Want to Pass SY0-401 Exam In Next HOURS? Get it now →
May 17, 2017

Today Big Q: sy0 401 practice exam?

Cause all that matters here is passing the CompTIA comptia security+ sy0 401 pdf exam. Cause all that you need is a high score of comptia security+ sy0 401 pdf CompTIA Security+ Certification exam. The only one thing you need to do is downloading Pass4sure comptia security+ sy0 401 pdf exam study guides now. We will not let you down with our money-back guarantee.

Q491. Which of the following ports is used to securely transfer files between remote UNIX systems? 

A. 21 

B. 22 

C. 69 

D. 445 



SCP copies files securely between hosts on a network. It uses SSH for data transfer, and uses the 

same authentication and provides the same security as SSH. Unlike RCP, SCP will ask for 

passwords or passphrases if they are needed for authentication. 

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, 

and slogin, also use TCP port 22. 

Q492. Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services? 


B. Content filter 


D. Host-based firewalls 



Q493. A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies? 

A. User rights and permissions review 

B. Change management 

C. Data loss prevention 

D. Implement procedures to prevent data theft 



Terminal Access Controller Access-Control System (TACACS, and variations like XTACACS and TACACS+) is a client/server-oriented environment, and it operates in a manner similar to RADIUS. Furthermore TACACS+ allows for credential to be accepted from multiple methods. Thus you can perform user rights and permission reviews with TACACS+. 

Q494. A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons? 

A. SNMPv3 






Q495. Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports? 

A. 25 

B. 53 

C. 143 

D. 443 



Q496. Mike, a user, states that he is receiving several unwanted emails about home loans. Which of the following is this an example of? 

A. Spear phishing 

B. Hoaxes 

C. Spoofing 

D. Spam 



Spam is most often considered to be electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup. In addition to wasting people's time with unwanted e-mail, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to prevent spam, just as it is impossible to prevent junk mail. However, some online services have instituted policies to prevent spammers from spamming their subscribers. There is some debate about why it is called spam, but the generally accepted version is that it comes from the Monty Python song, "Spam spam spam spam, spam spam spam spam, lovely spam, wonderful spam". Like the song, spam is an endless repetition of worthless text. Another school of thought maintains that it comes from the computer group lab at the University of Southern California who gave it the name because it has many of the same characteristics as the lunch meat Spam: Nobody wants it or ever asks for it. No one ever eats it; it is the first item to be pushed to the side when eating the entree. Sometimes it is actually tasty, like 1% of junk mail that is really useful to some people. The term spam can also be used to describe any "unwanted" email from a company or website --typically at some point a user would have agreed to receive the email via subscription list opt-in --a newer term called graymail is used to describe this particular type of spam. 

Q497. Ann, a security administrator, has concerns regarding her company’s wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be. 

Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current functionality for clients? 

A. Enable MAC filtering on the wireless access point. 

B. Configure WPA2 encryption on the wireless access point. 

C. Lower the antenna’s broadcasting power. 

D. Disable SSID broadcasting. 



Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far. 

Q498. On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. 

Which of the following is the MOST likely cause for this issue? 

A. Too many incorrect authentication attempts have caused users to be temporarily disabled. 

B. The DNS server is overwhelmed with connections and is unable to respond to queries. 

C. The company IDS detected a wireless attack and disabled the wireless network. 

D. The Remote Authentication Dial-In User Service server certificate has expired. 



The question states that the network uses 802.1x with PEAP. The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS). A RADIUS server will be configured with a digital certificate. When a digital certificate is created, an expiration period is configured by the Certificate Authority (CA). The expiration period is commonly one or two years. The question states that no configuration changes have been made so it’s likely that the certificate has expired. 

Q499. Which of the following devices is MOST likely being used when processing the following? 



A. Firewall 


C. Load balancer 

D. URL filter 



Firewalls, routers, and even switches can use ACLs as a method of security management. An access control list has a deny ip any any implicitly at the end of any access control list. ACLs deny by default and allow by exception. 

Q500. Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO). 

A. Acceptable use of social media 

B. Data handling and disposal 

C. Zero day exploits and viruses 

D. Phishing threats and attacks 

E. Clean desk and BYOD 

F. Information security awareness 

Answer: D,F 


Managers/ i.e. executives in the company are concerned with more global issues in the organization, including enforcing security policies and procedures. Managers should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies. Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they are not trained to lookout for these attacks. 

see more free SY0-401 exam dumps