Our pass rate is high to 98.9% and the similarity percentage between our security+ sy0 401 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA sy0 401 study guide pdf exam in just one try? I am currently studying for the CompTIA comptia security+ sy0 401 exam. Latest CompTIA sy0 401 dump Test exam practice questions and answers, Try CompTIA comptia security+ get certified get ahead sy0 401 study guide Brain Dumps First.
Q361. Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
Host 192.168.1.123
[00:00:01]Successful Login: 015 192.168.1.123 : local
[00:00:03]Unsuccessful Login: 022 214.34.56.006 :RDP 192.168.1.124
[00:00:04]UnSuccessful Login: 010 214.34.56.006 :RDP 192.168.1.124
[00:00:07]UnSuccessful Login: 007 214.34.56.006 :RDP 192.168.1.124
[00:00:08]UnSuccessful
Login: 003 214.34.56.006 :RDP 192.168.1.124
A. Reporting
B. IDS
C. Monitor system logs
D. Hardening
Answer: D
Explanation:
Q362. Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?
A. Check the referrer field in the HTTP header
B. Disable Flash content
C. Use only cookies for authentication
D. Use only HTTPS URLs
Answer: A
Explanation:
XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is accomplished by changing values in the HTTP header and even in the user’s cookie to falsify access. It can be prevented by embedding additional authentication data into requests that allows the web application to detect requests from unauthorized locations. Examples are synchronizer token patterns, cookie-to-header tokens, and checking the HTTP Referrer header and the HTTP Origin header.
Q363. Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?
A. HIPS
B. Antivirus
C. NIDS
D. ACL
Answer: A
Explanation:
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. A Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. As a zero-day attack is an unknown vulnerability (a vulnerability that does not have a fix or a patch to prevent it), the best defence would be an intrusion prevention system.
Q364. A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?
A. Time of day restrictions
B. Group based privileges
C. User assigned privileges
D. Domain admin restrictions
Answer: B
Explanation:
The question states that the sales department has a high employee turnover. You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). Then when a new employee starts, you simply add the new user account to the appropriate groups. The user then inherits all the permissions assigned to the groups.
Q365. Which of the following may cause Jane, the security administrator, to seek an ACL work around?
A. Zero day exploit
B. Dumpster diving
C. Virus outbreak
D. Tailgating
Answer: A
Explanation:
A zero day vulnerability is an unknown vulnerability so there is no fix or patch for it. One way to attempt to work around a zero day vulnerability would be to restrict the permissions by using an ACL (Access Control List) A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
Q366. Which of the following firewall rules only denies DNS zone transfers?
A. deny udp any any port 53
B. deny ip any any
C. deny tcp any any port 53
D. deny all dns packets
Answer: C
Explanation:
DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers.
Q367. A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?
A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.
B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan.
C. Format the storage and reinstall both the OS and the data from the most current backup.
D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
Answer: A
Explanation:
Rootkits are software programs that have the ability to hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display—the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like. The best way to handle this situation is to wipe the server and reinstall the operating system with the original installation disks and then restore the extracted data from your last known good backup. This way you can eradicate the rootkit and restore the data.
Q368. Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults?
A. VLAN
B. Protocol security
C. Port security
D. VSAN
Answer: D
Explanation:
A storage area network (SAN) is a secondary network that offers storage isolation by consolidating storage devices such as hard drives, drive arrays, optical jukeboxes, and tape libraries. Virtualization can be used to further enhance the security of a SAN by using switches to create a VSAN. These switches act as routers controlling and filtering traffic into and out of the VSAN while allowing unrestricted traffic within the VSAN.
Q369. A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this?
A. Multi-factor authentication
B. Smart card access
C. Same Sign-On
D. Single Sign-On
Answer: D
Explanation:
Single sign-on means that once a user (or other subject) is authenticated into a realm, re-authentication is not required for access to resources on any realm entity. Single sign-on is able to internally translate and store credentials for the various mechanisms, from the credential used for original authentication.
Q370. Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE).
A. Spam filter
B. Load balancer
C. Antivirus
D. Proxies
E. Firewall
F. NIDS
G. URL filtering
Answer: D,E,G
Explanation:
A proxy server is a server that acts as an intermediary for requests from clients seeking resources
from other servers.
Firewalls manage traffic using a rule or a set of rules.
A URL is a reference to a resource that specifies the location of the resource. A URL filter is used
to block access to a site based on all or part of a URL.