★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


100% Correct of SY0-401 practice exam materials and answers for CompTIA certification for IT candidates, Real Success Guaranteed with Updated SY0-401 pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!

2021 Oct sy0-401 exam:

Q61. A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected? 

A. Write-once drives 

B. Database encryption 

C. Continuous monitoring 

D. Role-based access controls 

Answer:

Explanation: 


Q62. Which of the following statements is MOST likely to be included in the security awareness training about P2P? 

A. P2P is always used to download copyrighted material. 

B. P2P can be used to improve computer system response. 

C. P2P may prevent viruses from entering the network. 

D. P2P may cause excessive network bandwidth. 

Answer:

Explanation: 

P2P networking by definition involves networking which will reduce available bandwidth for the rest of the users on the network. 


Q63. Which of the following application security testing techniques is implemented when an automated system generates random input data? 

A. Fuzzing 

B. XSRF 

C. Hardening 

D. Input validation 

Answer:

Explanation: 

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. 


Q64. Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in exposure of the sensitive data in the database server? 

A. SQL Injection 

B. Theft of the physical database server 

C. Cookies 

D. Cross-site scripting 

Answer:

Explanation: 

The question discusses a very secure environment with disk and transport level encryption and access control lists restricting access. SQL data in a database is accessed by SQL queries from an application on the application server. The data can still be compromised by a SQL injection attack. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 


Q65. A network administrator has purchased two devices that will act as failovers for each other. Which of the following concepts does this BEST illustrate? 

A. Authentication 

B. Integrity 

C. Confidentiality 

D. Availability 

Answer:

Explanation: 

Failover refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This strategy allows service to continue uninterrupted until the primary server can be restored. In the case of a network, this means processing switches to another network path in the event of a network failure in the primary path. This means availability. 


Up to date free security plus practice exam sy0-401:

Q66. How must user accounts for exiting employees be handled? 

A. Disabled, regardless of the circumstances 

B. Disabled if the employee has been terminated 

C. Deleted, regardless of the circumstances 

D. Deleted if the employee has been terminated 

Answer:

Explanation: 

You should always disable an employee’s account as soon as they leave. The employee knows the username and password of the account and could continue to log in for potentially malicious purposes. Disabling the account will ensure that no one can log in using that account. 


Q67. Which of the following results in datacenters with failed humidity controls? (Select TWO). 

A. Excessive EMI 

B. Electrostatic charge 

C. Improper ventilation 

D. Condensation 

E. Irregular temperature 

Answer: B,D 

Explanation: 

Humidity control prevents the buildup of static electricity in the environment. If the humidity drops much below 50 percent, electronic components are extremely vulnerable to damage from electrostatic shock. Most environmental systems also regulate humidity; however, a malfunctioning system can cause the humidity to be almost entirely extracted from a room. Make sure that environmental systems are regularly serviced. Electrostatic damage can occur when humidity levels get too low. Condensation is a direct result from failed humidity levels. 


Q68. An organization is implementing a password management application which requires that all local administrator passwords be stored and automatically managed. Auditors will be responsible for monitoring activities in the application by reviewing the logs. Which of the following security controls is the BEST option to prevent auditors from accessing or modifying passwords in the application? 

A. Time of day restrictions 

B. Create user accounts for the auditors and assign read-only access 

C. Mandatory access control 

D. Role-based access with read-only 

Answer:

Explanation: 


Q69. An administrator is investigating a system that may potentially be compromised, and sees the following log entries on the router. 

*Jul 15 14:47:29.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 

10.10.1.5 (6667), 3 packets. 

*Jul 15 14:47:38.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 

10.10.1.5 (6667), 6 packets. 

*Jul 15 14:47:45.779:%Router1: list 101 permitted tcp 192.10.3.204(57222) (FastEthernet 0/3) -> 

10.10.1.5 (6667), 8 packets. 

Which of the following BEST describes the compromised system? 

A. It is running a rogue web server 

B. It is being used in a man-in-the-middle attack 

C. It is participating in a botnet 

D. It is an ARP poisoning attack 

Answer:

Explanation: 


Q70. Which of the following types of wireless attacks would be used specifically to impersonate another WAP in order to gain unauthorized information from mobile users? 

A. IV attack 

B. Evil twin 

C. War driving 

D. Rogue access point 

Answer:

Explanation: 

An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique. For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name. In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy for novice users to set up evil twin exploits.