Act now and download your CompTIA comptia sy0 401 test today! Do not waste time for the worthless CompTIA sy0 401 practice test tutorials. Download Up to the minute CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA sy0 401 dump with a classic professional.
Q121. Which of the following malware types typically allows an attacker to monitor a user’s computer, is characterized by a drive-by download, and requires no user interaction?
A. Virus
B. Logic bomb
C. Spyware
D. Adware
Answer: C
Explanation: Explanation Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity.
Q122. Which of the following protocols is used by IPv6 for MAC address resolution?
A. NDP
B. ARP
C. DNS
D. NCP
Answer: A
Explanation:
The Neighbor Discovery Protocol (NDP) is a protocol in the Internet protocol suite used with Internet Protocol Version 6 (IPv6).
Q123. The Chief Technology Officer (CTO) wants to improve security surrounding storage of customer passwords.
The company currently stores passwords as SHA hashes. Which of the following can the CTO implement requiring the LEAST change to existing systems?
A. Smart cards
B. TOTP
C. Key stretching
D. Asymmetric keys
Answer: A
Explanation:
Smart cards usually come in two forms. The most common takes the form of a rectangular piece of plastic with an embedded microchip. The second is as a USB token. It contains a built in processor and has the ability to securely store and process information. A "contact" smart card communicates with a PC using a smart card reader whereas a "contactless" card sends encrypted information via radio waves to the PC. Typical scenarios in which smart cards are used include interactive logon, e-mail signing, e-mail decryption and remote access authentication. However, smart cards are programmable and can contain programs and data for many different applications. For example smart cards may be used to store medical histories for use in emergencies, to make electronic cash payments or to verify the identity of a customer to an e-retailer. Microsoft provides two device independent APIs to insulate application developers from differences between current and future implementations: CryptoAPI and Microsoft Win32. SCard APIs. The Cryptography API contains functions that allow applications to encrypt or digitally sign data in a flexible manner, while providing protection for the user's sensitive private key data. All cryptographic operations are performed by independent modules known as cryptographic service providers (CSPs). There are many different cryptographic algorithms and even when implementing the same algorithm there are many choices to make about key sizes and padding for example. For this reason, CSPs are grouped into types, in which each supported CryptoAPI function, by default, performs in a way particular to that type. For example, CSPs in the PROV_DSS provider type support DSS Signatures and MD5 and SHA hashing.
Q124. Which of the following is BEST utilized to actively test security controls on a particular system?
A. Port scanning
B. Penetration test
C. Vulnerability scanning
D. Grey/Gray box
Answer: B
Explanation:
Penetration testing is the most intrusive type of testing because you are actively trying to circumvent the system’s security controls to gain access to the system. Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings. The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents. Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in.
Pen test strategies include:
Targeted testing Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test being carried out.
External testing This type of pen test targets a company's externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access.
Internal testing This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.
Blind testing A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive.
Double blind testing Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.
Q125. Ann a technician received a spear-phishing email asking her to update her personal information by clicking the link within the body of the email. Which of the following type of training would prevent Ann and other employees from becoming victims to such attacks?
A. User Awareness
B. Acceptable Use Policy
C. Personal Identifiable Information
D. Information Sharing
Answer: C
Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Employees should be made aware of this type of attack by means of training.
Q126. Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?
A. Network based firewall
B. Anti-spam software
C. Host based firewall
D. Anti-spyware software
Answer: D
Explanation:
Spyware monitors a user’s activity and uses network protocols to reports it to a third party without the user’s knowledge. This is usually accomplished using a tracking cookie.
Q127. Which of the following would MOST likely involve GPS?
A. Wardriving
B. Protocol analyzer
C. Replay attack
D. WPS attack
Answer: A
Explanation:
Q128. Which of the following offers the LEAST secure encryption capabilities?
A. TwoFish
B. PAP
C. NTLM
D. CHAP
Answer: B
Explanation:
PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP or EAP.
Q129. An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network?
A. Configure each port on the switches to use the same VLAN other than the default one
B. Enable VTP on both switches and set to the same domain
C. Configure only one of the routers to run DHCP services
D. Implement port security on the switches
Answer: D
Explanation:
Port security in IT can mean several things: The physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. The management of TCP and User Datagram Protocol (UDP) ports. If a service is active and assigned to a port, then that port is open. All the other 65,535 ports (of TCP or UDP) are closed if a service isn’t actively using them. Port knocking is a security system in which all ports on a system appear closed. However, if the client sends packets to a specific set of ports in a certain order, a bit like a secret knock, then the desired service port becomes open and allows the client software to connect to the service.
Q130. Which of the following cryptographic algorithms is MOST often used with IPSec?
A. Blowfish
B. Twofish
C. RC4
D. HMAC
Answer: D
Explanation:
The HMAC-MD5-96 (also known as HMAC-MD5) encryption technique is used by IPSec to make sure that a message has not been altered.