SY0-401 Exam
Top Down to date SY0-401 free exam Reviews!
Cause all that matters here is passing the CompTIA SY0-401 exam. Cause all that you need is a high score of SY0-401 CompTIA Security+ Certification exam. The only one thing you need to do is downloading Examcollection SY0-401 exam study guides now. We will not let you down with our money-back guarantee.
2021 Mar SY0-401 practice test
Q451. Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO’s office with various connected cables from the office. Which of the following describes the type of attack that was occurring?
A. Spear phishing
B. Packet sniffing
C. Impersonation
D. MAC flooding
Answer: B
Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing packets sent from a computer system is known as packet sniffing. However, packet sniffing requires a physical connection to the network. The switch hidden in the ceiling is used to provide the physical connection to the network. Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).
A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn’t generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.
Q452. A security administrator wants to implement a solution which will allow some applications to run under the user's home directory and only have access to files stored within the same user's folder, while other applications have access to shared folders. Which of the following BEST addresses these requirements if the environment is concurrently shared by multiple users?
A. OS Virtualization
B. Trusted OS
C. Process sandboxing
D. File permission
Answer: C
Explanation:
Q453. While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?
A. Log Analysis
B. VLAN Management
C. Network separation
D. 802.1x
Answer: D
Explanation:
802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection-management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC).
Q454. Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).
A. Private hash
B. Recovery agent
C. Public key
D. Key escrow
E. CRL
Answer: B,D
Explanation:
B: If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered key to access the data. A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to escrow, recovery agents are typically used to access information that is encrypted with older keys.
D: If a key need to be recovered for legal purposes the key escrow can be used. Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee’s private messages have been called into question.
Q455. A recent audit of a company’s identity management system shows that 30% of active accounts belong to people no longer with the firm. Which of the following should be performed to help avoid this scenario? (Select TWO).
A. Automatically disable accounts that have not been utilized for at least 10 days.
B. Utilize automated provisioning and de-provisioning processes where possible.
C. Request that employees provide a list of systems that they have access to prior to leaving the firm.
D. Perform regular user account review / revalidation process.
E. Implement a process where new account creations require management approval.
Answer: B,D
Explanation:
Provisioning and de-provisioning processes can occur manually or automatically. Since the manual processes are so time consuming, the automated option should be used as it is more efficient. Revalidating user accounts would determine which users are no longer active.
Renew SY0-401 torrent:
Q456. Several employees submit the same phishing email to the administrator. The administrator finds that the links in the email are not being blocked by the company’s security device. Which of the following might the administrator do in the short term to prevent the emails from being received?
A. Configure an ACL
B. Implement a URL filter
C. Add the domain to a block list
D. Enable TLS on the mail server
Answer: C
Explanation:
Blocking e-mail is the same as preventing the receipt of those e-mails and this is done by applying a filter. But the filter must be configured to block it. Thus you should add that specific domain from where the e-mails are being sent to the list of addresses that is to be blocked.
Q457. A recent intrusion has resulted in the need to perform incident response procedures. The incident response team has identified audit logs throughout the network and organizational systems which hold details of the security breach. Prior to this incident, a security consultant informed the company that they needed to implement an NTP server on the network. Which of the following is a problem that the incident response team will likely encounter during their assessment?
A. Chain of custody
B. Tracking man hours
C. Record time offset
D. Capture video traffic
Answer: C
Explanation:
It is quite common for workstation as well as server times to be off slightly from actual time. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system. There is no mention that this was done by the incident response team.
Q458. A company is looking to improve their security posture by addressing risks uncovered by a recent penetration test. Which of the following risks is MOST likely to affect the business on a day-to-day basis?
A. Insufficient encryption methods
B. Large scale natural disasters
C. Corporate espionage
D. Lack of antivirus software
Answer: D
Explanation:
The most common threat to computers is computer viruses. A computer can become infected with a virus through day-to-day activities such as browsing web sites or emails. As browsing and opening emails are the most common activities performed by all users, computer viruses represent the most likely risk to a business.
Q459. A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that:
A. HDD hashes are accurate.
B. the NTP server works properly.
C. chain of custody is preserved.
D. time offset can be calculated.
Answer: D
Explanation:
It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as well. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system.
Q460. Which of the following does full disk encryption prevent?
A. Client side attacks
B. Clear text access
C. Database theft
D. Network-based attacks
Answer: B
Explanation:
Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.