[Free] Download New Updated (February 2016) CompTIA SY0-401 Practice Tests 131-140

Ensurepass

QUESTION 131

An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack?

 

A.

Integer overflow

B.

Cross-site scripting

C.

Zero-day

D.

Session hijacking

E.

XML injection

 

Correct Answer: C

 

 

QUESTION 132

Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties?

 

A.

LDAP

B.

SAML

C.

TACACS+

D.

Kerberos

 

Correct Answer: B

 

 

QUESTION 133

Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?

 

A.

21/UDP

B.

21/TCP

C.

22/UDP

D.

22/TCP

 

Correct Answer: D

 

 

 

 

 

QUESTION 134

A user, Ann, is reporting to the company IT support group that her workstation screen is blank other than a window with a message requesting payment or else her hard drive will be formatted. Which of the following types of malware is on Ann’s workstation?

 

A.

Trojan

B.

Spyware

C.

Adware

D.

Ransomware

 

Correct Answer: D

 

 

QUESTION 135

Which of the following controls can be implemented together to prevent data loss in the event of theft of a mobile device storing
sensitive information? (Select TWO).

 

A.

Full device encryption

B.

Screen locks

C.

GPS

D.

Asset tracking

E.

Inventory control

 

Correct Answer: AB

 

 

QUESTION 136< /b>

A way to assure data at-rest is secure even in the event of loss or theft is to use:

 

A.

Full device encryption.

B.

Special permissions on the file system.

C.

Trusted Platform Module integration.

D.

Access Control Lists.

 

Correct Answer: A

 

 

QUESTION 137

A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect’s emails show they consist mostly of pictures of the user at various locations
during a recent vacation. No suspicious activities from other users who have access to the data were discovered. Which of the following is occurring?

 

A.

The user is encrypting the data in the outgoing messages.

B.

The user is using steganography.

C.

The user is spamming to obfuscate the activity.

D.

The user is using hashing to embed data in the emails.

 

Correct Answer: B

 

QUESTION 138

A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log:

 

22, 25, 445, 1433, 3128, 3389, 6667

 

Which of the following protocols was used to access the server remotely?

 

A.

LDAP

B.

HTTP

C.

RDP

D.

HTTPS

 

Correct Answer: C

 

 

QUESTION 139

An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?

 

A.

SSID broadcast

B.

MAC filter

C.

WPA2

D.

Antenna placement

 

Correct Answer: A

 

 

QUESTION 140

A computer is suspected of being compromised by malware. The security analyst examines the computer and finds that a service called Telnet is running and connecting to an external website

over port 443. This Telnet service was found by comparing the system’s services to the list of standard services on the company’s system image. This review process depends on:

 

A.

MAC filtering.

B.

System hardening.

C.

Rogue machine detection.

D.

Baselining.

 

Correct Answer: D

 

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in SY0-401 Practice Tests (February 2016) and tagged , , , , , , , . Bookmark the permalink.