♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q231. A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 

22, 25, 445, 1433, 3128, 3389, 6667 

Which of the following protocols was used to access the server remotely? 

A. LDAP 

B. HTTP 

C. RDP 

D. HTTPS 

Answer:

Explanation: 

RDP uses TCP port 3389. 


Q232. CORRECT TEXT 

Answer: Use the following answer for this simulation task. 

Explanation: 

Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule’s criteria: Block the connection Allow the connection Allow the connection only if it is secured 

TCP is responsible for providing a reliable, one-to-one, connection-oriented session. TCP establishes a connection and ensures that the other end receives any packets sent. Two hosts communicate packet results with each other. TCP also ensures that packets are decoded and sequenced properly. This connection is persistent during the session. When the session ends, the connection is torn down. UDP provides an unreliable connectionless communication method between hosts. UDP is considered a best-effort protocol, but it’s considerably faster than TCP. The sessions don’t establish a synchronized session like the kind used in TCP, and UDP doesn’t guarantee error-free communications. The primary purpose of UDP is to send small packets of information. The application is responsible for acknowledging the correct reception of the data. Port 22 is used by both SSH and SCP with UDP. Port 443 is used for secure web connections – HTTPS and is a TCP port. Thus to make sure only the Accounting computer has HTTPS access to the Administrative server you should use TCP port 443 and set the rule to allow communication between 10.4.255.10/24 (Accounting) and 10.4.255.101 (Administrative server1) Thus to make sure that only the HR computer has access to Server2 over SCP you need use of TCP port 22 and set the rule to allow communication between 10.4.255.10/23 (HR) and 10.4.255.2 (server2) Thus to make sure that the IT computer can access both the Administrative servers you need to use a port and accompanying port number and set the rule to allow communication between: 

10.4.255.10.25 (IT computer) and 10.4.255.101 (Administrative server1) 10.4.255.10.25 (IT computer) and 10.4.255.102 (Administrative server2) 

References: 

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, 

Indianapolis, 2014, pp 77, 83, 96, 157. 


Q233. Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane’s company? 

A. Vulnerability scanner 

B. Honeynet 

C. Protocol analyzer 

D. Port scanner 

Answer:

Explanation: 

The Internet hosts used to gather data on new malware are known as honeypots. A collection of honeypots is known as a honeynet. A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The Honeynet Project, a non-profit research organization dedicated to computer security and information sharing, actively promotes the deployment of honeynets. In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However, because the honeynet doesn't actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security, and any outbound activity is likely evidence that a system has been compromised. For this reason, the suspect information is much more apparent than it would be in an actual network, where it would have to be found amidst all the legitimate network data. Applications within a honeynet are often given names such as "Finances" or "Human Services" to make them sound appealing to the attacker. 

A virtual honeynet is one that, while appearing to be an entire network, resides on a single server. 


Q234. Establishing a method to erase or clear cluster tips is an example of securing which of the following? 

A. Data in transit 

B. Data at rest 

C. Data in use 

D. Data in motion 

Answer:

Explanation: 


Q235. A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network? 

A. Spoof the MAC address of an observed wireless network client 

B. Ping the access point to discover the SSID of the network 

C. Perform a dictionary attack on the access point to enumerate the WEP key 

D. Capture client to access point disassociation packets to replay on the local PC’s loopback 

Answer:

Explanation: 

With ARP spoofing (also known as ARP poisoning), the MAC (Media Access Control) address of the data is faked. By faking this value, it is possible to make it look as if the data came from a network that it did not. This can be used to gain access to the network, to fool the router into sending data here that was intended for another host, or to launch a DoS attack. In all cases, the address being faked is an address of a legitimate user, and that makes it possible to get around such measures as allow/deny lists. Note: As an example, the initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers to crack the WEP secret key. This is known as an IV attack. 


Q236. While rarely enforced, mandatory vacation policies are effective at uncovering: 

A. Help desk technicians with oversight by multiple supervisors and detailed quality control systems. 

B. Collusion between two employees who perform the same business function. 

C. Acts of incompetence by a systems engineer designing complex architectures as a member of a team. 

D. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight. 

Answer:

Explanation: 

Least privilege (privilege reviews) and job rotation is done when mandatory vacations are implemented. Then it will uncover areas where the system administrators neglected to check all users’ privileges since the other users must fill in their positions when they are on their mandatory vacation. 


Q237. Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to? 

A. PAP, MSCHAPv2 

B. CHAP, PAP 

C. MSCHAPv2, NTLMv2 

D. NTLM, NTLMv2 

Answer:

Explanation: 

PAP transmits the username and password to the authentication server in plain text. MSCHAPv2 is utilized as an authentication option for RADIUS servers that are used for Wi-Fi security using the WPA-Enterprise protocol. 


Q238. After working on his doctoral dissertation for two years, Joe, a user, is unable to open his dissertation file. The screen shows a warning that the dissertation file is corrupted because it is infected with a backdoor, and can only be recovered by upgrading the antivirus software from the free version to the commercial version. Which of the following types of malware is the laptop MOST likely infected with? 

A. Ransomware 

B. Trojan 

C. Backdoor 

D. Armored virus 

Answer:

Explanation: 


Q239. A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies? 

A. User rights and permissions review 

B. Change management 

C. Data loss prevention 

D. Implement procedures to prevent data theft 

Answer:

Explanation: 

Terminal Access Controller Access-Control System (TACACS, and variations like XTACACS and TACACS+) is a client/server-oriented environment, and it operates in a manner similar to RADIUS. Furthermore TACACS+ allows for credential to be accepted from multiple methods. Thus you can perform user rights and permission reviews with TACACS+. 


Q240. Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide? 

A. No competition with the company’s official social presence 

B. Protection against malware introduced by banner ads 

C. Increased user productivity based upon fewer distractions 

D. Elimination of risks caused by unauthorized P2P file sharing 

Answer:

Explanation: 

Banner, or header information messages sent with data to find out about the system(s) does happen. Banners often identify the host, the operating system running on it, and other information that can be useful if you are going to attempt to later breach the security of it.