Super ways to security+ sy0 401

Pass4sure comptia security+ sy0 401 pdf Questions are updated and all comptia security+ get certified get ahead sy0 401 study guide answers are verified by experts. Once you have completely prepared with our comptia security+ sy0 401 exam prep kits you will be ready for the real comptia sy0 401 exam without a problem. We have Most recent CompTIA sy0 401 study guide pdf dumps study guide. PASSED comptia security+ sy0 401 pdf First attempt! Here What I Did.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q441. Which of the following attacks involves the use of previously captured network traffic? 

A. Replay 

B. Smurf 

C. Vishing 

D. DDoS 

Answer:

Explanation: 


Q442. A network administrator noticed various chain messages have been received by the company. 

Which of the following security controls would need to be implemented to mitigate this issue? 

A. Anti-spam 

B. Antivirus 

C. Host-based firewalls 

D. Anti-spyware 

Answer:

Explanation: A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM). 


Q443. A small company has recently purchased cell phones for managers to use while working outside if the office. 

The company does not currently have a budget for mobile device management and is primarily concerned with deterring leaks if sensitive information obtained by unauthorized access to unattended phones. Which of the following would provide the solution BEST meets the company’s requirements? 

A. Screen-lock 

B. Disable removable storage 

C. Full device encryption 

D. Remote wiping 

Answer:

Explanation: Explanation Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications. 


Q444. The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO’s direction but has mandated that key authentication systems be run within the organization’s network. Which of the following would BEST meet the CIO and CRO’s requirements? 

A. Software as a Service 

B. Infrastructure as a Service 

C. Platform as a Service 

D. Hosted virtualization service 

Answer:

Explanation: 

Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. 


Q445. Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent? 

A. Buffer overflow 

B. Pop-up blockers 

C. Cross-site scripting 

D. Fuzzing 

Answer:

Explanation: 

Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits. 


Q446. Which of the following types of data encryption would Matt, a security administrator, use to encrypt a specific table? 

A. Full disk 

B. Individual files 

C. Database 

D. Removable media 

Answer:

Explanation: 

A table is stored in a database. Database encryption makes use of cryptography functions that are built into the database software to encrypt the data stored in the database. This often offers granular encryption options which allows for the encryptions of the entire database, specific database tables, or specific database fields, such as a credit card number field. 


Q447. Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30. 

Which of the following was used to perform this attack? 

A. SQL injection 

B. XML injection 

C. Packet sniffer 

D. Proxy 

Answer:

Explanation: 

When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the user’s input and sanitize it to make certain that it does not cause XPath to return more data than it should. 


Q448. Which of the following is true about PKI? (Select TWO). 

A. When encrypting a message with the public key, only the public key can decrypt it. 

B. When encrypting a message with the private key, only the private key can decrypt it. 

C. When encrypting a message with the public key, only the CA can decrypt it. 

D. When encrypting a message with the public key, only the private key can decrypt it. 

E. When encrypting a message with the private key, only the public key can decrypt it. 

Answer: D,E 

Explanation: 

E: You encrypt data with the private key and decrypt with the public key, though the opposite is 

much more frequent. 

Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic 

protocols based on algorithms that require two separate keys, one of which is secret (or private) 

and one of which is public. Although different, the two parts of this key pair are mathematically 

linked. 

D: In a PKI the sender encrypts the data using the receiver's public key. The receiver decrypts the 

data using his own private key. 

PKI is a two-key, asymmetric system with four main components: certificate authority (CA), 

registration authority (RA), RSA (the encryption algorithm), and digital certificates. Messages are 

encrypted with a public key and decrypted with a private key. 

A PKI example: 

1.

 You want to send an encrypted message to Jordan, so you request his public key. 

2.

 Jordan responds by sending you that key. 

3.

 You use the public key he sends you to encrypt the message. 

4.

 You send the message to him. 

5.

 Jordan uses his private key to decrypt the message. 


Q449. The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity. 

Which of the following would be MOST effective for preventing this behavior? 

A. Acceptable use policies 

B. Host-based firewalls 

C. Content inspection 

D. Application whitelisting 

Answer:

Explanation: 

Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list. 


Q450. Which of the following should be done before resetting a user’s password due to expiration? 

A. Verify the user’s domain membership. 

B. Verify the user’s identity. 

C. Advise the user of new policies. 

D. Verify the proper group membership. 

Answer:

Explanation: 

When resetting a password, users have to establish their identity by answering a series of personal questions, using a hardware authentication token, or responding to a password notification e-mail. Users can then either specify a new, unlocked password, or ask that a randomly generated one be provided. This can be done from their workstation login prompt, or through a telephone call.