CompTIA SY0-401 Free Practice Questions

Q8. Ann, a college professor, was recently reprimanded for posting disparaging remarks re- grading her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remakes. Which of the following security-related trainings could have made Ann aware of the repercussions of her actions?

A. Data Labeling and disposal

B. Use of social networking

C. Use of P2P networking

D. Role-based training

View Answer

Q9. A new hire wants to use a personally owned phone to access company resources. The

new hire expresses concern about what happens to the data on the phone when they leave the company. Which of the following portions of the companyu2021s mobile device management configuration would allow the company data to be removed from the device without touching the new hireu2021s data?

A. Asset control

B. Device access control

C. Storage lock out

D. Storage segmentation

View Answer

Q10. A programmer has allocated a 32 bit variable to store the results of an operation between two user supplied 4 byte operands. To which of the following types of attack is this application susceptible?

A. XML injection

B. Command injection

C. Integer overflow

D. Header manipulation

View Answer

Q11. A security manager installed a standalone fingerprint reader at the data center. All employees that need to access the data center have been enrolled to the reader and local reader database is always kept updates. When an employee who has been enrolled uses the fingerprint reader the door to the data center opens. Which of the following does this demonstrate? (Select THREE)

A. Two-factor authentication

B. Single sign-on

C. Something you have

D. Identification

E. Authentication

F. Authorization

View Answer

Q12. The Chief Security Officer (CSO) for a datacenter in a hostile environment is concerned about protecting the facility from car bomb attacks. Which of the following BEST would protect the building from this threat? (Select two.)

A. Dogs

B. Fencing

C. CCTV

D. Guards

E. Bollards

F. Lighting

View Answer

Q13. Phishing emails frequently take advantage of high-profile catastrophes reported in the news. Which of the following principles BEST describes the weakness being exploited?

A. Intimidation

B. Scarcity

C. Authority

D. Social proof

View Answer

Q14. Which of the following is the proper way to quantify the total monetary damage resulting from an exploited vulnerability?

A. Calculate the ALE

B. Calculate the ARO

C. Calculate the MTBF

D. Calculate the TCO

View Answer

Q15. Which of the following is a black box testing methodology?

A. Code, function, and statement coverage review

B. Architecture and design review

C. Application hardening

D. Penetration testing

View Answer

Q16. A computer on a company network was infected with a zero-day exploit after an employee accidently opened an email that contained malicious content. The employee recognized the email as malicious and was attempting to delete it, but accidently opened it. Which of the following should be done to prevent this scenario from occurring again in the future?

A. Install host-based firewalls on all computers that have an email client installed

B. Set the email program default to open messages in plain text

C. Install end-point protection on all computers that access web email

D. Create new email spam filters to delete all messages from that sender

View Answer

Q17. An attacker is attempting to insert malicious code into an installer file that is available on the internet. The attacker is able to gain control of the web server that houses both the installer and the web page which features information about the downloadable file. To implement the attack and delay detection, the attacker should modify both the installer file and the:

A. SSL certificate on the web server

B. The HMAC of the downloadable file available on the website

C. Digital signature on the downloadable file

D. MD5 hash of the file listed on the website

View Answer