Act now and download your CompTIA sy0 401 practice exam test today! Do not waste time for the worthless CompTIA comptia sy0 401 tutorials. Download Replace CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA sy0 401 practice test with a classic professional.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q11. Computer evidence at a crime is preserved by making an exact copy of the hard disk. Which of the following does this illustrate? 

A. Taking screenshots 

B. System image capture 

C. Chain of custody 

D. Order of volatility 

Answer:

Explanation: 

A system image would be a snapshot of what exists at the moment. Thus capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. 


Q12. Which of the following devices is used for the transparent security inspection of network traffic by redirecting user packets prior to sending the packets to the intended destination? 

A. Proxies 

B. Load balancers 

C. Protocol analyzer 

D. VPN concentrator 

Answer:

Explanation: 


Q13. Which of the following ciphers would be BEST used to encrypt streaming video? 

A. RSA 

B. RC4 

C. SHA1 D. 3DES 

Answer:

Explanation: 

In cryptography, RC4 is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS). While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure protocols such as WEP. 

Because RC4 is a stream cipher, it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable to a bit-flipping attack. The cipher is also vulnerable to a stream cipher attack if not implemented correctly. Furthermore, inadvertent double encryption of a message with the same key may accidentally output plaintext rather than ciphertext because the involutory nature of the XOR function would result in the second operation reversing the first. It is noteworthy, however, that RC4, being a stream cipher, was for a period of time the only common cipher that was immune to the 2011 BEAST attack on TLS 1.0. The attack exploits a known weakness in the way cipher block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers. 


Q14. The use of social networking sites introduces the risk of: 

A. Disclosure of proprietary information 

B. Data classification issues 

C. Data availability issues 

D. Broken chain of custody 

Answer:

Explanation: 

People and processes must be in place to prevent the unauthorized disclosure or proprietary information and sensitive information s these pose a security risk to companies. With social networking your company can be exposed to as many threats as the amount of users that make use of social networking and are not advised on security policy regarding the use of social networking. 


Q15. A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data? 

A. AES 

B. 3DES 

C. RC4 

D. WPA2 

Answer:

Explanation: 

3DES (Triple DES) is based on DES. 

In cryptography, Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. The electronic payment industry uses Triple DES and continues to develop and promulgate standards based upon it (e.g. EMV). Microsoft OneNote, Microsoft Outlook 2007, and Microsoft System Center Configuration Manager 2012, use Triple DES to password protect user content and system data. 


Q16. Which of the following offers the LEAST secure encryption capabilities? 

A. TwoFish 

B. PAP 

C. NTLM 

D. CHAP 

Answer:

Explanation: 

PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP or EAP. 


Q17. Which of the following would Jane, an administrator, use to detect an unknown security vulnerability? 

A. Patch management 

B. Application fuzzing 

C. ID badge 

D. Application configuration baseline 

Answer:

Explanation: 

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. 


Q18. Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend? 

A. Create a VLAN for the SCADA 

B. Enable PKI for the MainFrame 

C. Implement patch management 

D. Implement stronger WPA2 Wireless 

Answer:

Explanation: 

VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. This can be accomplished by not defining a route between different VLANs or by specifying a deny filter between certain VLANs (or certain members of a VLAN). Any network segment that doesn’t need to communicate with another in order to accomplish a work task/function shouldn’t be able to do so. 


Q19. Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks? 

A. User Awareness 

B. Acceptable Use Policy 

C. Personal Identifiable Information 

D. Information Sharing 

Answer:

Explanation: 

Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Employees should be made aware of this type of attack by means of training. 


Q20. HOTSPOT 

For each of the given items, select the appropriate authentication category from the dropdown choices. 

Instructions: When you have completed the simu-lation, please select the Done button to submit. 

Answer: