Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 511-520

September 20, 2017

EnsurePass
2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/SY0-401.html

CompTIA Security Certification

Question No: 511 – (Topic 3)

When an order was submitted via the corporate website, an administrator noted special characters (e.g., quot;;-quot; and quot;or 1=1 -quot;) were input instead of the expected letters and numbers.

Which of the following is the MOST likely reason for the unusual results?

  1. The user is attempting to highjack the web server session using an open-source browser.

  2. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.

  3. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.

  4. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

Answer: D

Explanation:

The code in the question is an example of a SQL Injection attack. The code ‘1=1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application#39;s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Question No: 512 – (Topic 3)

During a disaster recovery planning session, a security administrator has been tasked with determining which threats and vulnerabilities pose a risk to the organization. Which of the following should the administrator rate as having the HIGHEST frequency of risk to the organization?

  1. Hostile takeovers

  2. Large scale natural disasters

  3. Malware and viruses

  4. Corporate espionage

Answer: C Explanation:

The most common threat to an organization is computer viruses or malware. A computer can become infected with a virus through day-to-day activities such as browsing web sites or emails. As browsing and opening emails are the most common activities performed by all users, computer viruses represent the most likely risk to a business.

Common examples of malware include viruses, worms, trojan horses, and spyware. Viruses, for example, can cause havoc on a computer#39;s hard drive by deleting files or directory information. Spyware can gather data from a user#39;s system without the user knowing it. This can include anything from the Web pages a user visits to personal information, such as credit card numbers.

Question No: 513 – (Topic 3)

Which of the following is a notification that an unusual condition exists and should be investigated?

  1. Alert

  2. Trend

  3. Alarm

  4. Trap

Answer: A Explanation:

We need to look carefully at the wording of the question to determine the answer. This question is asking about an “unusual condition” that should be investigated. There are different levels of alerts from Critical to Warning to Information only.

An Alarm would be triggered by a serious definite problem that needs resolving urgently. An “unusual condition” probably wouldn’t trigger an alarm; it is more likely to trigger an Alert.

Question No: 514 – (Topic 3)

An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?

  1. Install a proxy server between the users’ computers and the switch to filter inbound network traffic.

  2. Block commonly used ports and forward them to higher and unused port numbers.

  3. Configure the switch to allow only traffic from computers based upon their physical address.

  4. Install host-based intrusion detection software to monitor incoming DHCP Discover requests.

Answer: C Explanation:

Configuring the switch to allow only traffic from computers based upon their physical address is known as MAC filtering. The physical address is known as the MAC address. Every network adapter has a unique MAC address hardcoded into the adapter.

You can configure the ports of a switch to allow connections from computers with specific

MAC addresses only and block all other MAC addresses.

MAC filtering is commonly used in wireless networks but is considered insecure because a MAC address can be spoofed. However, in a wired network, it is more secure because it would be more difficult for a rogue computer to sniff a MAC address.

Question No: 515 – (Topic 3)

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

  1. Baseline reporting

  2. Input validation

  3. Determine attack surface

  4. Design reviews

Answer: D Explanation:

When implementing systems and software, an important step is the design of the systems and software. The systems and software should be designed to ensure that the system works as intended and is secure.

The design review assessment examines the ports and protocols used, the rules, segmentation, and access control in the system or application. A design review is basically a check to ensure that the design of the system meets the security requirements.

Question No: 516 – (Topic 3)

Which of the following attacks involves the use of previously captured network traffic?

  1. Replay

  2. Smurf

  3. Vishing

  4. DDoS

Answer: A Explanation:

Replay attacks are becoming quite common. They occur when information is captured over

a network. A replay attack is a kind of access or modification attack. In a distributed environment, logon and password information is sent between the client and the authentication system. The attacker can capture the information and replay it later. This can also occur with security certificates from systems such as Kerberos: The attacker resubmits the certificate, hoping to be validated by the authentication system and circumvent any time sensitivity.

If this attack is successful, the attacker will have all of the rights and privileges from the original certificate. This is the primary reason that most certificates contain a unique session identifier and a time stamp. If the certificate has expired, it will be rejected and an entry should be made in a security log to notify system administrators.

Question No: 517 – (Topic 3)

Which of the following would a security administrator implement in order to identify change from the standard configuration on a server?

  1. Penetration test

  2. Code review

  3. Baseline review

  4. Design review

Answer: C Explanation:

The standard configuration on a server is known as the baseline.

The IT baseline protection approach is a methodology to identify and implement computer security measures in an organization. The aim is the achievement of an adequate and appropriate level of security for IT systems. This is known as a baseline.

A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards (the baseline).

Question No: 518 – (Topic 3)

Two programmers write a new secure application for the human resources department to store personal identifiable information. The programmers make the application available to themselves using an uncommon port along with an ID and password only they know. This is an example of which of the following?

  1. Root Kit

  2. Spyware

  3. Logic Bomb

  4. Backdoor

Answer: D Explanation:

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.

A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system.

Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission.

Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures-and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.

Question No: 519 – (Topic 3)

Several bins are located throughout a building for secure disposal of sensitive information. Which of the following does this prevent?

  1. Dumpster diving

  2. War driving

  3. Tailgating

  4. War chalking

Answer: A Explanation:

The bins in this question will be secure bins designed to prevent someone accessing the ‘rubbish’ to learn sensitive information.

Dumpster diving is looking for treasure in someone else#39;s trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn#39;t limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash.

Question No: 520 – (Topic 3)

The string: ‘ or 1=1- –

Represents which of the following?

  1. Bluejacking

  2. Rogue access point

  3. SQL Injection

  4. Client-side attacks

Answer: C Explanation:

The code in the question is an example of a SQL Injection attack. The code ‘1=1’ will always provide a value of true. This can be included in statement designed to return all rows in a SQL table.

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in

an application#39;s software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE