A Complete Guide to comptia security+ get certified get ahead sy0 401 study guide

Testking offers free demo for comptia security+ get certified get ahead sy0 401 study guide exam. “CompTIA Security+ Certification”, also known as comptia security+ sy0 401 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA comptia security+ sy0 401 pdf exam, will help you answer those questions. The sy0 401 braindump Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA sy0 401 practice test exams and revised by experts!


Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

Q111. Which of the following hardware based encryption devices is used as a part of multi-factor authentication to access a secured computing system? 

A. Database encryption 

B. USB encryption 

C. Whole disk encryption 




Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. 

Q112. Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO). 

A. Virtual switch 


C. System partitioning 

D. Access-list 

E. Disable spanning tree 


Answer: A,F 


A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. A virtual switch is a software application that allows communication between virtual machines. A combination of the two would best satisfy the question. 

Q113. Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes? 

A. User rights and permissions review 

B. Configuration management 

C. Incident management 

D. Implement security controls on Layer 3 devices 



Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions. Also reviewing user rights and permissions will afford the security analyst the opportunity to put the principle of least privilege in practice as well as update the security policy 

Q114. An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a: 

A. stateful firewall 

B. packet-filtering firewall 





NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request. 

Q115. Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website? 

A. Protocol analyzer 

B. Load balancer 

C. VPN concentrator 

D. Web security gateway 



Load balancing refers to shifting a load from one device to another. A load balancer can be implemented as a software or hardware solution, and it is usually associated with a device—a router, a firewall, NAT appliance, and so on. In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available. 

Q116. Jane, an IT security technician, needs to create a way to secure company mobile devices. Which of the following BEST meets this need? 

A. Implement voice encryption, pop-up blockers, and host-based firewalls. 

B. Implement firewalls, network access control, and strong passwords. 

C. Implement screen locks, device encryption, and remote wipe capabilities. 

D. Implement application patch management, antivirus, and locking cabinets. 


Explanation: Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications. Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people. 

Q117. Which of the following explains the difference between a public key and a private key? 

A. The public key is only used by the client while the private key is available to all. Both keys are mathematically related. 

B. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related. 

C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption. 

D. The private key is only used by the client and kept secret while the public key is available to all. 



The private key must be kept secret at all time. The private key is only by the client. The public key is available to anybody. 

Q118. After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data. 

Which of the following controls support this goal? 

A. Contingency planning 

B. Encryption and stronger access control 

C. Hashing and non-repudiation 

D. Redundancy and fault tolerance 



Encryption is used to protect data/contents/documents. Access control refers to controlling who accesses any data/contents/documents and to exercise authorized control to the accessing of that data. 

Q119. While rarely enforced, mandatory vacation policies are effective at uncovering: 

A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems. 

B. Collusion between two employees who perform the same business function. 

C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team. 

D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight. 



Least privilege (privilege reviews) and job rotation is done when mandatory vacations are implemented. Then it will uncover areas where the system administrators neglected to check all users’ privileges since the other users must fill in their positions when they are on their mandatory vacation. 

Q120. A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews? 

A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned. 

B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively. 

C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced. 

D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources. 



Reviewing user permissions and group memberships form part of a privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation.