SY0-401 Exam
Finding Most up-to-date SY0-401 ebook
CompTIA CompTIA SY0-401 online dumps contain best quality exam questions and also answers. We guarantee that buyer will pass the particular real CompTIA exam inside first try. We supply free updated practice questions, and you also had much better visit our site frequently to be able to check out in case we have virtually any updated materials. Our experts tend to be absorbed in the advance of all kinds of CompTIA SY0-401 education tests. We be sure that every single coin of income you spend is worthy. Our chief objective is to cause you to pass the CompTIA exam. Your can claim entire money back again if you fail to be able to pass the SY0-401 exam in your first try. We have a guarantee policy to be able to clear your current doubt.
2021 Mar SY0-401 free draindumps
Q481. Joe, the security administrator, has determined that one of his web servers is under attack. Which of the following can help determine where the attack originated from?
A. Capture system image
B. Record time offset
C. Screenshots
D. Network sniffing
Answer: D
Explanation:
Network sniffing is the process of capturing and analyzing the packets sent between systems on
the network. A network sniffer is also known as a Protocol Analyzer.
A Protocol Analyzer is a hardware device or more commonly a software program used to capture
network data communications sent between devices on a network. Capturing and analyzing the
packets sent to the web server will help determine the source IP address of the system sending
the packets.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor)
from Microsoft and Wireshark (formerly Ethereal).
Q482. Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?
A. 21
B. 25
C. 80
D. 3389
Answer: C
Explanation:
Port 80 is used by HTTP, which is the foundation of data communication for the World Wide Web.
Q483. Which of the following was launched against a company based on the following IDS log?
122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET
/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A
AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/
forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)"
A. SQL injection
B. Buffer overflow attack
C. XSS attack
D. Online password crack
Answer: B
Explanation:
The username should be just a username; instead we can see it’s a long line of text with an HTTP command in it. This is an example of a buffer overflow attack. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Q484. Public keys are used for which of the following?
A. Decrypting wireless messages
B. Decrypting the hash of an electronic signature
C. Bulk encryption of IP based email traffic
D. Encrypting web browser traffic
Answer: B
Explanation:
The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.
Q485. A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?
A. Firewall
B. Application
C. IDS
D. Security
Answer: D
Explanation:
The security log records events such as valid and invalid logon attempts, as well as events related to resource use, such as the creating, opening, or deleting of files. For example, when logon auditing is enabled, an event is recorded in the security log each time a user attempts to log on to the computer. You must be logged on as Administrator or as a member of the Administrators group in order to turn on, use, and specify which events are recorded in the security log.
Renovate SY0-401 exam price:
Q486. The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?
A. Black box
B. Penetration
C. Gray box
D. White box
Answer: A
Explanation:
Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place.
Q487. A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future?
A. Procedure and policy management
B. Chain of custody management
C. Change management
D. Incident management
Answer: D
Explanation:
incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The events that could occur include security breaches.
Q488. An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:
A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT
Answer: D
Explanation:
NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request.
Q489. A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address?
A. Identification
B. Authorization
C. Access control
D. Authentication
Answer: A
Q490. Which of the following provides data the best fault tolerance at the LOWEST cost?
A. Load balancing
B. Clustering
C. Server virtualization
D. RAID 6
Answer: D
Explanation:
RAID, or redundant array of independent disks (RAID). RAID allows your existing servers to have more than one hard drive so that if the main hard drive fails, the system keeps functioning. RAID can achieve fault tolerance using software which can be done using the existing hardware and software thus representing the lowest cost option.