SY0-401 - CompTIA Security+ Certification Exam
Go back to
CompTIA
Example Questions
Which of the following is a security benefit of providing additional HVAC capacity or increased tonnage in a datacenter?
Longer MTBF of hardware due to lower operating temperatures
A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized? (Select TWO).
SCP
SSH
Which of the following methods allows the administrator to create different user templates to comply with the principle of least privilege?
Role-based access control
A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place?
Bluejacking
A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?
Database field encryption
During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?
Port scanner
A security team has established a security awareness program. Which of the following would BEST prove the success of the program?
Metrics
A database administrator receives a call on an outside telephone line from a person who states that they work for a well-known database vendor. The caller states there have been problems applying the newly released vulnerability patch for their database system, and asks what version is being used so that they can assist. Which of the following is the BEST action for the administrator to take?
Thank the caller, report the contact to the manager, and contact the vendor support line to verify any reported patch issues.
Which of the following devices would MOST likely have a DMZ interface?
Firewall
A security administrator is reviewing the below output from a password auditing tool: [email protected] @pW1. S3cU4 Which of the following additional policies should be implemented based on the tool's output?
Password length
Joe, the systems administrator, is setting up a wireless network for his team's laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?
Implement MAC filtering on the access point.
In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization?
Administrator
Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing?
Implicit deny
Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?
Anti-spyware software
A recent spike in virus detections has been attributed to end-users visiting www.compnay.com. The business has an established relationship with an organization using the URL of www.company.com but not with the site that has been causing the infections. Which of the following would BEST describe this type of attack?
Typo squatting
After copying a sensitive document from his desktop to a flash drive, Joe, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Joe's desktop remain encrypted when moved to external media or other network based storage?
File level encryption
A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website over port 443. This Telnet service was found by comparing the system's services to the list of standard services on the company's system image. This review process depends on:
Baselining.
Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either "good", "unknown", or "revoked"?
OCSP
A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. Which of the following should the administrator use to test the patching process quickly and often?
Create a virtualized sandbox and utilize snapshots
The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. Which of the following risk mitigation strategies is MOST important to the security manager?
Routine audits
A security technician is attempting to improve the overall security posture of an internal mail server. Which of the following actions would BEST accomplish this goal?
Disabling unnecessary services
Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that these were false indicators. Which of the following security devices needs to be configured to disable future false alarms?
Anomaly based IDS
An auditor is given access to a conference room to conduct an analysis. When they connect their laptop's Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue?
Network Access Control
Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?
IV attack
Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:
the security controls on the USB drive can be bypassed.
Which of the following can only be mitigated through the use of technical controls rather that user security training?
Zero-day
An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used?
VLAN
At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?
Configure port security.
A company wants to ensure that its hot site is prepared and functioning. Which of the following would be the BEST process to verify the backup datacenter is prepared for such a scenario?
Disaster recovery exercise
After entering the following information into a SOHO wireless router, a mobile device's user reports being unable to connect to the network: PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB Which of the following is preventing the device from connecting?
Hardware address filtering is blocking the device.
Which of the following BEST explains the use of an HSM within the company servers?
Hardware encryption is faster than software encryption.
A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO).
SSH service should be disabled
HTTP service should disabled
Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment?
HVAC
Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?
Mandatory Vacations
Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?
WAF
On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the MOST likely cause for this issue?
The Remote Authentication Dial-In User Service server certificate has expired.
Identifying residual risk is MOST important to which of the following concepts?
Risk acceptance
An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?
CCMP
A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system. Which of the following describes this cause?
False positive
A way to assure data at-rest is secure even in the event of loss or theft is to use:
Full device encryption.
Layer 7 devices used to prevent specific types of html tags are called:
Content filters
A datacenter requires that staff be able to identify whether or not items have been removed from the facility. Which of the following controls will allow the organization to provide automated notification of item removal?
RFID
A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?
3
Which security application can not proactively detect workstation anomalies?
NIDS
A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees' devices are connected?
VLAN
Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?
Matt should implement DLP and encrypt the company database.
Which of the following is characterized by an attacker attempting to map out an organization's staff hierarchy in order to send targeted emails?
Whaling
Pete, a security analyst, has been informed that the development team has plans to develop an application which does not meet the company's password policy. Which of the following should Pete do NEXT?
Tell the application development manager to code the application to adhere to the company's password policy.
Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following?
DNS poisoning
Which of the following should be considered to mitigate data theft when using CAT5 wiring?
EMI shielding
Study Guides