★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Q431. An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that: 

A. it is being caused by the presence of a rogue access point. 

B. it is the beginning of a DDoS attack. 

C. the IDS has been compromised. 

D. the internal DNS tables have been poisoned. 

Answer:

Explanation: 

A Distributed Denial of Service (DDoS) attack is an attack from several different computers 

targeting a single computer. 

One common method of attack involves saturating the target machine with external 

communications requests, so much so that it cannot respond to legitimate traffic, or responds so 

slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. 

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or 

resources of a targeted system, usually one or more web servers. Such an attack is often the 

result of multiple compromised systems (for example a botnet) flooding the targeted system with 

traffic. When a server is overloaded with connections, new connections can no longer be 

accepted. The major advantages to an attacker of using a distributed denial-of-service attack are 

that multiple machines can generate more attack traffic than one machine, multiple attack 

machines are harder to turn off than one attack machine, and that the behavior of each attack 

machine can be stealthier, making it harder to track and shut down. These attacker advantages 

cause challenges for defense mechanisms. For example, merely purchasing more incoming 

bandwidth than the current volume of the attack might not help, because the attacker might be 

able to simply add more attack machines. This after all will end up completely crashing a website 

for periods of time. 

Malware can carry DDoS attack mechanisms; one of the better-known examples of this was 

MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS 

involved hardcoding the target IP address prior to release of the malware and no further 

interaction was necessary to launch the attack. 


Q432. NO: 93 

Multi-tenancy is a concept found in which of the following? 

A. Full disk encryption 

B. Removable media 

C. Cloud computing 

D. Data loss prevention 

Answer:

Explanation: 

One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security. 


Q433. Which of the following can use RC4 for encryption? (Select TWO). 

A. CHAP 

B. SSL 

C. WEP 

D. AES 

E. 3DES 

Answer: B,C 

Explanation: B: In cryptography, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4) is the most widely used software stream cipher and is used in popular Internet protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). 

C: WEP also uses RC4, however WEP is still unsecure. 


Q434. After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue? 

A. Host based firewall 

B. Initial baseline configurations 

C. Discretionary access control 

D. Patch management system 

Answer:

Explanation: 

A patch is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. Patch Management can thus be used to fix security problems discovered within the OS thus negating a known OS vulnerability. 


Q435. Pete needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall? 

A. TCP 23 

B. UDP 69 

C. TCP 22 

D. TCP 21 

Answer:

Explanation: 

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP). 


Q436. Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports? 

A. 25 

B. 53 

C. 143 

D. 443 

Answer:

Explanation: 


Q437. Privilege creep among long-term employees can be mitigated by which of the following procedures? 

A. User permission reviews 

B. Mandatory vacations 

C. Separation of duties 

D. Job function rotation 

Answer:

Explanation: 

Privilege creep is the steady build-up of access rights beyond what a user requires to perform his/her task. Privilege creep can be decreased by conducting sporadic access rights reviews, which will confirm each user's need to access specific roles and rights in an effort to find and rescind excess privileges. 


Q438. Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections? 

A. 21/UDP 

B. 21/TCP 

C. 22/UDP 

D. 22/TCP 

Answer:

Explanation: 

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. 


Q439. Which of the following uses both a public and private key? 

A. RSA 

B. AES 

C. MD5 

D. SHA 

Answer:

Explanation: 

The RSA algorithm is an early public-key encryption system that uses large integers as the basis 

for the process. 

RSA uses both a public key and a secret. 

RSA key generation process: 

1.

 Generate two large random primes, p and q, of approximately equal size such that their product, n = pq, is of the required bit length (such as 2048 bits, 4096 bits, and so forth). Let n = pq Let m = (p-1)(q-1) 

2.

 Choose a small number e, co-prime to m (note: Two numbers are co-prime if they have no common factors). 

3.

 Find d, such that de % m = 1 

4.

 Publish e and n as the public key. Keep d and n as the secret key. 


Q440. DRAG DROP 

A security administrator is given the security and availability profiles for servers that are being deployed. 

1) Match each RAID type with the correct configuration and MINIMUM number of drives. 

2) Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions: 

. All drive definitions can be dragged as many times as necessary 

. Not all placeholders may be filled in the RAID configuration boxes 

. If parity is required, please select the appropriate number of parity checkboxes 

. Server profiles may be dragged only once 

If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue. 

Answer: