Comptia Security+

Exam code: SY0-401

1. Which IPS/IDS detection technology works by detecting malicious traffic that have previously known attack patterns?

Question 1 of 50

2. An organization that wants to send trade secrets to its branch in another country needs to ensure that such information does not fall into the wrong hands. What goal of security is the organization concerned about?

Question 2 of 50

3. Looking at the diagram below, the web server should be accessible to users on the Internet. What is the best NAT option to allow this kind of configuration?


Question 3 of 50

4. You have been called in to investigate issues with DNS on a network. You decided to capture packets with a protocol analyser for further investigation. Due to the size of the packet capture, you decide to filter it down to just DNS packets. What protocol(s)/port(s) should you use for your filter assuming the default is being used?

Question 4 of 50

5. Looking at the diagram below showing the different components of 802.1X, which of the following terms describes the role of the RADIUS server in 802.1X?


Question 5 of 50

6. In 802.1X, EAP packets are encapsulated over IEEE 802 i.e. EAP over LAN. What does EAP stand for?

Question 6 of 50

7. Which of the following are true about private clouds? Select two.

Question 7 of 50

8. Looking at the diagram below, what port needs to be open on the firewall to allow outside users access the web server via HTTP and HTTPS? Assume default ports. Select two answers.


Question 8 of 50

9. At what layer of the OSI model does NetBIOS operate?

Question 9 of 50

10. Omnidirectional antennas propagate and receive signals in and from all directions i.e. 360 degrees. The Yagi antenna is an example of an omnidirectional antenna. True or False?

Question 10 of 50

11. When a normal packet passes through an Intrusion Prevention System and the IPS generates an alarm, what is this called?

Question 11 of 50

12. Which security concept is enforced when a user is only given access to tools and resources necessary for the user to perform her job duties?

Question 12 of 50

13. Your company is planning to build a new office in a new state. The building's estimated cost is $1,000,000 and you have identified this building as an asset of the company. You have identified that there is the possibility of hurricanes occurring once in 10 years in the area where the building will be located and if a hurricane hits, 85% of the building will be affected. What is the Annualized Loss Expectancy (ALE) of the building?

Question 13 of 50

14. A security document that details the technical and security requirements of sharing data or integrating systems between two entities is called a/an?

Question 14 of 50

15. A firewall is an example of what type of access control?

Question 15 of 50

16. Hashing is a security feature to protect which goal of security?

Question 16 of 50

17. Electrical fires are classed under what category of fires?

Question 17 of 50

18. What RAID level is illustrated in the diagram shown below?


Question 18 of 50

19. A type of malware that disguises itself as a legitimate program but is in fact malicious is known as a?

Question 19 of 50

20. Sam is the CEO of an organization that deals with trading diamonds. Early one morning, he receives an email from one of their suppliers addressed to him and informing him of an outstanding payment for a shipment that Sam thought he had already paid. The email includes a link for Sam to log into the supplier’s portal. Fearing the email may be malicious, Sam gets on the phone with the supplier who tells him they didn’t send any email and that his shipment is already on its way. What kind of email attack did Sam almost fall for?

Question 20 of 50

21. An attack that takes advantage of the typing mistakes made by people trying to access legitimate sites is known as what?

Question 21 of 50

22. John is conducting a penetration test for an organization. Instead of attempting to brute force the password for a user, he decides to use social engineering. He calls one of the help desk staff, claims to be the CEO, and asks that the password for his account be reset as he has forgotten it. The helpdesk personnel not willing to risk his job does not probe John further and goes ahead with the request. In this example, what social engineering principle did John exploit?

Question 22 of 50

23. A Smurf attack targets which principle of security?

Question 23 of 50

24. What attack is depicted in the diagram below?


Question 24 of 50

25. A CCTV system with cameras installed in different parts of a company’s premises is what type of access control? Choose the best answer.

Question 25 of 50

26. Instead of entering a correct username and password in the form below, an attacker enters the following code: ' OR '1'='1' --  What kind of attack is this?


Question 26 of 50

27. In what approach to penetration testing does the tester begin without any inside knowledge of the network being tested?

Question 27 of 50

28. The diagram below shows a replay attack. Which of the following can be used to defeat such an attack?


Question 28 of 50

29. Which of the following is/are true about SQL and NoSQL databases? Select all that apply.

Question 29 of 50

30. Server-side validation is more secure than Client-side validation. True or False?

Question 30 of 50

31. What of the following options are true about whitelisting and blacklisting of applications? Choose two.

Question 31 of 50

32. The ability to expand or reduce the capacity of virtualized systems and cloud computing systems as the need arises is known as?

Question 32 of 50

33. With regard to hardware based encryption, what does TPM stand for?

Question 33 of 50

34. Which virtualization concept allows you to restore the state of your virtual machine to a previous saved state?

Question 34 of 50

35. IPsec VPN can provide protection for what kind of data?

Question 35 of 50

36. Which of the following is NOT true about the RADIUS protocol?

Question 36 of 50

37. What default port does LDAP uses?

Question 37 of 50

38. Arrange the following OSI model layers in descending order (highest to lowest).


Question 38 of 50

39. What is the moving factor in the HMAC-based One Time Password (HOTP) algorithm?

Question 39 of 50

40. Iris scan is an example of what form of authentication?

Question 40 of 50

41. What access control method grants permissions to users based on their job functions within an organization?

Question 41 of 50

42. What does AAA stand for?

Question 42 of 50

43. The three players involved in a Security Assertion Markup Language (SAML) exchange are?

Question 43 of 50

44. In the diagram below, Alice wants to send a message to Bob but is concerned about the message getting into the wrong hands. How can they use asymmetric cryptography to ensure the confidentiality of the message?


Question 44 of 50

45. Which of the following is NOT a block cipher?

Question 45 of 50

46. Which of the following are true about MD5? Choose two.

Question 46 of 50

47. Ephemeral keys remain unchanged between different sessions by two entities. True or False?

Question 47 of 50

48. Choose two correct answers from the options below about Diffie-Hellman.

Question 48 of 50

49. In the diagram below, the user is trying to open a remote SSH connection to the router. What is the default SSH port?


Question 49 of 50

50. Which of the following is NOT a status value that can be returned by an OCSP responder?

Question 50 of 50


Leave a comment