[Free] Download New Updated (February 2016) CompTIA SY0-401 Practice Tests 301-310

Ensurepass

QUESTION 301

Which of the following passwords is the LEAST complex?

 

A.

MyTrain!45

B.

Mytr@in!!

C.

MyTr@in12

D.

MyTr@in#8

 

Correct Answer: B

 

 

QUESTION 302

During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports an
d protocols are MOST likely to be open on the firewall? (Select FOUR).

 

A.

21

B.

22

C.

23

D.

69

E.

3389

F.

SSH

G.

Terminal services

H.

Rlogin

I.

Rsync

J.

Telnet

 

Correct Answer: BCFJ

QUESTION 303

Which of the following is an application security coding problem?

 

A.

Error and exception handling

B.

Patch management

C.

Application hardening

D.

Application fuzzing

 

Correct Answer: A

 

 

QUESTION 304

An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

 

A.

Implement IIS hardening by restricting service accounts.

B.

Implement database hardening by applying vendor guidelines.

C.

Implement perimeter firewall rules to restrict access.

D.

Implement OS hardening by applying GPOs.

 

Correct Answer: D

 

 

QUESTION 305

Which of the following is the MOST specific plan for various problems that can arise within a system?

 

A.

Business Continuity Plan

B.

Continuity of Operation Plan

C.

Disaster Recovery Plan

D.

IT Contingency Plan

 

Correct Answer: D

 

 

QUESTION 306

Which of the following BEST describes the weakness in WEP encryption?

 

A.

The initialization vector of WEP uses a crack-able RC4 encryption algorithm.

Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.

B.

The WEP key is stored in plain text and split in portions across 224 packets of random data.

Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.

C.

The WEP key has a weak MD4 hashing algorithm used.

A simple rainbow table can be used to generate key possibilities due to MD4 collisions.

D.

The WEP key is stored with a very small pool of random numbers to make the cipher text.

As the random numbers are often reused it becomes easy to derive the remaining WEP key.

 

Correct Answer: D

 

 

 

QUESTION 307

Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years. Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years. Which of the following should Sara do to address the risk?

 

A.

Accept the risk saving $10,000.

B.

Ignore the risk saving $5,000.

C.

Mitigate the risk saving $10,000.

D.

Transfer the risk saving $5,000.

 

Correct Answer: D

 

 

QUESTION 308

Which of the following is an authentication and accounting service that uses TCP for connecting to routers and switches?

 

A.

DIAMETER

B.

RADIUS

C.

TACACS+

D.

Kerberos

 

Correct Answer: C

 

 

QUESTION 309

Which of the following can BEST help prevent cross-site scripting attacks and buffer overflows on a production system?

 

A.

Input validation

B.

Network intrusion detection system

C.

Anomaly-based HIDS

D.

Peer review

 

Correct Answer: A

 

 

QUESTION 310

Pete, an IT Administrator, needs to secure his server room. Which of the following mitigation methods would provide the MOST physical protection?

 

A.

Sign in and sign out logs

B.

Mantrap

C.

Video surveillance

D.

HVAC

 

Correct Answer: B

 

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in Uncategorized and tagged , , , , , , , . Bookmark the permalink.