Exambible offers free demo for sy0 401 practice exam exam. "CompTIA Security+ Certification", also known as comptia security+ sy0 401 pdf exam, is a CompTIA Certification. This set of posts, Passing the CompTIA comptia security+ sy0 401 pdf exam, will help you answer those questions. The sy0 401 pdf Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA comptia security+ get certified get ahead sy0 401 study guide exams and revised by experts!

Q191. Which of the following best practices makes a wireless network more difficult to find? 

A. Implement MAC filtering 


C. Disable SSID broadcast 

D. Power down unused WAPs 



Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use. 

Q192. A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident? 

A. MAC Spoofing 

B. Session Hijacking 

C. Impersonation 

D. Zero-day 



Q193. Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment? 

A. Protocol analyzer 

B. Router 

C. Firewall 




A Protocol Analyzer is a hardware device or more commonly a software program used to capture 

network data communications sent between devices on a network. Capturing and analyzing the 

packets sent from two systems that are not communicating properly could help determine the 

cause of the issue. 

Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) 

from Microsoft and Wireshark (formerly Ethereal). 

Q194. A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident? 

A. Eye Witness 

B. Data Analysis of the hard drive 

C. Chain of custody 

D. Expert Witness 



Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. The evidence must always be within your custody, or you’re open to dispute about possible evidence tampering. 

Q195. Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives? 

A. Virtualization 

B. Remote access 

C. Network access control 

D. Blade servers 



Because Virtualization allows a single set of hardware to host multiple virtual machines, it requires less hardware to maintain the current scenario. 

Q196. A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address? 

A. Identification 

B. Authorization 

C. Access control 

D. Authentication 


Q197. A supervisor in the human resources department has been given additional job duties in the accounting department. Part of their new duties will be to check the daily balance sheet calculations on spreadsheets that are restricted to the accounting group. In which of the following ways should the account be handled? 

A. The supervisor should be allowed to have access to the spreadsheet files, and their membership in the human resources group should be terminated. 

B. The supervisor should be removed from the human resources group and added to the accounting group. 

C. The supervisor should be added to the accounting group while maintaining their membership in the human resources group. 

D. The supervisor should only maintain membership in the human resources group. 



You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). By assigning the human resources supervisor’s user account to the group means the supervisor will inherit the permissions of that group, and allow him to carry out the new duties. Because the new duties are being added to his normal duties, maintaining membership in the human resources group will allow the supervisor to continue performing his normal duties. 

Q198. A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network. 

Which of the following should the administrator implement? 

A. WPA2 over EAP-TTLS 


C. WPA2 with WPS 




D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has vulnerabilities and isn’t considered highly secure. Extensible Authentication Protocol (EAP) provides a framework for authentication that is often used with wireless networks. Among the five EAP types adopted by the WPA/ WPA2 standard are EAP-TLS, EAP-PSK, EAP-MD5, as well as LEAP and PEAP. PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server's public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping. 

Q199. Ann was reviewing her company's event logs and observed several instances of GUEST accessing the company print server, file server, and archive database. As she continued to investigate, Ann noticed that it seemed to happen at random intervals throughout the day, but mostly after the weekly automated patching and often logging in at the same time. Which of the following would BEST mitigate this issue? 

A. Enabling time of day restrictions 

B. Disabling unnecessary services 

C. Disabling unnecessary accounts 

D. Rogue machine detection 



Q200. Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO). 

A. Spoofing 

B. Man-in-the-middle 

C. Dictionary 

D. Brute force 

E. Privilege escalation 

Answer: C,D 


Account lockout is a useful method for slowing down online password-guessing attacks. A dictionary attack performs password guessing by making use of a pre-existing list of likely passwords. A brute-force attack is intended to try every possible valid combination of characters to create possible passwords in the attempt to discover the specific passwords used by user accounts.