★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Best Quality of SY0-401 answers materials and software for CompTIA certification for examinee, Real Success Guaranteed with Updated SY0-401 pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!

2021 Jan security+ sy0-401 practice exam:

Q261. A victim is logged onto a popular home router forum site in order to troubleshoot some router configuration issues. The router is a fairly standard configuration and has an IP address of 

192.168.1.1. The victim is logged into their router administrative interface in one tab and clicks a forum link in another tab. Due to clicking the forum link, the home router reboots. Which of the following attacks MOST likely occurred? 

A. Brute force password attack 

B. Cross-site request forgery 

C. Cross-site scripting 

D. Fuzzing 

Answer:

Explanation: 

Cross-Site Request Forgery—also known as XSRF, session riding, and one-click attack—involves unauthorized commands coming from a trusted user to the website. This is often done without the user’s knowledge, and it employs some type of social networking to pull it off. For example, assume that Evan and Spencer are chatting through Facebook. Spencer sends Evan a link to what he purports is a funny video that will crack him up. Evan clicks the link, but it actually brings up Evan’s bank account information in another browser tab, takes a screenshot of it, closes the tab, and sends the information to Spencer. The reason the attack is possible is because Evan is a trusted user with his own bank. In order for it to work, Evan would need to have recently accessed that bank’s website and have a cookie that had yet to expire. The best protection against cross-site scripting is to disable the running of scripts (and browser profi les). 


Q262. Layer 7 devices used to prevent specific types of html tags are called: 

A. Firewalls 

B. Content filters 

C. Routers 

D. NIDS 

Answer:

Explanation: 

A content filter is a is a type of software designed to restrict or control the content a reader is authorised to access, particularly when used to limit material delivered over the Internet via the Web, e-mail, or other means. Because the user and the OSI layer interact directly with the content filter, it operates at Layer 7 of the OSI model. 


Q263. Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. 

Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. 

Which of the following should Sara do to address the risk? 

A. Accept the risk saving $10,000. 

B. Ignore the risk saving $5,000. 

C. Mitigate the risk saving $10,000. 

D. Transfer the risk saving $5,000. 

Answer:

Explanation: 

Risk transference involves sharing some of the risk burden with someone else, such as an insurance company. The cost of the security breach over a period of 5 years would amount to $30,000 and it is better to save $5,000. 


Q264. A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire? 

A. The certificate will be added to the Certificate Revocation List (CRL). 

B. Clients will be notified that the certificate is invalid. 

C. The ecommerce site will not function until the certificate is renewed. 

D. The ecommerce site will no longer use encryption. 

Answer:

Explanation: 

A similar process to certificate revocation will occur when a certificate is allowed to expire. Notification will be sent out to clients of the invalid certificate. The process of revoking a certificate begins when the CA is notified that a particular certificate needs to be revoked. This must be done whenever the private key becomes known. The owner of a certificate can request that it be revoked at any time, or the administrator can make the request. 


Q265. Ann, a technician, is attempting to establish a remote terminal session to an end user’s computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open? 

A. 22 

B. 139 

C. 443 

D. 3389 

Answer:

Explanation: 

Remote Desktop Protocol (RDP) uses TCP port 3389. 


Avant-garde sy0-401 practice exam:

Q266. Which of the following best practices makes a wireless network more difficult to find? 

A. Implement MAC filtering 

B. UseWPA2-PSK 

C. Disable SSID broadcast 

D. Power down unused WAPs 

Answer:

Explanation: 

Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use. 


Q267. Pete, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection? 

A. Sign in and sign out logs 

B. Mantrap 

C. Video surveillance 

D. HVAC 

Answer:

Explanation: 

Mantraps are designed to contain an unauthorized, potentially hostile person/individual physically until authorities arrive. Mantraps are typically manufactured with bulletproof glass, high-strength doors, and locks and to allow the minimal amount of individuals depending on its size. Some mantraps even include scales that will weigh the person. The doors are designed in such a way as to open only when the mantrap is occupied or empty and not in-between. This means that the backdoor must first close before the front door will open. Mantraps are in most cases also combined with guards. This is the most physical protection any one measure will provide. 


Q268. Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST? 

A. Phishing 

B. Shoulder surfing 

C. Impersonation 

D. Tailgating 

Answer:

Explanation: 

Two attacks took place in this question. The first attack was shoulder surfing. This was the act of Sara recording a person typing in their ID number into a keypad to gain access to the building. The second attack was impersonation. Sara called the helpdesk and used the PIN to impersonate the person she recorded. 


Q269. Which of the following is a best practice for error and exception handling? 

A. Log detailed exception but display generic error message 

B. Display detailed exception but log generic error message 

C. Log and display detailed error and exception messages 

D. Do not log or display error or exception messages 

Answer:

Explanation: 

A detailed explanation of the error is not helpful for most end users but might provide information that is useful to a hacker. It is therefore better to display a simple but helpful message to the end user and log the detailed information to an access-restricted log file for the administrator and programmer who would need as much information as possible about the problem in order to rectify it. 


Q270. The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank’s certificates are still valid? 

A. Bank’s CRL 

B. Bank’s private key 

C. Bank’s key escrow 

D. Bank’s recovery agent 

Answer:

Explanation: 

The finance department can check if any of the bank's certificates are in the CRL or not. If a certificate is not in the CRL then it is still valid. The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release.