[2021-New] CompTIA SY0-401 Dumps With Update Exam Questions (131-140)

SY0-401 Dumps

SY0-401 Exam Questions - Online Test

SY0-401 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network?

A. Cross-platform compatibility issues between personal devices and server-based applications

B. Lack of controls in place to ensure that the devices have the latest system patches and signature files

C. Non-corporate devices are more difficult to locate when a user is terminated

D. Non-purchased or leased equipment may cause failure during the audits of company-owned assets

Answer: B

Explanation:

With employees who want to bring their own devices you will have to make them understand why they cannot. You do not want them plugging in a flash drive, let alone a camera, smartphone, tablet computer, or other device, on which company fi les could get intermingled with personal files. Allowing this to happen can create situations where data can leave the building that shouldn’t as well as introduce malware to the system. Employees should not sync unauthorized smartphones to their work systems. Some smartphones use multiple wireless spectrums and unwittingly open up the possibility for an attacker in the parking lot to gain access through the phone to the internal network. Thus if you do not have controls in place then your network is definitely at risk.

Q2. When Ann an employee returns to work and logs into her workstation she notices that, several desktop configuration settings have changed. Upon a review of the CCTV logs, it is determined that someone logged into Ann’s workstation. Which of the following could have prevented this from happening?

A. Password complexity policy

B. User access reviews

C. Shared account prohibition policy

D. User assigned permissions policy

Answer: A

Explanation:

The most important countermeasure against password crackers is to use long, complex passwords, which are changed regularly. Since changes were made to Ann’s desktop configuration settings while she was not at work, means that her password was compromised.

Q3. HOTSPOT

For each of the given items, select the appropriate authentication category from the dropdown choices.

Instructions: When you have completed the simu-lation, please select the Done button to submit.

Answer:

Q4. Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports?

A. 25

B. 53

C. 143

D. 443

Answer: D

Explanation:

Q5. When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator’s request?

A. DMZ

B. Cloud services

C. Virtualization

D. Sandboxing

Answer: A

Explanation:

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Q6. Which of the following wireless protocols could be vulnerable to a brute-force password attack? (Select TWO).

A. WPA2-PSK

B. WPA - EAP - TLS

C. WPA2-CCMP

D. WPA -CCMP

E. WPA - LEAP

F. WEP

Answer: A,E

Explanation:

A brute force attack is an attack that attempts to guess a password. WPA2-PSK and WEP both use a “Pre-Shared Key”. The pre-shared key is a password and therefore is susceptible to a brute force attack.

Q7. A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend?

A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna.

B. Change the encryption used so that the encryption protocol is CCMP-based.

C. Disable the network's SSID and configure the router to only access store devices based on MAC addresses.

D. Increase the access point's encryption from WEP to WPA TKIP.

Answer: B

Explanation:

Q8. Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity’s of Joe’s certificate? (Select TWO).

A. The CA’s public key

B. Joe’s private key

C. Ann’s public key

D. The CA’s private key

E. Joe’s public key

F. Ann’s private key

Answer: A,E

Explanation:

Joe wants to send a message to Ann. It’s important that this message not be altered. Joe will use the private key to create a digital signature. The message is, in effect, signed with the private key. Joe then sends the message to Ann. Ann will use the public key attached to the message to validate the digital signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key provided by Joe—the public key—to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus Ann would compare the signature area referred to as a message in the message with the calculated value digest (her private key in this case). If the values match, the message hasn’t been tampered with and the originator is verified as the person they claim to be. This process provides message integrity, nonrepudiation, and authentication. A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. A certificate is nothing more than a mechanism that associates the public key with an individual. If Joe wants to send Ann an encrypted e-mail, there should be a mechanism to verify to Ann that the message received from Mike is really from Joe. If a third party (the CA) vouches for Joe and Ann trusts that third party, Ann can assume that the message is authentic because the third party says so.

Q9. Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?

A. Armored virus

B. Polymorphic malware

C. Logic bomb

D. Rootkit

Answer: A

Explanation:

An armored virus is a type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult. An Armored Virus may also protect itself from antivirus programs, making it more difficult to trace. To do this, the Armored Virus attempts to trick the antivirus program into believing its location is somewhere other than where it really is on the system.

Q10. The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter’s HVAC. Which of the following can be implemented?

A. Cold site

B. Load balancing

C. Warm site

D. Hot site

Answer: C

Explanation:

Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization with which yours has a reciprocal agreement.