Exambible comptia security+ study guide sy0 401 Questions are updated and all comptia security+ study guide sy0 401 answers are verified by experts. Once you have completely prepared with our security+ sy0 401 exam prep kits you will be ready for the real comptia security+ study guide sy0 401 exam without a problem. We have Avant-garde CompTIA security+ sy0 401 dumps study guide. PASSED sy0 401 dump First attempt! Here What I Did.

Q181. A system administrator is setting up a file transfer server. The goal is to encrypt the user authentication and the files the user is sending using only a user ID and a key pair. Which of the following methods would achieve this goal? 


B. IPSec 





Q182. Which of the following explains the difference between a public key and a private key? 

A. The public key is only used by the client while the private key is available to all. Both keys are mathematically related. 

B. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related. 

C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption. 

D. The private key is only used by the client and kept secret while the public key is available to all. 



The private key must be kept secret at all time. The private key is only by the client. The public key is available to anybody. 

Q183. Which of the following should be done before resetting a user’s password due to expiration? 

A. Verify the user’s domain membership. 

B. Verify the user’s identity. 

C. Advise the user of new policies. 

D. Verify the proper group membership. 



When resetting a password, users have to establish their identity by answering a series of personal questions, using a hardware authentication token, or responding to a password notification e-mail. Users can then either specify a new, unlocked password, or ask that a randomly generated one be provided. This can be done from their workstation login prompt, or through a telephone call. 

Q184. When employees that use certificates leave the company they should be added to which of the following? 


B. CA 





The certificates of the leaving employees must be made unusable. This is done by revoking them. 

The revoke certificates end up in the CRL. 

Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers 

paired with digital certificate status. The list enumerates revoked certificates along with the 

reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also 

included. In addition, each list contains a proposed date for the next release. 

Q185. The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented? 

A. Implicit deny 

B. VLAN management 

C. Port security 

D. Access control lists 



In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this question we need to configure routing. When configuring routing, you specify which IP range (in this case, the IP subnet of the remote site) is allowed to route traffic through the router to the FTP server. 

Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted. 

Q186. Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process? 

A. Separation of Duties 

B. Mandatory Vacations 

C. Discretionary Access Control 

D. Job Rotation 



Separation of duties means that users are granted only the permissions they need to do their work and no more. 

Q187. Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO). 

A. 110 

B. 137 

C. 139 

D. 143 

E. 161 

F. 443 

Answer: B,C 

Explanation: NetBIOS provides four distinct services: 

Name service for name registration and resolution (port: 137/udp) 

Name service for name registration and resolution (port: 137/tcp) 

Datagram distribution service for connectionless communication (port: 138/udp) 

Session service for connection-oriented communication (port: 139/tcp) 

Q188. An administrator is concerned that a company’s web server has not been patched. Which of the following would be the BEST assessment for the administrator to perform? 

A. Vulnerability scan 

B. Risk assessment 

C. Virus scan 

D. Network sniffer 



A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. Vulnerabilities include computer systems that do not have the latest security patches installed. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise. 

Q189. Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption? 

A. Blowfish 


C. SHA256 




Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). Among the alternatives listed above, it is the only cipher that can use a 128-bit key and which does provide additional security through a symmetric key. 

Q190. Pete, the Chief Executive Officer (CEO) of a company, has increased his travel plans for the next two years to improve business relations. Which of the following would need to be in place in case something happens to Pete? 

A. Succession planning 

B. Disaster recovery 

C. Separation of duty 

D. Removing single loss expectancy 



Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.