aiotestking uk

SY0-401 Exam Questions - Online Test


SY0-401 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise: 

A. user accounts may be inadvertently locked out. 

B. data on the USB drive could be corrupted. 

C. data on the hard drive will be vulnerable to log analysis. 

D. the security controls on the USB drive can be bypassed. 

Answer:

Explanation: 

A common access mechanism to data on encrypted USB hard drives is a password. If a weak password is used, someone could guess the password and bypass the security controls on the USB drive to access the data. 

Q2. Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Joe writes, signs and distributes paycheques, as well as other expenditures. Which of the following controls can she implement to address this concern? 

A. Mandatory vacations 

B. Time of day restrictions 

C. Least privilege 

D. Separation of duties 

Answer:

Explanation: 

Separation of duties divides administrator or privileged tasks into separate groupings, which in turn, is individually assigned to unique administrators. This helps in fraud prevention, error reduction, as well as conflict of interest prevention. For example, those who configure security should not be the same people who test security. In this case, Joe should not be allowed to write and sign paycheques. 

Q3. A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company? 

A. Account lockout policy 

B. Account password enforcement 

C. Password complexity enabled 

D. Separation of duties 

Answer:

Explanation: 

Separation of duties means that users are granted only the permissions they need to do their work and no more. More so it means that there is differentiation between users, employees and duties per se which form part of best practices. 

Q4. A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. 

Which of the following processes could MOST effectively mitigate these risks? 

A. Application hardening 

B. Application change management 

C. Application patch management 

D. Application firewall review 

Answer:

Explanation: 

The question states that operating system updates are applied but not other software updates. The ‘other software’ in this case would be applications. Software updates includes functionality updates and more importantly security updates. The process of applying software updates or ‘patches’ to applications is known as ‘application patch management’. Application patch management is an effective way of mitigating security risks associated with software applications. 

Q5. An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame. 

Which of the following strategies would the administrator MOST likely implement? 

A. Full backups on the weekend and incremental during the week 

B. Full backups on the weekend and full backups every day 

C. Incremental backups on the weekend and differential backups every day 

D. Differential backups on the weekend and full backups every day 

Answer:

Explanation: 

A full backup is a complete, comprehensive backup of all fi les on a disk or server. The full backup is current only at the time it’s performed. Once a full backup is made, you have a complete archive of the system at that point in time. A system shouldn’t be in use while it undergoes a full backup because some fi les may not get backed up. Once the system goes back into operation, the backup is no longer current. A full backup can be a time-consuming process on a large system. An incremental backup is a partial backup that stores only the information that has been changed since the last full or the last incremental backup. If a full backup were performed on a Sunday night, an incremental backup done on Monday night would contain only the information that changed since Sunday night. Such a backup is typically considerably smaller than a full backup. Each incremental backup must be retained until a full backup can be performed. Incremental backups are usually the fastest backups to perform on most systems, and each incremental backup tape is relatively small. 

Q6. The use of social networking sites introduces the risk of: 

A. Disclosure of proprietary information 

B. Data classification issues 

C. Data availability issues 

D. Broken chain of custody 

Answer:

Explanation: 

People and processes must be in place to prevent the unauthorized disclosure or proprietary information and sensitive information s these pose a security risk to companies. With social networking your company can be exposed to as many threats as the amount of users that make use of social networking and are not advised on security policy regarding the use of social networking. 

Q7. A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe? 

A. Zero-day 

B. Buffer overflow 

C. Cross site scripting 

D. Malicious add-on 

Answer:

Explanation: 

This question describes a buffer overflow attack. 

A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. 

Q8. Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again? 

A. Disable the wireless access and implement strict router ACLs. 

B. Reduce restrictions on the corporate web security gateway. 

C. Security policy and threat awareness training. 

D. Perform user rights and permissions reviews. 

Answer:

Explanation: 

BYOD (In this case Sara’s smart phone) involves the possibility of a personal device that is infected with malware introducing that malware to the network and security awareness training will address the issue of the company’s security policy with regard to BYOD. 

Q9. Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO). 

A. Acceptable use of social media 

B. Data handling and disposal 

C. Zero day exploits and viruses 

D. Phishing threats and attacks 

E. Clean desk and BYOD 

F. Information security awareness 

Answer: D,F 

Explanation: 

Managers/ i.e. executives in the company are concerned with more global issues in the organization, including enforcing security policies and procedures. Managers should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies. Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they are not trained to lookout for these attacks. 

Q10. In order for network monitoring to work properly, you need a PC and a network card running in what mode? 

A. Launch 

B. Exposed 

C. Promiscuous 

D. Sweep 

Answer:

Explanation: 

Promiscuous mode allows the network card to look at any packet that it sees on the network. This even includes packets that are not addressed to that network card.