CompTIA Security+ SY0-401 practice exams 1500 questions
0.0 (0 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4 students enrolled

CompTIA Security+ SY0-401 practice exams 1500 questions

1500 questions real exam question 100 % guarantee
New
0.0 (0 ratings)
Course Ratings are calculated from individual students’ ratings and a variety of other signals, like age of rating and reliability, to ensure that they reflect course quality fairly and accurately.
4 students enrolled
Created by Nano Academy
Last updated 5/2020
English
CompTIA Security+ SY0-401 practice exams 1500 questions
Current price: $119.99 Original price: $199.99 Discount: 40% off
1 day left at this price!
30-Day Money-Back Guarantee
This course includes
  • 6 Practice Tests
  • Full lifetime access
  • Access on mobile
Training 5 or more people?

Get your team access to 4,000+ top Udemy courses anytime, anywhere.

Try Udemy for Business
Requirements
  • Basic Security
Included in This Course
+ Practice Tests
6 Tests 1500 questions
Exam 6
250 questions
Exam 5
250 questions
Exam 4
250 questions
Exam 3
250 questions
Exam 2
250 questions
Exam 1
250 questions
Description

Network Security 20%

Implement security configuration parameters on network devices and other technologies.1. Firewalls
2. Routers
3. Switches
4. Load balancers
5. Proxies
6. Web security gateways
7. VPN concentrators
8. NIDS and NIPS

  1. Behavior-based

  2. Signature-based

  3. Anomaly-based

  4. Heuristic

9. Protocol analyzers
10. Spam filter
11. UTM security appliances

  1. URL filter

  2. Content inspection

  3. Malware inspection

12. Web application firewall vs. network firewall
13. Application aware devices

  1. Firewalls

  2. IPS

  3. IDS

  4. Proxies

Given a scenario, use secure network administration principles.1. Rule-based management2. Firewall rules2. VLAN management3. Secure router configuration4. Access control lists5. Port security6. 802.1x
7. Flood guards8. Loop protection9. Implicit deny10. Network separation11. Log analysis12. Unified threat managementExplain network design elements and components.1. DMZ
2. Subnetting
​3. VLAN
4. NAT
5. Remote access
6. Telephony
7. NAC
8. Virtualization
9. Cloud computing

  1. PaaS

  2. SaaS

  3. IaaS

  4. Private

  5. Public

  6. Hybrid

  7. Community

10. Layered security/defense in depth

Given a scenario, implement common protocols and services.1. Protocols

  1. IPSec

  2. SNMP

  3. SSH

  4. DNS

  5. TLS

  6. SSL

  7. TCP/IP

  8. FTPS

  9. HTTPS

  10. SCP

  11. ICMP

  12. IPv4

  13. IPv6

  14. iSCSI

  15. Fibre Channel

  16. FCoE

  17. FTP

  18. SFTP

  19. TFTP

  20. TELNET

  21. HTTP

  22. NetBIOS

​2. Ports

  1. 21

  2. 22

  3. 25

  4. 53

  5. 80

  6. 110

  7. 139

  8. 143

  9. 443

  10. 3389

3. OSI relevance

Given a scenario, troubleshoot security issues related to wireless networking.

1. WPA2. WPA23. WEP4. EAP5. PEAP6. LEAP
7. MAC filter8. Disable SSID broadcast9. TKIP10. CCMP11. Antenna placement12. Power level controls
13. Captive portals14. Antenna types15. Site surveys16. VPN (over open wireless)Compliance and Operational Security 18%Explain the importance of risk related concepts.1. Control types

  1. Technical

  2. Management

  3. Operational

2. False positives
3. False negatives
4. Importance of policies in reducing riskPrivacy policyAcceptable useSecurity policyMandatory vacationsJob rotationSeparation of dutiesLeast privilege
5. Risk calculation

  1. Likelihood

  2. ALE

  3. Impact

  4. SLE

  5. ARO

  6. MTTR

  7. MTTF

  8. MTBF

​6. Quantitative vs. qualitative
7. Vulnerabilities
8. Threat vectors
9. Probability/threat likelihood
10. Risk avoidance, transference, acceptance, mitigation, deterrence
11. Risks associated with cloud computing and virtualization
12. Recovery time objective and recovery point objective

Summarize the security implications of integrating systems and data with third parties.

1. On-boarding/off-boarding business partners
2. Social media networks and/or applications
3. Interoperability agreements

  1. SLA

  2. BPA

  3. MOU

  4. ISA

4. Privacy considerations
5. Risk awareness

6. Unauthorized data sharing

7. Data ownership

8. Data backups

9. Follow security policy and procedures

10. Review agreement requirements to verify compliance and performance standards

Given a scenario, implement appropriate risk mitigation strategies.1. Change management2. Incident management3. User rights and permissions reviews4. Perform routine audits5. Enforce policies and procedures to prevent data loss or theft
6. Enforce technology controls

  1. Data Loss Prevention (DLP)

Given a scenario, implement basic forensic procedures.1. Order of volatility2. Capture system image3. Network traffic and logs4. Capture video
5. Record time offset6. Take hashes7. Screenshots8. Witnesses
9. Track man hours and expense10. Chain of custody11. Big Data analysisSummarize common incident response procedures.1. Preparation2. Incident identification3. Escalation and notification4. Mitigation steps5. Lessons learned6. Reporting
7. Recovery/reconstitution procedures
8. First responder
9. Incident isolation

  1. Quarantine

  2. Device remova

​10. Data breach
11. Damage and loss control

Explain the importance of security related awareness and training.1. Security policy training and procedures
2. Role-based training
3. Personally identifiable information
4. Information classification

  1. High

  2. Medium

  3. Low

  4. Confidential

  5. Private

  6. Public

5. Data labeling, handling and disposal
6. Compliance with laws, best practices and standards
7. User habits

  1. Password behaviors

  2. Data handling

  3. Clean desk policies

  4. Prevent tailgating

  5. Personally owned devices

8. New threats and new security trends/alerts

  1. New viruses

  2. Phishing attacks

  3. Zero-day exploits

9. Use of social networking and P2P
10. Follow up and gather training metrics to validate compliance and security posture

Compare and contrast physical security and environmental controls.1. Environmental controls

  1. HVAC

  2. Fire suppression

  3. EMI shielding

  4. Hot and cold aisles

  5. Environmental monitoring

  6. Temperature and humidity controls

2. Physical security

  1. Hardware locks

  2. Mantraps

  3. Video surveillance

  4. Fencing

  5. Proximity readers

  6. Access list

  7. Proper lighting

  8. Signs

  9. Guards

  10. Barricades

  11. Biometrics

  12. Protected distribution (cabling)

  13. Alarms

  14. Motion detection

3. Control types

  1. Deterrent

  2. Preventive

  3. Detective

  4. Compensating

  5. Technical

  6. Administrative

Summarize risk management best practices.1. Business continuity concepts

  1. Business impact analysis

  2. Identification of critical systems and components

  3. Removing single points of failure

  4. Business continuity planning and testing

  5. Risk assessment

  6. Continuity of operations

  7. Disaster recovery

  8. IT contingency planning

  9. Succession planning

  10. High availability

  11. Redundancy

  12. Tabletop exercises

2. Fault tolerance

  1. Hardware

  2. RAID

  3. Clustering

  4. Load balancing

  5. Servers

3. Disaster recovery concepts

  1. Backup plans/policies

  2. Backup execution/frequency

  3. Cold site

  4. Hot site

  5. Warm site

Given a scenario, select the appropriate control to meet the goals of security.

1. Confidentiality

  1. Encryption

  2. Access controls

  3. Steganography

2. Integrity

  1. Hashing

  2. Digital signatures

  3. Certificates

  4. Non-repudiation

3. Availability

  1. Redundancy

  2. Fault tolerance

  3. Patching

4. Safety

  1. Fencing

  2. Lighting

  3. Locks

  4. CCTV

  5. Escape plans

  6. Drills

  7. Escape routes

  8. Testing controls

Threats and Vulnerabilities 20%Explain types of malware.1. Adware2. Virus3. Spyware4. Trojan5. Rootkits6. Backdoors
7. Logic bomb8. Botnets9. Ransomware10. Polymorphic malware11. Armored virusSummarize various types of attacks.1. Man-in-the-middle2. DDoS3. DoS4. Replay5. Smurf attack6. Spoofing7. Spam8. Phishing9. Spim
​10. Vishing11. Spear phishing12. Xmas attack13. Pharming14. Privilege escalation15. Malicious insider threat16. DNS poisoning and ARP poisoning17 Transitive access18. Client-side attacks
19. Password attacks

  1. Brute force

  2. Dictionary attacks

  3. Hybrid

  4. Birthday attacks

  5. Rainbow tables

20. Typo squatting/URL hijacking
21. Watering hole attack

Summarize social engineering attacks and the associated effectiveness with each attack.

1. Shoulder surfing2. Dumpster diving3. Tailgating4. Impersonation5. Hoaxes
6. Whaling
7. Vishing
8. Principles (reasons for effectiveness)

  1. Authority

  2. Intimidation

  3. Consensus/social proof

  4. Scarcity

  5. Urgency

  6. Familiarity/liking

  7. Trust

Explain types of wireless attacks.1. Rogue access points2. Jamming/interference3. Evil twin4. War driving5. Bluejacking
​6. Bluesnarfing7. War chalking8. IV attack9. Packet sniffing10. Near field communication
11. Replay attacks12. WEP/WPA attacks13. WPS attacksExplain types of application attacks.1. Cross-site scripting2. SQL injection3. LDAP injection4. XML injection5. Directory traversal/command injection6. Buffer overflow
7. Integer overflow8. Zero-day9. Cookies and attachments10. Locally Shared Objects (LSOs)11. Flash cookies12. Malicious add-ons
​13. Session hijacking14. Header manipulation15. Arbitrary code execution/remote code executionAnalyze a scenario and select the appropriate type of mitigation and deterrent techniques.1. Monitoring system logs

  1. Event logs

  2. Audit logs

  3. Security logs

  4. Access logs

2. Hardening

  1. Disabling unnecessary services

  2. Protecting management interfaces and applications

  3. Password protection

  4. Disabling unnecessary accounts

3. Network security

  1. MAC limiting and filtering

  2. 802.1x

  3. Disabling unused interfaces and unused application service ports

  4. Rogue machine detection

4. Security posture

  1. Initial baseline configuration

  2. Continuous security monitoring

  3. Remediation

5. Reporting

  1. Alarms

  2. Alerts

  3. Trends

6. Detection controls vs. prevention controls

  1. IDS vs. IPS

  2. Camera vs. guard

Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.

1. Interpret results of security assessment tools
2. Tools

  1. Protocol analyzer

  2. Vulnerability scanner

  3. Honeypots

  4. Honeynets

  5. Port scanner

  6. Passive vs. active tools

  7. Banner grabbing

3. Risk calculations

  1. Threat vs. likelihood

4. Assessment types

  1. Risk

  2. Threat

  3. Vulnerability

5. Assessment technique

  1. Baseline reporting

  2. Code review

  3. Determine attack surface

  4. Review architecture

  5. Review designs

Explain the proper use of penetration testing versus vulnerability scanning.

1. Penetration testing

  1. Verify a threat exists

  2. Bypass security controls

  3. Actively test security controls

  4. Exploiting vulnerabilities

2. Vulnerability scanning

  1. Passively testing security controls

  2. Identify vulnerability

  3. Identify lack of security controls

  4. Identify common misconfigurations

  5. Intrusive vs. non-intrusive

  6. Credentialed vs. non-credentialed

  7. False positive

3. Black box
4. White box

5. Gray box

Application, Data and Host Security 15%Explain the importance of application security controls and techniques.1. Fuzzing
2. Secure coding concepts

  1. Error and exception handling

  2. Input validation

3. Cross-site scripting prevention

4. Cross-site Request Forgery (XSRF) prevention
5. Application configuration baseline (proper settings)

6. Application hardening

7. Application patch management

8. NoSQL databases vs. SQL databases

9. Server-side vs. client-side validation

Summarize mobile security concepts and technologies.1. Device security

  1. Full device encryption

  2. Remote wiping

  3. Lockout

  4. Screen locks

  5. GPS

  6. Application control

  7. Storage segmentation

  8. Asset tracking

  9. Inventory control

  10. Mobile device management

  11. Device access control

  12. Removable storage

  13. Disabling unused features

2. Application security

  1. Key management

  2. Credential management

  3. Authentication

  4. Geo-tagging

  5. Encryption

  6. Application whitelisting

  7. Transitive trust/authentication

3. BYOD concerns

  1. Data ownership

  2. Support ownership

  3. Patch management

  4. Antivirus management

  5. Forensics

  6. Privacy

  7. On-boarding/off-boarding

  8. Adherence to corporate policies

  9. User acceptance

  10. Architecture/infrastructure considerations

  11. Legal concerns

  12. Acceptable use policy

  13. On-board camera/video

Given a scenario, select the appropriate solution to establish host security.

1. Operating system security and settings
2. OS hardening
3. Anti-malware

  1. Antivirus

  2. Anti-spam

  3. Anti-spyware

  4. Pop-up blockers

4. Patch management

5. Whitelisting vs. blacklisting applications
6. Trusted OS

7. Host-based firewalls

8. Host-based intrusion detection

9. Hardware security

  1. Cable locks

  2. Safe

  3. Locking cabinets

10. Host software baselining
11. Virtualization

  1. Snapshots

  2. Patch compatibility

  3. Host availability/elasticity

  4. Security control testing

  5. Sandboxing

Implement the appropriate controls to ensure data security.1. Cloud storage2. SAN3. Handling Big Data4. Data encryption

  1. Full disk

  2. Database

  3. Individual files

  4. Removable media

  5. Mobile devices

5. Hardware-based encryption devices

  1. TPM

  2. HSM

  3. USB encryption

  4. Hard drive

6. Data in transit, data at rest, data in use

7. Permissions/ACL
8. Data policies

  1. Wiping

  2. isposing

  3. Retention

  4. Storage

Compare and contrast alternative methods to mitigate security risks in static environments.

1. Environments

  1. SCADA

  2. Embedded (printer, smart TV, HVAC control)

  3. Android

  4. iOS

  5. Mainframe

  6. Game consoles

  7. In-vehicle computing systems

2. Methods

  1. Network segmentation

  2. Security layers

  3. Application firewalls

  4. Manual updates

  5. Firmware version control

  6. Wrappers

  7. Control redundancy and diversity

Access Control and Identity Management 15%Compare and contrast the function and purpose of authentication services.1. RADIUS2. TACACS+3.Kerberos4.LDAP
5. XTACACS6. SAML7. Secure LDAPGiven a scenario, select the appropriate authentication, authorization or access control.1. Identification vs. authentication vs. authorization2. Authorization

  1. Least privilege

  2. Separation of duties

  3. ACLs

  4. Mandatory access

  5. Discretionary access

  6. Rule-based access control

  7. Role-based access control

  8. Time of day restrictions

3. Authentication

  1. Tokens

  2. Common access card

  3. Smart card

  4. Multifactor authentication

  5. TOTP

  6. HOTP

  7. CHAP

  8. PAP

  9. Single sign-on

  10. Access control

  11. Implicit deny

  12. Trusted OS

4. Authentication factors

  1. Something you are

  2. Something you have

  3. Something you know

  4. Somewhere you are

  5. Something you do

5. Identification

  1. Biometrics

  2. Personal identification verification card

  3. Username

6. Federation
7. Transitive trust/authentication

Install and configure security controls when performing account management, based on best practices.

1. Mitigate issues associated with users with multiple account/ roles and/or shared accounts
2. Account policy enforcement

  1. Credential management

  2. Group policy

  3. Password complexity

  4. Expiration

  5. Recovery

  6. Disablement

  7. Lockout

  8. Password history

  9. Password reuse

  10. Password length

  11. Generic account prohibition

3. Group-based privileges

4. User-assigned privileges

5. User access reviews

6. Continuous monitoring

Cryptography 12%Given a scenario, utilize general cryptography concepts.1. Symmetric vs. asymmetric2. Session keys3. In-band vs. out-of-band key exchange4. Fundamental differences and encryption methods

  1. Block vs. stream

5. Transport encryption

6. Non-repudiation

7. Hashing

8. Key escrow

9. Steganography

10. Digital signatures11. Use of proven technologies12. Elliptic curve and quantum cryptography13. Ephemeral key14. Perfect forward secrecy

Given a scenario, use appropriate cryptographic methods.1. WEP vs. WPA/WPA2 and pre-shared key2. MD53. SHA 4. RIPEMD5. AES6. DES7. 3DES8. HMAC9. RSA10. Diffie-Hellman11. RC412. One-time pads
13. NTLM14. NTLMv215. Blowfish16. PGP/GPG17. Twofish18. DHE19. ECDHE20. CHAP21. PAP22. Comparative strengths and performance of algorithms
23. Use of algorithms/protocols with transport encryption

  1. SSL

  2. TLS

  3. IPSec

  4. SSH

  5. HTTPS

24. Cipher suites

  1. Strong vs. weak ciphers

25. Key stretching

  1. PBKDF2

  2. Bcrypt

Given a scenario, use appropriate PKI, certificate management and associated components.

1. Certificate authorities and digital certificates

  1. CA

  2. CRLs

  3. OCSP

  4. CSR

2. PKI

3. Recovery agent

4. Public key

5. Private key

6. Registration

7. Key escrow

8. Trust models

Who this course is for:
  • prep for CompTIA Security+ SY0-401 exam