Want to Pass SY0-401 Exam In Next HOURS? Get it now →
May 19, 2017

Amazing sy0 401 practice test To Try

Proper study guides for Most recent CompTIA CompTIA Security+ Certification certified begins with CompTIA sy0 401 vce preparation products which designed to deliver the 100% Guarantee comptia security+ sy0 401 questions by making you pass the sy0 401 pdf test at your first time. Try the free sy0 401 practice test demo right now.

Q301. Joe, the system administrator, has been asked to calculate the Annual Loss Expectancy (ALE) for a $5,000 server, which often crashes. In the past year, the server has crashed 10 times, requiring a system reboot to recover with only 10% loss of data or function. Which of the following is the ALE of this server? 

A. $500 

B. $5,000 

C. $25,000 

D. $50,000 



SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. (5000 x 10) x 0.1 = 5000 

Q302. Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure? 







Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses. 

Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network's router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP address with a different port number. Although both computers are sharing the same public IP address and accessing the Internet at the same time, the router knows exactly which computer to send specific packets to because each computer has a unique internal address. 

Q303. A software developer is responsible for writing the code on an accounting application. Another software developer is responsible for developing code on a system in human resources. Once a year they have to switch roles for several weeks. 

Which of the following practices is being implemented? 

A. Mandatory vacations 

B. Job rotation 

C. Least privilege 

D. Separation of duties 



A job rotation policy defines intervals at which employees must rotate through positions. 

Q304. A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 

22, 25, 445, 1433, 3128, 3389, 6667 

Which of the following protocols was used to access the server remotely? 







RDP uses TCP port 3389. 

Q305. A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user’s host: 

Old `hosts’ file: localhost 

New `hosts’ file: localhost www.comptia.com 

Which of the following attacks has taken place? 

A. Spear phishing 

B. Pharming 

C. Phishing 

D. Vishing 



We can see in this question that a fraudulent entry has been added to the user’s hosts file. This will point the URL: www.comptia.com to instead of the correct IP address. Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server (or hosts file) by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing. 

Q306. A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend? 

A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna. 

B. Change the encryption used so that the encryption protocol is CCMP-based. 

C. Disable the network's SSID and configure the router to only access store devices based on MAC addresses. 

D. Increase the access point's encryption from WEP to WPA TKIP. 



Q307. An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA? 


B. Recovery agent 

C. Private key 




In public key infrastructure (PKI) systems, a certificate signing request (also CSR or certification 

request) is a message sent from an applicant to a certificate authority in order to apply for a digital 

identity certificate. 

When you renew a certificate you send a CSR to the CA to get the certificate resigned. 

Q308. Which of the following protocols provides for mutual authentication of the client and server? 

A. Two-factor authentication 

B. Radius 

C. Secure LDAP 

D. Biometrics 



C: The LDAP directory service is based on a client-server model. The function of LDAP is to enable access to an existing directory. Because it is a client-server model it makes provision for mutual authentication between the two parties. 

Q309. Which of the following attacks involves the use of previously captured network traffic? 

A. Replay 

B. Smurf 

C. Vishing 

D. DDoS 



Q310. Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring? 

A. A user has plugged in a personal access point at their desk to connect to the network wirelessly. 

B. The company is currently experiencing an attack on their internal DNS servers. 

C. The company’s WEP encryption has been compromised and WPA2 needs to be implemented instead. 

D. An attacker has installed an access point nearby in an attempt to capture company information. 



The question implies that users should be required to enter their domain credentials upon connection to the wireless network. The fact that they are connecting to a wireless network without being prompted for their domain credentials and they are unable to access network resources suggests they are connecting to a rogue wireless network. A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points. 

see more free SY0-401 exam dumps