Tactics to sy0 401 braindump

Your success in CompTIA comptia sy0 401 is our sole target and we develop all our sy0 401 practice test braindumps in a way that facilitates the attainment of this target. Not only is our comptia security+ sy0 401 study material the best you can find, it is also the most detailed and the most updated. comptia security+ sy0 401 Practice Exams for CompTIA Security+ comptia security+ sy0 401 are written to the highest standards of technical accuracy.

♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q21. Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company? 

A. Rootkit 

B. Logic bomb 

C. Worm 

D. Botnet 



This is an example of a logic bomb. The logic bomb is configured to ‘go off’ or when Jane has left the company. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs. 

Q22. Without validating user input, an application becomes vulnerable to all of the following EXCEPT: 

A. Buffer overflow. 

B. Command injection. 

C. Spear phishing. 

D. SQL injection. 



Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain. 

Q23. Which of the following types of wireless attacks would be used specifically to impersonate another WAP in order to gain unauthorized information from mobile users? 

A. IV attack 

B. Evil twin 

C. War driving 

D. Rogue access point 



An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique. For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name. In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy for novice users to set up evil twin exploits. 

Q24. After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings? 

A. IV attack 

B. War dialing 

C. Rogue access points 

D. War chalking 



War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection, usually offering an Internet connection so that others can benefit from the free wireless access. The open connections typically come from the access points of wireless networks located within buildings to serve enterprises. The chalk symbols indicate the type of access point that is available at that specific spot. 

Q25. Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement? 

A. Matt should implement access control lists and turn on EFS. 

B. Matt should implement DLP and encrypt the company database. 

C. Matt should install Truecrypt and encrypt the company server. 

D. Matt should install TPMs and encrypt the company database. 



Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Encryption is used to protect data. 

Q26. Which of the following authentication services should be replaced with a more secure alternative? 







Terminal Access Controller Access-Control System (TACACS) is less secure than XTACACS, which is a proprietary extension of TACACS, and less secure than TACACS+, which replaced TACACS and XTACACS. 

Q27. A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization? 



C. Kerberos 




The fundamental component of a Kerberos solution is the key distribution centre (KDC), which is responsible for verifying the identity of principles and granting and controlling access within a network environment through the use of secure cryptographic keys and tickets. 

Q28. Which of the following is a directional antenna that can be used in point-to-point or point-to-multi-point WiFi communication systems? (Select TWO). 

A. Backfire 

B. Dipole 

C. Omni 


E. Dish 

Answer: A,E 


Q29. The incident response team has received the following email message. 

From: monitor@ext-company.com To: security@company.com Subject: Copyright infringement 

A copyright infringement alert was triggered by IP address at 09: 50: 01 GMT. 

After reviewing the following web logs for IP, the team is unable to correlate and identify the incident. 


 45: 33 http: //remote.site.com/login.asp?user=john 


 50: 22 http: //remote.site.com/logout.asp?user=anne 

10: 50: 01 http: //remote.site.com/access.asp?file=movie.mov 

11: 02: 45 http: //remote.site.com/download.asp?movie.mov=ok 

Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident? 

A. The logs are corrupt and no longer forensically sound. 

B. Traffic logs for the incident are unavailable. 

C. Chain of custody was not properly maintained. 

D. Incident time offsets were not accounted for. 



It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as well. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system. 

Q30. Which of the following is BEST used as a secure replacement for TELNET? 







SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.