Surprising sy0 401 braindump

We provide real sy0 401 pdf exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass CompTIA comptia security+ study guide sy0 401 Exam quickly & easily. The comptia sy0 401 PDF type is available for reading and printing. You can print more and practice many times. With the help of our CompTIA comptia security+ sy0 401 dumps pdf and vce product and material, you can easily pass the sy0 401 dump exam.


Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

Q641. Which of the following offers the LEAST amount of protection against data theft by USB drives? 


B. Database encryption 


D. Cloud computing 



Cloud computing refers to performing data processing and storage elsewhere, over a network connection, rather than locally. Because users have access to the data, it can easily be copied to a USB device. 

Q642. A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server? 

A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. 

B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. 

C. Format the storage and reinstall both the OS and the data from the most current backup. 

D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised. 



Rootkits are software programs that have the ability to hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display—the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like. The best way to handle this situation is to wipe the server and reinstall the operating system with the original installation disks and then restore the extracted data from your last known good backup. This way you can eradicate the rootkit and restore the data. 

Q643. Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system? 

A. Biometrics 


C. Single factor authentication 

D. Multifactor authentication 



Multifactor authentication requires a user to provide two or more authentication factors for authentication purposes. In this case, a smart card (something they have) is one and a PIN (something they know) is the second. 

Q644. Which of the following ports should be used by a system administrator to securely manage a remote server? 

A. 22 

B. 69 

C. 137 

D. 445 



Secure Shell (SSH) is a more secure replacement for Telnet, rlogon, rsh, and rcp. SSH can be called a remote access or remote terminal solution. SSH offers a means by which a command-line, text-only interface connection with a server, router, switch, or similar device can be established over any distance. SSH makes use of TCP port 22. 

Q645. Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes? 

A. Switches 

B. Protocol analyzers 

C. Routers 

D. Web security gateways 



A Protocol Analyzer is a hardware device or more commonly a software program used to capture 

network data communications sent between devices on a network. By capturing and analyzing the 

packets, Pete will be able to determine the type, source, and flags of the packets traversing a 

network for troubleshooting purposes. 

Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) 

from Microsoft and Wireshark (formerly Ethereal). 

Q646. A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability? 

A. Host-based firewall 



D. Honeypot 



An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content. 

Q647. An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised? 

A. A password that has not changed in 180 days 

B. A single account shared by multiple users 

C. A user account with administrative rights 

D. An account that has not been logged into since creation 



Q648. Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues. Which of the following should the technician do? 

A. Change the access point from WPA2 to WEP to determine if the encryption is too strong 

B. Clear all access logs from the AP to provide an up-to-date access list of connected users 

C. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter 

D. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap 



The users may be connecting to a rogue access point. The rogue access point could be hosting a wireless network that has the same SSID as the corporate wireless network. The only way to tell for sure if the access point the users are connecting to is the correct one is to check the MAC address. Every network card has a unique 48-bit address assigned. A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model. MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address. A network node may have multiple NICs and each NIC must have a unique MAC address. MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64. 

Q649. A team of firewall administrators have access to a `master password list’ containing service account passwords. Which of the following BEST protects the master password list? 

A. File encryption 

B. Password hashing 

C. USB encryption 

D. Full disk encryption 



File encryption can be used to protect the contents of individual files. It uses randomly generated symmetric encryption keys for the file and stores the key in an encrypted form using the user’s public key on the encrypted file. 

Q650. A recent review of accounts on various systems has found that after employees' passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO). 

A. Reverse encryption 

B. Minimum password age 

C. Password complexity 

D. Account lockouts 

E. Password history 

F. Password expiration 

Answer: B,E