Real of SY0-401 brain dumps materials and bible for CompTIA certification for examinee, Real Success Guaranteed with Updated SY0-401 pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!

2021 Mar SY0-401 exam answers

Q161. A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs: 

10.10.3.16 

10.10.3.23 

212.178.24.26 

217.24.94.83 

These attempts are overloading the server to the point that it cannot respond to traffic. Which of the following attacks is occurring? 

A. XSS 

B. DDoS 

C. DoS 

D. Xmas 

Answer:

Explanation: 

A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. 

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack. 


Q162. Joe, the information security manager, is tasked with calculating risk and selecting controls to protect a new system. He has identified people, environmental conditions, and events that could affect the new system. Which of the following does he need to estimate NEXT in order to complete his risk calculations? 

A. Vulnerabilities 

B. Risk 

C. Likelihood 

D. Threats 

Answer:

Explanation: 


Q163. A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees. Which of the following is the BEST approach for implementation of the new application on the virtual server? 

A. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location. 

B. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application. 

C. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location. 

D. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application. 

Answer:

Explanation: 


Q164. Which of the following authentication services uses a ticket granting system to provide access? 

A. RADIUS 

B. LDAP 

C. TACACS+ 

D. Kerberos 

Answer:

Explanation: 

The basic process of Kerberos authentication is as follows: 

The subject provides logon credentials. 

The Kerberos client system encrypts the password and transmits the protected credentials to the 

KDC. 

The KDC verifies the credentials and then creates a ticket-granting ticket (TGT—a hashed form of 

the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is 

encrypted and sent to the client. 

The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos 

realm. 

The subject requests access to resources on a network server. This causes the client to request a 

service ticket (ST) from the KDC. 

The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST 

includes a time stamp that indicates its valid lifetime. 

The client receives the ST. 

The client sends the ST to the network server that hosts the desired resource. 

The network server verifies the ST. If it’s verified, it initiates a communication session with the 

client. From this point forward, Kerberos is no longer involved. 


Q165. A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of which of the following? 

A. Multifactor authentication 

B. Single factor authentication 

C. Separation of duties 

D. Identification 

Answer:

Explanation: 

Single-factor authentication (SFA) is a process for securing access to a given system by identifying the party requesting access via a single category of credentials. In this case, the network administrator makes use of an RFID card to access the datacenter, a key to access the server rack, and a username and password to access a server. 


Leading SY0-401 free download:

Q166. Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Joe had already been working for two hours before leaving the premises. 

A security technician was asked to prepare a report of files that had changed since last night’s integrity scan. 

Which of the following could the technician use to prepare the report? (Select TWO). 

A. PGP 

B. MD5 

C. ECC 

D. AES 

E. Blowfish 

F. HMAC 

Answer: B,F 

Explanation: 

B: MD5 can be used to locate the data which has changed. 

The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash 

value is used to help maintain integrity. There are several versions of MD; the most common are 

MD5, MD4, and MD2. 

F: A common method of verifying integrity involves adding a message authentication code (MAC) 

to the message. 

HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a 

symmetric key. 


Q167. When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record? 

A. DNSSEC record 

B. IPv4 DNS record 

C. IPSEC DNS record 

D. IPv6 DNS record 

Answer:

Explanation: The AAAA Address record links a FQDN to an IPv6 address. 


Q168. Which of the following was launched against a company based on the following IDS log? 

122.41.15.252 - - [21/May/2012:00:17:20 +1200] "GET 

/index.php?username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A 

AAA HTTP/1.1" 200 2731 "http://www.company.com/cgibin/ 

forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible; 

MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)" 

A. SQL injection 

B. Buffer overflow attack 

C. XSS attack 

D. Online password crack 

Answer:

Explanation: 

The username should be just a username; instead we can see it’s a long line of text with an HTTP command in it. This is an example of a buffer overflow attack. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. 


Q169. A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack? 

A. Configure MAC filtering on the switch. 

B. Configure loop protection on the switch. 

C. Configure flood guards on the switch. 

D. Configure 802.1x authentication on the switch. 

Answer:

Explanation: 


Q170. Which of the following should be connected to the fire alarm system in order to help prevent the spread of a fire in a server room without data loss to assist in an FM-200 deployment? 

A. Water base sprinkler system 

B. Electrical 

C. HVAC 

D. Video surveillance 

Answer:

Explanation: 

HVAC refers to heating, ventilation and air-conditioning to allow for a zone-based environmental control measure. The fire-alarm system should ideally also be hooked up to the HVAC so that the HVAC can monitor the changes in heating and ventilation.