CompTIA SY0-401 ExamCompTIA Security+ Certification

Total Question: 1781 Last Updated: November 01,2017
  • Updated SY0-401 Dumps
  • Based on Real SY0-401 Exams Scenarios
  • Free SY0-401 pdf Demo Available
  • Check out our SY0-401 Dumps in a new PDF format
  • Instant SY0-401 download
  • Guarantee SY0-401 success in first attempt

Price: $65.95 $29.99

Buy Now Free Trial

The Secret of comptia security+ sy0 401

Validated of sy0 401 vce exams materials and bundle for CompTIA certification for IT candidates, Real Success Guaranteed with Updated sy0 401 dump pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!

Q261. The main corporate website has a service level agreement that requires availability 100% of the time, even in the case of a disaster. Which of the following would be required to meet this demand? 

A. Warm site implementation for the datacenter 

B. Geographically disparate site redundant datacenter 

C. Localized clustering of the datacenter 

D. Cold site implementation for the datacenter 



Data backups, redundant systems, and disaster recovery plans all support availability. AN in this case a geographically disparate site redundant datacenter represents 100% availability regardless of whether a disaster event occurs. 

Q262. Which of the following passwords is the LEAST complex? 

A. MyTrain!45 

B. Mytr@in!! 

C. MyTr@in12 

D. MyTr@in#8 



Password policies often enforce a minimum of three out of four standard character types, which includes uppercase and lowercase letters, numbers, and symbols. Although this option includes three of the four character types, it does not include numbers, which makes it less complex than the other options. 

Q263. Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following? 

A. Root Kit 

B. Spyware 

C. Logic Bomb 

D. Backdoor 



A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission. Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures—and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers. 

Q264. Timestamps and sequence numbers act as countermeasures against which of the following types of attacks? 

A. Smurf 

B. DoS 

C. Vishing 

D. Replay 



A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). 

For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve. 

Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one-time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Eve has captured this value and tries to use it on another session; Bob sends a different session token, and when Eve replies with the captured value it will be different from Bob's computation. Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication. One-time passwords are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking systems. Bob can also send nonces but should then include a message authentication code (MAC), which Alice should check. Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers, with the trade-off being that replay attacks, if 

they are performed quickly enough i.e. within that 'reasonable' limit, could succeed. 

Q265. Which of the following uses both a public and private key? 



C. MD5 




The RSA algorithm is an early public-key encryption system that uses large integers as the basis 

for the process. 

RSA uses both a public key and a secret. 

RSA key generation process: 


 Generate two large random primes, p and q, of approximately equal size such that their product, n = pq, is of the required bit length (such as 2048 bits, 4096 bits, and so forth). Let n = pq Let m = (p-1)(q-1) 


 Choose a small number e, co-prime to m (note: Two numbers are co-prime if they have no common factors). 


 Find d, such that de % m = 1 


 Publish e and n as the public key. Keep d and n as the secret key. 

Q266. Key cards at a bank are not tied to individuals, but rather to organizational roles. After a break in, it becomes apparent that extra efforts must be taken to successfully pinpoint who exactly enters secure areas. Which of the following security measures can be put in place to mitigate the issue until a new key card system can be installed? 

A. Bollards 

B. Video surveillance 

C. Proximity readers 

D. Fencing 



Video surveillance is making use of a camera, or CCTV that is able to record everything it sees and is always running. This way you will be able to check exactly who enters secure areas. 

Q267. A company has purchased an application that integrates into their enterprise user directory for account authentication. Users are still prompted to type in their usernames and passwords. Which of the following types of authentication is being utilized here? 

A. Separation of duties 

B. Least privilege 

C. Same sign-on 

D. Single sign-on 


Explanation: Same sign-on requires the users to re-enter their credentials but it allows them to use the same credentials that they use to sign on locally. 

Q268. A new MPLS network link has been established between a company and its business partner. 

The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link? 

A. MPLS should be run in IPVPN mode. 

B. SSL/TLS for all application flows. 

C. IPSec VPN tunnels on top of the MPLS link. 

D. HTTPS and SSH for all application flows. 



IPSec can very well be used with MPLS. IPSec could provide VPN tunnels on top if the MPLS link. Internet Protocol Security (IPSec) isn’t a tunneling protocol, but it’s used in conjunction with tunneling protocols. IPSec is oriented primarily toward LAN-to-LAN connections, but it can also be used with dial-up connections. IPSec provides secure authentication and encryption of data and headers; this makes it a good choice for security. 

Q269. Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO). 

A. 110 

B. 137 

C. 139 

D. 143 

E. 161 

F. 443 

Answer: B,C 

Explanation: NetBIOS provides four distinct services: 

Name service for name registration and resolution (port: 137/udp) 

Name service for name registration and resolution (port: 137/tcp) 

Datagram distribution service for connectionless communication (port: 138/udp) 

Session service for connection-oriented communication (port: 139/tcp) 

Q270. After a recent breach, the security administrator performs a wireless survey of the corporate network. The security administrator notices a problem with the following output: 


00:10:A1:36:12:CC MYCORP WPA2 CCMP 60 1202 

00:10:A1:49:FC:37 MYCORP WPA2 CCMP 70 9102 

FB:90:11:42:FA:99 MYCORP WPA2 CCMP 40 3031 

00:10:A1:AA:BB:CC MYCORP WPA2 CCMP 55 2021 00:10:A1:FA:B1:07 MYCORP WPA2 CCMP 30 6044 

Given that the corporate wireless network has been standardized, which of the following attacks is underway? 

A. Evil twin 

B. IV attack 

C. Rogue AP 

D. DDoS 



The question states that the corporate wireless network has been standardized. By ‘standardized’ it means the wireless network access points are running on hardware from the same vendor. We can see this from the MAC addresses used. The first half of a MAC address is vendor specific. The second half is network adapter specific. We have four devices with MAC addresses that start with 00:10:A1. The “odd one out” is the device with a MAC address starting FB:90:11. This device is from a different vendor. The SSID of the wireless network on this access point is the same as the other legitimate access points. Therefore, the access point with a MAC address starting FB:90:11 is impersonating the corporate access points. This is known as an Evil Twin. 

An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique. For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name. In wireless transmissions, evil twins are not a new phenomenon. Historically, they were known as honeypots or base station clones. With the advancement of wireless technology and the use of wireless devices in public areas, it is very easy for novice users to set up evil twin exploits. 

Related SY0-401 Articles

best-it-exam-    | for-our-work-    | hottst-on-sale-    | it-sale-    | tast-dumps-us-    | test-king-number-    | pass-do-it-    | just-do-it-    | pass-with-us-    | passresults-everything-    | passtutor-our-dumps-    | realtests-us-exam-    | latest-update-source-for-    | cbtnuggets-sale-exam    | experts-revised-exam    | certguide-sale-exam    | test4actual-sale-exam    | get-well-prepared-    | certkiller-sale-exam    | buy-discount-dumps    | how-to-get-prepared-for-the    | in-an-easy-way    | brain-dumps-sale    | with-pass-exam-guarantee    | accurate-study-material    | at-first-try    | 100%-successful-rate    | get-certification-easily    | material-provider-exam    | real-exam-practice    | with-pass-score-guarantee    | certification-material-provider    | for-certification-professionals    | get-your-certification-successfully    | 100%-Pass-Rate    | in-pdf-file    | practice-exam-for    | it-study-guides    | study-material-sku    | study-guide-pdf    | prep-guide-demo    | certification-material-id    | actual-tests-demo    | brain-demos-test    | best-pdf-download    | our-certification-material    | best-practice-test    | leading-provider-on    | this-course-is-about    | the-most-reliable    | high-pass-rate-of    | money-back-guarantee    | high-pass-rate-demo    | recenty-updated-key    | only-for-students-free-download    | courseware-plus-kit-for    | accurate-answers-of    | the-most-reliable-id    | provide-training-for    | welcome-to-buy    | material-for-success-pass    | provide-free-support    | best-book-for-pass    | accuracy-of-the-answers    | pass-guarantee-id    |    |    |