aiotestking uk

SY0-401 Exam Questions - Online Test


SY0-401 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. A network administrator, Joe, arrives at his new job to find that none of the users have changed their network passwords since they were initially hired. Joe wants to have everyone change their passwords immediately. Which of the following policies should be enforced to initiate a password change? 

A. Password expiration 

B. Password reuse 

C. Password recovery 

D. Password disablement 

Answer:

Explanation: 

Q2. Which of the following is BEST carried out immediately after a security breach is discovered? 

A. Risk transference 

B. Access control revalidation 

C. Change management 

D. Incident management 

Answer:

Explanation: 

Incident management is the steps followed when security incident occurs. 

Q3. After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue? 

A. Reduce the power level of the AP on the network segment 

B. Implement MAC filtering on the AP of the affected segment 

C. Perform a site survey to see what has changed on the segment 

D. Change the WPA2 encryption key of the AP in the affected segment 

Answer:

Explanation: 

Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far. 

Q4. A security analyst informs the Chief Executive Officer (CEO) that a security breach has just occurred. This results in the Risk Manager and Chief Information Officer (CIO) being caught unaware when the CEO asks for further information. Which of the following strategies should be implemented to ensure the Risk Manager and CIO are not caught unaware in the future? 

A. Procedure and policy management 

B. Chain of custody management 

C. Change management 

D. Incident management 

Answer:

Explanation: 

incident management refers to the steps followed when events occur (making sure controls are in place to prevent unauthorized access to, and changes of, all IT assets). The events that could occur include security breaches. 

Q5. A security specialist has been asked to evaluate a corporate network by performing a vulnerability assessment. Which of the following will MOST likely be performed? 

A. Identify vulnerabilities, check applicability of vulnerabilities by passively testing security controls. 

B. Verify vulnerabilities exist, bypass security controls and exploit the vulnerabilities. 

C. Exploit security controls to determine vulnerabilities and misconfigurations. 

D. Bypass security controls and identify applicability of vulnerabilities by passively testing security controls. 

Answer:

Explanation: 

We need to determine if vulnerabilities exist by passively testing security controls. A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise. 

Q6. The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO). 

A. Permit redirection to Internet-facing web URLs. 

B. Ensure all HTML tags are enclosed in angle brackets, e.g., ”<” and “>”. 

C. Validate and filter input on the server side and client side. 

D. Use a web proxy to pass website requests between the user and the application. 

E. Restrict and sanitize use of special characters in input and URLs. 

Answer: C,E 

Explanation: 

XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user’s knowledge. XSRF can be prevented by adding a randomization string (called a nonce) to each URL request and session establishment and checking the client HTTP request header referrer for spoofing. 

Q7. An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this? 

A. TOTP 

B. Smart card 

C. CHAP 

D. HOTP 

Answer:

Explanation: 

Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. In this case, it’s every 30 seconds. 

Q8. A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side certificate. 

Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system? 

A. 1 

B. 2 

C. 3 

D. 4 

Answer:

Explanation: 

Three different types of authentication factors have been used in this question: 

Something you know – username and password. 

Something you have - client side certificate. 

Somewhere you are - authentication to the VPN is only allowed from the U.S. territory. 

Q9. Configuring key/value pairs on a RADIUS server is associated with deploying which of the following? 

A. WPA2-Enterprise wireless network 

B. DNS secondary zones 

C. Digital certificates 

D. Intrusion detection system 

Answer:

Explanation: 

WPA2-Enterprise is designed for enterprise networks and requires a RADIUS authentication server. 

Q10. Which of the following is where an unauthorized device is found allowing access to a network? 

A. Bluesnarfing 

B. Rogue access point 

C. Honeypot 

D. IV attack 

Answer:

Explanation: 

A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.