Beginners Guide: security+ sy0 401

It is impossible to pass CompTIA comptia security+ get certified get ahead sy0 401 study guide exam without any help in the short term. Come to Pass4sure soon and find the most advanced, correct and guaranteed CompTIA sy0 401 vce practice questions. You will get a surprising result by our Replace CompTIA Security+ Certification practice guides.


Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

Q401. Which of the following tests a number of security controls in the least invasive manner? 

A. Vulnerability scan 

B. Threat assessment 

C. Penetration test 

D. Ping sweep 



Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning. A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates. 

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. 

Q402. Which of the following fire suppression systems is MOST likely used in a datacenter? 

A. FM-200 

B. Dry-pipe 

C. Wet-pipe 

D. Vacuum 



FM200 is a gas and the principle of a gas system is that it displaces the oxygen in the room, thereby removing this essential component of a fi re. in a data center is is the preferred choice of fire suppressant. 

Q403. Which of the following is a common coding error in which boundary checking is not performed? 

A. Input validation 

B. Fuzzing 

C. Secure coding 

D. Cross-site scripting 



Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain. 

Q404. Which of the following is built into the hardware of most laptops but is not setup for centralized management by default? 

A. Whole disk encryption 

B. TPM encryption 

C. USB encryption 

D. Individual file encryption 



Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. 

Q405. Which of the following would a security administrator implement in order to identify change from the standard configuration on a server? 

A. Penetration test 

B. Code review 

C. Baseline review 

D. Design review 



The standard configuration on a server is known as the baseline. 

The IT baseline protection approach is a methodology to identify and implement computer security 

measures in an organization. The aim is the achievement of an adequate and appropriate level of 

security for IT systems. This is known as a baseline. 

A baseline report compares the current status of network systems in terms of security updates, 

performance or other metrics to a predefined set of standards (the baseline). 

Q406. A program displays: 

ERROR: this program has caught an exception and will now terminate. 

Which of the following is MOST likely accomplished by the program’s behavior? 

A. Operating system’s integrity is maintained 

B. Program’s availability is maintained 

C. Operating system’s scalability is maintained 

D. User’s confidentiality is maintained 



The purpose of error handling is to maintain the security and integrity of the system. Integrity is compromised when unauthorized modification occurs. 

Q407. A security administrator must implement a wireless encryption system to secure mobile devices’ communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented? 

A. RC4 


C. MD5 




RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS. 

Q408. Joe Has read and write access to his own home directory. Joe and Ann are collaborating on a project, and Joe would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect? 

A. Role-based access control 

B. Rule-based access control 

C. Mandatory access control 

D. Discretionary access control 



Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner. 

Q409. Which of the following provides additional encryption strength by repeating the encryption process with additional keys? 


B. 3DES 

C. TwoFish 

D. Blowfish 



Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys). 

Q410. Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks? 

A. Malicious code on the local system 

B. Shoulder surfing 

C. Brute force certificate cracking 

D. Distributed dictionary attacks 



Once a user authenticates to a remote server, malicious code on the user’s workstation could then infect the server.