Master the sy0 401 practice exam CompTIA Security+ Certification content and be ready for exam day success quickly with this Pass4sure comptia security+ sy0 401 pdf answers. We guarantee it!We make it a reality and give you real comptia security+ get certified get ahead sy0 401 study guide questions in our CompTIA sy0 401 braindump braindumps.Latest 100% VALID CompTIA sy0 401 pdf Exam Questions Dumps at below page. You can use our CompTIA comptia security+ get certified get ahead sy0 401 study guide braindumps and pass your exam.

Q301. Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described? 

A. Phishing 

B. Tailgating 

C. Pharming 

D. Vishing 

Answer:

Explanation: 

Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone. The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to "verify identity" or to "ensure that fraud does not occur." If the attack is carried out by telephone, caller ID spoofing can cause the victim's set to indicate a legitimate source, such as a bank or a government agency. 

Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many legitimate customer services, vishing scams are often outsourced to other countries, which may render sovereign law enforcement powerless. 

Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal activity, no matter what the medium or apparent source. Rather than calling a number given in any unsolicited message, a consumer should directly call the institution named, using a number that is known to be valid, to verify all recent activity and to ensure that the account information has not been tampered with. 


Q302. The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements? 

A. Sniffers 

B. NIDS 

C. Firewalls 

D. Web proxies 

E. Layer 2 switches 

Answer:

Explanation: 

The basic purpose of a firewall is to isolate one network from another. 


Q303. DRAG DROP 

A forensic analyst is asked to respond to an ongoing network attack on a server. Place the items in the list below in the correct order in which the forensic analyst should preserve them. 

Answer: 

Explanation: 

When dealing with multiple issues, address them in order of volatility (OOV); always deal with the most volatile first. Volatility can be thought of as the amount of time that you have to collect certain data before a window of opportunity is gone. Naturally, in an investigation you want to collect everything, but some data will exist longer than others, and you cannot possibly collect all of it once. As an example, the OOV in an investigation may be RAM, hard drive data, CDs/DVDs, and printouts. 

Order of volatility: Capture system images as a snapshot of what exists, look at network traffic and logs, capture any relevant video/screenshots/hashes, record time offset on the systems, talk to witnesses, and track total man-hours and expenses associated with the investigation. 

References: 

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, 

Indianapolis, 2014, p 453 


Q304. Which of the following devices would be the MOST efficient way to filter external websites for staff on an internal network? 

A. Protocol analyzer 

B. Switch 

C. Proxy 

D. Router 

Answer:

Explanation: 


Q305. Which of the following wireless security technologies continuously supplies new keys for WEP? 

A. TKIP 

B. Mac filtering 

C. WPA2 

D. WPA 

Answer:

Explanation: 

TKIP is a suite of algorithms that works as a "wrapper" to WEP, which allows users of legacy WLAN equipment to upgrade to TKIP without replacing hardware. TKIP uses the original WEP programming but "wraps" additional code at the beginning and end to encapsulate and modify it. 


Q306. Which of the following BEST explains the use of an HSM within the company servers? 

A. Thumb drives present a significant threat which is mitigated by HSM. 

B. Software encryption can perform multiple functions required by HSM. 

C. Data loss by removable media can be prevented with DLP. 

D. Hardware encryption is faster than software encryption. 

Answer:

Explanation: 

Hardware Security Module (HSM) is a cryptoprocessor that can be used to enhance security. It provides a fast solution for the for large asymmetrical encryption calculations and is much faster than software-based cryptographic solutions. 


Q307. HOTSPOT 

For each of the given items, select the appropriate authentication category from the dropdown choices. 

Instructions: When you have completed the simu-lation, please select the Done button to submit. 

Answer: 


Q308. In order to maintain oversight of a third party service provider, the company is going to implement a Governance, Risk, and Compliance (GRC) system. This system is promising to provide overall security posture coverage. Which of the following is the MOST important activity that should be considered? 

A. Continuous security monitoring 

B. Baseline configuration and host hardening 

C. Service Level Agreement (SLA) monitoring 

D. Security alerting and trending 

Answer:

Explanation: 

The company is investing in a Governance, Risk, and Compliance (GRC) system to provide overall security posture coverage. This is great for testing the security posture. However, to be effective and ensure the company always has a good security posture, you need to monitor the security continuously. 

Once a baseline security configuration is documented, it is critical to monitor it to see that this baseline is maintained or exceeded. A popular phrase among personal trainers is “that which gets measured gets improved.” Well, in network security, “that which gets monitored gets secure.” Continuous monitoring means exactly that: ongoing monitoring. This may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations. 


Q309. An administrator is assigned to monitor servers in a data center. A web server connected to the Internet suddenly experiences a large spike in CPU activity. Which of the following is the MOST likely cause? 

A. Spyware 

B. Trojan 

C. Privilege escalation 

D. DoS 

Answer:

Explanation: 

A Distributed Denial of Service (DDoS) attack is a DoS attack from multiple computers whereas a DoS attack is from a single computer. In terms of the actual method of attack, DDoS and DoS attacks are the same. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack. 


Q310. ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left? 

A. Annual account review 

B. Account expiration policy 

C. Account lockout policy 

D. Account disablement 

Answer:

Explanation: 

Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day.