Skip to content

Exact Security+ SY0-401 examcollection

Act now and download your CompTIA sy0 401 pdf test today! Do not waste time for the worthless CompTIA sy0 401 practice test tutorials. Download Leading CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA comptia security+ sy0 401 pdf with a classic professional.


Free VCE & PDF File for CompTIA SY0-401 Real Exam
(Full Version!)

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

Q341. Pete, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection? 

A. Sign in and sign out logs 

B. Mantrap 

C. Video surveillance 




Mantraps are designed to contain an unauthorized, potentially hostile person/individual physically until authorities arrive. Mantraps are typically manufactured with bulletproof glass, high-strength doors, and locks and to allow the minimal amount of individuals depending on its size. Some mantraps even include scales that will weigh the person. The doors are designed in such a way as to open only when the mantrap is occupied or empty and not in-between. This means that the backdoor must first close before the front door will open. Mantraps are in most cases also combined with guards. This is the most physical protection any one measure will provide. 

Q342. Which of the following is true about an email that was signed by User A and sent to User B? 

A. User A signed with User B’s private key and User B verified with their own public key. 

B. User A signed with their own private key and User B verified with User A’s public key. 

C. User A signed with User B’s public key and User B verified with their own private key. 

D. User A signed with their own public key and User B verified with User A’s private key. 



The sender uses his private key, in this case User A's private key, to create a digital signature. 

The message is, in effect, signed with the private key. The sender then sends the message to the 

receiver. The receiver (User B) uses the public key attached to the message to validate the digital 

signature. If the values match, the receiver knows the message is authentic. 

The receiver uses a key provided by the sender—the public key—to decrypt the message. 

Q343. Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO). 

A. Scanning printing of documents. 

B. Scanning of outbound IM (Instance Messaging). 

C. Scanning copying of documents to USB. 

D. Scanning of SharePoint document library. 

E. Scanning of shared drives. 

F. Scanning of HTTP user traffic. 

Answer: B,F 


DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Outbound IM and HTTP user traffic refers to data over a network which falls within the DLP strategy. 

Q344. A security administrator is tackling issues related to authenticating users at a remote site. There have been a large number of security incidents that resulted from either tailgating or impersonation of authorized users with valid credentials. The security administrator has been told to implement multifactor authentication in order to control facility access. To secure access to the remote facility, which of the following could be implemented without increasing the amount of space required at the entrance? 

A. MOTD challenge and PIN pad 

B. Retina scanner and fingerprint reader 

C. Voice recognition and one-time PIN token 

D. One-time PIN token and proximity reader 



Q345. Which of the following can be implemented with multiple bit strength? 



C. SHA-1 

D. MD5 

E. MD4 



AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits. 

Q346. After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output: 


00:10:A1:36:12:CC MYCORP WPA2 CCMP 60 1202 

00:10:A1:49:FC:37 MYCORP WPA2 CCMP 70 9102 

FB:90:11:42:FA:99 MYCORP WPA2 CCMP 40 3031 

00:10:A1:AA:BB:CC MYCORP WPA2 CCMP 55 2021 00:10:A1:FA:B1:07 MYCORP WPA2 CCMP 30 6044 

Given that the corporate wireless network has been standardized, which of the following attacks is underway? 

A. Evil twin 

B. IV attack 

C. Rogue AP 

D. DDoS 



The question states that the corporate wireless network has been standardized. By ‘standardized’ it means the wireless network access points are running on hardware from the same vendor. We can see this from the MAC addresses used. The first half of a MAC address is vendor specific. The second half is network adapter specific. We have four devices with MAC addresses that start with 00:10:A1. The “odd one out” is the device with a MAC address starting FB:90:11. This device is from a different vendor. The SSID of the wireless network on this access point is the same as the other legitimate access points. Therefore, the access point with a MAC address starting FB:90:11 is impersonating the corporate access points. This is known as an Evil Twin. 

An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique. For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name. In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy for novice users to set up evil twin exploits. 

Q347. Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in exposure of the sensitive data in the database server? 

A. SQL Injection 

B. Theft of the physical database server 

C. Cookies 

D. Cross-site scripting 



The question discusses a very secure environment with disk and transport level encryption and access control lists restricting access. SQL data in a database is accessed by SQL queries from an application on the application server. The data can still be compromised by a SQL injection attack. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 

Q348. Which of the following provides additional encryption strength by repeating the encryption process with additional keys? 


B. 3DES 

C. TwoFish 

D. Blowfish 



Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys). 

Q349. A company determines a need for additional protection from rogue devices plugging into physical ports around the building. 

Which of the following provides the highest degree of protection from unauthorized wired network access? 

A. Intrusion Prevention Systems 

B. MAC filtering 

C. Flood guards 

D. 802.1x 



IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless devices connecting to a LAN or WLAN. 

Q350. Which of the following would MOST likely involve GPS? 

A. Wardriving 

B. Protocol analyzer 

C. Replay attack 

D. WPS attack