Which of the following protocols operates at the HIGHEST level of the OSI model?
Which of the following should an administrator implement to research current attack methodologies?
A. Design reviews
C. Vulnerability scanner
D. Code reviews
Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?
A. Intrusion Detection System
B. Flood Guard Protection
C. Web Application Firewall
D. URL Content Filter
Which of the following means of wireless authentication is easily vulnerable to spoofing?
A. MAC Filtering
B. WPA – LEAP
C. WPA – PEAP
D. Enabled SSID
Lab Sim – Configure the Firewall
Task: Configure the firewall (fill out the table) to allow these four rules:
– Only allow the Accounting computer to have HTTPS access to the Administrative server.
– Only allow the HR computer to be able to communicate with the Server 2 System over SCP.
– Allow the IT computer to have access to both the Administrative Server 1 and Administrative Server 2
Use the following answer for this simulation task. Below table has all the answers required for this question.
Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication.
Which of the following is an authentication method Jane should use?
Computer evidence at a crime scene is documented with a tag stating who had possession of the evidence at a given time.
Which of the following does this illustrate?
A. System image capture
B. Record time offset
C. Order of volatility
D. Chain of custody
A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?
A. Time of day restrictions
B. Group based privileges
C. User assigned privileges
D. Domain admin restrictions
Which of the following is being tested when a company’s payroll server is powered off for eight hours?
A. Succession plan
B. Business impact document
C. Continuity of operations plan
D. Risk assessment plan
A security analyst, Ann, is reviewing an IRC channel and notices that a malicious exploit has been created for a frequently used application. She notifies the software vendor and asks them for remediation steps, but is alarmed to find that no patches are available to mitigate this vulnerability.
Which of the following BEST describes this exploit?
A. Malicious insider threat
C. Client-side attack
D. Malicious add-on
A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following?
A. Peer to Peer
B. Mobile devices
C. Social networking
D. Personally owned devices
A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates.
Which of the following processes could MOST effectively mitigate these risks?
A. Application hardening
B. Application change management
C. Application patch management
D. Application firewall review
If you want to pass the CompTIA SY0-401 Exam sucessfully, recommend to read latest CompTIA SY0-401 Demo full version.