Exam Code: SY0-401 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass SY0-401 Exam.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
2021 Mar SY0-401 download
Q301. Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?
A. Protocol analyzer
B. Baseline report
C. Risk assessment
D. Vulnerability scan
Answer: A
Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture
network data communications sent between devices on a network. Capturing and analyzing the
packets sent between applications on systems that are not communicating properly could help
determine the cause of the issue.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor)
from Microsoft and Wireshark (formerly Ethereal).
Q302. Which of the following protocols operates at the HIGHEST level of the OSI model?
A. ICMP
B. IPSec
C. SCP
D. TCP
Answer: C
Explanation:
SCP (Secure Copy) uses SSH (Secure Shell). SSH runs in the application layer (layer 7) of the OSI model.
Q303. Which of the following is an example of multifactor authentication?
A. Credit card and PIN
B. Username and password
C. Password and PIN
D. Fingerprint and retina scan
Answer: A
Explanation:
A credit card is a memory card that functions a type of two-factor authentication. The card is something you have, and its PIN is something you know. Multifactor authentication requires a user to provide two or more different types of authentication factors to prove their identity.
Q304. Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?
A. Input validation
B. Network intrusion detection system
C. Anomaly-based HIDS
D. Peer review
Answer: A
Explanation:
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.
Q305. A recent vulnerability scan found that Telnet is enabled on all network devices. Which of the following protocols should be used instead of Telnet?
A. SCP
B. SSH
C. SFTP
D. SSL
Answer: B
Explanation:
SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.
Up to the immediate present SY0-401 book:
Q306. An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?
A. Unified Threat Management
B. Virtual Private Network
C. Single sign on
D. Role-based management
Answer: A
Explanation:
When you combine a firewall with other abilities (intrusion prevention, antivirus, content filtering, etc.), what used to be called an all-in-one appliance is now known as a unified threat management (UTM) system. The advantages of combining everything into one include a reduced learning curve (you only have one product to learn), a single vendor to deal with, and—typically—reduced complexity.
Q307. After Matt, a user enters his username and password at the login screen of a web enabled portal, the following appears on his screen:
`Please only use letters and numbers on these fields’
Which of the following is this an example of?
A. Proper error handling
B. Proper input validation
C. Improper input validation
D. Improper error handling
Answer: B
Explanation:
Input validation is an aspect of secure coding and is intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.
Q308. An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?
A. Generate a new private key based on AES.
B. Generate a new public key based on RSA.
C. Generate a new public key based on AES.
D. Generate a new private key based on RSA.
Answer: D
Explanation:
Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The private key is needed to produce, but it is not part of, the CSR. The private key is an RSA key. The private encryption key that will be used to protect sensitive information. Note: A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually created at the same time that you create the CSR.
Q309. Which of the following is where an unauthorized device is found allowing access to a network?
A. Bluesnarfing
B. Rogue access point
C. Honeypot
D. IV attack
Answer: B
Explanation:
A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.
Q310. Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?
A. Rootkit
B. Logic bomb
C. Worm
D. Botnet
Answer: B
Explanation:
This is an example of a logic bomb. The logic bomb is configured to ‘go off’ or when Jane has left the company. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs.
