Act now and download your CompTIA SY0-401 test today! Do not waste time for the worthless CompTIA SY0-401 tutorials. Download Regenerate CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA SY0-401 with a classic professional.

2021 Apr SY0-401 exam guide

Q211. Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization? 

A. It should be enforced on the client side only. 

B. It must be protected by SSL encryption. 

C. It must rely on the user’s knowledge of the application. 

D. It should be performed on the server side. 

Answer:

Explanation: 

Client-side validation should only be used to improve user experience, never for security purposes. A client-side input validation check can improve application performance by catching malformed input on the client and, therefore, saving a roundtrip to the server. However, client side validation can be easily bypassed and should never be used for security purposes. Always use server-side validation to protect your application from malicious attacks. 


Q212. After encrypting all laptop hard drives, an executive officer’s laptop has trouble booting to the operating system. Now that it is successfully encrypted the helpdesk cannot retrieve the data. 

Which of the following can be used to decrypt the information for retrieval? 

A. Recovery agent 

B. Private key 

C. Trust models 

D. Public key 

Answer:

Explanation: 

To access the data the hard drive need to be decrypted. To decrypt the hard drive you would need 

the proper private key. The key recovery agent can retrieve the required key. 

A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext 

messages as needed. 


Q213. Pete, the security administrator, has been notified by the IDS that the company website is under attack. Analysis of the web logs show the following string, indicating a user is trying to post a comment on the public bulletin board. 

INSERT INTO message `<script>source=http://evilsite</script> 

This is an example of which of the following? 

A. XSS attack 

B. XML injection attack 

C. Buffer overflow attack 

D. SQL injection attack 

Answer:

Explanation: 

The <script> </script> tags indicate that script is being inserted. Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. 


Q214. The security administrator is observing unusual network behavior from a workstation. The workstation is communicating with a known malicious destination over an encrypted tunnel. A full antivirus scan, with an updated antivirus definition file, does not show any signs of infection. 

Which of the following has happened on the workstation? 

A. Zero-day attack 

B. Known malware infection 

C. Session hijacking 

D. Cookie stealing 

Answer:

Explanation: 

The vulnerability was unknown in that the full antivirus scan did not detect it. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. 


Q215. A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies? 

A. User rights and permissions review 

B. Change management 

C. Data loss prevention 

D. Implement procedures to prevent data theft 

Answer:

Explanation: 

Terminal Access Controller Access-Control System (TACACS, and variations like XTACACS and TACACS+) is a client/server-oriented environment, and it operates in a manner similar to RADIUS. Furthermore TACACS+ allows for credential to be accepted from multiple methods. Thus you can perform user rights and permission reviews with TACACS+. 


Update SY0-401 book:

Q216. A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as: 

A. Black box testing 

B. White box testing 

C. Black hat testing 

D. Gray box testing 

Answer:

Explanation: 

Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place. 


Q217. A company wants to ensure that all aspects if data are protected when sending to other sites within the enterprise. Which of the following would ensure some type of encryption is performed while data is in transit? 

A. SSH 

B. SHA1 

C. TPM 

D. MD5 

Answer:

Explanation: 

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. 


Q218. The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing? 

A. Black box 

B. Penetration 

C. Gray box 

D. White box 

Answer:

Explanation: 

Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place. 


Q219. Which of the following should a company implement to BEST mitigate from zero-day malicious code executing on employees' computers? 

A. Least privilege accounts 

B. Host-based firewalls 

C. Intrusion Detection Systems 

D. Application white listing 

Answer:

Explanation: 


Q220. Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function? 

A. Attributes based 

B. Implicit deny 

C. Role based 

D. Rule based 

Answer:

Explanation: 

Attribute-based access control allows access rights to be granted to users via policies, which combine attributes together. The policies can make use of any type of attributes, which includes user attributes, resource attributes and environment attributes.