The Secret of CompTIA SY0-401 exam dumps

SY0-401 Royal Pack Testengine pdf

100% Actual & Verified — 100% PASS

Unlimited access to the world's largest Dumps library!

Free SY0-401 Download

Act now and download your CompTIA security+ sy0 401 test today! Do not waste time for the worthless CompTIA comptia security+ sy0 401 tutorials. Download Leading CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA comptia sy0 401 with a classic professional.

Q411. Several users report to the administrator that they are having issues downloading files from the file server. Which of the following assessment tools can be used to determine if there is an issue with the file server? 

A. MAC filter list 

B. Recovery agent 

C. Baselines 

D. Access list 



The standard configuration on a server is known as the baseline. In this question, we can see if 

anything has changed on the file server by comparing its current configuration with the baseline. 

The IT baseline protection approach is a methodology to identify and implement computer security 

measures in an organization. The aim is the achievement of an adequate and appropriate level of 

security for IT systems. This is known as a baseline. 

A baseline report compares the current status of network systems in terms of security updates, 

performance or other metrics to a predefined set of standards (the baseline). 

Q412. Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts? 

A. badlog 

B. faillog 

C. wronglog 

D. killlog 



var/log/faillog - This Linux log fi le contains failed user logins. You’ll find this log useful when 

tracking attempts to crack into your system. 

/var/log/apport.log This log records application crashes. Sometimes these can reveal attempts to 

compromise the system or the presence of a virus or spyware. 

Q413. Which of the following IP addresses would be hosts on the same subnet given the subnet mask (Select TWO). 






Answer: C,D 


With the given subnet mask, a maximum number of 30 hosts between IP addresses and are allowed. Therefore, option C and D would be hosts on the same subnet, and the other options would not. 


Q414. Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which of the following attacks? 

A. Shoulder surfing 

B. Dumpster diving 

C. Tailgating 

D. Spoofing 



Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash. 

Q415. Ann, a newly hired human resource employee, sent out confidential emails with digital signatures, to an unintended group. Which of the following would prevent her from denying accountability? 

A. Email Encryption 

B. Steganography 

C. Non Repudiation 

D. Access Control 



Nonrepudiation prevents one party from denying actions they carried out. 

Q416. Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO). 

A. Acceptable use policy 

B. Risk acceptance policy 

C. Privacy policy 

D. Email policy 

E. Security policy 

Answer: A,C 


Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document that outlines how data collected is secured. It should encompass information regarding the information the company collects, privacy choices you have based on your account, potential information sharing of your data with other parties, security measures in place, and enforcement. Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. 

Q417. Which of the following provides data the best fault tolerance at the LOWEST cost? 

A. Load balancing 

B. Clustering 

C. Server virtualization 

D. RAID 6 



RAID, or redundant array of independent disks (RAID). RAID allows your existing servers to have more than one hard drive so that if the main hard drive fails, the system keeps functioning. RAID can achieve fault tolerance using software which can be done using the existing hardware and software thus representing the lowest cost option. 

Q418. Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO). 

A. Separation of duties 

B. Job rotation 

C. Mandatory vacation 

D. Time of day restrictions 

E. Least privilege 

Answer: A,E 


Q419. One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following? 

A. Mandatory access 

B. Rule-based access control 

C. Least privilege 

D. Job rotation 



A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more. 

Q420. Which of the following is a step in deploying a WPA2-Enterprise wireless network? 

A. Install a token on the authentication server 

B. Install a DHCP server on the authentication server 

C. Install an encryption key on the authentication server 

D. Install a digital certificate on the authentication server 



When setting up a wireless network, you’ll find two very different modes of Wi-Fi Protected Access (WPA) security, which apply to both the WPA and WPA2 versions. The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK) mode. It doesn’t require anything beyond the wireless router or access points (APs) and uses a single passphrase or password for all users/devices. The other is the Enterprise mode —which should be used by businesses and organizations—and 

is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides better security and key 

management, and supports other enterprise-type functionality, such as VLANs and NAP. 

However, it requires an external authentication server, called a Remote Authentication Dial In User 

Service (RADIUS) server to handle the 802.1X authentication of users. 

To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X, 

here’s the basic overall steps: 

Choose, install, and configure a RADIUS server, or use a hosted service. 

Create a certificate authority (CA), so you can issue and install a digital certificate onto the 

RADIUS server, which may be done as a part of the RADIUS server installation and configuration. 

Alternatively, you could purchase a digital certificate from a public CA, such as GoDaddy or 

Verisign, so you don’t have to install the server certificate on all the clients. If using EAP-TLS, 

you’d also create digital certificates for each end-user. 

On the server, populate the RADIUS client database with the IP address and shared secret for 

each AP. 

On the server, populate user data with usernames and passwords for each end-user. 

On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server IP 

address and the shared secret you created for that particular AP. 

On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and set the 

802.1X authentication settings. 

More SY0-401 Certification Sample Questions and Answers: