CompTIA SY0-401 Online Practice
Questions and Exam Preparation
SY0-401 Exam Details
Exam Code
:SY0-401
Exam Name
:CompTIA Security+
Certification
:CompTIA Certifications
Vendor
:CompTIA
Total Questions
:1789 Q&As
Last Updated
:Dec 14, 2021
CompTIA SY0-401 Online Questions &
Answers
Question 1681:
Which of the following application attacks is used to gain access to SEH?
A. Cookie stealing B. Buffer overflow C. Directory traversal D. XML injection
B. Buffer overflow
Buffer overflow protection is used to detect the most common buffer overflows by checking that the stack has not been altered when a function returns. If it has been altered, the program exits with a segmentation fault. Microsoft's implementation of Data Execution Prevention (DEP) mode explicitly protects the pointer to the Structured Exception Handler (SEH) from being overwritten. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability.
Question 1682:
After entering the following information into a SOHO wireless router, a mobile device's user reports being unable to connect to the network:
PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB Which of the following is preventing the device from connecting?
A. WPA2-PSK requires a supplicant on the mobile device. B. Hardware address filtering is blocking the device. C. TCP/IP Port filtering has been implemented on the SOHO router. D. IP address filtering has disabled the device from connecting.
B. Hardware address filtering is blocking the device.
MAC filtering allows you to include or exclude computers and devices based on their MAC address.
Question 1683:
An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns.
Which of the following is an example of this threat?
A. An attacker using the phone remotely for spoofing other phone numbers B. Unauthorized intrusions into the phone to access data C. The Bluetooth enabled phone causing signal interference with the network D. An attacker using exploits that allow the phone to be disabled
B. Unauthorized intrusions into the phone to access data
Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages -- without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled.
Question 1684:
All executive officers have changed their monitor location so it cannot be easily viewed when passing by their offices. Which of the following attacks does this action remediate?
A. Dumpster Diving B. Impersonation C. Shoulder Surfing D. Whaling
C. Shoulder Surfing
Viewing confidential information on someone's monitor is known as shoulder surfing. By moving their monitors so they cannot be seen, the executives are preventing users passing by `shoulder surfing'.
Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.
Question 1685:
Matt, an administrator, notices a flood fragmented packet and retransmits from an email server.
After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue?
A. Spam filter B. Protocol analyzer C. Web application firewall D. Load balancer
B. Protocol analyzer
A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a typical host system. In either case, a protocol analyzer is first a packet capturing tool that can collect network traffic and store it in memory or onto a storage device. Once a packet is captured, it can be analyzed either with complex automated tools and scripts or manually.
Question 1686:
In which of the following steps of incident response does a team analyse the incident and determine steps to prevent a future occurrence?
A. Mitigation B. Identification C. Preparation D. Lessons learned
D. Lessons learned
Incident response procedures involves in chronological order: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Thus lessons are only learned after the mitigation occurred. For only then can you `step back' and analyze the incident to prevent the same occurrence in future.
Question 1687:
A system administrator wants to implement an internal communication system that will allow employees to send encrypted messages to each other. The system must also support non-repudiation. Which of the following implements all these requirements?
A. Bcrypt B. Blowfish C. PGP D. SHA
C. PGP
Question 1688:
An administrator is hardening systems and wants to disable unnecessary services. One Linux server hosts files used by a Windows web server on another machine. The Linux server is only used for secure file transfer, but requires a share for the Windows web server as well. The administrator sees the following output from a netstat -1p command:
Which of the following processes can the administrator kill without risking impact to the purpose and function of the Linux or Windows servers? (Select Three)
A. 1488 B. 1680 C. 2120 D. 2121 E. 2680 F. 8217
A. 1488 D. 2121 F. 8217
Question 1689:
Which of the following tools will allow a technician to detect security-related TCP connection anomalies?
A. Logical token B. Performance monitor C. Public key infrastructure D. Trusted platform module
B. Performance monitor
Performance Monitor in a Windows system can monitor many different `counters'. For TCP network connections, you can monitor specific TCP related counters including the following: Connection Failures Connections Active Connections Established Connections Passive Connections Reset Segments Received/sec Segments Retransmitted/sec Segments Sent/sec Total Segments/sec
By monitoring the counters listed above, you will be able to detect security-related TCP connection anomalies.
Question 1690:
An attacker Joe configures his service identifier to be the same as an access point advertised on a billboard. Joe then conducts a denial of service attack against the legitimate AP causing users to drop their connections and then reconnect to Joe's system with the same SSID. Which of the following Best describes this type of attack?
A. Bluejacking B. WPS attack C. Evil twin D. War driving E. Relay attack
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your SY0-401 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.