aiotestking uk

SY0-401 Exam Questions - Online Test


SY0-401 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Q1. A security administrator discovered that all communication over the company’s encrypted wireless network is being captured by savvy employees with a wireless sniffing tool and is then being decrypted in an attempt to steal other employee’s credentials. Which of the following technology is MOST likely in use on the company’s wireless? 

A. WPA with TKIP 

B. VPN over open wireless 

C. WEP128-PSK 

D. WPA2-Enterprise 

Answer:

Explanation: 

WEP's major weakness is its use of static encryption keys. When you set up a router with a WEP encryption key, that one key is used by every device on your network to encrypt every packet that's transmitted. But the fact that packets are encrypted doesn't prevent them from being intercepted, and due to some esoteric technical flaws it's entirely possible for an eavesdropper to intercept enough WEP-encrypted packets to eventually deduce what the key is. This problem used to be something you could mitigate by periodically changing the WEP key (which is why routers generally allow you to store up to four keys). But few bother to do this because changing WEP keys is inconvenient and time-consuming because it has to be done not just on the router, but on every device that connects to it. As a result, most people just set up a single key and then continue using it ad infinitum. Even worse, for those that do change the WEP key, new research and developments reinforce how even changing WEP keys frequently is no longer sufficient to protect a WLAN. The process of 'cracking' a WEP key used to require that a malicious hacker intercept millions of packets plus spend a fair amount of time and computing power. Researchers in the computer science department of a German university recently demonstrated the capability to compromise a WEP-protected network very quickly. After spending less than a minute intercepting data (fewer than 100,000 packets in all) they were able to compromise a WEP key in just three seconds. 

Q2. Ann, a security technician, is reviewing the IDS log files. She notices a large number of alerts for multicast packets from the switches on the network. After investigation, she discovers that this is normal activity for her network. Which of the following BEST describes these results? 

A. True negatives 

B. True positives 

C. False positives 

D. False negatives 

Answer:

Explanation: 

False positives are essentially events that are mistakenly flagged and are not really events to be concerned about. 

Q3. Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment? 

A. NoSQL databases are not vulnerable to XSRF attacks from the application server. 

B. NoSQL databases are not vulnerable to SQL injection attacks. 

C. NoSQL databases encrypt sensitive information by default. 

D. NoSQL databases perform faster than SQL databases on the same hardware. 

Answer:

Explanation: 

Q4. At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access? 

A. Configure an access list. 

B. Configure spanning tree protocol. 

C. Configure port security. 

D. Configure loop protection. 

Answer:

Explanation: 

Port security in IT can mean several things. It can mean the physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. This can be accomplished by locking down the wiring closet and server vaults and then disconnecting the workstation run from the patch panel (or punch-down block) that leads to a room’s wall jack. Any unneeded or unused wall jacks can (and should) be physically disabled in this manner. Another option is to use a smart patch panel that can monitor the MAC address of any device connected to each and every wall port across a building and detect not just when a new device is connected to an empty port, but also when a valid device is disconnected or replaced by an invalid device. 

Q5. The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank’s certificates are still valid? 

A. Bank’s CRL 

B. Bank’s private key 

C. Bank’s key escrow 

D. Bank’s recovery agent 

Answer:

Explanation: 

The finance department can check if any of the bank's certificates are in the CRL or not. If a certificate is not in the CRL then it is still valid. The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release. 

Q6. Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router's logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer's reports? 

A. Configure the router so that wireless access is based upon the connecting device's hardware address. 

B. Modify the connection's encryption method so that it is using WEP instead of WPA2. 

C. Implement connections via secure tunnel with additional software on the developer's computers. 

D. Configure the router so that its name is not visible to devices scanning for wireless networks. 

Answer:

Explanation: 

Q7. Identifying residual risk is MOST important to which of the following concepts? 

A. Risk deterrence 

B. Risk acceptance 

C. Risk mitigation 

D. Risk avoidance 

Answer:

Explanation: 

Risk acceptance is often the choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition. To truly qualify as acceptance, it cannot be a risk where the administrator or manager is unaware of its existence; it has to be an identified risk for which those involved understand the potential cost or damage and agree to accept it. Residual risk is always present and will remain a risk thus it should be accepted (risk acceptance) 

Q8. The security manager received a report that an employee was involved in illegal activity and has saved data to a workstation’s hard drive. During the investigation, local law enforcement’s criminal division confiscates the hard drive as evidence. Which of the following forensic procedures is involved? 

A. Chain of custody 

B. System image 

C. Take hashes 

D. Order of volatility 

Answer:

Explanation: 

Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. 

Q9. A hospital IT department wanted to secure its doctor’s tablets. The IT department wants operating system level security and the ability to secure the data from alteration. Which of the following methods would MOST likely work? 

A. Cloud storage 

B. Removal Media 

C. TPM 

D. Wiping 

Answer:

Explanation: 

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. 

Q10. Which of the following is a BEST practice when dealing with user accounts that will only need to be active for a limited time period? 

A. When creating the account, set the account to not remember password history. 

B. When creating the account, set an expiration date on the account. 

C. When creating the account, set a password expiration date on the account. 

D. When creating the account, set the account to have time of day restrictions. 

Answer:

Explanation: 

Disablement is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day.