★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Our pass rate is high to 98.9% and the similarity percentage between our sy0 401 dump study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA comptia security+ get certified get ahead sy0 401 study guide exam in just one try? I am currently studying for the CompTIA comptia security+ sy0 401 pdf exam. Latest CompTIA sy0 401 pdf Test exam practice questions and answers, Try CompTIA sy0 401 practice test Brain Dumps First.

Q421. Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts? 

A. badlog 

B. faillog 

C. wronglog 

D. killlog 

Answer:

Explanation: 

var/log/faillog - This Linux log fi le contains failed user logins. You’ll find this log useful when 

tracking attempts to crack into your system. 

/var/log/apport.log This log records application crashes. Sometimes these can reveal attempts to 

compromise the system or the presence of a virus or spyware. 


Q422. The system administrator has deployed updated security controls for the network to limit risk of attack. The security manager is concerned that controls continue to function as intended to maintain appropriate security posture. 

Which of the following risk mitigation strategies is MOST important to the security manager? 

A. User permissions 

B. Policy enforcement 

C. Routine audits 

D. Change management 

Answer:

Explanation: 

After you have implemented security controls based on risk, you must perform routine audits. These audits should include reviews of user rights and permissions as well as specific events. You should pay particular attention to false positives and negatives. 


Q423. Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. 

Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. 

Which of the following should Sara do to address the risk? 

A. Accept the risk saving $10,000. 

B. Ignore the risk saving $5,000. 

C. Mitigate the risk saving $10,000. 

D. Transfer the risk saving $5,000. 

Answer:

Explanation: 

Risk transference involves sharing some of the risk burden with someone else, such as an insurance company. The cost of the security breach over a period of 5 years would amount to $30,000 and it is better to save $5,000. 


Q424. An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points? 

A. SSID broadcast 

B. MAC filter 

C. WPA2 

D. Antenna placement 

Answer:

Explanation: 

Numerous networks broadcast their name (known as an SSID broadcast) to reveal their presence. 


Q425. A small company wants to employ PKI. The company wants a cost effective solution that must be simple and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST option? 

A. PGP, because it employs a web-of-trust that is the most trusted form of PKI. 

B. PGP, because it is simple to incorporate into a small environment. 

C. X.509, because it uses a hierarchical design that is the most trusted form of PKI. 

D. X.509, because it is simple to incorporate into a small environment. 

Answer:

Explanation: 


Q426. A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe? 

A. Zero-day 

B. Buffer overflow 

C. Cross site scripting 

D. Malicious add-on 

Answer:

Explanation: 

This question describes a buffer overflow attack. 

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. 


Q427. Which of the following attacks could be used to initiate a subsequent man-in-the-middle attack? 

A. ARP poisoning 

B. DoS 

C. Replay 

D. Brute force 

Answer:

Explanation: 

A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 

For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve. 

Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Eve has captured this value and tries to use it on another session; Bob sends a different session token, and when Eve replies with the captured value it will be different from Bob's computation. Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication. One-time passwords are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking systems. Bob can also send nonces but should then include a message authentication code (MAC), which Alice should check. Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers, with the trade-off being that replay attacks, if they are performed quickly enough i.e. within that 'reasonable' limit, could succeed. 


Q428. Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished? 

A. Create a VLAN without a default gateway. 

B. Remove the network from the routing table. 

C. Create a virtual switch. 

D. Commission a stand-alone switch. 

Answer:

Explanation: 

A Hyper-V Virtual Switch implements policy enforcement for security, isolation, and service levels. 


Q429. A security team has established a security awareness program. Which of the following would BEST prove the success of the program? 

A. Policies 

B. Procedures 

C. Metrics 

D. Standards 

Answer:

Explanation: 

All types of training should be followed up- be tested to see if it worked and how much was learned in the training process. You must follow up and gather training metrics to validate compliance and security posture. By training metrics, we mean some quantifiable method for determining the efficacy of training. 


Q430. The process of making certain that an entity (operating system, application, etc.) is as secure as it can be is known as: 

A. Stabilizing 

B. Reinforcing 

C. Hardening 

D. Toughening 

Answer:

Explanation: 

Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.