CompTIA Security+ SY0-401 Dumps practice testing questions and Answers | 100% Free

Share real and effective CompTIA Security+ SY0-401 exam dumps for free. 40 Online SY0-401 Exam Practice test questions and answers, online SY0-401 pdf download and YouTube video learning, easy to learn! Get the full SY0-401 Dumps: (1789 Q&A) to make it easy to pass the exam!

The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; and operate with an awareness of applicable policies, laws, and regulations.The successful candidate will perform these tasks to support the principles of confidentiality, integrity, and availability.

[PDF] Free CompTIA Security+ SY0-401 pdf dumps download from Google Drive:

[PDF] Free Full CompTIA pdf dumps download from Google Drive:

CompTIA Security+ Certification – CompTIA IT Certifications:

Latest effective CompTIA Security+ SY0-401 Exam Practice Tests

After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security
Officer (CSO) to discuss ways to better protect the privacy of customer data. Which of the following controls support this
A. Contingency planning
B. Encryption and stronger access control
C. Hashing and non-repudiation
D. Redundancy and fault tolerance
Correct Answer: B
Encryption is used to protect data/contents/documents. Access control refers to controlling who accesses any
data/contents/documents and to exercise authorized control to the accessing of that data.

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes
to integrate the security controls of some of the network devices in the organization. Which of the following methods
would BEST accomplish this goal?
A. Unified Threat Management
B. Virtual Private Network
C. Single sign on
D. Role-based management
Correct Answer: A
Unified Threat Management (UTM) is, basically, the combination of a firewall with other abilities. These abilities include
intrusion prevention, antivirus, content filtering, etc.
Advantages of combining everything into one:
You only have one product to learn.
You only have to deal with a single vendor.
IT provides reduced complexity.

Which of the following is a security risk regarding the use of public P2P as a method of collaboration?
A. Data integrity is susceptible to being compromised.
B. Monitoring data changes induces a higher cost.
C. Users are not responsible for data usage tracking.
D. Limiting the amount of necessary space for data storage.
Correct Answer: A
Peer-to-peer (P2P) networking is commonly used to share files such as movies and music, but you must not allow users
to bring in devices and create their own little networks. All networking must be done through administrators and not on a
P2P basis. Data integrity can easily be compromised when using public P2P networking.

Which of the following technologies when applied to android and iOS environments, can an organization use to add
security restrictions and encryption to existing mobile applications? (Select Two)
A. Mobile device management
B. Containerization
C. Application whitelisting
D. Application wrapping
E. Mobile application store
Correct Answer: AC

RC4 is a strong encryption protocol that is generally used with which of the following?
Correct Answer: C
Rivest Cipher 4 (RC4) is a 128-bit stream cipher used WEP and WPA encryption.

The Chief Technology Officer (CTO) wants to improve security surrounding storage of customer passwords.
The company currently stores passwords as SHA hashes. Which of the following can the CTO implement requiring the
LEAST change to existing systems?
A. Smart cards
C. Key stretching
D. Asymmetric keys
Correct Answer: A
Smart cards usually come in two forms. The most common takes the form of a rectangular piece of plastic with an
embedded microchip. The second is as a USB token. It contains a built in processor and has the ability to securely store
and process information. A “contact” smart card communicates with a PC using a smart card reader whereas a
“contactless” card sends encrypted information via radio waves to the PC. Typical scenarios in which smart cards are
used include interactive logon, e-mail signing, e-mail decryption and remote access authentication. However, smart
cards are programmable and can contain programs and data for many different applications. For example smart cards
may be used to store medical histories for use in emergencies, to make electronic cash payments or to verify the
identity of a customer to an e-retailer. Microsoft provides two device independent APIs to insulate application developers
from differences between current and future implementations: CryptoAPI and Microsoft Win32?SCard APIs. The
Cryptography API contains functions that allow applications to encrypt or digitally sign data in a flexible manner, while
providing protection for the user\\’s sensitive private key data. All cryptographic operations are performed by
independent modules known as cryptographic service providers (CSPs). There are many different cryptographic
algorithms and even when implementing the same algorithm there are many choices to make about key sizes and
padding for example. For this reason, CSPs are grouped into types, in which each supported CryptoAPI function, by
default, performs in a way particular to that type. For example, CSPs in the PROV_DSS provider type support DSS
Signatures and MD5 and SHA hashing.

A security technician needs to open ports on a firewall to allow for domain name resolution. Which of the following ports
should be opened? (Select TWO).
A. TCP 21
B. TCP 23
C. TCP 53
D. UDP 23
E. UDP 53
Correct Answer: CE
DNS uses TCP and UDP port 53. TCP port 53 is used for zone transfers, whereas UDP port 53 is used for queries.

In order to gain an understanding of the latest attack tools being used in the wild, an administrator puts a Unix server on
the network with the root users password to set root. Which of the following best describes this technique?
A. Pharming
B. Honeypot
C. Gray box testing
D. phishing
Correct Answer: B

Company XYZ recently salvaged company laptops and removed all hard drives, but the Chief Information Officer (CIO)
is concerned about disclosure of confidential information. Which of the following is the MOST secure method to dispose
of these hard drives?
A. Degaussing
B. Physical Destruction
C. Lock up hard drives in a secure safe
D. Wipe
Correct Answer: B
The physical description of hard drives is the only secure means of disposing hard drives. This can include incineration,
an acid bath, and crushing.

A malicious user has collected the following list of information: OpenSSH-Server_5.8 OpenSSH-Server_5.7 OpenSSH-Server_5.7
Which of the following techniques is MOST likely to gather this type of data?
A. Banner grabbing
B. Port scan
C. Host scan
D. Ping scan
Correct Answer: B

It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their
messages are not intercepted or altered during transmission. They are concerned about which of the following types of
security control?
A. Integrity
B. Safety
C. Availability
D. Confidentiality
Correct Answer: A
Integrity means that the messages/ data is not altered. PII is personally identifiable information that can be used to
uniquely identify an individual. PII can be used to ensure the integrity of data/messages.

A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the
following options would be the BEST solution at a minimal cost?
A. Clustering
B. Mirrored server
D. Tape backup
Correct Answer: C
RAID, or redundant array of independent disks (RAID). RAID allows your existing servers to have more than one hard
drive so that if the main hard drive fails, the system keeps functioning. RAID can achieve fault tolerance using software
which can be done using the existing hardware and software.

While rarely enforced, mandatory vacation policies are effective at uncovering:
A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems.
B. Collusion between two employees who perform the same business function.
C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team.
D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.
Correct Answer: D
Least privilege (privilege reviews) and job rotation is done when mandatory vacations are implemented. Then it will
uncover areas where the system administrators neglected to check all users\\’ privileges since the other users must fill
in their positions when they are on their mandatory vacation.

A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy
shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the
day. Corporate has asked that the IT department provide a solution to eliminate laptop theft. Which of the following
would provide the IT department with the BEST solution?
A. Attach cable locks to each laptop
B. Require each customer to sign an AUP
C. Install a GPS tracking device onto each laptop
D. Install security cameras within the perimeter of the caf?
Correct Answer: A
All laptop cases include a built-in security slot in which a cable lock can be inserted to prevent it from easily being
removed from the premises.

Several departments in a corporation have a critical need for routinely moving data from one system to another using
removable storage devices. Senior management is concerned with data loss and the introduction of malware on the
network. Which of the following choices BEST mitigates the range of risks associated with the continued use of
removable storage devices?
A. Remote wiping enabled for all removable storage devices
B. Full-disk encryption enabled for all removable storage devices
C. A well defined acceptable use policy
D. A policy which details controls on removable storage use
Correct Answer: D
Removable storage is both a benefit and a risk and since not all mobile devices support removable storage, the
company has to has a comprehensive policy which details the controls of the use of removable s to mitigate the range of
risks that are associated with the use of these devices.

A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the
network and an image of the hard drive has been created. However, the system administrator stated that the system
was left unattended for several hours before the image was created. In the event of a court case, which of the following
is likely to be an issue with this incident?
A. Eye Witness
B. Data Analysis of the hard drive
C. Chain of custody
D. Expert Witness
Correct Answer: C
Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to
collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it
has been. The evidence must always be within your custody, or you\\’re open to dispute about possible evidence

Which of the following works by implanting software on systems but delays execution until a specific set of conditions is
A. Logic bomb
B. Trojan
C. Scareware
D. Ransomware
Correct Answer: A

A technician has been tasked with installing and configuring a wireless access point for the engineering department.
After the AP has been installed, there have been reports the employees from other departments have been connecting
to it without approval. Which of the following would BEST address these concerns?
A. Change the SSID of the AP so that it reflects a different department, obscuring its ownership
B. Implement WPA2 encryption in addition to WEP to protect the data-in-transit
C. Configure the AP to allow only to devices with pre-approved hardware addresses
D. Lower the antenna\\’s power so that it only covers the engineering department\\’s offices
Correct Answer: D

A security administrator suspects that an employee in the IT department is utilizing a reverse proxy to bypass the
company\\’s content filter and browse unapproved and non-work related sites while at work. Which of the following tools
could BEST be used to determine how the employee is connecting to the reverse proxy?
A. Port scanner
B. Vulnerability scanner
C. Honeypot
D. Protocol analyzer
Correct Answer: C

A company has decided to move large data sets to a cloud provider in order to limit the costs of new infrastructure.
Some of the data is sensitive and the Chief Information Officer wants to make sure both parties have a clear
understanding of the controls needed to protect the data.
Which of the following types of interoperability agreement is this?
Correct Answer: A
ISA/ Interconnection Security Agreement is an agreement between two organizations that have connected systems. The
agreement documents the technical requirements of the connected systems.

An administrator performs a risk calculation to determine if additional availability controls need to be in place. The
administrator estimates that a server fails and needs to be replaced once every 2 years at a cost of $8,000. Which of the
following represents the factors that the administrator would use to facilitate this calculation?
A. ARO= 0.5; SLE= $4,000; ALE= $2,000
B. ARO=0.5; SLE=$8,000; ALE=$4,000
C. ARO=0.5; SLE= $4,000; ALE=$8,000
D. ARO=2; SLE= $4,000; ALE=$8,000
E. ARO=2; SLE= $8,000; ALE= $16,000
Correct Answer: B

Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial
information. Which of the following attacks is being described?
A. Phishing
B. Tailgating
C. Pharming
D. Vishing
Correct Answer: D
Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical
financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the
and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or
landline or cellular telephone.
The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has
taken place in a credit card account, bank account, mortgage account or other financial service in their name. The victim
told to call a specific telephone number and provide information to “verify identity” or to “ensure that fraud does not
occur.” If the attack is carried out by telephone, caller ID spoofing can cause the victim\\’s set to indicate a legitimate
such as a bank or a government agency.
Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many legitimate
customer services, vishing scams are often outsourced to other countries, which may render sovereign law
Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal
activity, no matter what the medium or apparent source. Rather than calling a number given in any unsolicited message,
consumer should directly call the institution named, using a number that is known to be valid, to verify all recent activity
and to ensure that the account information has not been tampered with.

An administrator intends to configure an IPSec solution that provides ESP with integrity protection, but not confidentiality
protection. Which of the following AES modes of operation would meet this integrity-only requirement?
Correct Answer: A

Layer 7 devices used to prevent specific types of html tags are called:
A. Firewalls
B. Content filters
C. Routers
Correct Answer: B
A content filter is a is a type of software designed to restrict or control the content a reader is authorised to access,
particularly when used to limit material delivered over the Internet via the Web, e-mail, or other means. Because the
user and the OSI layer interact directly with the content filter, it operates at Layer 7 of the OSI model.

The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business
functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer
(CRO) has agreed with the CIO\\’s direction but has mandated that key authentication systems be run within the
organization\\’s network. Which of the following would BEST meet the CIO and CRO\\’s requirements?
A. Software as a Service
B. Infrastructure as a Service
C. Platform as a Service
D. Hosted virtualization service
Correct Answer: A
Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service
provider and made available to customers over a network, typically the Internet.

A security administrator implements a web server that utilizes an algorithm that requires other hashing standards to
provide data integrity. Which of the following algorithms would meet the requirement?
B. MD5
Correct Answer: A

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-
interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the
reason for the sub-interfaces?
A. The network uses the subnet of
B. The switch has several VLANs configured on it.
C. The sub-interfaces are configured for VoIP traffic.
D. The sub-interfaces each implement quality of service.
Correct Answer: B
A subinterface is a division of one physical interface into multiple logical interfaces. Routers commonly employ
subinterfaces for a variety of purposes, most common of these are for routing traffic between VLANs. Also, IEEE
802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.

A website administrator has received an alert from an application designed to check the integrity of the company\\’s
website. The alert indicated that the hash value for a particular MPEG file has changed. Upon further investigation, the
media appears to be the same as it was before the alert. Which of the following methods has MOST likely been used?
A. Cryptography
B. Time of check/time of use
C. Man in the middle
D. Covert timing
E. Steganography
Correct Answer: E

After an audit, it was discovered that the security group memberships were not properly adjusted for employees\\’
accounts when they moved from one role to another. Which of the following has the organization failed to properly
implement? (Select TWO).
A. Mandatory access control enforcement.
B. User rights and permission reviews.
C. Technical controls over account management.
D. Account termination procedures.
E. Management controls over account management.
F. Incident management and response plan.
Correct Answer: BE
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the
appropriate privileges assigned according to the policies of the corporation and their job descriptions since they were all
moved to different roles. Control over account management would have taken into account the different roles that
employees have and adjusted the rights and permissions of these roles accordingly.

Mobile tablets are used by employees on the sales floor to access customer data. Ann a customer recently reported that
another customer was able to access her personal information on the tablet after the employee left the area. Which of
the following would BEST prevent these issues from reoccurring?
A. Screen Locks
B. Full-device encryption
C. Application control
D. Asset tracking
Correct Answer: A

Ann, a security administrator, is strengthening the security controls of the company\\’s campus. Her goal is to prevent
people from accessing open locations that are not supervised, such as around the receiving dock. She is also
concerned that employees are using these entry points as a way of bypassing the security guard at the main entrance.
Which of the following should Ann recommend that would BEST address her concerns?
A. Increase the lighting surrounding every building on campus
B. Build fences around campus with gate entrances
C. Install cameras to monitor the unsupervised areas
D. Construct bollards to prevent vehicle entry in non-supervised areas
Correct Answer: B

Which of the following authentication services should be replaced with a more secure alternative?
Correct Answer: B
Terminal Access Controller Access-Control System (TACACS) is less secure than XTACACS, which is a proprietary
extension of TACACS, and less secure than TACACS+, which replaced TACACS and XTACACS.

Sara, a security engineer, is testing encryption ciphers for performance. Which of the following ciphers offers strong
encryption with the FASTEST speed?
B. Blowfish
C. Serpent
D. AES256
Correct Answer: B
Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very
fast speeds. Blowfish is a fast, except when changing keys. It is a symmetric block cipher that can use variable-length
keys (from 32 bits to 448 bits).

A web startup wants to implement single sign-on where its customers can log on to the site by suing their personal and
existing corporate email credentials regardless of which company they work for. Is this directly supported by SAML?
A. Mo not without extensive partnering and API integration with all required email providers
B. Yes SAML is a web based single sign-on implementation exactly fir this purpose
C. No a better approach would be to use required email providers LDAP or RADIUS repositories
D. Yes SAML can use oauth2 to provide this functionality out of the box
Correct Answer: A

The chief security officer (CSO) has issued a new policy to restrict generic or shared accounts on company systems.
Which of the following sections of the policy requirements will have the most impact on generic and shared accounts?
A. Account lockout
B. Password length
C. Concurrent logins
D. Password expiration
Correct Answer: C

A company is concerned that a compromised certificate may result in a man-in-the-middle attack against backend
financial servers. In order to minimize the amount of time a compromised certificate would be accepted by other servers,
the company decides to add another validation step to SSL/TLS connections. Which of the following technologies
provides the FASTEST revocation capability?
A. Online Certificate Status Protocol (OCSP)
B. Public Key Cryptography (PKI)
C. Certificate Revocation Lists (CRL)
D. Intermediate Certificate Authority (CA)
Correct Answer: A
CRL (Certificate Revocation List) was first released to allow the CA to revoke certificates, however due to limitations
with this method it was succeeded by OSCP. The main advantage to OCSP is that because the client is allowed query
the status of a single certificate, instead of having to download and parse an entire list there is much less overhead on
the client and network.

A security administrator has configured FTP in passive mode. Which of the following ports should the security
administrator allow on the firewall by default?
A. 20
B. 21
C. 22
D. 23
Correct Answer: B
When establishing an FTP session, clients start a connection to an FTP server that listens on TCP port 21 by default.

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model?
A. Packet Filter Firewall
B. Stateful Firewall
C. Proxy Firewall
D. Application Firewall
Correct Answer: B
Stateful inspections occur at all levels of the network.

An intrusion has occurred in an internet facing system. The security administrator would like to gather forensic evidence
while the system is still in operation. Which of the following procedures should the administrator perform FIRST on the
A. Make a drive image
B. Take hashes of system data
C. Collect information in RAM
D. Capture network traffic
Correct Answer: D

A company hosts its public websites internally. The administrator would like to make some changes to the architecture.
The three goals are: reduce the number of public IP addresses in use by the web servers drive all the web traffic
through a central point of control mitigate automated attacks that are based on IP address scanning Which of the
following would meet all three goals?
A. Firewall
B. Load balancer
C. URL filter
D. Reverse proxy
Correct Answer: D
The purpose of a proxy server is to serve as a proxy or middle man between clients and servers. Using a reverse proxy
you will be able to meet the three stated goals.

We offer more ways to make it easier for everyone to learn, and YouTube is the best tool in the video. Follow channels: get more useful exam content.

Latest CompTIA Security+ SY0-401 YouTube videos:

Share 40 of the latest CompTIA Security+ SY0-401 exam questions and answers for free to help you improve your skills and experience ! Easily select the complete SY0-401 Dumps: (1789 Q&A) through the exam! Guaranteed to be
true and effective! Easily pass the exam!

[PDF] Free CompTIA Security+ SY0-401 pdf dumps download from Google Drive:

[PDF] Free Full CompTIA pdf dumps download from Google Drive:

Lead4pass Promo Code 12% Off

lead4pass SY0-401 coupon


related comptia Security+: