Act now and download your CompTIA comptia security+ get certified get ahead sy0 401 study guide test today! Do not waste time for the worthless CompTIA sy0 401 practice exam tutorials. Download Updated CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA sy0 401 braindump with a classic professional.
Q101. HOTSPOT
Select the appropriate attack from each drop down list to label the corresponding illustrated attack
Instructions: Attacks may only be used once, and will disappear from drop down list if selected.
When you have completed the simulation, please select the Done button to submit.
Answer:
Explanation:
References:
http://searchsecurity.techtarget.com/definition/spear-phishing http://www.webopedia.com/TERM/V/vishing.html http://www.webopedia.com/TERM/P/phishing.html
http://www.webopedia.com/TERM/P/pharming.html
Q102. Using proximity card readers instead of the traditional key punch doors would help to mitigate:
A. Impersonation
B. Tailgating
C. Dumpster diving
D. Shoulder surfing
Answer: D
Explanation:
Using a traditional key punch door, a person enters a code into a keypad to unlock the door. Someone could be watching the code being entered. They would then be able to open the door by entering the code. The process of watching the key code being entered is known as shoulder surfing.
Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.
Q103. Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server.
However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server?
A. DMZ
B. Honeynet
C. VLAN
D. Honeypot
Answer: D
Explanation:
In this scenario, the second web server is a ‘fake’ webserver designed to attract attacks. We can then monitor the second server to view the attacks and then ensure that the ‘real’ web server is secure against such attacks. The second web server is a honeypot.
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning
where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are
potentially invulnerable to future hackers.
There are two main types of honeypots:
Production - A production honeypot is one used within an organization's environment to help
mitigate risk.
Research – A research honeypot add value to research in computer security by providing a
platform to study the threat.
Q104. An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO).
A. Password Complexity
B. Password Expiration
C. Password Age
D. Password Length
E. Password History
Answer: A,D
Explanation:
Passwords should have the strength to avoid discovery through attack, but it should also be easy enough for the user to remember. The length and complexity of a password combined are vital factors in defining a password’s strength.
Q105. On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages.
Which of the following is the MOST likely cause for this issue?
A. Too many incorrect authentication attempts have caused users to be temporarily disabled.
B. The DNS server is overwhelmed with connections and is unable to respond to queries.
C. The company IDS detected a wireless attack and disabled the wireless network.
D. The Remote Authentication Dial-In User Service server certificate has expired.
Answer: D
Explanation:
The question states that the network uses 802.1x with PEAP. The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS). A RADIUS server will be configured with a digital certificate. When a digital certificate is created, an expiration period is configured by the Certificate Authority (CA). The expiration period is commonly one or two years. The question states that no configuration changes have been made so it’s likely that the certificate has expired.
Q106. Which of the following common access control models is commonly used on systems to ensure a "need to know" based on classification levels?
A. Role Based Access Controls
B. Mandatory Access Controls
C. Discretionary Access Controls
D. Access Control List
Answer: B
Explanation:
Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security restriction where some objects are restricted unless the subject has a need to know them.
Q107. Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?
A. Intrusion Detection System
B. Flood Guard Protection
C. Web Application Firewall
D. URL Content Filter
Answer: C
Explanation:
Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity.
Q108. Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO).
A. Separation of duties
B. Job rotation
C. Mandatory vacation
D. Time of day restrictions
E. Least privilege
Answer: A,E
Explanation:
Q109. Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO).
A. Acceptable use of social media
B. Data handling and disposal
C. Zero day exploits and viruses
D. Phishing threats and attacks
E. Clean desk and BYOD
F. Information security awareness
Answer: D,F
Explanation:
Managers/ i.e. executives in the company are concerned with more global issues in the organization, including enforcing security policies and procedures. Managers should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies. Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they are not trained to lookout for these attacks.
Q110. When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?
A. The user is attempting to highjack the web server session using an open-source browser.
B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.
C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.
D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
Answer: D
Explanation:
The code in the question is an example of a SQL Injection attack. The code ‘1=1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.