sy0 401 dump (201 to 210)

Want to know Exambible sy0 401 practice test Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Refined CompTIA sy0 401 study guide pdf answers to Avant-garde sy0 401 vce questions at Exambible. Gat a success with an absolute guarantee to pass CompTIA sy0 401 practice exam (CompTIA Security+ Certification) test on your first attempt.


Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

Q201. The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future? 

A. Job rotation 

B. Separation of duties 

C. Mandatory Vacations 

D. Least Privilege 



Separation of duties means that users are granted only the permissions they need to do their work and no more. More so it means that you are employing best practices. The segregation of duties and separation of environments is a way to reduce the likelihood of misuse of systems or information. A separation of duties policy is designed to reduce the risk of fraud and to prevent other losses in an organization. 

Q202. A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts? 

A. Confidentiality 

B. Availability 

C. Succession planning 

D. Integrity 



Simply making sure that the data and systems are available for authorized users is what availability is all about. Data backups, redundant systems, and disaster recovery plans all support availability. And creating a hot site is about providing availability. 

Q203. Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure? 

A. Trust Model 

B. Recovery Agent 

C. Public Key 

D. Private Key 



In a bridge trust model allows lower level domains to access resources in a separate PKI through the root CA. A trust Model is collection of rules that informs application on how to decide the legitimacy of a 

Digital Certificate. 

In a bridge trust model, a peer-to-peer relationship exists among the root CAs. The root CAs can 

communicate with one another, allowing cross certification. This arrangement allows a certification 

process to be established between organizations or departments. 

Each intermediate CA trusts only the CAs above and below it, but the CA structure can be 

expanded without creating additional layers of CAs. 

Q204. Which of the following policies is implemented in order to minimize data loss or theft? 

A. PII handling 

B. Password policy 

C. Chain of custody 

D. Zero day exploits 



Although the concept of PII is old, it has become much more important as information technology and the Internet have made it easier to collect PII through breaches of internet security, network security and web browser security, leading to a profitable market in collecting and reselling PII. PII can also be exploited by criminals to stalk or steal the identity of a person, or to aid in the planning of criminal acts. Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Thus a PII handling policy can be used to protect data. 

Q205. Which of the following ciphers would be BEST used to encrypt streaming video? 


B. RC4 

C. SHA1 D. 3DES 



In cryptography, RC4 is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS). While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure protocols such as WEP. 

Because RC4 is a stream cipher, it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable to a bit-flipping attack. The cipher is also vulnerable to a stream cipher attack if not implemented correctly. Furthermore, inadvertent double encryption of a message with the same key may accidentally output plaintext rather than ciphertext because the involutory nature of the XOR function would result in the second operation reversing the first. It is noteworthy, however, that RC4, being a stream cipher, was for a period of time the only common cipher that was immune to the 2011 BEAST attack on TLS 1.0. The attack exploits a known weakness in the way cipher block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers. 

Q206. Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection? 


B. Antivirus 





Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. 

Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. A Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. As a zero-day attack is an unknown vulnerability (a vulnerability that does not have a fix or a patch to prevent it), the best defence would be an intrusion prevention system. 

Q207. A company is preparing to decommission an offline, non-networked root certificate server. Before sending the server’s drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO). 

A. Disk hashing procedures 

B. Full disk encryption 

C. Data retention policies 

D. Disk wiping procedures 

E. Removable media encryption 

Answer: B,D 


B: Full disk encryption is when the entire volume is encrypted; the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer’s security. Full disk encryption is sometimes referred to as hard drive encryption. 

D: Disk wiping is the process of overwriting data on the repeatedly, or using a magnet to alter the magnetic structure of the disks. This renders the data unreadable. 

Q208. Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following? 

A. Application patch management 

B. Cross-site scripting prevention 

C. Creating a security baseline 

D. System hardening 



Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. 

Q209. Each server on a subnet is configured to only allow SSH access from the administrator’s workstation. Which of the following BEST describes this implementation? 

A. Host-based firewalls 

B. Network firewalls 

C. Network proxy 

D. Host intrusion prevention 



A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet. These firewalls manage network traffic using filters to block certain ports and protocols while allowing others to pass through the system. 

Q210. Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency? 

A. Business continuity planning 

B. Continuity of operations 

C. Business impact analysis 

D. Succession planning 



Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.