★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/SY0-401-dumps.html
It is impossible to pass CompTIA SY0-401 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed CompTIA SY0-401 practice questions. You will get a surprising result by our Improve CompTIA Security+ Certification practice guides.
2021 Sep security+ sy0-401 vce:
Q31. An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?
A. WEP
B. LEAP
C. EAP-TLS
D. TKIP
Answer: C
Explanation:
The majority of the EAP-TLS implementations require client-side X.509 certificates without giving the option to disable the requirement.
Q32. Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent?
A. Buffer overflow
B. Pop-up blockers
C. Cross-site scripting
D. Fuzzing
Answer: A
Explanation:
Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits.
Q33. Which of the following is used to verify data integrity?
A. SHA
B. 3DES
C. AES
D. RSA
Answer: A
Explanation:
SHA stands for "secure hash algorithm". SHA-1 is the most widely used of the existing SHA hash
functions, and is employed in several widely used applications and protocols including TLS and
SSL, PGP, SSH, S/MIME, and IPsec. It is used to ensure data integrity.
Note:
A hash value (or simply hash), also called a message digest, is a number generated from a string
of text. The hash is substantially smaller than the text itself, and is generated by a formula in such
a way that it is extremely unlikely that some other text will produce the same hash value.
Hashes play a role in security systems where they're used to ensure that transmitted messages
have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they're the same, there is a very high probability that the message was transmitted intact. This is how hashing is used to ensure data integrity.
Q34. Ann, the system administrator, is installing an extremely critical system that can support ZERO downtime. Which of the following BEST describes the type of system Ann is installing?
A. High availability
B. Clustered
C. RAID
D. Load balanced
Answer: A
Explanation:
Q35. Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee’s credential?
A. Account expiration
B. Password complexity
C. Account lockout
D. Dual factor authentication
Answer: A
Explanation:
Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day.
Leading pdf sy0-401:
Q36. Which of the following network design elements allows for many internal devices to share one public IP address?
A. DNAT
B. PAT
C. DNS
D. DMZ
Answer: B
Explanation:
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network's router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP address with a different port number. Although both computers are sharing the same public IP address and accessing the Internet at the same time, the router knows exactly which computer to send specific packets to because each computer has a unique internal address.
Q37. Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?
A. Logic bomb
B. Worm
C. Trojan
D. Adware
Answer: C
Explanation:
In computers, a Trojan is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.
Q38. An IT security technician is actively involved in identifying coding issues for her company.
Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?
A. Vulnerability scanning
B. Denial of service
C. Fuzzing
D. Port scanning
Answer: C
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.
Q39. An advantage of virtualizing servers, databases, and office applications is:
A. Centralized management.
B. Providing greater resources to users.
C. Stronger access control.
D. Decentralized management.
Answer: A
Explanation:
Virtualization consists of allowing one set of hardware to host multiple virtual Machines and in the case of software and applications; one host is all that is required. This makes centralized management a better prospect.
Q40. A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs:
10.10.3.16
10.10.3.23
212.178.24.26
217.24.94.83
These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring?
A. XSS
B. DDoS
C. DoS
D. Xmas
Answer: B
Explanation:
A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload.
A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.