Want to Pass SY0-401 Exam In Next HOURS? Get it now →
May 18, 2017

How to win with sy0 401 practice test

Proper study guides for Up to date CompTIA CompTIA Security+ Certification certified begins with CompTIA sy0 401 practice test preparation products which designed to deliver the 100% Correct sy0 401 study guide pdf questions by making you pass the comptia security+ study guide sy0 401 test at your first time. Try the free sy0 401 practice exam demo right now.

Q481. Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could: 

A. Set up a honeypot and place false project documentation on an unsecure share. 

B. Block access to the project documentation using a firewall. 

C. Increase antivirus coverage of the project servers. 

D. Apply security updates and harden the OS on all project servers. 



In this scenario, we would use a honeypot as a ‘trap’ to catch unauthorized employees who are accessing critical project information. A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study 

the attack to research current attack methodologies. 

According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main 


The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning 

where the system has weaknesses that need to be redesigned. 

The hacker can be caught and stopped while trying to obtain root access to the system. 

By studying the activities of hackers, designers can better create more secure systems that are 

potentially invulnerable to future hackers. 

There are two main types of honeypots: 

Production - A production honeypot is one used within an organization's environment to help 

mitigate risk. 

Research – A research honeypot add value to research in computer security by providing a 

platform to study the threat. 

Q482. Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Joe had already been working for two hours before leaving the premises. 

A security technician was asked to prepare a report of files that had changed since last night’s integrity scan. 

Which of the following could the technician use to prepare the report? (Select TWO). 


B. MD5 



E. Blowfish 


Answer: B,F 


B: MD5 can be used to locate the data which has changed. 

The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash 

value is used to help maintain integrity. There are several versions of MD; the most common are 

MD5, MD4, and MD2. 

F: A common method of verifying integrity involves adding a message authentication code (MAC) 

to the message. 

HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a 

symmetric key. 

Q483. Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. 

After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue? 

A. Spam filter 

B. Protocol analyzer 

C. Web application firewall 

D. Load balancer 



A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a typical host system. In either case, a protocol analyzer is first a packet capturing tool that can collect network traffic and store it in memory or onto a storage device. Once a packet is captured, it can be analyzed either with complex automated tools and scripts or manually. 

Q484. A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used? 

A. RC4 


C. 3DES 




Cipher Block Chaining Message Authentication Code Protocol (CCMP) makes use of 128-bit AES encryption with a 48-bit initialization vector. 

Q485. Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss? 

A. Record time offset 

B. Clean desk policy 

C. Cloud computing 

D. Routine log review 



Clean Desk Policy Information on a desk—in terms of printouts, pads of note paper, sticky notes, and the like—can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. This will mitigate the risk of data loss when applied. 

Q486. The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following? 

A. Rainbow tables attacks 

B. Brute force attacks 

C. Birthday attacks 

D. Cognitive passwords attacks 



Social Networking Dangers are ‘amplified’ in that social media networks are designed to mass distribute personal messages. If an employee reveals too much personal information it would be easy for miscreants to use the messages containing the personal information to work out possible passwords. 

Q487. A network consists of various remote sites that connect back to two main locations. Pete, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal? 

A. Block port 23 on the L2 switch at each remote site 

B. Block port 23 on the network firewall 

C. Block port 25 on the L2 switch at each remote site 

D. Block port 25 on the network firewall 



Telnet is a terminal-emulation network application that supports remote connectivity for executing commands and running applications but doesn’t support transfer of fi les. Telnet uses TCP port 23. Because it’s a clear text protocol and service, it should be avoided and replaced with SSH. 

Q488. Company A submitted a bid on a contract to do work for Company B via email. Company B was insistent that the bid did not come from Company A. Which of the following would have assured that the bid was submitted by Company A? 

A. Steganography 

B. Hashing 

C. Encryption 

D. Digital Signatures 



A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. 

Q489. Which of the following ports should be used by a system administrator to securely manage a remote server? 

A. 22 

B. 69 

C. 137 

D. 445 



Secure Shell (SSH) is a more secure replacement for Telnet, rlogon, rsh, and rcp. SSH can be called a remote access or remote terminal solution. SSH offers a means by which a command-line, text-only interface connection with a server, router, switch, or similar device can be established over any distance. SSH makes use of TCP port 22. 

Q490. After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies? 

A. Change management 

B. Implementing policies to prevent data loss 

C. User rights and permissions review 

D. Lessons learned 



Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Described in the question is a situation where a security breach had occurred and its response which shows that lessons have been learned and used to put in place measures that will prevent any future security breaches of the same kind. 

see more free SY0-401 exam dumps