It is more faster and easier to pass the CompTIA sy0 401 vce exam by using Highest Quality CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Most up-to-date security+ sy0 401 Exam and find the same core area comptia security+ sy0 401 pdf questions with professionally verified answers, then PASS your exam with a high score now.

P.S. Highest Quality SY0-401 pdf are available on Google Drive, GET MORE:

New CompTIA SY0-401 Exam Dumps Collection (Question 10 - Question 19)

Q1. Ann was reviewing her company's event logs and observed several instances of GUEST accessing the company print server, file server, and archive database. As she continued to investigate, Ann noticed that it seemed to happen at random intervals throughout the day, but mostly after the weekly automated patching and often logging in at the same time. Which of the following would BEST mitigate this issue?

A. Enabling time of day restrictions

B. Disabling unnecessary services

C. Disabling unnecessary accounts

D. Rogue machine detection

Answer: C


User account control is a very important part of operating system hardening. It is important that only active accounts be operational and that they be properly managed. This means disabling unnecessary accounts.

Enabled accounts that are not needed on a system provide a door through which attackers can gain access. You should disable all accounts that are not needed immediatelyu2014on servers and workstations alike. Here are some types of accounts that you should disable: Employees Who Have Left the Company: Be sure to disable immediately accounts for any employee who has left the company. This should be done the minute employment is terminated.

Temporary Employees: It is not uncommon to create short-term accounts for brief periods of time for access by temporary employees. These also need to be disabled the moment they are no longer needed.

Default Guest Accounts: In many operating systems, a guest account is created during installation and intended for use by those needing only limited access and lacking their own account on the system. This account presents a door into the system that should not be there, and all who have worked with the operating system knows of its existence, thus making it a likely target for attackers.

Q2. Which of the following can be implemented with multiple bit strength?



C. SHA-1

D. MD5

E. MD4

Answer: A


AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits.

Q3. An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to implement this process?

A. Employee is required to share their password with authorized staff prior to leaving the firm

B. Passwords are stored in a reversible form so that they can be recovered when needed

C. Authorized employees have the ability to reset passwords so that the data is accessible

D. All employee data is exported and imported by the employee prior to them leaving the firm

Answer: C


Since a useru2019s password isnu2019t stored on most operating systems (only a hash value is kept), most operating systems allow the administrator (or authorized person in this case) to change the value then the information/files/documents can be accessed. This is the safest

way of recovery by an authorized person and is not dependent on those who leave the firm.

Q4. A security administrator must implement a wireless encryption system to secure mobile devicesu2019 communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?

A. RC4


C. MD5


Answer: A


RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS.

Q5. Joe Has read and write access to his own home directory. Joe and Ann are collaborating on a project, and Joe would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect?

A. Role-based access control

B. Rule-based access control

C. Mandatory access control

D. Discretionary access control

Answer: D


Discretionary access control (DAC) allows access to be granted or restricted by an objectu2019s owner based on user identity and on the discretion of the object owner.

Q6. Users report that after downloading several applications, their systemsu2019 performance has noticeably decreased. Which of the following would be used to validate programs prior to installing them?

A. Whole disk encryption


C. Telnet

D. MD5

Answer: D


MD5 can be used to locate the data which has changed.

The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.

Q7. Which of the following is the difference between identification and authentication of a user?

A. Identification tells who the user is and authentication tells whether the user is allowed to logon to a system.

B. Identification tells who the user is and authentication proves it.

C. Identification proves who the user is and authentication is used to keep the users data secure.

D. Identification proves who the user is and authentication tells the user what they are allowed to do.

Answer: B


Identification is described as the claiming of an identity, and authentication is described as the act of verifying or proving the claimed identity.

Q8. Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication.

Which of the following is an authentication method Jane should use?





Answer: D


A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access.

The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic WEP keys and mutual authentication (between a wireless client and a RADIUS server). LEAP allows for clients to reauthenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don't live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP.

Q9. Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?

A. Kerberos




Answer: D


EAP-TLS, defined in RFC 2716, is an IETF open standard, and is well-supported among wireless vendors. It offers a good deal of security, since TLS is considered the successor of the SSL standard. It uses PKI to secure communication to the RADIUS authentication server.

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e- mail services.

Q10. A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password?

A. Annu2019s user account has administrator privileges.

B. Joeu2019s user account was not added to the group policy.

C. Annu2019s user account was not added to the group policy.

D. Joeu2019s user account was inadvertently disabled and must be re-created.

Answer: C


Group policy is used to manage Windows systems in a Windows network domain

environment by means of a Group Policy Object (GPO). GPOu2019s include a number of settings related to credentials, which includes password expiration. Because Anne was not prompted to change her password, it could only mean that her user account was not added to the group policy.

Recommend!! Get the Highest Quality SY0-401 dumps in VCE and PDF From Certleader, Welcome to download: (New 1781 Q&As Version)