[Free] Download New Updated (February 2016) CompTIA SY0-401 Practice Tests 1071-1080

Ensurepass

QUESTION 1071

Which of the following is a penetration testing method?

 

A.

Searching the WHOIS database for administrator contact information

B.

Running a port scanner against the target’s network

C.

War driving from a target’s parking lot to footprint the wireless network

D.

Calling the target’s helpdesk, requesting a password reset

 

Correct Answer: D

 

 

QUESTION 1072

Which of the following would MOST likely involve GPS?

 

A.

Wardriving

B.

Protocol analyzer

C.

Replay attack

D.

WPS attack

 

Correct Answer: A

 

 

QUESTION 1073

An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

 

A.

XSRF Attacks

B.

Fuzzing

C.

Input Validations

D.

SQL Injections

 

Correct Answer: B

 

 

QUESTION 1074

A recent review of accounts on various systems has found that after employees’ passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO).

 

A.

Reverse encryption

B.

Minimum password age

C.

Password complexity

D.

Account lockouts

E.

Password history

F.

Password expiration

 

Correct Answer: BE

 

 

QUESTION 1075

An organizations’ security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue?

 

A.

Password history

B.

Password complexity

C.

Password length

D.

Password expiration

 

Correct Answer: A

 

 

QUESTION 1076

The system administrator is reviewing the following logs from the company web server:

 

12:34:56 GET /directory_listing.php?user=admin&pass=admin1

 

12:34:57 GET /directory_listing.php?user=admin&pass=admin2

 

12:34:58 GET /directory_listing.php?user=admin&pass=1admin

 

12:34:59 GET /directory_listing.php?user=admin&pass=2admin

 

Which of the following is this an example of?

 

A.

Online rainbow table attack

B.

Offline brute force attack

C.

Offline dictionary attack

D.

Online hybrid attack

 

Correct Answer: D

 

 

QUESTION 1077

A security administrator must implement a system that will support and enforce the following file system access control model:

 

FILE NAME SECURITY LABEL

 

Employees.doc Confidential

 

Salary.xls Confidential

 

OfficePhones.xls Unclassified

 

PersonalPhones.xls Restricted

 

Which of the following should the security administrator implement?

 

A.

White and black listing

B.

SCADA system

C.

Trusted OS

D.

Version control

 

Correct Answer: C

 

 

QUESTION 1078

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?

 

A.

Initial baseline configuration snapshots


B.

Firewall, IPS and network segmentation

C.

Event log analysis and incident response

D.

Continuous security monitoring processes

 

Correct Answer: D

 

 

QUESTION 1079

A large multinational corporation with networks in 30 countries wants to establish an understanding of their overall public-facing network attack surface. Which of the following security techniques would be BEST suited for this?

 

A.

External penetration test

B.

Internal vulnerability scan

C.

External vulnerability scan

D.

Internal penetration test

 

Correct Answer: C

 

 

QUESTION 1080

Which of the following controls should critical application servers implement to protect themselves from other potentially compromised application services?

 

A.

NIPS

B.

Content filter

C.

NIDS

D.

Host-based firewalls

 

Correct Answer: D

 

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in SY0-401 Practice Tests (February 2016) and tagged , , , , , , , . Bookmark the permalink.