SY0-401 Exam
Most up-to-date SY0-401: Pass4sure real lab from 171 to 180
It is more faster and easier to pass the CompTIA SY0-401 exam by using Refined CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Renewal SY0-401 Exam and find the same core area SY0-401 questions with professionally verified answers, then PASS your exam with a high score now.
2021 Mar SY0-401 study guide
Q171. A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface.
PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443
Which of the following rules would accomplish this task? (Select TWO).
A. Change the firewall default settings so that it implements an implicit deny
B. Apply the current ACL to all interfaces of the firewall
C. Remove the current ACL
D. Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53
E. Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53
F. Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53
Answer: A,F
Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.
DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. These are zone file exchanges between DNS servers, special manual queries, or used when a response exceeds 512 bytes. UDP port 53 is used for most typical DNS queries.
Q172. Which of the following would prevent a user from installing a program on a company-owned mobile device?
A. White-listing
B. Access control lists
C. Geotagging
D. Remote wipe
Answer: A
Explanation:
Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list.
Q173. Which of the following practices reduces the management burden of access management?
A. Password complexity policies
B. User account audit
C. Log analysis and review
D. Group based privileges
Answer: D
Explanation: Granting permissions to all members of a group is quicker than individually assigning them to each user. This means an administrator will spend less time on assigning permissions to users who require the same access privileges.
Q174. Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect.
Which of the following is MOST likely the reason?
A. The company wireless is using a MAC filter.
B. The company wireless has SSID broadcast disabled.
C. The company wireless is using WEP.
D. The company wireless is using WPA2.
Answer: A
Explanation:
MAC filtering allows you to include or exclude computers and devices based on their MAC address.
Q175. A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place?
A. War chalking
B. Bluejacking
C. War driving
D. Bluesnarfing
Answer: B
Explanation:
The question states that the ‘attack’ took place on public transport and was received on a smartphone. Therefore, it is most likely that the image was sent using Bluetooth. Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames.
Replace SY0-401 practice question:
Q176. After a user performed a war driving attack, the network administrator noticed several similar markings where WiFi was available throughout the enterprise. Which of the following is the term used to describe these markings?
A. IV attack
B. War dialing
C. Rogue access points
D. War chalking
Answer: D
Explanation:
War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection, usually offering an Internet connection so that others can benefit from the free wireless access. The open connections typically come from the access points of wireless networks located within buildings to serve enterprises. The chalk symbols indicate the type of access point that is available at that specific spot.
Q177. A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage?
A. Biometrics
B. Mandatory access control
C. Single sign-on
D. Role-based access control
Answer: A
Explanation:
This question is asking about “authorization”, not authentication.
Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications.
MAC can also be deployed in private sector or corporate business environments. Such cases typically involve the following four security domain levels (in order from least sensitive to most sensitive):
Public Sensitive Private Confidential
A MAC environment works by assigning subjects a clearance level and assigning objects a sensitivity label—in other words, everything is assigned a classification marker. Subjects or users are assigned clearance levels. The name of the clearance level is the same as the name of the sensitivity label assigned to objects or resources. A person (or other subject, such as a program or a computer system) must have the same or greater assigned clearance level as the resources they wish to access. In this manner, access is granted or restricted based on the rules of classification (that is, sensitivity labels and clearance levels). MAC is named as it is because the access control it imposes on an environment is mandatory. Its assigned classifications and the resulting granting and restriction of access can’t be altered by users. Instead, the rules that define the environment and judge the assignment of sensitivity labels and clearance levels control authorization. MAC isn’t a very granularly controlled security environment. An improvement to MAC includes the use of need to know: a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but they’re compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain). The need to know is a rule in and of itself, which states that access is granted only to users who have been assigned work tasks that require access to the cordoned-off object. Even if users have the proper level of clearance, without need to know, they’re denied access. Need to know is the MAC equivalent of the principle of least privilege from DAC
Q178. Which of the following is the MOST important step for preserving evidence during forensic procedures?
A. Involve law enforcement
B. Chain of custody
C. Record the time of the incident
D. Report within one hour of discovery
Answer: B
Explanation:
Chain of custody deals with how evidence is secured, where it is stored, and who has access to it.
When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. The evidence must always be within your custody, or you’re open to dispute about possible evidence tampering. Thus to preserve evidence during a forensic procedure the chain of custody is of utmost importance.
Q179. Company XYZ has encountered an increased amount of buffer overflow attacks. The programmer has been tasked to identify the issue and report any findings. Which of the following is the FIRST step of action recommended in this scenario?
A. Baseline Reporting
B. Capability Maturity Model
C. Code Review
D. Quality Assurance and Testing
Answer: C
Explanation:
Q180. Which of the following uses both a public and private key?
A. RSA
B. AES
C. MD5
D. SHA
Answer: A
Explanation:
The RSA algorithm is an early public-key encryption system that uses large integers as the basis
for the process.
RSA uses both a public key and a secret.
RSA key generation process:
1.
Generate two large random primes, p and q, of approximately equal size such that their product, n = pq, is of the required bit length (such as 2048 bits, 4096 bits, and so forth). Let n = pq Let m = (p-1)(q-1)
2.
Choose a small number e, co-prime to m (note: Two numbers are co-prime if they have no common factors).
3.
Find d, such that de % m = 1
4.
Publish e and n as the public key. Keep d and n as the secret key.