♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q681. A file on a Linux server has default permissions of rw-rw-r--. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file? 

A. User ownership information for the file in question 

B. Directory permissions on the parent directory of the file in question 

C. Group memberships for the group owner of the file in question 

D. The file system access control list (FACL) for the file in question 

Answer:

Explanation: 


Q682. Customers’ credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future? 

A. Application firewalls 

B. Manual updates 

C. Firmware version control 

D. Encrypted TCP wrappers 

Answer:

Explanation: 

Wrapping sensitive systems with a specific control is required when protecting data in transit. TCP wrappers are also security controls. TCP Wrapper is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux 

or BSD. It allows host or subnetwork IP addresses, names and/or inetd query replies, to be used 

as tokens on which to filter for access control purposes. 

TCP Wrapper should not be considered a replacement for a properly configured firewall. Instead, 

TCP Wrapper should be used in conjunction with a firewall and other security enhancements in 

order to provide another layer of protection in the implementation of a security policy. 


Q683. A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files? 

A. Integrity 

B. Confidentiality 

C. Steganography 

D. Availability 

Answer:

Explanation: 

Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message. 


Q684. Requiring technicians to report spyware infections is a step in which of the following? 

A. Routine audits 

B. Change management 

C. Incident management 

D. Clean desk policy 

Answer:

Explanation: 

Incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). 


Q685. The fundamental information security principals include confidentiality, availability and which of the following? 

A. The ability to secure data against unauthorized disclosure to external sources 

B. The capacity of a system to resist unauthorized changes to stored information 

C. The confidence with which a system can attest to the identity of a user 

D. The characteristic of a system to provide uninterrupted service to authorized users 

Answer:

Explanation: Confidentiality, integrity, and availability, which make up the CIA triad, are the three most important concepts in security. In this instance, the answer describes the Integrity part of the CIA triad. 


Q686. A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO). 

A. Password age 

B. Password hashing 

C. Password complexity 

D. Password history 

E. Password length 

Answer: A,D 

Explanation: 

D: Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a user from changing his password to any of his previous 5 passwords. 

A: When a user is forced to change his password due to a maximum password age period expiring, he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the same password for at least 30 days. 


Q687. Which of the following is a difference between TFTP and FTP? 

A. TFTP is slower than FTP. 

B. TFTP is more secure than FTP. 

C. TFTP utilizes TCP and FTP uses UDP. 

D. TFTP utilizes UDP and FTP uses TCP. 

Answer:

Explanation: 

FTP employs TCP ports 20 and 21 to establish and maintain client-to-server communications, whereas TFTP makes use of UDP port 69. 


Q688. An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause? 

A. Spyware 

B. Trojan 

C. Privilege escalation 

D. DoS 

Answer:

Explanation: 

A Distributed Denial of Service (DDoS) attack is a DoS attack from multiple computers whereas a DoS attack is from a single computer. In terms of the actual method of attack, DDoS and DoS attacks are the same. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack. 


Q689. Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss? 

A. Record time offset 

B. Clean desk policy 

C. Cloud computing 

D. Routine log review 

Answer:

Explanation: 

Clean Desk Policy Information on a desk—in terms of printouts, pads of note paper, sticky notes, and the like—can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. This will mitigate the risk of data loss when applied.