification-material-id    | actual-tests-demo    | brain-demos-test    | best-pdf-download    | our-certification-material    | best-practice-test    | leading-provider-on    | this-course-is-about    | the-most-reliable    | high-pass-rate-of    | money-back-guarantee    | high-pass-rate-demo    | recenty-updated-key    | only-for-students-free-download    | courseware-plus-kit-for    | accurate-answers-of    | the-most-reliable-id    | provide-training-for    | welcome-to-buy    | material-for-success-pass    | provide-free-support    | best-book-for-pass    | accuracy-of-the-answers    | pass-guarantee-id    |    |    |