♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
Q631. Jane has recently implemented a new network design at her organization and wishes to passively identify security issues with the new network. Which of the following should Jane perform?
A. Vulnerability assessment
B. Black box testing
C. White box testing
D. Penetration testing
Answer: A
Explanation:
Vulnerability scanning has minimal impact on network resources due to the passive nature of the scanning. A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.
A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security.
Q632. Which of the following is the BEST reason for placing a password lock on a mobile device?
A. Prevents an unauthorized user from accessing owner's data
B. Enables remote wipe capabilities
C. Stops an unauthorized user from using the device again
D. Prevents an unauthorized user from making phone calls
Answer: A
Explanation:
Q633. After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window:
<HTML>
<body onload="document.getElementByID(‘badForm’).submit()">
<form id="badForm" action="shoppingsite.company.com/purchase.php" method="post" >
<input name="Perform Purchase" value="Perform Purchase"/>
</form>
</body>
</HTML>
Which of the following has MOST likely occurred?
A. SQL injection
B. Cookie stealing
C. XSRF
D. XSS
Answer: C
Explanation:
XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user’s knowledge.
Q634. Which of the following BEST describes a protective countermeasure for SQL injection?
A. Eliminating cross-site scripting vulnerabilities
B. Installing an IDS to monitor network traffic
C. Validating user input in web applications
D. Placing a firewall between the Internet and database servers
Answer: C
Explanation:
By validating user input and preventing special characters, we can prevent the injection of client-side scripting code. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Q635. The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?
A. Black box
B. Penetration
C. Gray box
D. White box
Answer: A
Explanation:
Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place.
Q636. In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?
A. Security control frameworks
B. Best practice
C. Access control methodologies
D. Compliance activity
Answer: B
Explanation:
Best practices are based on what is known in the industry and those methods that have consistently shown superior results over those achieved by other means. Furthermore best practices are applied to all aspects in the work environment.
Q637. Which of the following is the MOST specific plan for various problems that can arise within a system?
A. Business Continuity Plan
B. Continuity of Operation Plan
C. Disaster Recovery Plan
D. IT Contingency Plan
Answer: D
Explanation:
An IT contingency plan would focus on the IT aspect in particular to ensure business continuity.
Q638. The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?
A. Lessons Learned
B. Eradication
C. Recovery
D. Preparation
Answer: D
Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Developing and updating all internal operating and standard operating procedures documentation to handle future incidents is preparation.
Q639. Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?
A. SFTP
B. HTTPS
C. TFTP
D. TLS
Answer: D
Explanation:
SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption.
Q640. Data execution prevention is a feature in most operating systems intended to protect against which type of attack?
A. Cross-site scripting
B. Buffer overflow
C. Header manipulation
D. SQL injection
Answer: B
Explanation:
Data Execution Prevention (DEP) is a security feature included in modern operating systems. It
marks areas of memory as either "executable" or "nonexecutable", and allows only data in an
"executable" area to be run by programs, services, device drivers, etc. It is known to be available
in Linux, OS X, Microsoft Windows, iOS and Android operating systems.
DEP protects against some program errors, and helps prevent certain malicious exploits,
especially attacks that store executable instructions in a data area via a buffer overflow.
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary
data storage area) than it was intended to hold. Since buffers are created to contain a finite
amount of data, the extra information - which has to go somewhere - can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally
through programming error, buffer overflow is an increasingly common type of security attack on
data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger
specific actions, in effect sending new instructions to the attacked computer that could, for
example, damage the user's files, change data, or disclose confidential information. Buffer
overflow attacks are said to have arisen because the C programming language supplied the
framework, and poor programming practices supplied the vulnerability.
