Top 10 software SY0-401 for IT candidates (191 to 200)

Your The idea network is growing very fast. There are made space for so many domains, and they are generally advancing very fast way too. Your CompTIA will be the an example of all of the Grounds today that is advancing using each day. The person from the popular certification today carries a great importance inside companies. Your CompTIA Group worked as a chef very hard to accomplish that standard, therefore people announced this accreditation system to the candidates who wants to function as pro in the future simply by CompTIA.


♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

2017 Apr SY0-401 exam answers

Q191. Which of the following MOST specifically defines the procedures to follow when scheduled system patching fails resulting in system outages? 

A. Risk transference 

B. Change management 

C. Configuration management 

D. Access control revalidation 

Answer:

Explanation: 

Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. In this case ‘scheduled system patching’. 


Q192. Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the bank’s website, but not login. Which is the following is MOST likely the issue? 

A. The IP addresses of the clients have change 

B. The client certificate passwords have expired on the server 

C. The certificates have not been installed on the workstations 

D. The certificates have been installed on the CA 

Answer:

Explanation: 

The computer certificates must be installed on the upgraded client computers. 


Q193. A security administrator must implement all requirements in the following corporate policy: Passwords shall be protected against offline password brute force attacks. Passwords shall be protected against online password brute force attacks. Which of the following technical controls must be implemented to enforce the corporate policy? (Select THREE). 

A. Account lockout 

B. Account expiration 

C. Screen locks 

D. Password complexity 

E. Minimum password lifetime 

F. Minimum password length 

Answer: A,D,F 

Explanation: 

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security. A brute force attack may also be referred to as brute force cracking. For example, a form of brute force attack known as a dictionary attack might try all the words in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers. 

The best defense against brute force attacks strong passwords. The following password policies will ensure that users have strong (difficult to guess) passwords: 

F: Minimum password length. This policy specifies the minimum number of characters a password should have. For example: a minimum password length of 8 characters is regarded as good security practice. 

D: Password complexity determines what characters a password should include. For example, you could require a password to contain uppercase and lowercase letters and numbers. This will ensure that passwords don’t consist of dictionary words which are easy to crack using brute force techniques. 

A: Account lockout policy: This policy ensures that a user account is locked after a number of incorrect password entries. For example, you could specify that if a wrong password is entered three times, the account will be locked for a period of time or indefinitely until the account is unlocked by an administrator. 


Q194. Which of the following can be performed when an element of the company policy cannot be enforced by technical means? 

A. Develop a set of standards 

B. Separation of duties 

C. Develop a privacy policy 

D. User training 

Answer:

Explanation: 

User training is an important aspect of maintaining safety and security. It helps improve users’ security awareness in terms of prevention, enforcement, and threats. It is of critical importance when element of the company policy cannot be enforced by technical means. 


Q195. An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that: 

A. it is being caused by the presence of a rogue access point. 

B. it is the beginning of a DDoS attack. 

C. the IDS has been compromised. 

D. the internal DNS tables have been poisoned. 

Answer:

Explanation: 

A Distributed Denial of Service (DDoS) attack is an attack from several different computers 

targeting a single computer. 

One common method of attack involves saturating the target machine with external 

communications requests, so much so that it cannot respond to legitimate traffic, or responds so 

slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. 

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or 

resources of a targeted system, usually one or more web servers. Such an attack is often the 

result of multiple compromised systems (for example a botnet) flooding the targeted system with 

traffic. When a server is overloaded with connections, new connections can no longer be 

accepted. The major advantages to an attacker of using a distributed denial-of-service attack are 

that multiple machines can generate more attack traffic than one machine, multiple attack 

machines are harder to turn off than one attack machine, and that the behavior of each attack 

machine can be stealthier, making it harder to track and shut down. These attacker advantages 

cause challenges for defense mechanisms. For example, merely purchasing more incoming 

bandwidth than the current volume of the attack might not help, because the attacker might be 

able to simply add more attack machines. This after all will end up completely crashing a website 

for periods of time. 

Malware can carry DDoS attack mechanisms; one of the better-known examples of this was 

MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS 

involved hardcoding the target IP address prior to release of the malware and no further 

interaction was necessary to launch the attack. 


Renewal SY0-401 exam cram:

Q196. An organization processes credit card transactions and is concerned that an employee may intentionally email credit card numbers to external email addresses. This company should consider which of the following technologies? 

A. IDS 

B. Firewalls 

C. DLP 

D. IPS 

Answer:

Explanation: 


Q197. A company recently experienced data loss when a server crashed due to a midday power outage. 

Which of the following should be used to prevent this from occurring again? 

A. Recovery procedures 

B. EMI shielding 

C. Environmental monitoring 

D. Redundancy 

Answer:

Explanation: 

Redundancy refers to systems that either are duplicated or fail over to other systems in the event of a malfunction (in this case a power outage). Failover refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This strategy allows service to continue uninterrupted until the primary server can be restored. 


Q198. Which of the following are examples of network segmentation? (Select TWO). 

A. IDS 

B. IaaS 

C. DMZ 

D. Subnet 

E. IPS 

Answer: C,D 

Explanation: 

C:

 A demilitarized zone (DMZ) is a part of the network that is separated of segmented from the rest of the network by means of firewalls and acts as a buffer between the untrusted public Internet and the trusted local area network (LAN). 

D.

 IP subnets can be used to separate or segment networks while allowing communication between the network segments via routers. 


Q199. A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks? 

A. Replay 

B. DDoS 

C. Smurf 

D. Ping of Death 

Answer:

Explanation: 

A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 

For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve. 

Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Eve has captured this value and tries to use it on another session; Bob sends a different session token, and when Eve replies with the captured value it will be different from Bob's computation. Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication. One-time passwords are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking systems. Bob can also send nonces but should then include a message authentication code (MAC), which Alice should check. Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers, with the trade-off being that replay attacks, if they are performed quickly enough i.e. within that 'reasonable' limit, could succeed. 


Q200. Which of the following software allows a network administrator to inspect the protocol header in order to troubleshoot network issues? 

A. URL filter 

B. Spam filter 

C. Packet sniffer 

D. Switch 

Answer:

Explanation: 

Every data packet transmitted across a network has a protocol header. To view a protocol header, you need to capture and view the contents of the packet with a packet sniffer. 

A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.