Press "Enter" to skip to content

Key benefits of sy0 401 practice test

Our pass rate is high to 98.9% and the similarity percentage between our comptia security+ sy0 401 pdf study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA comptia security+ study guide sy0 401 exam in just one try? I am currently studying for the CompTIA comptia security+ sy0 401 exam. Latest CompTIA sy0 401 practice test Test exam practice questions and answers, Try CompTIA security+ sy0 401 Brain Dumps First.


Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:

Q621. Which of the following algorithms has well documented collisions? (Select TWO). 


B. MD5 


D. SHA-256 


Answer: B,C 


B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use. 

C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, "Federal agencies should stop using SHA-1 for…applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010", though that was later relaxed. Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output. Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA-1 in particular both have published techniques more efficient than brute force for finding collisions. 

Q622. A technician wants to verify the authenticity of the system files of a potentially compromised system. Which of the following can the technician use to verify if a system file was compromised? (Select TWO). 




D. MD5 


Answer: C,D 


Q623. Which of the following implementation steps would be appropriate for a public wireless hot-spot? 

A. Reduce power level 

B. Disable SSID broadcast 

C. Open system authentication 

D. MAC filter 



For a public wireless hot-spot, you want members of the public to be able to access the wireless network without having to provide them with a password. Therefore, Open System Authentication is the best solution. 

Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. With OSA, a computer equipped with a wireless modem can access any WEP network and receive files that are not encrypted. For OSA to work, the service set identifier (SSID) of the computer should match the SSID of the wireless access point. The SSID is a sequence of characters that uniquely names a wireless local area network (WLAN). The process occurs in three steps. First, the computer sends a request for authentication to the access point. Then the access point generates an authentication code, usually at random, intended for use only during that session. Finally, the computer accepts the authentication code and becomes part of the network as long as the session continues and the computer remains within range of the original access point. If it is necessary to exchange encrypted data between a WEP network access point and a wireless-equipped computer, a stronger authentication process called Shared Key Authentication (SKA) is required. 

Q624. Which of the following is a vulnerability associated with disabling pop-up blockers? 

A. An alert message from the administrator may not be visible 

B. A form submitted by the user may not open 

C. The help window may not be displayed 

D. Another browser instance may execute malicious code 


Explanation: Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious code. 

Q625. Which of the following protocols is used to authenticate the client and server’s digital certificate? 







Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key. 

Q626. Which of the following can be utilized in order to provide temporary IT support during a disaster, where the organization sets aside funds for contingencies, but does not necessarily have a dedicated site to restore those services? 

A. Hot site 

B. Warm site 

C. Cold site 

D. Mobile site 



Not having a dedicated site means that the mobile site can fill the role of either being a hot, warm or cold site as a disaster recovery measure. 

Q627. A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access. 

Which of the following is the BEST approach to implement this process? 

A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site. 

B. Require the customer to physically come into the company’s main office so that the customer can be authenticated prior to their password being reset. 

C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password. 

D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login. 



People tend to forget their passwords, thus you should have a password recovery system for them that will not increase risk exposure. Setting a temporary password will restrict the time that the password is valid and thus decrease risk; and in addition forcing the customer to change it upon first login will make the password more secure for the customer. 

Q628. A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies? 

A. User rights and permissions review 

B. Change management 

C. Data loss prevention 

D. Implement procedures to prevent data theft 



Terminal Access Controller Access-Control System (TACACS, and variations like XTACACS and TACACS+) is a client/server-oriented environment, and it operates in a manner similar to RADIUS. Furthermore TACACS+ allows for credential to be accepted from multiple methods. Thus you can perform user rights and permission reviews with TACACS+. 

Q629. Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks? 

A. Malicious code on the local system 

B. Shoulder surfing 

C. Brute force certificate cracking 

D. Distributed dictionary attacks 



Once a user authenticates to a remote server, malicious code on the user’s workstation could then infect the server. 

Q630. Which of the following is an application security coding problem? 

A. Error and exception handling 

B. Patch management 

C. Application hardening 

D. Application fuzzing 



Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application.