• Home
• CompTIA
• SY0-401 : CompTIA Security+ Certification

Apr 2021 updated: Testking CompTIA SY0-401 testing engine 251-260

---

Exambible.com presents your high-quality and trustworthy CompTIA CompTIA simulation tests. We all are sure that you will acquire through the CompTIA SY0-401 real exam with Exambibles useful preparation materials. Or even you will acquire full refund. The experts be sure that the CompTIA SY0-401 exam questions are precise, accurate, along with logical which will allow you to succeed in your CompTIA exam.

2021 Apr SY0-401 exam cram

Q251. Sara, a security architect, has developed a framework in which several authentication servers work together to increase processing power for an application. Which of the following does this represent? 

A. Warm site 

B. Load balancing 

C. Clustering 

D. RAID 

Answer: C 

Explanation: 

Anytime you connect multiple computers to work/act together as a single server, it is known as 

clustering. Clustered systems utilize parallel processing (improving performance and availability) 

and add redundancy. 

Server clustering is used to provide failover capabilities / redundancy in addition to scalability as 

demand increases. 

Q252. Which of the following BEST describes a demilitarized zone? 

A. A buffer zone between protected and unprotected networks. 

B. A network where all servers exist and are monitored. 

C. A sterile, isolated network segment with access lists. 

D. A private network that is protected by a firewall and a VLAN. 

Answer: A 

Explanation: 

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall. 

Q253. Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts? 

Host 192.168.1.123 

[00:00:01]Successful Login: 015 192.168.1.123 : local 

[00:00:03]Unsuccessful Login: 022 214.34.56.006 :RDP 192.168.1.124 

[00:00:04]UnSuccessful Login: 010 214.34.56.006 :RDP 192.168.1.124 

[00:00:07]UnSuccessful Login: 007 214.34.56.006 :RDP 192.168.1.124 

[00:00:08]UnSuccessful

 Login: 003 214.34.56.006 :RDP 192.168.1.124 

A. Reporting 

B. IDS 

C. Monitor system logs 

D. Hardening 

Answer: D 

Explanation: 

Q254. A user ID and password together provide which of the following? 

A. Authorization 

B. Auditing 

C. Authentication 

D. Identification 

Answer: C 

Explanation: 

Authentication generally requires one or more of the following: 

Something you know: a password, code, PIN, combination, or secret phrase. 

Something you have: a smart card, token device, or key. 

Something you are: a fingerprint, a retina scan, or voice recognition; often referred to as 

biometrics, discussed later in this chapter. 

Somewhere you are: a physical or logical location. 

Something you do: typing rhythm, a secret handshake, or a private knock. 

Q255. A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user’s digital certificate. Which of the following will help resolve the issue? (Select TWO). 

A. Revoke the digital certificate 

B. Mark the key as private and import it 

C. Restore the certificate using a CRL 

D. Issue a new digital certificate 

E. Restore the certificate using a recovery agent 

Answer: A,D 

Explanation: 

The user's certificate must be revoked to ensure that the stolen computer cannot access 

resources the user has had access to. 

To grant the user access to the resources he must be issued a new certificate. 

Renewal SY0-401 actual exam:

Q256. A security administrator needs to image a large hard drive for forensic analysis. Which of the following will allow for faster imaging to a second hard drive? 

A. cp /dev/sda /dev/sdb bs=8k 

B. tail -f /dev/sda > /dev/sdb bs=8k 

C. dd in=/dev/sda out=/dev/sdb bs=4k 

D. locate /dev/sda /dev/sdb bs=4k 

Answer: C 

Explanation: 

dd is a command-line utility for Unix and Unix-like operating systems whose primary purpose is to convert and copy files. dd can duplicate data across files, devices, partitions and volumes On Unix, device drivers for hardware (such as hard disks) and special device files (such as /dev/zero and /dev/random) appear in the file system just like normal files; dd can also read and/or write from/to these files, provided that function is implemented in their respective driver. As a result, dd can be used for tasks such as backing up the boot sector of a hard drive, and obtaining a fixed amount of random data. The dd program can also perform conversions on the data as it is copied, including byte order swapping and conversion to and from the ASCII and EBCDIC text encodings. An attempt to copy the entire disk using cp may omit the final block if it is of an unexpected length; whereas dd may succeed. The source and destination disks should have the same size. 

Q257. A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate? 

A. HTTPS 

B. SSH 

C. FTP 

D. TLS 

Answer: D 

Explanation: Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key. The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. 

Q258. A security analyst noticed a colleague typing the following command: 

`Telnet some-host 443’ 

Which of the following was the colleague performing? 

A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack. 

B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. 

C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead. 

D. A mistaken port being entered because telnet servers typically do not listen on port 443. 

Answer: B 

Explanation: 

B: The Telnet program parameters are: telnet <hostname> <port> 

<hostname> is the name or IP address of the remote server to connect to. 

<port> is the port number of the service to use for the connection. 

TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL 

port. By running the Telnet some-host 443 command, the security analyst is checking that routing 

is done properly and not blocked by a firewall. 

Q259. Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges? 

A. Internal account audits 

B. Account disablement 

C. Time of day restriction 

D. Password complexity 

Answer: A 

Explanation: 

Internal account auditing will allow you to switch the appropriate users to the proper accounts required after the switching of roles occurred and thus check that the principle of least privilege is followed. 

Q260. Why would a technician use a password cracker? 

A. To look for weak passwords on the network 

B. To change a user’s passwords when they leave the company 

C. To enforce password complexity requirements 

D. To change users passwords if they have forgotten them 

Answer: A 

Explanation: 

A password cracker will be able to expose weak passwords on a network.