Beginners Guide: comptia security+ sy0 401

Exam Code: comptia security+ sy0 401 pdf (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass comptia security+ sy0 401 pdf Exam.


Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

Q581. A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment? 

A. Chain of custody 

B. Tracking man hours 

C. Record time offset 

D. Capture video traffic 



It is quite common for workstation as well as server times to be off slightly from actual time. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system. There is no mention that this was done by the incident response team. 

Q582. The server administrator has noted that most servers have a lot of free disk space and low memory utilization. Which of the following statements will be correct if the server administrator migrates to a virtual server environment? 

A. The administrator will need to deploy load balancing and clustering. 

B. The administrator may spend more on licensing but less on hardware and equipment. 

C. The administrator will not be able to add a test virtual environment in the data center. 

D. Servers will encounter latency and lowered throughput issues. 



Migrating to a virtual server environment reduces cost by eliminating the need to purchase, manage, maintain and power physical machines. The fewer physical machines you have, the less money it costs. 

Q583. Which of the following is a hardware based encryption device? 


B. TrueCrypt 





Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. 

Q584. Which of the following provides the BEST application availability and is easily expanded as demand grows? 

A. Server virtualization 

B. Load balancing 

C. Active-Passive Cluster 

D. RAID 6 



Load balancing is a way of providing high availability by splitting the workload across multiple computers. 

Q585. Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware? 

A. Viruses are a subset of botnets which are used as part of SYN attacks. 

B. Botnets are a subset of malware which are used as part of DDoS attacks. 

C. Viruses are a class of malware which create hidden openings within an OS. 

D. Botnets are used within DR to ensure network uptime and viruses are not. 



A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation. Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator. Many computer users are unaware that their computer is infected with bots. Depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules. 

Q586. Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords? 







PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards. 

Q587. In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered? 

A. Continuous security monitoring 

B. Baseline configuration and host hardening 

C. Service Level Agreement (SLA) monitoring 

D. Security alerting and trending 



The company is investing in a Governance, Risk, and Compliance (GRC) system to provide overall security posture coverage. This is great for testing the security posture. However, to be effective and ensure the company always has a good security posture, you need to monitor the security continuously. 

Once a baseline security configuration is documented, it is critical to monitor it to see that this baseline is maintained or exceeded. A popular phrase among personal trainers is “that which gets measured gets improved.” Well, in network security, “that which gets monitored gets secure.” Continuous monitoring means exactly that: ongoing monitoring. This may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations. 

Q588. Which of the following is the LEAST volatile when performing incident response procedures? 

A. Registers 

B. RAID cache 


D. Hard drive 



An example of OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts. Of the options stated in the question the hard drive would be the least volatile. 

Q589. Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department’s server, and the accounting department should not have access to the HR department’s server. The network is separated by switches. Which of the following is designed to keep the HR department users from accessing the accounting department’s server and vice-versa? 

A. ACLs 


C. DMZs 




A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function. 

Q590. Used in conjunction, which of the following are PII? (Select TWO). 

A. Marital status 

B. Favorite movie 

C. Pet’s name 

D. Birthday 

E. Full name 

Answer: D,E 


Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. A birthday together with a full name makes it personally identifiable information.