It is more faster and easier to pass the CompTIA comptia security+ get certified get ahead sy0 401 study guide exam by using High quality CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Leading comptia sy0 401 Exam and find the same core area security+ sy0 401 questions with professionally verified answers, then PASS your exam with a high score now.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q331. A system administrator has noticed vulnerability on a high impact production server. A recent update was made available by the vendor that addresses the vulnerability but requires a reboot of the system afterwards. Which of the following steps should the system administrator implement to address the vulnerability? 

A. Test the update in a lab environment, schedule downtime to install the patch, install the patch and reboot the server and monitor for any changes 

B. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the patch, and monitor for any changes 

C. Test the update in a lab environment, backup the server, schedule downtime to install the patch, install the update, reboot the server, and monitor for any changes 

D. Backup the server, schedule downtime to install the patch, installs the patch and monitor for any changes 

Answer:

Explanation: 

We have an update to apply to fix the vulnerability. The update should be tested first in a lab environment, not on the production server to ensure it doesn’t cause any other problems with the server. After testing the update, we should backup the server to enable us to roll back any changes in the event of any unforeseen problems with the update. The question states that the server will require a reboot. This will result in downtime so you should schedule the downtime before installing the patch. After installing the update, you should monitor the server to ensure it is functioning correctly. 


Q332. The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing? 

A. Black box 

B. Penetration 

C. Gray box 

D. White box 

Answer:

Explanation: 

Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place. 


Q333. When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers. 

Which of the following is the MOST likely reason for the unusual results? 

A. The user is attempting to highjack the web server session using an open-source browser. 

B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks. 

C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website. 

D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website. 

Answer:

Explanation: 

The code in the question is an example of a SQL Injection attack. The code ‘1=1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table. 

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 


Q334. An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence? 

A. Using a software file recovery disc 

B. Mounting the drive in read-only mode 

C. Imaging based on order of volatility 

D. Hashing the image after capture 

Answer:

Explanation: 

Mounting the drive in read-only mode will prevent any executable commands from being executed. This is turn will have the least impact on potential evidence using the drive in question. 


Q335. Which of the following is synonymous with a server’s certificate? 

A. Public key 

B. CRL 

C. Private key 

D. Recovery agent 

Answer:

Explanation: 

A public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. 


Q336. A company uses PGP to ensure that sensitive email is protected. Which of the following types of cryptography is being used here for the key exchange? 

A. Symmetric 

B. Session-based 

C. Hashing 

D. Asymmetric 

Answer:

Explanation: 

PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key. 


Q337. A way to assure data at-rest is secure even in the event of loss or theft is to use: 

A. Full device encryption. 

B. Special permissions on the file system. 

C. Trusted Platform Module integration. 

D. Access Control Lists. 

Answer:

Explanation: 

Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. 


Q338. Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords? 

A. EAP-MD5 

B. WEP 

C. PEAP-MSCHAPv2 

D. EAP-TLS 

Answer:

Explanation: 

PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards. 


Q339. A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies? 

A. User rights and permissions review 

B. Change management 

C. Data loss prevention 

D. Implement procedures to prevent data theft 

Answer:

Explanation: 

Terminal Access Controller Access-Control System (TACACS, and variations like XTACACS and TACACS+) is a client/server-oriented environment, and it operates in a manner similar to RADIUS. Furthermore TACACS+ allows for credential to be accepted from multiple methods. Thus you can perform user rights and permission reviews with TACACS+. 


Q340. Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router's logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer's reports? 

A. Configure the router so that wireless access is based upon the connecting device's hardware address. 

B. Modify the connection's encryption method so that it is using WEP instead of WPA2. 

C. Implement connections via secure tunnel with additional software on the developer's computers. 

D. Configure the router so that its name is not visible to devices scanning for wireless networks. 

Answer:

Explanation: