Want to know Pass4sure SY0-401 Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study High quality CompTIA SY0-401 answers to Updated SY0-401 questions at Pass4sure. Gat a success with an absolute guarantee to pass CompTIA SY0-401 (CompTIA Security+ Certification) test on your first attempt.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

2021 Apr SY0-401 test preparation

Q151. Which of the following is the BEST approach to perform risk mitigation of user access control rights? 

A. Conduct surveys and rank the results. 

B. Perform routine user permission reviews. 

C. Implement periodic vulnerability scanning. 

D. Disable user accounts that have not been used within the last two weeks. 

Answer:

Explanation: 

Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. User permissions may be the most basic aspect of security and is best coupled with a principle of least privilege. And related to permissions is the concept of the access control list (ACL). An ACL is literally a list of who can access what resource and at what level. Thus the best risk mitigation steps insofar as access control rights are concerned, is the regular/routine review of user permissions. 


Q152. Which of the following is a difference between TFTP and FTP? 

A. TFTP is slower than FTP. 

B. TFTP is more secure than FTP. 

C. TFTP utilizes TCP and FTP uses UDP. 

D. TFTP utilizes UDP and FTP uses TCP. 

Answer:

Explanation: 

FTP employs TCP ports 20 and 21 to establish and maintain client-to-server communications, whereas TFTP makes use of UDP port 69. 


Q153. A security administrator is reviewing the company’s continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing? 

A. Systems should be restored within six hours and no later than two days after the incident. 

B. Systems should be restored within two days and should remain operational for at least six hours. 

C. Systems should be restored within six hours with a minimum of two days worth of data. 

D. Systems should be restored within two days with a minimum of six hours worth of data. 

Answer:

Explanation: 

The recovery time objective (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable. Beyond this time, the break in business continuity is considered to affect the business negatively. The RTO is agreed on during the business impact analysis (BIA) creation. 

The recovery point objective (RPO) is similar to RTO, but it defines the point at which the system needs to be restored. This could be where the system was two days before it crashed (whip out the old backup tapes) or five minutes before it crashed (requiring complete redundancy). As a general rule, the closer the RPO matches the item of the crash, the more expensive it is to obtain. 


Q154. A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used? 

A. RADIUS 

B. SAML 

C. TACACS+ 

D. LDAP 

Answer:

Explanation: 

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number. 

An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol): dn: cn=John Doe,dc=example,dc=com cn: John Doe givenName: John sn: Doe telephoneNumber: +1 888 555 6789 telephoneNumber: +1 888 555 1232 mail: john@example.com manager: cn=Barbara Doe,dc=example,dc=com objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top "dn" is the distinguished name of the entry; it is neither an attribute nor a part of the entry. "cn=John Doe" is the entry's RDN (Relative Distinguished Name), and "dc=example,dc=com" is the DN of the parent entry, where "dc" denotes 'Domain Component'. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like "cn" for common name, "dc" for domain component, "mail" for e-mail address, and "sn" for surname. 


Q155. Which of the following is BEST carried out immediately after a security breach is discovered? 

A. Risk transference 

B. Access control revalidation 

C. Change management 

D. Incident management 

Answer:

Explanation: 

Incident management is the steps followed when security incident occurs. 


Renew SY0-401 practice:

Q156. Disabling unnecessary services, restricting administrative access, and enabling auditing controls on a server are forms of which of the following? 

A. Application patch management 

B. Cross-site scripting prevention 

C. Creating a security baseline 

D. System hardening 

Answer:

Explanation: 

Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. 


Q157. A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator’s concerns? 

A. Install a mobile application that tracks read and write functions on the device. 

B. Create a company policy prohibiting the use of mobile devices for personal use. 

C. Enable GPS functionality to track the location of the mobile devices. 

D. Configure the devices so that removable media use is disabled. 

Answer:

Explanation: 

Mobile devices can be plugged into computers where they appear as an additional disk in the same way as a USB drive. This is known as removable media. This would enable users to copy company data onto the mobile devices. By disabling removable media use, the users will not be able to copy data onto the mobile devices. 


Q158. Acme Corp has selectively outsourced proprietary business processes to ABC Services. Due to some technical issues, ABC services wants to send some of Acme Corp’s debug data to a third party vendor for problem resolution. Which of the following MUST be considered prior to sending data to a third party? 

A. The data should be encrypted prior to transport 

B. This would not constitute unauthorized data sharing 

C. This may violate data ownership and non-disclosure agreements 

D. Acme Corp should send the data to ABC Services’ vendor instead 

Answer:

Explanation: 

With sending your data to a third party is already a risk since the third party may have a different policy than yours. Data ownership and non-disclosure is already a risk that you will have to accept since the data will be sent for debugging /troubleshooting purposes which will result in definite disclosure of the data. 


Q159. DRAG DROP 

Determine the types of attacks below by selecting an option from the dropdown list. Determine the types of Attacks from right to specific action. 

Answer: 

Explanation: 

A. Phishing. 

B. Whaling. 

C. Vishing. 

D. Spim. 

E. Social engineering. 

A: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page. 

B: Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles. Hackers who engage in whaling often describe these efforts as "reeling in a big fish," applying a familiar metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber threats. 

C: Vishing is the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking he or she will profit. 

D: SPIM is a term sometimes used to refer to spam over IM (Instant Messaging). It’s also called just spam, instant spam, or IM marketing. No matter what the name, it consists of unwanted messages transmitted through some form of instant messaging service, which can include Short Message Service (SMS). 

E: Social engineering is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations today encounter. A social engineer runs what used to be called a "con game." For example, a person using social engineering to break into a computer network might try to gain the confidence of an authorized user and get them to reveal information that compromises the network's security. Social engineers often rely on the natural helpfulness of people as well as on their weaknesses. They might, for example, call the authorized employee with some kind of urgent problem that requires immediate network access. Appealing to vanity, appealing to authority, appealing to greed, and old-fashioned eavesdropping are other typical social engineering techniques. 

References: 

http://www.webopedia.com/TERM/P/phishing.html http://www.techopedia.com/definition/28643/whaling http://www.webopedia.com/TERM/V/vishing.html http://searchsecurity.techtarget.com/definition/social-engineering 


Q160. A distributed denial of service attack can BEST be described as: 

A. Invalid characters being entered into a field in a database application. 

B. Users attempting to input random or invalid data into fields within a web browser application. 

C. Multiple computers attacking a single target in an organized attempt to deplete its resources. 

D. Multiple attackers attempting to gain elevated privileges on a target system. 

Answer:

Explanation: 

A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. 

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.