SY0-401 Exam
10 Tips For SY0-401 customers
Examcollection presents the CompTIA SY0-401 in two forms-PDF files along with Test serp software. Youd better have a test before buying. Then youll find precisely what can be accomplished in low and substantial proficiency. Choose your suitable CompTIA SY0-401 practice materials in accordance with personal requires. All the CompTIA exam contents regarding Pdf files can download pertaining to free following purchasing. Your test serp will create a real assessment environment to suit your needs, which will cause you to be feel totally free and confident inside the CompTIA SY0-401 actual exam. Consider full good thing about our CompTIA CompTIA studying materials, you will pass your CompTIA exam with a substantial mark. We provide nearly 100% guarantee to acquire certified with the assistance regarding Examcollections products. in reality, you will get full refund if you fail. Or it is possible to order another CompTIA CompTIA SY0-401 exam dumps for totally free.
2021 Apr SY0-401 exam engine
Q381. Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time.
Which of the following does this illustrate?
A. System image capture
B. Record time offset
C. Order of volatility
D. Chain of custody
Answer: D
Explanation:
Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been.
Q382. Which of the following is a directional antenna that can be used in point-to-point or point-to-multi-point WiFi communication systems? (Select TWO).
A. Backfire
B. Dipole
C. Omni
D. PTZ
E. Dish
Answer: A,E
Explanation:
Q383. A network administrator noticed various chain messages have been received by the company.
Which of the following security controls would need to be implemented to mitigate this issue?
A. Anti-spam
B. Antivirus
C. Host-based firewalls
D. Anti-spyware
Answer: A
Explanation: A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM).
Q384. Which of the following is characterized by an attacker attempting to map out an organization’s staff hierarchy in order to send targeted emails?
A. Whaling
B. Impersonation
C. Privilege escalation
D. Spear phishing
Answer: A
Explanation:
A whaling attack is targeted at company executives. Mapping out an organization’s staff hierarchy to determine who the people at the top are is also part of a whaling attack. Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles. Hackers who engage in whaling often describe these efforts as "reeling in a big fish," applying a familiar metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber threats.
Q385. A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?
A. Change the encryption from TKIP-based to CCMP-based.
B. Set all nearby access points to operate on the same channel.
C. Configure the access point to use WEP instead of WPA2.
D. Enable all access points to broadcast their SSIDs.
Answer: A
Explanation:
CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This initialization vector makes cracking a bit more difficult.
Latest SY0-401 brain dumps:
Q386. An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?
A. WEP
B. CCMP
C. TKIP
D. RC4
Answer: B
Explanation:
CCMP is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard.
Q387. Pete, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board.
INSERT INTO message `<script>source=http://evilsite</script>
This is an example of which of the following?
A. XSS attack
B. XML injection attack
C. Buffer overflow attack
D. SQL injection attack
Answer: A
Explanation:
The <script> </script> tags indicate that script is being inserted. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user.
Q388. After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?
A. Host based firewall
B. Initial baseline configurations
C. Discretionary access control
D. Patch management system
Answer: D
Explanation:
Q389. Joe a company’s new security specialist is assigned a role to conduct monthly vulnerability scans across the network. He notices that the scanner is returning a large amount of false positives or failed audits. Which of the following should Joe recommend to remediate these issues?
A. Ensure the vulnerability scanner is located in a segmented VLAN that has access to the company’s servers
B. Ensure the vulnerability scanner is configured to authenticate with a privileged account
C. Ensure the vulnerability scanner is attempting to exploit the weaknesses it discovers
D. Ensure the vulnerability scanner is conducting antivirus scanning
Answer: A
Explanation:
The vulnerability scanner is returning false positives because it is trying to scan servers that it
doesn’t have access to; for example, servers on the Internet.
We need to ensure that the local network servers only are scanned. We can do this by locating the
vulnerability scanner in a segmented VLAN that has access to the company’s servers.
A false positive is an error in some evaluation process in which a condition tested for is mistakenly
found to have been detected.
In spam filters, for example, a false positive is a legitimate message mistakenly marked as UBE --unsolicited bulk email, as junk email is more formally known. Messages that are determined to be
spam -- whether correctly or incorrectly -- may be rejected by a server or client-side spam filter
and returned to the sender as bounce e-mail.
One problem with many spam filtering tools is that if they are configured stringently enough to be
effective, there is a fairly high chance of getting false positives. The risk of accidentally blocking an
important message has been enough to deter many companies from implementing any anti-spam
measures at all.
False positives are also common in security systems. A host intrusion prevention system (HIPS),
for example, looks for anomalies, such as deviations in bandwidth, protocols and ports. When
activity varies outside of an acceptable range – for example, a remote application attempting to
open a normally closed port -- an intrusion may be in progress. However, an anomaly, such as a
sudden spike in bandwidth use, does not guarantee an actual attack, so this approach amounts to
an educated guess and the chance for false positives can be high.
False positives contrast with false negatives, which are results indicating mistakenly that some
condition tested for is absent.
Q390. In order to use a two-way trust model the security administrator MUST implement which of the following?
A. DAC
B. PKI
C. HTTPS
D. TPM
Answer: B
Explanation:
PKI is a high level concept. Within a PKI you use a trust model to set up trust between Certification
Authorities (CAs).
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures
needed to create, manage, distribute, use, store, and revoke digital certificates.