SY0-401 Exam
10 Tips For SY0-401 customers
It is more faster and easier to pass the CompTIA SY0-401 exam by using Validated CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Renewal SY0-401 Exam and find the same core area SY0-401 questions with professionally verified answers, then PASS your exam with a high score now.
2021 Mar SY0-401 exam cost
Q551. Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file?
A. Cognitive password
B. Password sniffing
C. Brute force
D. Social engineering
Answer: C
Explanation:
One way to recover a user’s forgotten password on a password protected file is to guess it. A brute force attack is an automated attempt to open the file by using many different passwords.
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security. A brute force attack may also be referred to as brute force cracking. For example, a form of brute force attack known as a dictionary attack might try all the words in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers. An attack of this nature can be time- and resource-consuming. Hence the name "brute force attack;" success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.
Q552. A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. Which of the following should the administrator use to test the patching process quickly and often?
A. Create an incremental backup of an unpatched PC
B. Create an image of a patched PC and replicate it to servers
C. Create a full disk image to restore after each installation
D. Create a virtualized sandbox and utilize snapshots
Answer: D
Explanation:
Q553. Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?
A. No competition with the company’s official social presence
B. Protection against malware introduced by banner ads
C. Increased user productivity based upon fewer distractions
D. Elimination of risks caused by unauthorized P2P file sharing
Answer: B
Explanation:
Banner, or header information messages sent with data to find out about the system(s) does happen. Banners often identify the host, the operating system running on it, and other information that can be useful if you are going to attempt to later breach the security of it.
Q554. A company’s chief information officer (CIO) has analyzed the financial loss associated with the company’s database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?
A. Succession plan
B. Continuity of operation plan
C. Disaster recovery plan
D. Business impact analysis
Answer: D
Explanation:
Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn’t concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization.
Q555. Users at a company report that a popular news website keeps taking them to a web page with derogatory content. This is an example of which of the following?
A. Evil twin
B. DNS poisoning
C. Vishing
D. Session hijacking
Answer: B
Explanation:
DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver's cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker's computer (or any other computer). A domain name system server translates a human-readable domain name (such as example.com) into a numerical IP address that is used to route communications between nodes. Normally if the server doesn't know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time, so that, if it receives another request for the same translation, it can reply without having to ask the other server again. When a DNS server has received a false translation and caches it for performance optimization, it is considered poisoned, and it supplies the false data to clients. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (in this case, the server hosting the web page with derogatory content).
Renovate SY0-401 simulations:
Q556. An auditor is given access to a conference room to conduct an analysis. When they connect their laptop’s Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue?
A. Ethernet cable is damaged
B. The host firewall is set to disallow outbound connections
C. Network Access Control
D. The switch port is administratively shutdown
Answer: C
Explanation:
Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.
Q557. ON NO: 50
The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?
A. Remove the staff group from the payroll folder
B. Implicit deny on the payroll folder for the staff group
C. Implicit deny on the payroll folder for the managers group
D. Remove inheritance from the payroll folder
Answer: B
Explanation: Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.
Q558. When employees that use certificates leave the company they should be added to which of the following?
A. PKI
B. CA
C. CRL
D. TKIP
Answer: C
Explanation:
The certificates of the leaving employees must be made unusable. This is done by revoking them.
The revoke certificates end up in the CRL.
Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers
paired with digital certificate status. The list enumerates revoked certificates along with the
reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also
included. In addition, each list contains a proposed date for the next release.
Q559. Customers’ credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?
A. Application firewalls
B. Manual updates
C. Firmware version control
D. Encrypted TCP wrappers
Answer: D
Explanation:
Wrapping sensitive systems with a specific control is required when protecting data in transit. TCP wrappers are also security controls. TCP Wrapper is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux
or BSD. It allows host or subnetwork IP addresses, names and/or inetd query replies, to be used
as tokens on which to filter for access control purposes.
TCP Wrapper should not be considered a replacement for a properly configured firewall. Instead,
TCP Wrapper should be used in conjunction with a firewall and other security enhancements in
order to provide another layer of protection in the implementation of a security policy.
Q560. An incident response team member needs to perform a forensics examination but does not have the required hardware. Which of the following will allow the team member to perform the examination with minimal impact to the potential evidence?
A. Using a software file recovery disc
B. Mounting the drive in read-only mode
C. Imaging based on order of volatility
D. Hashing the image after capture
Answer: B
Explanation:
Mounting the drive in read-only mode will prevent any executable commands from being executed. This is turn will have the least impact on potential evidence using the drive in question.