• Home
• CompTIA
• SY0-401 : CompTIA Security+ Certification

What Does SY0-401 free draindumps Mean?

---

All the CompTIA SY0-401 on-line study supplies are of great price with nearly all supreme accuracy. Our professionals are focused to presenting essentially the most authentic, reliable, and current CompTIA CompTIA certification exam questions for you personally all. You are going to get a large mark which guarantee your own success in direction of CompTIA certification. You can end up being at ease with all the answers to the CompTIA CompTIA SY0-401 stimulation tests. The CompTIA CompTIA SY0-401 braindumps contain almost 100% proper answers which allow you to understand your SY0-401 questions easily. It is possible to get a passing score from the CompTIA CompTIA real examination. In addition, you may get a complete refund because of your own failure from the CompTIA exam after making use of our items. You should mail us your CompTIA SY0-401 score report. All of us will return your income within 12 hours.

2021 Mar SY0-401 practice

Q121. Which of the following concepts are included on the three sides of the "security triangle"? (Select THREE). 

A. Confidentiality 

B. Availability 

C. Integrity 

D. Authorization 

E. Authentication 

F. Continuity 

Answer: A,B,C 

Explanation: 

Confidentiality, integrity, and availability are the three most important concepts in security. Thus they form the security triangle. 

Q122. RC4 is a strong encryption protocol that is generally used with which of the following? 

A. WPA2 CCMP 

B. PEAP 

C. WEP 

D. EAP-TLS 

Answer: C 

Explanation: 

Q123. An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised? 

A. A password that has not changed in 180 days 

B. A single account shared by multiple users 

C. A user account with administrative rights 

D. An account that has not been logged into since creation 

Answer: C 

Explanation: 

Q124. ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left? 

A. Annual account review 

B. Account expiration policy 

C. Account lockout policy 

D. Account disablement 

Answer: B 

Explanation: 

Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day. 

Q125. Which of the following means of wireless authentication is easily vulnerable to spoofing? 

A. MAC Filtering 

B. WPA - LEAP 

C. WPA - PEAP 

D. Enabled SSID 

Answer: A 

Explanation: 

Each network interface on your computer or any other networked device has a unique MAC address. These MAC addresses are assigned in the factory, but you can easily change, or “spoof,” MAC addresses in software. 

Networks can use MAC address filtering, only allowing devices with specific MAC addresses to connect to a network. This isn’t a great security tool because people can spoof their MAC addresses. 

Refresh SY0-401 practice question:

Q126. Which of the following application attacks is used to gain access to SEH? 

A. Cookie stealing 

B. Buffer overflow 

C. Directory traversal 

D. XML injection 

Answer: B 

Explanation: 

Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns. If it has been altered, the program exits with a segmentation fault. Microsoft's implementation of Data Execution Prevention (DEP) mode explicitly protects the pointer to the Structured Exception Handler (SEH) from being overwritten. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. 

Q127. An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks? 

A. XSRF Attacks 

B. Fuzzing 

C. Input Validations 

D. SQL Injections 

Answer: B 

Explanation: 

Q128. When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record? 

A. DNSSEC record 

B. IPv4 DNS record 

C. IPSEC DNS record 

D. IPv6 DNS record 

Answer: D 

Explanation: The AAAA Address record links a FQDN to an IPv6 address. 

Q129. A security administrator forgets their card to access the server room. The administrator asks a coworker if they could use their card for the day. Which of the following is the administrator using to gain access to the server room? 

A. Man-in-the-middle 

B. Tailgating 

C. Impersonation 

D. Spoofing 

Answer: C 

Explanation: 

Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat. 

In this question, by using the coworker’s card, the security administrator is ‘impersonating’ the coworker. The server room locking system and any logging systems will ‘think’ that the coworker has entered the server room. 

Q130. Used in conjunction, which of the following are PII? (Select TWO). 

A. Marital status 

B. Favorite movie 

C. Pet’s name 

D. Birthday 

E. Full name 

Answer: D,E 

Explanation: 

Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. A birthday together with a full name makes it personally identifiable information.