Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 721-730

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 721 – (Topic 3)

During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server?

  1. SPIM

  2. Backdoor

  3. Logic bomb

  4. Rootkit

Answer: D Explanation:

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a quot;backdoorquot; into the system for the hacker#39;s use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.

The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network.

Question No: 722 – (Topic 3)

Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?

  1. Rogue access point

  2. Zero day attack

  3. Packet sniffing

  4. LDAP injection

Answer: D

Explanation: A directory service is accessed by using LDAP (Lightweight Directory Access Protocol). LDAP injection is an attack against a directory service.

Just as SQL injection attacks take statements that are input by users and exploit weaknesses within, an LDAP injection attack exploits weaknesses in LDAP (Lightweight Directory Access Protocol) implementations. This can occur when the user’s input is not properly filtered, and the result can be executed commands, modified content, or results returned to unauthorized queries. The best way to prevent LDAP injection attacks is to filter the user input and to use a validation scheme to make certain that queries do not contain exploits.

One of the most common uses of LDAP is associated with user information. Numerous applications exist-such as employee directories-where users find other users by typing in a portion of their name. These queries are looking at the cn value or other fields (those defined for department, home directory, and so on). Someone attempting LDAP injection could feed unexpected values to the query to see what results are returned. All too often, finding employee information equates to finding usernames and values about those users that could be portions of their passwords.

Question No: 723 – (Topic 3)

A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:

  1. Black box testing

  2. White box testing

  3. Black hat testing

  4. Gray box testing

Answer: A Explanation:

Black-box testing is a method of software testing that examines the functionality of an

application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well.

Specific knowledge of the application#39;s code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place.

Topic 4, Application, Data and Host Security

Question No: 724 – (Topic 4)

Pete, the compliance manager, wants to meet regulations. Pete would like certain ports blocked only on all computers that do credit card transactions. Which of the following should Pete implement to BEST achieve this goal?

  1. A host-based intrusion prevention system

  2. A host-based firewall

  3. Antivirus update system

  4. A network-based intrusion detection system

Answer: B Explanation:

A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet.

Question No: 725 – (Topic 4)

A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?

  1. Database field encryption

  2. File-level encryption

  3. Data loss prevention system

  4. Full disk encryption

Answer: A Explanation:

Database encryption makes use of cryptography functions that are built into the database software to encrypt the data stored in the data base. This often offers granular encryption options which allows for the encryptions of the entire database, specific database tables, or specific database fields, such as a credit card number field.

Question No: 726 – (Topic 4)

The marketing department wants to distribute pens with embedded USB drives to clients. In the past this client has been victimized by social engineering attacks which led to a loss of sensitive data. The security administrator advises the marketing department not to distribute the USB pens due to which of the following?

  1. The risks associated with the large capacity of USB drives and their concealable nature

  2. The security costs associated with securing the USB drives over time

  3. The cost associated with distributing a large volume of the USB pens

  4. The security risks associated with combining USB drives and cell phones on a network

Answer: A Explanation:

USB drive and other USB devices represent a security risk as they can be used to either bring malicious code into a secure system or to copy and remove sensitive data out of the system.

Question No: 727 – (Topic 4)

Which of the following file systems is from Microsoft and was included with their earliest operating systems?

  1. NTFS

  2. UFS

  3. MTFS

  4. FAT

Answer: D Explanation:

File Allocation Table (FAT) is a file system created by Microsoft and used for its earliest DOS operating systems.

Question No: 728 – (Topic 4)

Which of the following are examples of network segmentation? (Select TWO).

  1. IDS

  2. IaaS

  3. DMZ

  4. Subnet

  5. IPS

Answer: C,D Explanation:

C: A demilitarized zone (DMZ) is a part of the network that is separated of segmented from the rest of the network by means of firewalls and acts as a buffer between the untrusted public Internet and the trusted local area network (LAN).

D. IP subnets can be used to separate or segment networks while allowing communication between the network segments via routers.

Question No: 729 – (Topic 4)

Which of the following MOST interferes with network-based detection techniques?

  1. Mime-encoding

  2. SSL

  3. FTP

  4. Anonymous email accounts

Answer: B Explanation:

Secure Sockets Layer (SSL) is used to establish secure TCP communication between two machines by encrypting the communication. Encrypted communications cannot easily be

inspected for anomalies by network-based intrusion detection systems (NIDS).

Question No: 730 – (Topic 4)

A new application needs to be deployed on a virtual server. The virtual server hosts a SQL server that is used by several employees.

Which of the following is the BEST approach for implementation of the new application on the virtual server?

  1. Take a snapshot of the virtual server after installing the new application and store the snapshot in a secure location.

  2. Generate a baseline report detailing all installed applications on the virtualized server after installing the new application.

  3. Take a snapshot of the virtual server before installing the new application and store the snapshot in a secure location.

  4. Create an exact copy of the virtual server and store the copy on an external hard drive after installing the new application.

Answer: C Explanation:

Snapshots are backups of virtual machines that can be used to quickly recover from poor updates, and errors arising from newly installed applications. However, the snapshot should be taken before the application or update is installed.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE