• Home
• CompTIA
• SY0-401 : CompTIA Security+ Certification

All About SY0-401 training Apr 2021

---

Examcollection senior CompTIA lecturers as well as experts can accept which Examcollection CompTIA SY0-401 test questions and answers tend to be practically proper. The actual pass rate of CompTIA Security+ Certification was practically 95 percent. Previously mentioned al, were able to prove that the SY0-401 research supplies made beneficial guide for CompTIA candidates. Our SY0-401 pdf well worth the examinees sparing no effort to study. You are able to wager the trunk you will have positive outcome from the Examcollection CompTIA Security+ Certification practice assessments.

2021 Apr SY0-401 test preparation

Q501. NO: 104 

A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized? (Select TWO). 

A. RDP 

B. SNMP 

C. FTP 

D. SCP 

E. SSH 

Answer: D,E 

Explanation: 

SSH is used to establish a command-line, text-only interface connection with a server, router, 

switch, or similar device over any distance. 

Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy 

Protocol (RCP). SCP is commonly used on Linux and Unix platforms. 

Q502. A team of firewall administrators have access to a `master password list’ containing service account passwords. Which of the following BEST protects the master password list? 

A. File encryption 

B. Password hashing 

C. USB encryption 

D. Full disk encryption 

Answer: A 

Explanation: 

File encryption can be used to protect the contents of individual files. It uses randomly generated symmetric encryption keys for the file and stores the key in an encrypted form using the user’s public key on the encrypted file. 

Q503. In order to secure additional budget, a security manager wants to quantify the financial impact of a one-time compromise. Which of the following is MOST important to the security manager? 

A. Impact 

B. SLE 

C. ALE 

D. ARO 

Answer: B 

Explanation: 

Q504. Which of the following can be implemented with multiple bit strength? 

A. AES 

B. DES 

C. SHA-1 

D. MD5 

E. MD4 

Answer: A 

Explanation: 

AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits. 

Q505. During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic? 

A. FTP 

B. DNS 

C. Email 

D. NetBIOS 

Answer: B 

Explanation: 

DNS (Domain Name System) uses port 53. 

Update SY0-401 book:

Q506. The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action? 

A. Create a single, shared user account for every system that is audited and logged based upon time of use. 

B. Implement a single sign-on application on equipment with sensitive data and high-profile shares. 

C. Enact a policy that employees must use their vacation time in a staggered schedule. 

D. Separate employees into teams led by a person who acts as a single point of contact for observation purposes. 

Answer: C 

Explanation: 

A policy that states employees should use their vacation time in a staggered schedule is a way of employing mandatory vacations. A mandatory vacation policy requires all users to take time away from work while others step in and do the work of that employee on vacation. This will afford the CSO the opportunity to see who is using the company assets responsibly and who is abusing it. 

Q507. A malicious individual is attempting to write too much data to an application’s memory. Which of the following describes this type of attack? 

A. Zero-day 

B. SQL injection 

C. Buffer overflow 

D. XSRF 

Answer: C 

Explanation: 

Explanation: A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. 

Q508. Timestamps and sequence numbers act as countermeasures against which of the following types of attacks? 

A. Smurf 

B. DoS 

C. Vishing 

D. Replay 

Answer: D 

Explanation: 

A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 

For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve. 

Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Eve has captured this value and tries to use it on another session; Bob sends a different session token, and when Eve replies with the captured value it will be different from Bob's computation. Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication. One-time passwords are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking systems. Bob can also send nonces but should then include a message authentication code (MAC), which Alice should check. Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers, with the trade-off being that replay attacks, if 

they are performed quickly enough i.e. within that 'reasonable' limit, could succeed. 

Q509. An administrator needs to renew a certificate for a web server. Which of the following should be submitted to a CA? 

A. CSR 

B. Recovery agent 

C. Private key 

D. CRL 

Answer: A 

Explanation: 

In public key infrastructure (PKI) systems, a certificate signing request (also CSR or certification 

request) is a message sent from an applicant to a certificate authority in order to apply for a digital 

identity certificate. 

When you renew a certificate you send a CSR to the CA to get the certificate resigned. 

Q510. In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified? 

A. Security control frameworks 

B. Best practice 

C. Access control methodologies 

D. Compliance activity 

Answer: B 

Explanation: 

Best practices are based on what is known in the industry and those methods that have consistently shown superior results over those achieved by other means. Furthermore best practices are applied to all aspects in the work environment.