Proper study guides for Up to the minute CompTIA CompTIA Security+ Certification certified begins with CompTIA SY0-401 preparation products which designed to deliver the High value SY0-401 questions by making you pass the SY0-401 test at your first time. Try the free SY0-401 demo right now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
2021 Mar SY0-401 download
Q221. A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks.
Which of the following is MOST likely the reason for the sub-interfaces?
A. The network uses the subnet of 255.255.255.128.
B. The switch has several VLANs configured on it.
C. The sub-interfaces are configured for VoIP traffic.
D. The sub-interfaces each implement quality of service.
Answer: B
Explanation:
A subinterface is a division of one physical interface into multiple logical interfaces. Routers commonly employ subinterfaces for a variety of purposes, most common of these are for routing traffic between VLANs. Also, IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.
Q222. Which of the following security strategies allows a company to limit damage to internal systems and provides loss control?
A. Restoration and recovery strategies
B. Deterrent strategies
C. Containment strategies
D. Detection strategies
Answer: C
Explanation:
Containment strategies is used to limit damages, contain a loss so that it may be controlled, much like quarantine, and loss incident isolation.
Q223. Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal?
A. A host-based intrusion prevention system
B. A host-based firewall
C. Antivirus update system
D. A network-based intrusion detection system
Answer: B
Explanation:
A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet.
Q224. Which of the following BEST describes a demilitarized zone?
A. A buffer zone between protected and unprotected networks.
B. A network where all servers exist and are monitored.
C. A sterile, isolated network segment with access lists.
D. A private network that is protected by a firewall and a VLAN.
Answer: A
Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
Q225. Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE).
A. Authentication
B. Data leakage
C. Compliance
D. Malware
E. Non-repudiation
F. Network loading
Answer: B,C,D
Explanation:
In a joint enterprise, data may be combined from both organizations. It must be determined, in advance, who is responsible for that data and how the data backups will be managed. Data leakage, compliance and Malware issues are all issues concerning data ownership and backup which are both impacted on by corporate IM.
Rebirth SY0-401 exam question:
Q226. The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?
A. WEP
B. WPA2 CCMP
C. Disable SSID broadcast and increase power levels
D. MAC filtering
Answer: B
Explanation:
CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This initialization vector makes cracking a bit more difficult.
Q227. The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?
A. Disable the SSID broadcasting
B. Configure the access points so that MAC filtering is not used
C. Implement WEP encryption on the access points
D. Lower the power for office coverage only
Answer: D
Explanation:
On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided.
Q228. A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks?
A. Vishing
B. Phishing
C. Whaling
D. SPAM
E. SPIM
Answer: B
Explanation:
Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page. Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the "phisher" counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage. Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
Q229. Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?
A. Spam filter
B. URL filter
C. Content inspection
D. Malware inspection
Answer: B
Explanation:
Q230. A malicious person gained access to a datacenter by ripping the proximity badge reader off the wall near the datacenter entrance. This caused the electronic locks on the datacenter door to release because the:
A. badge reader was improperly installed.
B. system was designed to fail open for life-safety.
C. system was installed in a fail closed configuration.
D. system used magnetic locks and the locks became demagnetized.
Answer: B
Explanation:
It describes a design the lock to fail open for life safety, causing the door to stay open when power is lost – in this case the proximity badge reader was ripped off the wall.