The Improve Guide To SY0-401 practice exam Apr 2021

It is more faster and easier to pass the CompTIA SY0-401 exam by using Highest Quality CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Abreast of the times SY0-401 Exam and find the same core area SY0-401 questions with professionally verified answers, then PASS your exam with a high score now.

The article at Testaimer.com going over http://www.testaimer.com/SY0-401-test is very comprehensive.

2021 Apr SY0-401 exam guide

Q661. Requiring technicians to report spyware infections is a step in which of the following? 

A. Routine audits 

B. Change management 

C. Incident management 

D. Clean desk policy 

Answer: C 

Explanation: 

Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). 

Q662. Establishing a method to erase or clear cluster tips is an example of securing which of the following? 

A. Data in transit 

B. Data at rest 

C. Data in use 

D. Data in motion 

Answer: B 

Explanation: 

Q663. Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause? 

A. The system is running 802.1x. 

B. The system is using NAC. 

C. The system is in active-standby mode. 

D. The system is virtualized. 

Answer: D 

Explanation: 

Virtualization allows a single set of hardware to host multiple virtual machines. 

Q664. A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO). 

A. 22 

B. 135 

C. 137 

D. 143 

E. 443 

F. 3389 

Answer: A,F 

Explanation: 

A secure remote administration solution and Remote Desktop protocol is required. 

Secure Shell (SSH) is a secure remote administration solution and makes use of TCP port 22. 

Remote Desktop Protocol (RDP) uses TCP port 3389. 

Q665. Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by? 

A. Key escrow 

B. Non-repudiation 

C. Multifactor authentication 

D. Hashing 

Answer: B 

Explanation: 

Explanation: 

Regarding digital security, the cryptological meaning and application of non-repudiation shifts to 

mean: 

*

 A service that provides proof of the integrity and origin of data. 

*

 An authentication that can be asserted to be genuine with high assurance. 

Renovate SY0-401 test:

Q666. A company has two server administrators that work overnight to apply patches to minimize disruption to the company. With the limited working staff, a security engineer performs a risk assessment to ensure the protection controls are in place to monitor all assets including the administrators in case of an emergency. Which of the following should be in place? 

A. NIDS 

B. CCTV 

C. Firewall 

D. NIPS 

Answer: B 

Explanation: 

Q667. A software company has completed a security assessment. The assessment states that the company should implement fencing and lighting around the property. Additionally, the assessment states that production releases of their software should be digitally signed. Given the recommendations, the company was deficient in which of the following core security areas? (Select TWO). 

A. Fault tolerance 

B. Encryption 

C. Availability 

D. Integrity 

E. Safety 

F. Confidentiality 

Answer: D,E 

Explanation: 

Aspects such as fencing, proper lighting, locks, CCTV, Escape plans Drills, escape routes and 

testing controls form part of safety controls. 

Integrity refers to aspects such as hashing, digital signatures, certificates and non-repudiation – all 

of which has to do with data integrity. 

Q668. An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security? 

A. Initial baseline configuration snapshots 

B. Firewall, IPS and network segmentation 

C. Event log analysis and incident response 

D. Continuous security monitoring processes 

Answer: D 

Explanation: 

Q669. A company hosts its public websites internally. The administrator would like to make some changes to the architecture. 

The three goals are: 

(1)

 reduce the number of public IP addresses in use by the web servers 

 (2)

 drive all the web traffic through a central point of control 

 (3)

 mitigate automated attacks that are based on IP address scanning 

Which of the following would meet all three goals? 

A. Firewall 

B. Load balancer 

C. URL filter 

D. Reverse proxy 

Answer: D 

Explanation: 

Q670. A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network? 

A. VLAN 

B. Subnet 

C. VPN 

D. DMZ 

Answer: D 

Explanation: 

A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military operation is not permitted.