Top Replace SY0-401 free exam questions Reviews!

SY0-401 Exam

2021 Mar SY0-401 practice

Q491. Which of the following is a notification that an unusual condition exists and should be investigated?

A. Alert

B. Trend

C. Alarm

D. Trap

Answer: A

Explanation:

We need to look carefully at the wording of the question to determine the answer. This question is asking about an “unusual condition” that should be investigated. There are different levels of alerts from Critical to Warning to Information only. An Alarm would be triggered by a serious definite problem that needs resolving urgently. An “unusual condition” probably wouldn’t trigger an alarm; it is more likely to trigger an Alert.

Q492. A company’s legacy server requires administration using Telnet. Which of the following protocols could be used to secure communication by offering encryption at a lower OSI layer? (Select TWO).

A. IPv6

B. SFTP

C. IPSec

D. SSH

E. IPv4

Answer: A,C

Explanation:

Telnet supports IPv6 connections. IPv6 is the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPsec is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec is a compulsory component for IPv6.

IPsec operates at Layer 3 of the OSI model, whereas Telnet operates at Layer 7.

Q493. A company recently experienced data loss when a server crashed due to a midday power outage.

Which of the following should be used to prevent this from occurring again?

A. Recovery procedures

B. EMI shielding

C. Environmental monitoring

D. Redundancy

Answer: D

Explanation:

Redundancy refers to systems that either are duplicated or fail over to other systems in the event of a malfunction (in this case a power outage). Failover refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This strategy allows service to continue uninterrupted until the primary server can be restored.

Q494. Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test?

A. The security company is provided with all network ranges, security devices in place, and logical maps of the network.

B. The security company is provided with no information about the corporate network or physical locations.

C. The security company is provided with limited information on the network, including all network diagrams.

D. The security company is provided with limited information on the network, including some subnet ranges and logical network diagrams.

Answer: B

Explanation:

The term black box testing is generally associated with application testing. However, in this question the term is used for network testing. Black box testing means testing something when you have no knowledge of the inner workings.

Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place.

Q495. Which of the following malware types typically allows an attacker to monitor a user’s computer, is characterized by a drive-by download, and requires no user interaction?

A. Virus

B. Logic bomb

C. Spyware

D. Adware

Answer: C

Explanation: Explanation Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity.

Down to date SY0-401 test questions:

Q496. A security administrator must implement a secure key exchange protocol that will allow company clients to autonomously exchange symmetric encryption keys over an unencrypted channel. Which of the following MUST be implemented?

A. SHA-256

B. AES

C. Diffie-Hellman

D. 3DES

Answer: C

Explanation:

Q497. An administrator is instructed to disable IP-directed broadcasts on all routers in an organization. Which of the following attacks does this prevent?

A. Pharming

B. Smurf

C. Replay

D. Xmas

Answer: B

Explanation:

Q498. A financial company requires a new private network link with a business partner to cater for realtime and batched data flows.

Which of the following activities should be performed by the IT security staff member prior to establishing the link?

A. Baseline reporting

B. Design review

C. Code review

D. SLA reporting

Answer: B

Explanation:

This question is asking about a new private network link (a VPN) with a business partner. This will

provide access to the local network from the business partner.

When implementing a VPN, an important step is the design of the VPN. The VPN should be

designed to ensure that the security of the network and local systems is not compromised.

The design review assessment examines the ports and protocols used, the rules, segmentation,

and access control in the systems or applications. A design review is basically a check to ensure

that the design of the system meets the security requirements.

Q499. In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?

A. Identification

B. Authorization

C. Authentication

D. Multifactor authentication

Answer: C

Explanation:

An authentication ticket, also known as a ticket-granting ticket (TGT), is a small amount of encrypted data that is issued by a server in the Kerberos authentication model to begin the authentication process. When the client receives an authentication ticket, the client sends the ticket back to the server along with additional information verifying the client's identity. The server then issues a service ticket and a session key (which includes a form of password), completing the authorization process for that session. In the Kerberos model, all tickets are time-stamped and have limited lifetimes. This minimizes the danger that hackers will be able to steal or crack the encrypted data and use it to compromise the system. Ideally, no authentication ticket remains valid for longer than the time an expert hacker would need to crack the encryption. Authentication tickets are session-specific, further improving the security of the system by ensuring that no authentication ticket remains valid after a given session is complete.

Q500. A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks.

Which of the following is MOST likely the reason for the sub-interfaces?

A. The network uses the subnet of 255.255.255.128.

B. The switch has several VLANs configured on it.

C. The sub-interfaces are configured for VoIP traffic.

D. The sub-interfaces each implement quality of service.

Answer: B

Explanation:

A subinterface is a division of one physical interface into multiple logical interfaces. Routers commonly employ subinterfaces for a variety of purposes, most common of these are for routing traffic between VLANs. Also, IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.