Typically if applicants would rather certify together with CompTIA SY0-401 official certifications plan, people take into consideration with some other elements plus search for no matter whether which will CompTIA SY0-401 plan accommodate these people greatest. Especially, in regards together with technology accreditations, expense of the particular CompTIA SY0-401 plan in addition to advantages are pretty much thought of. Likewise, CompTIA SY0-401 plan goes when the greatest plan available by CompTIA and in addition it is especially challenging certify inside the first endeavor. For an regular, only 10% of your experts everywhere are generally successfully moving past the particular CompTIA SY0-401 analysis.

2021 Mar SY0-401 simulations

Q111. Which of the following BEST describes the type of attack that is occurring? (Select TWO). 

A. DNS spoofing 

B. Man-in-the-middle 

C. Backdoor 

D. Replay 

E. ARP attack 

F. Spear phishing 

G. Xmas attack 

Answer: A,E 

Explanation: 

We have a legit bank web site and a hacker bank web site. The hacker has a laptop connected to the network. The hacker is redirecting bank web site users to the hacker bank web site instead of the legit bank web site. This can be done using two methods: DNS Spoofing and ARP Attack (ARP Poisoning). 

A: DNS spoofing (or DNS cache poisoning) is a computer hacking attack, whereby data is introduced into a Domain Name System (DNS) resolver's cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker's computer (or any other computer). A domain name system server translates a human-readable domain name (such as example.com) into a numerical IP address that is used to route communications between nodes. Normally if the server doesn't know a requested translation it will ask another server, and the process continues recursively. To increase performance, a server will typically remember (cache) these translations for a certain amount of time, so that, if it receives another request for the same translation, it can reply without having to ask the other server again. When a DNS server has received a false translation and caches it for performance optimization, it is considered poisoned, and it supplies the false data to clients. If a DNS server is poisoned, it may return an incorrect IP address, diverting traffic to another computer (in this case, the hacker bank web site server). 

E: Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker's known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination. As a result, both the user's data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user. ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR). 


Q112. Which of the following is a hardware based encryption device? 

A. EFS 

B. TrueCrypt 

C. TPM 

D. SLE 

Answer:

Explanation: 

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. 


Q113. After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue? 

A. Host based firewall 

B. Initial baseline configurations 

C. Discretionary access control 

D. Patch management system 

Answer:

Explanation: 

A patch is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. Patch Management can thus be used to fix security problems discovered within the OS thus negating a known OS vulnerability. 


Q114. A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue? 

A. The SSID broadcast is disabled. 

B. The company is using the wrong antenna type. 

C. The MAC filtering is disabled on the access point. 

D. The company is not using strong enough encryption. 

Answer:

Explanation: 

When the SSID is broadcast, any device with an automatic detect and connect feature is able to see the network and can initiate a connection with it. The fact that they cannot access the network means that they are unable to see it. 


Q115. Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions? 

A. Unexpected input 

B. Invalid output 

C. Parameterized input 

D. Valid output 

Answer:

Explanation: 

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. 


Replace SY0-401 test engine:

Q116. A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an: 

A. Logic bomb. 

B. Backdoor. 

C. Adware application. 

D. Rootkit. 

Answer:

Explanation: 

There has been a security breach on a computer system. The security administrator should now check for the existence of a backdoor. A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission. Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures—and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers. 


Q117. Connections using point-to-point protocol authenticate using which of the following? (Select TWO). 

A. RIPEMD 

B. PAP 

C. CHAP 

D. RC4 

E. Kerberos 

Answer: B,C 

Explanation: 

B: A password authentication protocol (PAP) is an authentication protocol that uses a password. PAP is used by Point to Point Protocol to validate users before allowing them access to server resources. 

C: CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. 


Q118. Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops? 

A. TPM 

B. HSM 

C. CPU 

D. FPU 

Answer:

Explanation: 

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. 


Q119. Which of the following is true about the recovery agent? 

A. It can decrypt messages of users who lost their private key. 

B. It can recover both the private and public key of federated users. 

C. It can recover and provide users with their lost or private key. 

D. It can recover and provide users with their lost public key. 

Answer:

Explanation: 

Explanation: A key recovery agent is an entity that has the ability to recover a private key, key components, or plaintext messages as needed. Using the recovered key the recovery agent can decrypt encrypted data. 


Q120. NO: 81 

A company is about to release a very large patch to its customers. An administrator is required to test patch installations several times prior to distributing them to customer PCs. 

Which of the following should the administrator use to test the patching process quickly and often? 

A. Create an incremental backup of an unpatched PC 

B. Create an image of a patched PC and replicate it to servers 

C. Create a full disk image to restore after each installation 

D. Create a virtualized sandbox and utilize snapshots 

Answer:

Explanation: 

Sandboxing is the process of isolating a system before installing new applications or patches on it 

so as to restrict the software from being able to cause harm to production systems. 

Before the patch is installed, a snapshot of the system should be taken. Snapshots are backups 

that can be used to quickly recover from poor updates, and errors arising from newly installed 

applications.