2021 Apr SY0-401 practice test

Q631. Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges? 

A. Internal account audits 

B. Account disablement 

C. Time of day restriction 

D. Password complexity 

Answer:

Explanation: 

Internal account auditing will allow you to switch the appropriate users to the proper accounts required after the switching of roles occurred and thus check that the principle of least privilege is followed. 


Q632. Which of the following defines a business goal for system restoration and acceptable data loss? 

A. MTTR 

B. MTBF 

C. RPO 

D. Warm site 

Answer:

Explanation: 

The recovery point objective (RPO) defines the point at which the system needs to be restored. This could be where the system was two days before it crashed (whip out the old backup tapes) or five minutes before it crashed (requiring complete redundancy). This is an essential business goal insofar as system restoration and acceptable data loss is concerned. 


Q633. Which of the following is BEST carried out immediately after a security breach is discovered? 

A. Risk transference 

B. Access control revalidation 

C. Change management 

D. Incident management 

Answer:

Explanation: 

Incident management is the steps followed when security incident occurs. 


Q634. Which of the following would a security administrator implement in order to identify a problem between two systems that are not communicating properly? 

A. Protocol analyzer 

B. Baseline report 

C. Risk assessment 

D. Vulnerability scan 

Answer:

Explanation: 

A Protocol Analyzer is a hardware device or more commonly a software program used to capture 

network data communications sent between devices on a network. Capturing and analyzing the 

packets sent from two systems that are not communicating properly could help determine the 

cause of the issue. 

Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) 

from Microsoft and Wireshark (formerly Ethereal). 


Q635. Which of the following attacks allows access to contact lists on cellular phones? 

A. War chalking 

B. Blue jacking 

C. Packet sniffing 

D. Bluesnarfing 

Answer:

Explanation: 

Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages --without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled. 


Q636. A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform? 

A. Remove all previous smart card certificates from the local certificate store. 

B. Publish the new certificates to the global address list. 

C. Make the certificates available to the operating system. 

D. Recover the previous smart card certificates. 

Answer:

Explanation: 

CAs can be either private or public, with VeriSign being one of the best known of the public variety. Many operating system providers allow their systems to be configured as CA systems. 

These CA systems can be used to generate internal certificates that are used within a business or in large external settings. The process provides certificates to the users. Since the user in question has been re-issued a smart card, the user must receive a new certificate by the CA to allow the user to send digitally signed email. This is achieved by publishing the new certificates to the global address list. 


Q637. A distributed denial of service attack can BEST be described as: 

A. Invalid characters being entered into a field in a database application. 

B. Users attempting to input random or invalid data into fields within a web browser application. 

C. Multiple computers attacking a single target in an organized attempt to deplete its resources. 

D. Multiple attackers attempting to gain elevated privileges on a target system. 

Answer:

Explanation: 

A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. 

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack. 


Q638. Configuring key/value pairs on a RADIUS server is associated with deploying which of the following? 

A. WPA2-Enterprise wireless network 

B. DNS secondary zones 

C. Digital certificates 

D. Intrusion detection system 

Answer:

Explanation: 

WPA2-Enterprise is designed for enterprise networks and requires a RADIUS authentication server. 


Q639. An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network? 

A. Configure each port on the switches to use the same VLAN other than the default one 

B. Enable VTP on both switches and set to the same domain 

C. Configure only one of the routers to run DHCP services 

D. Implement port security on the switches 

Answer:

Explanation: 

Port security in IT can mean several things: The physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. The management of TCP and User Datagram Protocol (UDP) ports. If a service is active and assigned to a port, then that port is open. All the other 65,535 ports (of TCP or UDP) are closed if a service isn’t actively using them. Port knocking is a security system in which all ports on a system appear closed. However, if the client sends packets to a specific set of ports in a certain order, a bit like a secret knock, then the desired service port becomes open and allows the client software to connect to the service. 


Q640. Several employees clicked on a link in a malicious message that bypassed the spam filter and their PCs were infected with malware as a result. Which of the following BEST prevents this situation from occurring in the future? 

A. Data loss prevention 

B. Enforcing complex passwords 

C. Security awareness training 

D. Digital signatures 

Answer:

Explanation: