★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Act now and download your CompTIA SY0-401 test today! Do not waste time for the worthless CompTIA SY0-401 tutorials. Download Up to date CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA SY0-401 with a classic professional.

2021 Mar SY0-401 exam topics

Q561. Jane, a security administrator, has been tasked with explaining authentication services to the company’s management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company’s environment? 

A. Kerberos 

B. Least privilege 

C. TACACS+ 

D. LDAP 

Answer:

Explanation: 

Kerberos was accepted by Microsoft as the chosen authentication protocol for Windows 2000 and Active Directory domains that followed. 


Q562. An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised? 

A. A password that has not changed in 180 days 

B. A single account shared by multiple users 

C. A user account with administrative rights 

D. An account that has not been logged into since creation 

Answer:

Explanation: 


Q563. A security administrator notices large amounts of traffic within the network heading out to an external website. The website seems to be a fake bank site with a phone number that when called, asks for sensitive information. After further investigation, the security administrator notices that a fake link was sent to several users. This is an example of which of the following attacks? 

A. Vishing 

B. Phishing 

C. Whaling 

D. SPAM 

E. SPIM 

Answer:

Explanation: 

Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page. Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the "phisher" counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage. Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting. 


Q564. The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware? 

A. TwoFish 

B. SHA-512 

C. Fuzzy hashes 

D. HMAC 

Answer:

Explanation: 

Hashing is used to ensure that a message has not been altered. It can be useful for positively identifying malware when a suspected file has the same hash value as a known piece of malware. However, modifying a single bit of a malicious file will alter its hash value. To counter this, a continuous stream of hash values is generated for rolling block of code. This can be used to determine the similarity between a suspected file and known pieces of malware. 


Q565. A user commuting to work via public transport received an offensive image on their smart phone from another commuter. Which of the following attacks MOST likely took place? 

A. War chalking 

B. Bluejacking 

C. War driving 

D. Bluesnarfing 

Answer:

Explanation: 

The question states that the ‘attack’ took place on public transport and was received on a smartphone. Therefore, it is most likely that the image was sent using Bluetooth. Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames. 


Down to date SY0-401 pdf exam:

Q566. Which of the following are Data Loss Prevention (DLP) strategies that address data in transit issues? (Select TWO). 

A. Scanning printing of documents. 

B. Scanning of outbound IM (Instance Messaging). 

C. Scanning copying of documents to USB. 

D. Scanning of SharePoint document library. 

E. Scanning of shared drives. 

F. Scanning of HTTP user traffic. 

Answer: B,F 

Explanation: 

DLP systems monitor the contents of systems (workstations, servers, networks) to make sure key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Outbound IM and HTTP user traffic refers to data over a network which falls within the DLP strategy. 


Q567. Which of the following is an example of a false positive? 

A. Anti-virus identifies a benign application as malware. 

B. A biometric iris scanner rejects an authorized user wearing a new contact lens. 

C. A user account is locked out after the user mistypes the password too many times. 

D. The IDS does not identify a buffer overflow. 

Answer:

Explanation: 

A false positive is an error in some evaluation process in which a condition tested for is mistakenly found to have been detected. In spam filters, for example, a false positive is a legitimate message mistakenly marked as UBE --unsolicited bulk email, as junk email is more formally known. Messages that are determined to be spam -- whether correctly or incorrectly -- may be rejected by a server or client-side spam filter and returned to the sender as bounce e-mail. One problem with many spam filtering tools is that if they are configured stringently enough to be effective, there is a fairly high chance of getting false positives. The risk of accidentally blocking an important message has been enough to deter many companies from implementing any anti-spam measures at all. False positives are also common in security systems. A host intrusion prevention system (HIPS), for example, looks for anomalies, such as deviations in bandwidth, protocols and ports. When activity varies outside of an acceptable range – for example, a remote application attempting to open a normally closed port -- an intrusion may be in progress. However, an anomaly, such as a sudden spike in bandwidth use, does not guarantee an actual attack, so this approach amounts to an educated guess and the chance for false positives can be high. False positives contrast with false negatives, which are results indicating mistakenly that some condition tested for is absent. 


Q568. A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user’s digital certificate. Which of the following will help resolve the issue? (Select TWO). 

A. Revoke the digital certificate 

B. Mark the key as private and import it 

C. Restore the certificate using a CRL 

D. Issue a new digital certificate 

E. Restore the certificate using a recovery agent 

Answer: A,D 

Explanation: 

The user's certificate must be revoked to ensure that the stolen computer cannot access 

resources the user has had access to. 

To grant the user access to the resources he must be issued a new certificate. 


Q569. A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download? 

A. Backdoor 

B. Spyware 

C. Logic bomb 

D. DDoS 

E. Smurf 

Answer:

Explanation: Explanation Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users. 


Q570. A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following? 

A. Availability 

B. Integrity 

C. Confidentiality 

D. Fire suppression 

Answer:

Explanation: 

Availability means simply to make sure that the data and systems are available for authorized users. Data backups, redundant systems, and disaster recovery plans all support availability; as does environmental support by means of HVAC.