Most of the actual training materials are obtainable in the file format of Pdf questions and also answers. You can download the actual exam engine software on your PC and practice the actual simulated tests according to the need. Click the mouse and also confirm your payment today. All the CompTIA CompTIA exam braindumps will presented for your requirements. And you will use a chance for you to enjoy the actual free updated SY0-401 materials within 120 days following paying. You are guaranteed to create success with our CompTIA SY0-401 exam goods. Otherwise, you may get the total money rear of paying fees.

2021 Dec SY0-401 download

Q71. While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO). 

A. 20 

B. 21 

C. 22 

D. 68 

E. 69 

Answer: A,B 

Explanation: 


Q72. An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that: 

A. it is being caused by the presence of a rogue access point. 

B. it is the beginning of a DDoS attack. 

C. the IDS has been compromised. 

D. the internal DNS tables have been poisoned. 

Answer:

Explanation: 

A Distributed Denial of Service (DDoS) attack is an attack from several different computers 

targeting a single computer. 

One common method of attack involves saturating the target machine with external 

communications requests, so much so that it cannot respond to legitimate traffic, or responds so 

slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. 

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or 

resources of a targeted system, usually one or more web servers. Such an attack is often the 

result of multiple compromised systems (for example a botnet) flooding the targeted system with 

traffic. When a server is overloaded with connections, new connections can no longer be 

accepted. The major advantages to an attacker of using a distributed denial-of-service attack are 

that multiple machines can generate more attack traffic than one machine, multiple attack 

machines are harder to turn off than one attack machine, and that the behavior of each attack 

machine can be stealthier, making it harder to track and shut down. These attacker advantages 

cause challenges for defense mechanisms. For example, merely purchasing more incoming 

bandwidth than the current volume of the attack might not help, because the attacker might be 

able to simply add more attack machines. This after all will end up completely crashing a website 

for periods of time. 

Malware can carry DDoS attack mechanisms; one of the better-known examples of this was 

MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS 

involved hardcoding the target IP address prior to release of the malware and no further 

interaction was necessary to launch the attack. 


Q73. Joe is the accounts payable agent for ABC Company. Joe has been performing accounts payable function for the ABC Company without any supervision. Management has noticed several new accounts without billing invoices that were paid. Which of the following is the BEST management option for review of the new accounts? 

A. Mandatory vacation 

B. Job rotation 

C. Separation of duties 

D. Replacement 

Answer:

Explanation: 


Q74. Which of the following BEST describes a protective countermeasure for SQL injection? 

A. Eliminating cross-site scripting vulnerabilities 

B. Installing an IDS to monitor network traffic 

C. Validating user input in web applications 

D. Placing a firewall between the Internet and database servers 

Answer:

Explanation: 

By validating user input and preventing special characters, we can prevent the injection of client-side scripting code. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. 


Q75. Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources? 

A. Zero-day 

B. LDAP injection 

C. XML injection 

D. Directory traversal 

Answer:

Explanation: 

The security breaches have NOT yet been identified. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. 


Replace SY0-401 free exam:

Q76. An online store wants to protect user credentials and credit card information so that customers can store their credit card information and use their card for multiple separate transactions. 

Which of the following database designs provides the BEST security for the online store? 

A. Use encryption for the credential fields and hash the credit card field 

B. Encrypt the username and hash the password 

C. Hash the credential fields and use encryption for the credit card field 

D. Hash both the credential fields and the credit card field 

Answer:

Explanation: 

Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables. One main characteristic of hashing is that the algorithm must have few or no collisions – in hashing two different inputs does not give the same output. Thus the credential fields should be hashed because anyone customer will have a unique credit card number/identity and since they will use their credit cards for many different transactions, the credit card field should be encrypted only, not hashed. 


Q77. After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window: 

<HTML> 

<body onload="document.getElementByID(‘badForm’).submit()"> 

<form id="badForm" action="shoppingsite.company.com/purchase.php" method="post" > 

<input name="Perform Purchase" value="Perform Purchase"/> 

</form> 

</body> 

</HTML> 

Which of the following has MOST likely occurred? 

A. SQL injection 

B. Cookie stealing 

C. XSRF 

D. XSS 

Answer:

Explanation: 

XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user’s knowledge. 


Q78. The IT department noticed that there was a significant decrease in network performance during the afternoon hours. The IT department performed analysis of the network and discovered this was due to users accessing and downloading music and video streaming from social sites. The IT department notified corporate of their findings and a memo was sent to all employees addressing the misuse of company resources and requesting adherence to company policy. Which of the following policies is being enforced? 

A. Acceptable use policy 

B. Telecommuting policy 

C. Data ownership policy 

D. Non disclosure policy 

Answer:

Explanation: 


Q79. Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Joe with detecting this activity? 

A. Place a full-time guard at the entrance to confirm user identity. 

B. Install a camera and DVR at the entrance to monitor access. 

C. Revoke all proximity badge access to make users justify access. 

D. Install a motion detector near the entrance. 

Answer:

Explanation: 

Tailgating is a favorite method of gaining entry to electronically locked systems by following someone through the door they just unlocked. With a limited budget installing a camera and DVR at the entrance to monitor access to the restricted areas is the most feasible solution. The benefit of a camera (also known as closed-circuit television, or CCTV) is that it is always running and can record everything it sees, creating evidence that can be admissible in court if necessary. 


Q80. A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server? 

A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. 

B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. 

C. Format the storage and reinstall both the OS and the data from the most current backup. 

D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised. 

Answer:

Explanation: 

Rootkits are software programs that have the ability to hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display—the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like. The best way to handle this situation is to wipe the server and reinstall the operating system with the original installation disks and then restore the extracted data from your last known good backup. This way you can eradicate the rootkit and restore the data.