[Jun 2017] comptia security+ get certified get ahead sy0 401 study guide

Actualtests comptia security+ sy0 401 pdf Questions are updated and all comptia sy0 401 answers are verified by experts. Once you have completely prepared with our comptia security+ study guide sy0 401 exam prep kits you will be ready for the real sy0 401 pdf exam without a problem. We have Renovate CompTIA sy0 401 braindump dumps study guide. PASSED security+ sy0 401 First attempt! Here What I Did.


Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

Q441. Which of the following algorithms has well documented collisions? (Select TWO). 


B. MD5 


D. SHA-256 


Answer: B,C 


B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use. 

C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, "Federal agencies should stop using SHA-1 for…applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010", though that was later relaxed. Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output. Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA-1 in particular both have published techniques more efficient than brute force for finding collisions. 

Q442. A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following? 

A. Dual-factor authentication 

B. Multifactor authentication 

C. Single factor authentication 

D. Biometric authentication 



Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories: knowledge factors ("things only the user knows"), such as passwords possession factors ("things only the user has"), such as ATM cards inherence factors ("things only the user is"), such as biometrics 

In this question a username, password, and a four-digit security pin knowledge are all knowledge factors (something the user knows). Therefore, this is single-factor authentication. 


A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them. 



When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone. Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts. 

Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and expenses associated with the investigation. 


Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, 

Indianapolis, 2014, p 453 

Q444. A company is concerned that a compromised certificate may result in a man-in-the-middle attack against backend financial servers. In order to minimize the amount of time a compromised certificate would be accepted by other servers, the company decides to add another validation step to SSL/TLS connections. Which of the following technologies provides the FASTEST revocation capability? 

A. Online Certificate Status Protocol (OCSP) 

B. Public Key Cryptography (PKI) 

C. Certificate Revocation Lists (CRL) 

D. Intermediate Certificate Authority (CA) 



Q445. Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity’s of Joe’s certificate? (Select TWO). 

A. The CA’s public key 

B. Joe’s private key 

C. Ann’s public key 

D. The CA’s private key 

E. Joe’s public key 

F. Ann’s private key 

Answer: A,E 


Joe wants to send a message to Ann. It’s important that this message not be altered. Joe will use the private key to create a digital signature. The message is, in effect, signed with the private key. Joe then sends the message to Ann. Ann will use the public key attached to the message to validate the digital signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key provided by Joe—the public key—to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus Ann would compare the signature area referred to as a message in the message with the calculated value digest (her private key in this case). If the values match, the message hasn’t been tampered with and the originator is verified as the person they claim to be. This process provides message integrity, nonrepudiation, and authentication. A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. A certificate is nothing more than a mechanism that associates the public key with an individual. If Joe wants to send Ann an encrypted e-mail, there should be a mechanism to verify to Ann that the message received from Mike is really from Joe. If a third party (the CA) vouches for Joe and Ann trusts that third party, Ann can assume that the message is authentic because the third party says so. 

Q446. Which of the following types of encryption will help in protecting files on a PED? 

A. Mobile device encryption 

B. Transport layer encryption 

C. Encrypted hidden container 

D. Database encryption 



Device encryption encrypts the data on a Personal Electronic Device (PED). This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. 

Q447. Which of the following is the difference between identification and authentication of a user? 

A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system. 

B. Identification tells who the user is and authentication proves it. 

C. Identification proves who the user is and authentication is used to keep the users data secure. 

D. Identification proves who the user is and authentication tells the user what they are allowed to do. 



Identification is described as the claiming of an identity, and authentication is described as the act of verifying or proving the claimed identity. 

Q448. Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future? 

A. Data loss prevention 

B. Enforcing complex passwords 

C. Security awareness training 

D. Digital signatures 



Q449. A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles? 

A. Leverage role-based access controls. 

B. Perform user group clean-up. 

C. Verify smart card access controls. 

D. Verify SHA-256 for password hashes. 


Explanation: Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user, group and computer objects accumulating over time and placing security and compliance objectives in jeopardy. You would therefore need to regularly clean-up these settings. 

Q450. Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults? 


B. Protocol security 

C. Port security 




A storage area network (SAN) is a secondary network that offers storage isolation by consolidating storage devices such as hard drives, drive arrays, optical jukeboxes, and tape libraries. Virtualization can be used to further enhance the security of a SAN by using switches to create a VSAN. These switches act as routers controlling and filtering traffic into and out of the VSAN while allowing unrestricted traffic within the VSAN.