Get Smart with comptia security+ study guide sy0 401

Actualtests offers free demo for comptia security+ sy0 401 pdf exam. “CompTIA Security+ Certification”, also known as sy0 401 practice exam exam, is a CompTIA Certification. This set of posts, Passing the CompTIA sy0 401 study guide pdf exam, will help you answer those questions. The sy0 401 braindump Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA security+ sy0 401 exams and revised by experts!


Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

Q621. A Human Resources user is issued a virtual desktop typically assigned to Accounting employees. A system administrator wants to disable certain services and remove the local accounting groups installed by default on this virtual machine. The system administrator is adhering to which of the following security best practices? 

A. Black listing applications 

B. Operating System hardening 

C. Mandatory Access Control 

D. Patch Management 



Q622. Identifying a list of all approved software on a system is a step in which of the following practices? 

A. Passively testing security controls 

B. Application hardening 

C. Host software baselining 

D. Client-side targeting 



Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components, operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the required level of security is being maintained. 

Q623. A software development company wants to implement a digital rights management solution to protect its intellectual property. Which of the following should the company implement to enforce software digital rights? 

A. Transport encryption 

B. IPsec 

C. Non-repudiation 

D. Public key infrastructure 



The Public-Key Infrastructure (PKI) is intended to offer a means of providing security to messages and transactions on a grand scale. The need for universal systems to support e-commerce, secure transactions, and information privacy is one aspect of the issues being addressed with PKI. A PKI can be used to protect software. 

Q624. Which of the following describes the purpose of an MOU? 

A. Define interoperability requirements 

B. Define data backup process 

C. Define onboard/offboard procedure 

D. Define responsibilities of each party 



MOU or Memorandum of Understanding is a document outlining which party is responsible for what portion of the work. 

Q625. When Ann an employee returns to work and logs into her workstation she notices that, several desktop configuration settings have changed. Upon a review of the CCTV logs, it is determined that someone logged into Ann’s workstation. Which of the following could have prevented this from happening? 

A. Password complexity policy 

B. User access reviews 

C. Shared account prohibition policy 

D. User assigned permissions policy 



The most important countermeasure against password crackers is to use long, complex passwords, which are changed regularly. Since changes were made to Ann’s desktop configuration settings while she was not at work, means that her password was compromised. 

Q626. Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages? 

A. Risk transference 

B. Change management 

C. Configuration management 

D. Access control revalidation 



Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. In this case ‘scheduled system patching’. 

Q627. A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario? 

A. Encryption 

B. Digital signatures 

C. Steganography 

D. Hashing 

E. Perfect forward secrecy 



Q628. Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic? 

A. Sniffer 

B. Router 

C. Firewall 

D. Switch 



Ip tables are a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. 

Q629. Certificates are used for: (Select TWO). 

A. Client authentication. 

B. WEP encryption. 

C. Access control lists. 

D. Code signing. 

E. Password hashing. 

Answer: A,D 


Certificates are used in PKI to digitally sign data, information, files, email, code, etc. Certificates are also used in PKI for client authentication. 

Q630. A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire? 

A. The certificate will be added to the Certificate Revocation List (CRL). 

B. Clients will be notified that the certificate is invalid. 

C. The ecommerce site will not function until the certificate is renewed. 

D. The ecommerce site will no longer use encryption. 



A similar process to certificate revocation will occur when a certificate is allowed to expire. Notification will be sent out to clients of the invalid certificate. The process of revoking a certificate begins when the CA is notified that a particular certificate needs to be revoked. This must be done whenever the private key becomes known. The owner of a certificate can request that it be revoked at any time, or the administrator can make the request.