Today Big Q: security plus sy0-401 practice test?

The examinees that read the Ucertify CompTIA SY0-401 dumps are good results of highly certified professors, residing a great lifestyle. Ucertify continues to be committed to build your future safe and commence the CompTIA SY0-401 CompTIA Security+ Certification test products from the most recent updated Ucertify tests SY0-401 check engine. The goals can come accurate simply by begin the SY0-401 vce with regard to CompTIA Security+ Certification test by means of Ucertify CompTIA study instructions just. You will not in a position to stand out your abilities in the very first try of SY0-401 check if you use the other walkway compared to CompTIA. CompTIA CompTIA SY0-401 pdf provides you with brilliance thus making you sufficient positive about all of your lifestyle.

2016 Jun security+ + certification sy0-401:

Q201. Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware? 

A. Logic bomb 

B. Worm 

C. Trojan 

D. Adware 

Answer: C 

Explanation: 

In computers, a Trojan is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus. 


Q202. Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system? 

A. Input validation 

B. Network intrusion detection system 

C. Anomaly-based HIDS 

D. Peer review 

Answer: A 

Explanation: 

Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain. 


Q203. The security administrator at ABC company received the following log information from an external party: 

10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal 

10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force 

10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan 

The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack? 

A. A NIDS was used in place of a NIPS. 

B. The log is not in UTC. 

C. The external party uses a firewall. 

D. ABC company uses PAT. 

Answer: D 

Explanation: 

PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port number assignment. The log information shows the IP address, not the port number, making it impossible to pin point the exact source. 


Q204. Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session? 

A. SFTP 

B. HTTPS 

C. TFTP 

D. TLS 

Answer: D 

Explanation: 

SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption. 


Q205. An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network? 

A. Configure each port on the switches to use the same VLAN other than the default one 

B. Enable VTP on both switches and set to the same domain 

C. Configure only one of the routers to run DHCP services 

D. Implement port security on the switches 

Answer: D 

Explanation: 

Port security in IT can mean several things: The physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. The management of TCP and User Datagram Protocol (UDP) ports. If a service is active and assigned to a port, then that port is open. All the other 65,535 ports (of TCP or UDP) are closed if a service isn’t actively using them. Port knocking is a security system in which all ports on a system appear closed. However, if the client sends packets to a specific set of ports in a certain order, a bit like a secret knock, then the desired service port becomes open and allows the client software to connect to the service. 


SY0-401 free practice questions

Improve comptia security+ pdf sy0-401:

Q206. A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement? 

A. SaaS 

B. MaaS 

C. IaaS 

D. PaaS 

Answer: B 

Explanation: 

Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud. 


Q207. The information security team does a presentation on social media and advises the participants not to provide too much personal information on social media web sites. This advice would BEST protect people from which of the following? 

A. Rainbow tables attacks 

B. Brute force attacks 

C. Birthday attacks 

D. Cognitive passwords attacks 

Answer: D 

Explanation: 

Social Networking Dangers are ‘amplified’ in that social media networks are designed to mass distribute personal messages. If an employee reveals too much personal information it would be easy for miscreants to use the messages containing the personal information to work out possible passwords. 


Q208. A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability? 

A. Host-based firewall 

B. IDS 

C. IPS 

D. Honeypot 

Answer: B 

Explanation: 

An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content. 


Q209. Which of the following allows a company to maintain access to encrypted resources when employee turnover is high? 

A. Recovery agent 

B. Certificate authority 

C. Trust model 

D. Key escrow 

Answer: A 

Explanation: 

If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered key to access the data. A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to escrow, recovery agents are typically used to access information that is encrypted with older keys. 


Q210. A bank has recently deployed mobile tablets to all loan officers for use at customer sites. Which of the following would BEST prevent the disclosure of customer data in the event that a tablet is lost or stolen? 

A. Application control 

B. Remote wiping 

C. GPS 

D. Screen-locks 

Answer: B 

Explanation: 

Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people. 



see more SY0-401 dumps