we provide Virtual CompTIA sy0 401 dump study guide which are the best for clearing sy0 401 braindump test, and to get certified by CompTIA CompTIA Security+ Certification. The comptia security+ get certified get ahead sy0 401 study guide Questions & Answers covers all the knowledge points of the real sy0 401 study guide pdf exam. Crack your CompTIA security+ sy0 401 Exam with latest dumps, guaranteed!


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q511. A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user’s host: 

Old `hosts’ file: 

127.0.0.1 localhost 

New `hosts’ file: 

127.0.0.1 localhost 

5.5.5.5 www.comptia.com 

Which of the following attacks has taken place? 

A. Spear phishing 

B. Pharming 

C. Phishing 

D. Vishing 

Answer:

Explanation: 

We can see in this question that a fraudulent entry has been added to the user’s hosts file. This will point the URL: www.comptia.com to 5.5.5.5 instead of the correct IP address. Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server (or hosts file) by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing. 


Q512. A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire? 

A. The certificate will be added to the Certificate Revocation List (CRL). 

B. Clients will be notified that the certificate is invalid. 

C. The ecommerce site will not function until the certificate is renewed. 

D. The ecommerce site will no longer use encryption. 

Answer:

Explanation: 

A similar process to certificate revocation will occur when a certificate is allowed to expire. Notification will be sent out to clients of the invalid certificate. The process of revoking a certificate begins when the CA is notified that a particular certificate needs to be revoked. This must be done whenever the private key becomes known. The owner of a certificate can request that it be revoked at any time, or the administrator can make the request. 


Q513. Using proximity card readers instead of the traditional key punch doors would help to mitigate: 

A. Impersonation 

B. Tailgating 

C. Dumpster diving 

D. Shoulder surfing 

Answer:

Explanation: 

Using a traditional key punch door, a person enters a code into a keypad to unlock the door. Someone could be watching the code being entered. They would then be able to open the door by entering the code. The process of watching the key code being entered is known as shoulder surfing. 

Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. 


Q514. The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available? 

A. Cloud computing 

B. Full disk encryption 

C. Data Loss Prevention 

D. HSM 

Answer:

Explanation: 

Cloud computing means hosting services and data on the Internet instead of hosting it locally. There is thus no issue when the company’s server is taken offline. 


Q515. While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing? 

A. EAP-TLS 

B. PEAP 

C. WEP 

D. WPA 

Answer:

Explanation: 

WEP is one of the more vulnerable security protocols. The only time to use WEP is when you must have compatibility with older devices that do not support new encryption. 


Q516. Which of the following implementation steps would be appropriate for a public wireless hot-spot? 

A. Reduce power level 

B. Disable SSID broadcast 

C. Open system authentication 

D. MAC filter 

Answer:

Explanation: 

For a public wireless hot-spot, you want members of the public to be able to access the wireless network without having to provide them with a password. Therefore, Open System Authentication is the best solution. 

Open System Authentication (OSA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol. With OSA, a computer equipped with a wireless modem can access any WEP network and receive files that are not encrypted. For OSA to work, the service set identifier (SSID) of the computer should match the SSID of the wireless access point. The SSID is a sequence of characters that uniquely names a wireless local area network (WLAN). The process occurs in three steps. First, the computer sends a request for authentication to the access point. Then the access point generates an authentication code, usually at random, intended for use only during that session. Finally, the computer accepts the authentication code and becomes part of the network as long as the session continues and the computer remains within range of the original access point. If it is necessary to exchange encrypted data between a WEP network access point and a wireless-equipped computer, a stronger authentication process called Shared Key Authentication (SKA) is required. 


Q517. A security engineer is given new application extensions each month that need to be secured prior to implementation. They do not want the new extensions to invalidate or interfere with existing application security. Additionally, the engineer wants to ensure that the new requirements are approved by the appropriate personnel. Which of the following should be in place to meet these two goals? (Select TWO). 

A. Patch Audit Policy 

B. Change Control Policy 

C. Incident Management Policy 

D. Regression Testing Policy 

E. Escalation Policy 

F. Application Audit Policy 

Answer: B,D 

Explanation: 

A backout (regression testing) is a reversion from a change that had negative consequences. It could be, for example, that everything was working fi ne until you installed a service pack on a production machine, and then services that were normally available were no longer accessible. The backout, in this instance, would revert the system to the state that it was in before the service pack was applied. Backout plans can include uninstalling service packs, hotfi xes, and patches, but they can also include reversing a migration and using previous firmware. A key component to creating such a plan is identifying what events will trigger your implementing the backout. A change control policy refers to the structured approach that is followed to secure a company’s assets in the event of changes occurring. 


Q518. ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left? 

A. Annual account review 

B. Account expiration policy 

C. Account lockout policy 

D. Account disablement 

Answer:

Explanation: 

Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day. 


Q519. A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports? 

A. SNMP 

B. SNMPv3 

C. ICMP 

D. SSH 

Answer:

Explanation: 

Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities. 


Q520. A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). 

Which of the following attack types has occurred? 

A. Buffer overflow 

B. Cross-site scripting 

C. XML injection 

D. SQL injection 

Answer:

Explanation: Explanation The hex character 90 (x90) means NOP or No Op or No Operation. In a buffer overflow attack, the buffer can be filled and overflowed with No Op commands. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.