CompTIA SY0-401 Exam, The Best CompTIA SY0-401 PDF On Store
Welcome to download the newest Pass4itsure SY0-401 Exam VCE dumps: http://www.pass4itsure.com/SY0-401.html
The CompTIA SY0-401 exam is one of the most popular CompTIA Certification exams. If you want to reach a professional or expert level in the CompTIA Certification career certification tracks, passing CompTIA SY0-401 exam is the first step. We provide professional CompTIA SY0-401 exam sample questions. CompTIA SY0-40 exam details Candidates can become CompTIA certified professionals by using a general CompTIA SY0-401 Certification test offered by Pass4itsure. We all know that succeeding in CompTIA SY0-401 Exam is essential in the IT industry. CompTIA SY0-401 Certification is a world-widely recognized certification. In order to enhance your career value, it’s right to get CompTIA SY0-401 certification. We devise Pass4itsure CompTIA SY0-401 exam sample questions containing various questions in a way that could help you ace the exam without any other books or materials.
QUESTION 21
An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?
A. XSRF Attacks
B. Fuzzing
C. Input Validations
D. SQL Injections
Correct Answer: B Explanation
QUESTION 22
A recent review of accounts on various systems has found that after employees’ passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO).
A. Reverse encryption
B. Minimum password age
C. Password complexity
D. Account lockouts
E. Password history
F. Password expiration
Correct Answer: BE Explanation
QUESTION 23
An organizations’ security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue?
A. Password history
B. Password complexity
C. Password length
D. Password expiration
Correct Answer: A Explanation
QUESTION 24
The system administrator is reviewing the following logs from the company web server:
12:34:56 GET /directory_listing.php?user=admin&pass=admin1
12:34:57 GET /directory_listing.php?user=admin&pass=admin2
12:34:58 GET /directory_listing.php?user=admin&pass=1admin
12:34:59 GET /directory_listing.php?user=admin&pass=2admin
Which of the following is this an example of?
A. Online rainbow table attack
B. Offline brute force attack
C. Offline dictionary attack
D. Online hybrid attack
Correct Answer: D Explanation
QUESTION 25
A security administrator must implement a system that will support and enforce the following file system access control model: FILE NAME SECURITY LABEL
Employees.doc Confidential Salary.xls Confidential
OfficePhones.xls Unclassified
PersonalPhones.xls Restricted
Which of the following should the security administrator implement?
A. White and black listing
B. SCADA system
C. Trusted OS
D. Version control
Correct Answer: C Explanation
QUESTION 26
An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?
A. Initial baseline configuration snapshots
B. Firewall, IPS and network segmentation
C. Event log analysis and incident response
D. Continuous security monitoring processes
Correct Answer: D Explanation
QUESTION 27
A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this?
A. External penetration test
B. Internal vulnerability scan
C. External vulnerability scan
D. Internal penetration test
Correct Answer: C Explanation
QUESTION 28
Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services?
A. NIPS
B. Content filter
C. NIDS
D. Host-based firewalls
Correct Answer: D Explanation QUESTION 29
Which of the following is a directional antenna that can be used in point-to-point or point-to-multi-point WiFi communication systems? (Select TWO).
A. Backfire
B. Dipole
C. Omni
D. PTZ
E. Dish
Correct Answer: AE Explanation
QUESTION 30
A large bank has moved back office operations offshore to another country with lower wage costs in an attempt to improve profit and productivity. Which of the following would be a customer concern if the offshore staff had direct access to their data?
A. Service level agreements
B. Interoperability agreements
C. Privacy considerations
D. Data ownership
Correct Answer: C Explanation
QUESTION 31
Which of the following are examples of detective controls?
A. Biometrics, motion sensors and mantraps.
B. Audit, firewall, anti-virus and biometrics.
C. Motion sensors, intruder alarm and audit.
D. Intruder alarm, mantraps and firewall.
Correct Answer: C Explanation
QUESTION 32
Which of the following attacks impact the availability of a system? (Select TWO).
A. Smurf
B. Phishing
C. Spim
D. DDoS
E. Spoofing
Correct Answer: AD Explanation
QUESTION 33
Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?
A. Honeynet
B. Vulnerability scanner
C. Port scanner
D. Protocol analyzer
Correct Answer: A Explanation
QUESTION 34
An organization processes credit card transactions and is concerned that an employee may intentionally
email credit card numbers to external email addresses.
This company should consider which of the following technologies?
A. IDS
B. Firewalls
C. DLP
D. IPS
Correct Answer: C Explanation
QUESTION 35
A computer is found to be infected with malware and a technician re-installs the operating system. The computer remains infected with malware. This is an example of:
A. a rootkit.
B. a MBR infection.
C. an exploit kit.
D. Spyware.
Correct Answer: B Explanation
QUESTION 36
Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO).
A. Separation of duties
B. Job rotation
C. Mandatory vacation
D. Time of day restrictions
E. Least privilege
Correct Answer: AE Explanation
QUESTION 37
Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks?
A. Implement a HIDS to protect the SCADA system
B. Implement a Layer 2 switch to access the SCADA system
C. Implement a firewall to protect the SCADA system
D. Implement a NIDS to protect the SCADA system
Correct Answer: C Explanation
QUESTION 38
The common method of breaking larger network address space into smaller networks is known as:
A. subnetting.
B. phishing.
C. virtualization.
D. packet filtering.
Correct Answer: A Explanation
QUESTION 39
While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).
A. 20
B. 21
C. 22
D. 68
E. 69
Correct Answer: AB Explanation
QUESTION 40
An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?
A. Use a stateful firewall
B. Enable MAC filtering
C. Upgrade to WPA2 encryption
D. Force the WAP to use channel 1
Correct Answer: B Explanation
QUESTION 41
Which of the following helps to establish an accurate timeline for a network intrusion?
A. Hashing images of compromised systems
B. Reviewing the date of the antivirus definition files
C. Analyzing network traffic and device logs
D. Enforcing DLP controls at the perimeter
Correct Answer: C Explanation
QUESTION 42
A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company’s gateway firewall?
A. PERMIT TCP FROM ANY 443 TO 199.70.5.25 443
B. PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY
C. PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY
D. PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443
Correct Answer: D Explanation
QUESTION 43
A user has plugged in a wireless router from home with default configurations into a network jack at the office. This is known as:
A. an evil twin.
B. an IV attack.
C. a rogue access point.
D. an unauthorized entry point.
Correct Answer: C Explanation
QUESTION 44
When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?
A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing
Correct Answer: C Explanation
QUESTION 45
It is MOST important to make sure that the firewall is configured to do which of the following?
A. Alert management of a possible intrusion.
B. Deny all traffic and only permit by exception.
C. Deny all traffic based on known signatures.
D. Alert the administrator of a possible intrusion.
Correct Answer: B Explanation
QUESTION 46
An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution?
A. Require IPSec with AH between the servers
B. Require the message-authenticator attribute for each message
C. Use MSCHAPv2 with MPPE instead of PAP D. Require a long and complex shared secret for the servers
Correct Answer: A Explanation
QUESTION 47
A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO).
A. Deploy a honeypot
B. Disable unnecessary services
C. Change default passwords
D. Implement an application firewall
E. Penetration testing
Correct Answer: BC Explanation
QUESTION 48
Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost- effective solution to assist in capacity planning as well as visibility into the performance of the network. Which of the following cloud technologies should she look into?
A. IaaS
B. MaaS
C. SaaS
D. PaaS
Correct Answer: B Explanation
QUESTION 49
Which of the following is the BEST reason for placing a password lock on a mobile device?
A. Prevents an unauthorized user from accessing owner’s data
B. Enables remote wipe capabilities
C. Stops an unauthorized user from using the device again
D. Prevents an unauthorized user from making phone calls
Correct Answer: A Explanation
QUESTION 50
When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described?
A. Network based
B. IDS
C. Signature based
D. Host based
Correct Answer: C Explanation
QUESTION 51
Joe is the accounts payable agent for ABC Company. Joe has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts?
A. Mandatory vacation
B. Job rotation
C. Separation of duties
D. Replacement
Correct Answer: A Explanation
QUESTION 52
Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router’s logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer’s reports?
A. Configure the router so that wireless access is based upon the connecting device’s hardware address.
B. Modify the connection’s encryption method so that it is using WEP instead of WPA2.
C. Implement connections via secure tunnel with additional software on the developer’s computers.
D. Configure the router so that its name is not visible to devices scanning for wireless networks.
Correct Answer: A Explanation
QUESTION 53
Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
Host 192.168.1.123
[00:00:01]Successful Login: 015 192.168.1.123 : local
[00:00:03]Unsuccessful Login: 022 214.34.56.006 :RDP 192.168.1.124
[00:00:04]UnSuccessful Login: 010 214.34.56.006 :RDP 192.168.1.124
[00:00:07]UnSuccessful Login: 007 214.34.56.006 :RDP 192.168.1.124
[00:00:08]UnSuccessful
Login: 003 214.34.56.006 :RDP 192.168.1.124
A.
Reporting
B.
IDS
C.
Monitor system logs
D.
Hardening
Correct Answer: D Explanation QUESTION 54
Four weeks ago, a network administrator applied a new IDS and allowed it to gather baseline data. As rumors of a layoff began to spread, the IDS alerted the network administrator that access to sensitive client files had risen far above normal. Which of the following kind of IDS is in use?
A. Protocol based
B. Heuristic based
C. Signature based
D. Anomaly based
Correct Answer: D Explanation
Known as CompTIA SY0-401 exam, it is the most hottest exam of CompTIA certification. Pass4itsure has the actual and new version for CompTIA SY0-401 exam candidates, which is written to coincide with the real test by the experienced IT experts and specialists. In the CompTIA SY0-401 exam resources, you will cover every field and category in CompTIA certifications helping to ready you for your successful.
Pass4itsure SY0-401 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/sy0-401.html