SY0-401 Exam
Top Tips Of SY0-401 testing engine
2021 Apr SY0-401 sample question
Q331. Which of the following devices will help prevent a laptop from being removed from a certain location?
A. Device encryption
B. Cable locks
C. GPS tracking
D. Remote data wipes
Answer: B
Explanation:
Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal.
Q332. Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
Host 192.168.1.123
[00:
00: 01]Successful Login: 015 192.168.1.123 : local
[00:
00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
[00:
00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
[00:
00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[00:
00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124
A.
Reporting
B.
IDS
C.
Monitor system logs
D.
Hardening
Answer: D
Explanation:
We can see a number of unsuccessful login attempts using a Remote Desktop Connection (using the RDP protocol) from a computer with the IP address 192.168.1.124. Someone successfully logged in locally. This is probably an authorized login (for example, Joe logging in). Hardening is the process of securing a system. We can harden (secure) the system by either disallowing remote desktop connections altogether or by restricting which IPs are allowed to initiate remote desktop connections.
Q333. Which of the following is a difference between TFTP and FTP?
A. TFTP is slower than FTP.
B. TFTP is more secure than FTP.
C. TFTP utilizes TCP and FTP uses UDP.
D. TFTP utilizes UDP and FTP uses TCP.
Answer: D
Explanation:
FTP employs TCP ports 20 and 21 to establish and maintain client-to-server communications, whereas TFTP makes use of UDP port 69.
Q334. The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?
A. TwoFish
B. SHA-512
C. Fuzzy hashes
D. HMAC
Answer: C
Explanation:
Hashing is used to ensure that a message has not been altered. It can be useful for positively identifying malware when a suspected file has the same hash value as a known piece of malware. However, modifying a single bit of a malicious file will alter its hash value. To counter this, a continuous stream of hash values is generated for rolling block of code. This can be used to determine the similarity between a suspected file and known pieces of malware.
Q335. A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?
A. The old APs use 802.11a
B. Users did not enter the MAC of the new APs
C. The new APs use MIMO
D. A site survey was not conducted
Answer: D
Explanation:
To test the wireless AP placement, a site survey should be performed.
Topic 2, Compliance and Operational Security
Q336. HOTSPOT
The security administrator has installed a new firewall which implements an implicit DENY policy by default. Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.
Answer:
Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443. Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the
default SCP port, which is TCP Port 22
Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing
servers located on the secure network over the default TFTP port, which is Port 69.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 26, 44.
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Q337. A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following?
A. Availability
B. Integrity
C. Confidentiality
D. Fire suppression
Answer: A
Explanation:
Availability means simply to make sure that the data and systems are available for authorized users. Data backups, redundant systems, and disaster recovery plans all support availability; as does environmental support by means of HVAC.
Q338. Which of the following types of attacks involves interception of authentication traffic in an attempt to gain unauthorized access to a wireless network?
A. Near field communication
B. IV attack
C. Evil twin
D. Replay attack
Answer: B
Explanation:
An initialization vector is a random number used in combination with a secret key as a means to encrypt data. This number is sometimes referred to as a nonce, or “number occurring once,” as an encryption program uses it only once per session. An initialization vector is used to avoid repetition during the data encryption process, making it impossible for hackers who use dictionary attack to decrypt the exchanged encrypted message by discovering a pattern. This is known as an IV attack. A particular binary sequence may be repeated more than once in a message, and the more it appears, the more the encryption method is discoverable. For example if a one-letter word exists in a message, it may be either “a” or “I” but it can’t be “e” because the word “e” is non-sensical in English, while “a” has a meaning and “I” has a meaning. Repeating the words and letters makes it possible for software to apply a dictionary and discover the binary sequence corresponding to
each letter.
Using an initialization vector changes the binary sequence corresponding to each letter, enabling
the letter “a” to be represented by a particular sequence in the first instance, and then represented
by a completely different binary sequence in the second instance.
WEP (Wireless Equivalent Privacy) is vulnerable to an IV attack. Because RC4 is a stream cipher,
the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain
text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy
network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there
is a 50% probability the same IV will repeat after 5000 packets.
Q339. Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?
A. NoSQL databases are not vulnerable to XSRF attacks from the application server.
B. NoSQL databases are not vulnerable to SQL injection attacks.
C. NoSQL databases encrypt sensitive information by default.
D. NoSQL databases perform faster than SQL databases on the same hardware.
Answer: B
Explanation:
Q340. Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO).
A. Acceptable use policy
B. Risk acceptance policy
C. Privacy policy
D. Email policy
E. Security policy
Answer: A,C
Explanation:
Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document that outlines how data collected is secured. It should encompass information regarding the information the company collects, privacy choices you have based on your account, potential information sharing of your data with other parties, security measures in place, and enforcement. Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.