Resources to comptia security+ sy0 401

Free Instant Download NEW 70-490 Exam Dumps (PDF & VCE):
Available on:

we provide Exact CompTIA sy0 401 practice test brain dumps which are the best for clearing comptia security+ sy0 401 pdf test, and to get certified by CompTIA CompTIA Security+ Certification. The sy0 401 practice exam Questions & Answers covers all the knowledge points of the real comptia sy0 401 exam. Crack your CompTIA comptia security+ sy0 401 pdf Exam with latest dumps, guaranteed!

P.S. Exact SY0-401 dump are available on Google Drive, GET MORE:

New CompTIA SY0-401 Exam Dumps Collection (Question 6 - Question 15)

Q1. Which of the following cryptographic related browser settings allows an organization to communicate securely?

A. SSL 3.0/TLS 1.0


C. Trusted Sites


Answer: A


Secure Sockets Layer (SSL) is used to establish a secure communication connection

between two TCP-based machines. Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL in the future. TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As of February 2015, the latest versions of all major web browsers support TLS 1.0, 1.1, and 1.2, have them enabled by default.

Q2. In which of the following scenarios would it be preferable to implement file level encryption instead of whole disk encryption?

A. A server environment where the primary security concern is integrity and not file recovery

B. A cloud storage environment where multiple customers use the same hardware but possess different encryption keys

C. A SQL environment where multiple customers access the same database

D. A large datacenter environment where each customer users dedicated hardware resources

Answer: B

Q3. A system administrator is implementing a firewall ACL to block specific communication to and from a predefined list of IP addresses, while allowing all other communication. Which of the following rules is necessary to support this implementation?

A. Implicit allow as the last rule

B. Implicit allow as the first rule

C. Implicit deny as the first rule

D. Implicit deny as the last rule

Answer: C

Q4. Which of the following explains the difference between a public key and a private key?

A. The public key is only used by the client while the private key is available to all. Both keys are mathematically related.

B. The private key only decrypts the data while the public key only encrypts the data. Both keys are mathematically related.

C. The private key is commonly used in symmetric key decryption while the public key is used in asymmetric key decryption.

D. The private key is only used by the client and kept secret while the public key is available to all.

Answer: D


The private key must be kept secret at all time. The private key is only by the client. The public key is available to anybody.

Q5. A CRL is comprised of.

A. Malicious IP addresses.

B. Trusted CAu2019s.

C. Untrusted private keys.

D. Public keys.

Answer: D


A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key.

By checking the CRL you can check if a particular certificate has been revoked. The certificates for which a CRL should be maintained are often X.509/public key certificates, as this format is commonly used by PKI schemes.

Q6. A security technician received notification of a remotely exploitable vulnerability affecting all multifunction printers firmware installed throughout the organization. The vulnerability allows a malicious user to review all the documents processed by the affected printers. Which of the following compensating controls can the security technician to mitigate the security risk of a sensitive document leak?

A. Create a separate printer network

B. Perform penetration testing to rule out false positives

C. Install patches on the print server

D. Run a full vulnerability scan of all the printers

Answer: C

Q7. Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image?

A. Transport encryption

B. Steganography

C. Hashing

D. Digital signature

Answer: B


Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.

Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.

Q8. A security technician has been tasked with opening ports on a firewall to allow users to browse the internet. Which of the following ports should be opened on the firewall? (Select Three)

A. 22

B. 53

C. 80

D. 110

E. 443

F. 445

G. 8080

Answer: C,E,G

Q9. Which of the following BEST describes part of the PKI process?

A. User1 decrypts data with User2u2019s private key

B. User1 hashes data with User2u2019s public key

C. User1 hashes data with User2u2019s private key

D. User1 encrypts data with User2u2019s public key

Answer: D


In a PKI the sender encrypts the data using the receiver's public key. The receiver decrypts the data using his own private key.

PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates. Messages are encrypted with a public key and decrypted with a private key.

A PKI example:

You want to send an encrypted message to Jordan, so you request his public key. Jordan responds by sending you that key.

You use the public key he sends you to encrypt the message. You send the message to him.

Jordan uses his private key to decrypt the message.

Q10. Which of the following is MOST critical in protecting control systems that cannot be regularly patched?

A. Asset inventory

B. Full disk encryption

C. Vulnerability scanning

D. Network segmentation

Answer: B

P.S. Easily pass SY0-401 Exam with Examcollectionplus Exact Dumps & pdf vce, Try Free: (1781 New Questions)

Get More Information : Get SY0-401 now

Money Back Guarantee


CertifyForAll has a remarkable Candidate Success record. We're confident of our products and provide a no hassle money back guarantee.

Who Chooses CertifyForAll

CertifyForAll is the world's largest certification preparation company with 99.3% Pass Rate History from 170344+ Satisfied Customers in 145 Countries.

EXE exam format