Proper study guides for Up to the minute CompTIA CompTIA Security+ Certification certified begins with CompTIA sy0 401 dump preparation products which designed to deliver the Approved sy0 401 dump questions by making you pass the sy0 401 vce test at your first time. Try the free comptia sy0 401 demo right now.
2017 NEW RECOMMEND
Free VCE & PDF File for CompTIA SY0-401 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q31. A malicious individual is attempting to write too much data to an applicationâs memory. Which of the following describes this type of attack?
B. SQL injection
C. Buffer overflow
Explanation: A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Q32. Which of the following protocols is the security administrator observing in this packet capture?
12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides
a user with a graphical interface to connect to another computer over a network connection.
Example of RDP tracing output:
No. Time Delta Source Destination Protocol Length Info
5782, 2013-01-06 09:52:15.407, 0.000 , SRC 10.7.3.187 , DST 10.0.107.58, TCP, 62, 3389 >
59193 [SYN, ACK]
Q33. Which of the following MOST interferes with network-based detection techniques?
D. Anonymous email accounts
Secure Sockets Layer (SSL) is used to establish secure TCP communication between two machines by encrypting the communication. Encrypted communications cannot easily be inspected for anomalies by network-based intrusion detection systems (NIDS).
Q34. A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage?
B. Mandatory access control
C. Single sign-on
D. Role-based access control
This question is asking about âauthorizationâ, not authentication.
Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications.
MAC can also be deployed in private sector or corporate business environments. Such cases typically involve the following four security domain levels (in order from least sensitive to most sensitive):
Public Sensitive Private Confidential
A MAC environment works by assigning subjects a clearance level and assigning objects a sensitivity labelâin other words, everything is assigned a classification marker. Subjects or users are assigned clearance levels. The name of the clearance level is the same as the name of the sensitivity label assigned to objects or resources. A person (or other subject, such as a program or a computer system) must have the same or greater assigned clearance level as the resources they wish to access. In this manner, access is granted or restricted based on the rules of classification (that is, sensitivity labels and clearance levels). MAC is named as it is because the access control it imposes on an environment is mandatory. Its assigned classifications and the resulting granting and restriction of access canât be altered by users. Instead, the rules that define the environment and judge the assignment of sensitivity labels and clearance levels control authorization. MAC isnât a very granularly controlled security environment. An improvement to MAC includes the use of need to know: a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but theyâre compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain). The need to know is a rule in and of itself, which states that access is granted only to users who have been assigned work tasks that require access to the cordoned-off object. Even if users have the proper level of clearance, without need to know, theyâre denied access. Need to know is the MAC equivalent of the principle of least privilege from DAC
Q35. Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:
A. user accounts may be inadvertently locked out.
B. data on the USB drive could be corrupted.
C. data on the hard drive will be vulnerable to log analysis.
D. the security controls on the USB drive can be bypassed.
A common access mechanism to data on encrypted USB hard drives is a password. If a weak password is used, someone could guess the password and bypass the security controls on the USB drive to access the data.
Q36. Which of the following software allows a network administrator to inspect the protocol header in order to troubleshoot network issues?
A. URL filter
B. Spam filter
C. Packet sniffer
Every data packet transmitted across a network has a protocol header. To view a protocol header, you need to capture and view the contents of the packet with a packet sniffer.
A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesnât generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer.
Q37. One of the system administrators at a company is assigned to maintain a secure computer lab. The administrator has rights to configure machines, install software, and perform user account maintenance. However, the administrator cannot add new computers to the domain, because that requires authorization from the Information Assurance Officer. This is an example of which of the following?
A. Mandatory access
B. Rule-based access control
C. Least privilege
D. Job rotation
A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more.
Q38. Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate laptops where the file structures are unknown?
A. Folder encryption
B. File encryption
C. Whole disk encryption
Full-disk encryption encrypts the data on the hard drive of the device or on a removable drive. This feature ensures that the data on the device or removable drive cannot be accessed in a useable form should it be stolen. Furthermore, full-disk encryption is not dependant on knowledge of the file structure.
Q39. Which of the following statements is MOST likely to be included in the security awareness training about P2P?
A. P2P is always used to download copyrighted material.
B. P2P can be used to improve computer system response.
C. P2P may prevent viruses from entering the network.
D. P2P may cause excessive network bandwidth.
P2P networking by definition involves networking which will reduce available bandwidth for the rest of the users on the network.
Q40. After viewing wireless traffic, an attacker notices the following networks are being broadcasted by local access points:
Using this information the attacker spoofs a response to make nearby laptops connect back to a malicious device. Which of the following has the attacker created?
A. Infrastructure as a Service
B. Load balancer
C. Evil twin
D. Virtualized network
In this question, the attacker has created another wireless network that is impersonating one of more of the three wireless networks listed in the question. This is known as an Evil Twin. An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique. For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name. In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy for novice users to set up evil twin exploits.