May 2016 updated: pass4sure security+ sy0-401

♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

SY0-401 Product Description:
Exam Number/Code: SY0-401 vce
Exam name: CompTIA Security+ Certification
n questions with full explanations
Certification: CompTIA Certification
Last updated on Global synchronizing

Instant Access to Free VCE Files: CompTIA SY0-401 CompTIA Security+ Certification

SY0-401 examcollection

Exam Code: SY0-401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass SY0-401 Exam.

2016 May SY0-401 Study Guide Questions:

Q181. Which of the following cryptographic related browser settings allows an organization to communicate securely? 

A. SSL 3.0/TLS 1.0 

B. 3DES 

C. Trusted Sites 


Answer: A 


Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL in the future. TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As of February 2015, the latest versions of all major web browsers support TLS 1.0, 1.1, and 1.2, have them enabled by default. 

Q182. After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of? 

A. Privilege escalation 

B. Advanced persistent threat 

C. Malicious insider threat 

D. Spear phishing 

Answer: B 


Definitions of precisely what an APT is can vary widely, but can best be summarized by their named requirements: Advanced – Criminal operators behind the threat utilize the full spectrum of computer intrusion technologies and techniques. While individual components of the attack may not be classed as particularly “advanced” (e.g. malware components generated from commonly available DIY construction kits, or the use of easily procured exploit materials), their operators can typically access and develop more advanced tools as required. They combine multiple attack methodologies and tools in order to reach and compromise their target. Persistent – Criminal operators give priority to a specific task, rather than opportunistically seeking immediate financial gain. This distinction implies that the attackers are guided by external entities. The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a “low-and-slow” approach is usually more successful. Threat – means that there is a level of coordinated human involvement in the attack, rather than a mindless and automated piece of code. The criminal operators have a specific objective and are skilled, motivated, organized and well funded. 

Q183. Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency? 

A. Business continuity planning 

B. Continuity of operations 

C. Business impact analysis 

D. Succession planning 

Answer: D 


Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions. 

SY0-401  practice exam

Most recent comptia security+ certification bundle second edition (exam sy0-401):

Q184. Ann, a software developer, has installed some code to reactivate her account one week after her account has been disabled. Which of the following is this an example of? (Select TWO). 

A. Rootkit 

B. Logic Bomb 

C. Botnet 

D. Backdoor 

E. Spyware 

Answer: B,D 


This is an example of both a logic bomb and a backdoor. The logic bomb is configured to ‘go off’ or activate one week after her account has been disabled. The reactivated account will provide a backdoor into the system. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set 

time are not normally regarded as logic bombs. 

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal 

authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, 

and so on, while attempting to remain undetected. The backdoor may take the form of an installed 

program (e.g., Back Orifice) or may subvert the system through a rootkit. 

A backdoor in a login system might take the form of a hard coded user and password combination 

which gives access to the system. 

Q185. Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing? 

A. Port security 

B. Flood guards 

C. Loop protection 

D. Implicit deny 

Answer: D 


Implicit deny says that if you aren’t explicitly granted access or privileges for a resource, you’re denied access by default. The scenario does not state that network printing is allowed in the router access list, therefore, it must be denied by default. 

Q186. Corporate IM presents multiple concerns to enterprise IT. Which of the following concerns should Jane, the IT security manager, ensure are under control? (Select THREE). 

A. Authentication 

B. Data leakage 

C. Compliance 

D. Malware 

E. Non-repudiation 

F. Network loading 

Answer: B,C,D 


In a joint enterprise, data may be combined from both organizations. It must be determined, in advance, who is responsible for that data and how the data backups will be managed. Data leakage, compliance and Malware issues are all issues concerning data ownership and backup which are both impacted on by corporate IM.

Tested security plus certification sy0-401:

Q187. Which of the following best practices makes a wireless network more difficult to find? 

A. Implement MAC filtering 


C. Disable SSID broadcast 

D. Power down unused WAPs 

Answer: C 


Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use. 

Q188. A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed? 

A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls. 

B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities. 

C. Exploit security controls to determine vulnerabilities and misconfigurations. 

D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls. 

Answer: A 


We need to determine if vulnerabilities exist by passively testing security controls. A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise. 

Q189. Which of the following is being tested when a company’s payroll server is powered off for eight hours? 

A. Succession plan 

B. Business impact document 

C. Continuity of operations plan 

D. Risk assessment plan 

Answer: C 


Continuity of operations plan is the effort to ensure the continued performance of critical business functions during a wide range of potential emergencies. 

Q190. Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network? 

A. HIPS on each virtual machine 

B. NIPS on the network 

C. NIDS on the network 

D. HIDS on each virtual machine 

Answer: A 


Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. 

see more CompTIA Security+ Certification