SY0-401 Exam
Top 10 practice SY0-401 for client (541 to 550)
It is impossible to pass CompTIA SY0-401 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed CompTIA SY0-401 practice questions. You will get a surprising result by our Renovate CompTIA Security+ Certification practice guides.
2021 Mar SY0-401 test engine
Q541. Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?
A. Interference
B. Man-in-the-middle
C. ARP poisoning
D. Rogue access point
Answer: D
Explanation:
MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists.
In this question, a rogue access point would need to be able to connect to the network to provide access to network resources. If the MAC address of the rogue access point isn’t allowed to connect to the network port, then the rogue access point will not be able to connect to the network.
Q542. Joe, a user, wants to protect sensitive information stored on his hard drive. He uses a program that encrypted the whole hard drive. Once the hard drive is fully encrypted, he uses the same program to create a hidden volume within the encrypted hard drive and stores the sensitive information within the hidden volume. This is an example of which of the following? (Select TWO).
A. Multi-pass encryption
B. Transport encryption
C. Plausible deniability
D. Steganography
E. Transitive encryption
F. Trust models
Answer: C,D
Explanation:
Q543. Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?
A. EAP-MD5
B. WEP
C. PEAP-MSCHAPv2
D. EAP-TLS
Answer: C
Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards.
Q544. Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?
A. The system is running 802.1x.
B. The system is using NAC.
C. The system is in active-standby mode.
D. The system is virtualized.
Answer: D
Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.
Q545. Separation of duties is often implemented between developers and administrators in order to separate which of the following?
A. More experienced employees from less experienced employees
B. Changes to program code and the ability to deploy to production
C. Upper level management users from standard development employees
D. The network access layer from the application access layer
Answer: B
Explanation:
Separation of duties means that there is differentiation between users, employees and duties per se which form part of best practices.
Rebirth SY0-401 free exam:
Q546. Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?
A. Implement WPA
B. Disable SSID
C. Adjust antenna placement
D. Implement WEP
Answer: A
Explanation: Of the options supplied, WiFi Protected Access (WPA) is the most secure and is the replacement for WEP.
Q547. The information security technician wants to ensure security controls are deployed and functioning as intended to be able to maintain an appropriate security posture. Which of the following security techniques is MOST appropriate to do this?
A. Log audits
B. System hardening
C. Use IPS/IDS
D. Continuous security monitoring
Answer: D
Explanation:
A security baseline is the security setting of a system that is known to be secure. This is the initial security setting of a system. Once the baseline has been applied, it must be maintained or improved. Maintaining the security baseline requires continuous monitoring.
Q548. A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a 'listening' state. No other ports are open. Which of the following services should be disabled to ensure secure communications?
A. HTTPS
B. HTTP
C. RDP
D. TELNET
Answer: B
Explanation:
Q549. A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability?
A. Host-based firewall
B. IDS
C. IPS
D. Honeypot
Answer: B
Explanation:
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content.
Q550. A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?
A. OCSP
B. PKI
C. CA
D. CRL
Answer: D
Explanation:
A CRL is a locally stored record containing revoked certificates and revoked keys.