Exambible is the best choice to suit your needs to take the CompTIA CompTIA SY0-401 certification test. CompTIA SY0-401 research guide will assist you to make entire use of each of our SY0-401 online human brain dumps. You can please take a CompTIA sample test prior to you obtain it and possess an instant access to be able to free downloadable CompTIA CompTIA SY0-401 certification practice dumps following purchase! Begin right now by with all the SY0-401 test powerplant to take a look at whether or perhaps not youve got full comprehending of CompTIA CompTIA certification evaluation and can help make right choice. Youll make entire preparation for the CompTIA SY0-401 exam by taking benefit from our latest CompTIA CompTIA SY0-401 certification exam.

2021 Nov SY0-401 download

Q521. Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network? 

A. HIPS on each virtual machine 

B. NIPS on the network 

C. NIDS on the network 

D. HIDS on each virtual machine 

Answer:

Explanation: 

Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. 


Q522. Which of the following is the BEST reason to provide user awareness and training programs for organizational staff? 

A. To ensure proper use of social media 

B. To reduce organizational IT risk 

C. To detail business impact analyses 

D. To train staff on zero-days 

Answer:

Explanation: 

Ideally, a security awareness training program for the entire organization should cover the following areas: Importance of security Responsibilities of people in the organization Policies and procedures Usage policies Account and password-selection criteria Social engineering prevention 

You can accomplish this training either by using internal staff or by hiring outside trainers. This type of training will significantly reduce the organizational IT risk. 


Q523. A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe? 

A. Zero-day 

B. Buffer overflow 

C. Cross site scripting 

D. Malicious add-on 

Answer:

Explanation: 

This question describes a buffer overflow attack. 

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. 


Q524. Which device monitors network traffic in a passive manner? 

A. Sniffer 

B. IDS 

C. Firewall 

D. Web browser 

Answer:

Explanation: 

A sniffer is another name for a protocol analyzer. A protocol analyzer performs its function in a 

passive manner. In other words, computers on the network do not know that their data packets 

have been captured. 

A Protocol Analyzer is a hardware device or more commonly a software program used to capture 

network data communications sent between devices on a network. Capturing packets sent from a 

computer system is known as packet sniffing. 

Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) 

from Microsoft and Wireshark (formerly Ethereal). 

A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are 

connected to a local area network that is not filtered or switched, the traffic can be broadcast to all 

computers contained in the same segment. This doesn’t generally occur, since computers are 

generally told to ignore all the comings and goings of traffic from other computers. However, in the 

case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface 

Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads 

communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer. 


Q525. Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash? 

A. Input validation 

B. Exception handling 

C. Application hardening 

D. Fuzzing 

Answer:

Explanation: 

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. 


Up to date SY0-401 book:

Q526. Which of the following protocols is MOST likely to be leveraged by users who need additional information about another user? 

A. LDAP 

B. RADIUS 

C. Kerberos 

D. TACACS+ 

Answer:

Explanation: 


Q527. An administrator is instructed to disable IP-directed broadcasts on all routers in an organization. Which of the following attacks does this prevent? 

A. Pharming 

B. Smurf 

C. Replay 

D. Xmas 

Answer:

Explanation: 


Q528. Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees? 

A. Routine audits 

B. Account expirations 

C. Risk assessments 

D. Change management 

Answer:

Explanation: 


Q529. Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together? 

A. Least privilege access 

B. Separation of duties 

C. Mandatory access control 

D. Mandatory vacations 

Answer:

Explanation: 

A mandatory vacation policy requires all users to take time away from work to refresh. Mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels. Mandatory vacations also provide an opportunity to discover fraud. In this case mandatory vacations can prevent the two members from colluding to steal the information that they have access to. 


Q530. In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time? 

A. Import the recipient’s public key 

B. Import the recipient’s private key 

C. Export the sender’s private key 

D. Export the sender’s public key 

Answer:

Explanation: 

See step 4 below. 

1.

 When a user encrypts plaintext with PGP, PGP first compresses the plaintext. 

2.

 PGP then creates a session key, which is a one-time-only secret key. 

3.

 This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. 

4.

 Once the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is transmitted along with the ciphertext to the recipient.