aiotestking uk

SY0-401 Exam Questions - Online Test


SY0-401 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described? 

A. Phishing 

B. Tailgating 

C. Pharming 

D. Vishing 

Answer:

Explanation: 

Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone. The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to "verify identity" or to "ensure that fraud does not occur." If the attack is carried out by telephone, caller ID spoofing can cause the victim's set to indicate a legitimate source, such as a bank or a government agency. 

Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many legitimate customer services, vishing scams are often outsourced to other countries, which may render sovereign law enforcement powerless. 

Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal activity, no matter what the medium or apparent source. Rather than calling a number given in any unsolicited message, a consumer should directly call the institution named, using a number that is known to be valid, to verify all recent activity and to ensure that the account information has not been tampered with. 

Q2. Which of the following helps to establish an accurate timeline for a network intrusion? 

A. Hashing images of compromised systems 

B. Reviewing the date of the antivirus definition files 

C. Analyzing network traffic and device logs 

D. Enforcing DLP controls at the perimeter 

Answer:

Explanation: 

Q3. Ann, a security administrator, has concerns regarding her company’s wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be. 

Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current functionality for clients? 

A. Enable MAC filtering on the wireless access point. 

B. Configure WPA2 encryption on the wireless access point. 

C. Lower the antenna’s broadcasting power. 

D. Disable SSID broadcasting. 

Answer:

Explanation: 

Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far. 

Q4. ION NO: 93 Which of the following is an advantage of implementing individual file encryption on a hard drive which already deploys full disk encryption? 

A. Reduces processing overhead required to access the encrypted files 

B. Double encryption causes the individually encrypted files to partially lose their properties 

C. Individually encrypted files will remain encrypted when copied to external media 

D. File level access control only apply to individually encrypted files in a fully encrypted drive 

Answer:

Explanation: 

With full disk encryption a file is encrypted as long as it remains on the disk. This is because the data on the disk is decrypted when the user logs on, thus the data is in a decrypted form when it is copied to another disk. Individually encrypted files on the other hand remain encrypted. 

Q5. A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage? 

A. Biometrics 

B. Mandatory access control 

C. Single sign-on 

D. Role-based access control 

Answer:

Explanation: 

This question is asking about “authorization”, not authentication. 

Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications. 

MAC can also be deployed in private sector or corporate business environments. Such cases typically involve the following four security domain levels (in order from least sensitive to most sensitive): 

Public Sensitive Private Confidential 

A MAC environment works by assigning subjects a clearance level and assigning objects a sensitivity label—in other words, everything is assigned a classification marker. Subjects or users are assigned clearance levels. The name of the clearance level is the same as the name of the sensitivity label assigned to objects or resources. A person (or other subject, such as a program or a computer system) must have the same or greater assigned clearance level as the resources they wish to access. In this manner, access is granted or restricted based on the rules of classification (that is, sensitivity labels and clearance levels). MAC is named as it is because the access control it imposes on an environment is mandatory. Its assigned classifications and the resulting granting and restriction of access can’t be altered by users. Instead, the rules that define the environment and judge the assignment of sensitivity labels and clearance levels control authorization. MAC isn’t a very granularly controlled security environment. An improvement to MAC includes the use of need to know: a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but they’re compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain). The need to know is a rule in and of itself, which states that access is granted only to users who have been assigned work tasks that require access to the cordoned-off object. Even if users have the proper level of clearance, without need to know, they’re denied access. Need to know is the MAC equivalent of the principle of least privilege from DAC 

Q6. Sara, an application developer, implemented error and exception handling alongside input validation. Which of the following does this help prevent? 

A. Buffer overflow 

B. Pop-up blockers 

C. Cross-site scripting 

D. Fuzzing 

Answer:

Explanation: 

Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits. 

Q7. The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements? 

A. Sniffers 

B. NIDS 

C. Firewalls 

D. Web proxies 

E. Layer 2 switches 

Answer:

Explanation: 

The basic purpose of a firewall is to isolate one network from another. 

Q8. Which of the following BEST describes the weakness in WEP encryption? 

A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. 

Once enough packets are captured an XOR operation can be performed and the asymmetric keys 

can be derived. 

B. The WEP key is stored in plain text and split in portions across 224 packets of random data. 

Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain 

text key. 

C. The WEP key has a weak MD4 hashing algorithm used. 

A simple rainbow table can be used to generate key possibilities due to MD4 collisions. 

D. The WEP key is stored with a very small pool of random numbers to make the cipher text. 

As the random numbers are often reused it becomes easy to derive the remaining WEP key. 

Answer:

Explanation: 

WEP is based on RC4, but due to errors in design and implementation, WEP is weak in a number of areas, two of which are the use of a static common key and poor implementation of initiation vectors (IVs). When the WEP key is discovered, the attacker can join the network and then listen in on all other wireless client communications. 

Q9. Joe, the information security manager, is tasked with calculating risk and selecting controls to protect a new system. He has identified people, environmental conditions, and events that could affect the new system. Which of the following does he need to estimate NEXT in order to complete his risk calculations? 

A. Vulnerabilities 

B. Risk 

C. Likelihood 

D. Threats 

Answer:

Explanation: 

Q10. Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server? 

A. HIPS 

B. NIDS 

C. HIDS 

D. NIPS 

Answer:

Explanation: 

This question is asking which of the following is designed to stop an intrusion on a specific server. To stop an intrusion on a specific server, you would use a HIPS (Host Intrusion Prevention System). The difference between a HIPS and other intrusion prevention systems is that a HIPS is a software intrusion prevention systems that is installed on a ‘specific server’. 

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. 

A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion.