Want to know Ucertify comptia security+ sy0 401 pdf Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Top Quality CompTIA sy0 401 dump answers to Down to date sy0 401 practice exam questions at Ucertify. Gat a success with an absolute guarantee to pass CompTIA sy0 401 vce (CompTIA Security+ Certification) test on your first attempt.
P.S. Top Quality SY0-401 forum are available on Google Drive, GET MORE: https://drive.google.com/open?id=1YcI_9LpcT9E9qoVydyPqx1o7WTiqZhAb
New CompTIA SY0-401 Exam Dumps Collection (Question 2 - Question 11)
Question No: 2
Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).
A. Private hash
B. Recovery agent
C. Public key
D. Key escrow
E. CRL
Answer: B,D
Explanation:
B: If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered key to access the data.
A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to escrow, recovery agents are typically used to access information that is encrypted with older keys.
D: If a key need to be recovered for legal purposes the key escrow can be used.
Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employeeu2021s private messages have been called into question.
Question No: 3
A system administrator has noticed that users change their password many times to cycle
back to the original password when their passwords expire. Which of the following would BEST prevent this behavior?
A. Assign users passwords based upon job role.
B. Enforce a minimum password age policy.
C. Prevent users from choosing their own passwords.
D. Increase the password expiration time frame.
Answer: B
Explanation:
A minimum password age policy defines the period that a password must be used for before it can be changed.
Question No: 4
A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?
A. Symmetric encryption
B. Non-repudiation
C. Steganography
D. Hashing
Answer: C
Explanation:
Steganography is the process of concealing a file, message, image, or video within another
file, message, image, or video.
Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
Question No: 5
Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?
A. Deploy a HIDS suite on the users' computers to prevent application installation.
B. Maintain the baseline posture at the highest OS patch level.
C. Enable the pop-up blockers on the users' browsers to prevent malware.
D. Create an approved application list and block anything not on it.
Answer: D
Explanation:
You can use Software Restriction Policy or its successor AppLocker to prevent unauthorized applications from running or being installed on computers.
Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. Software restriction policies are part of the Microsoft security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers.
You can use AppLocker as part of your overall security strategy for the following scenarios: Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment.
Prevent users from installing and using unauthorized applications.
Implement application control policy to satisfy portions of your security policy or compliance requirements in your organization.
Question No: 6
A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password?
A. Annu2021s user account has administrator privileges.
B. Joeu2021s user account was not added to the group policy.
C. Annu2021s user account was not added to the group policy.
D. Joeu2021s user account was inadvertently disabled and must be re-created.
Answer: C
Explanation:
Group policy is used to manage Windows systems in a Windows network domain
environment by means of a Group Policy Object (GPO). GPOu2021s include a number of settings related to credentials, which includes password expiration. Because Anne was not prompted to change her password, it could only mean that her user account was not added to the group policy.
Question No: 7
Which of the following would be used as a secure substitute for Telnet?
A. SSH
B. SFTP
C. SSL
D. HTTPS
Answer: A
Explanation:
Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is available for use on Windows systems as well. This makes it the preferred method of security for Telnet and other cleartext oriented programs in the Unix environment.
Question No: 8
Which of the following are restricted to 64-bit block sizes? (Select TWO).
A. PGP
B. DES
C. AES256
D. RSA
E. 3DES
F. AES
Answer: B,E
Explanation:
B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. Itu2021s based on a 56-bit key and has several modes that offer security and integrity. It is now considered insecure because of the small key size.
E: Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and itu2021s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).
Question No: 9
Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Joe had already been working for two hours before leaving the premises.
A security technician was asked to prepare a report of files that had changed since last nightu2021s integrity scan.
Which of the following could the technician use to prepare the report? (Select TWO).
A. PGP
B. MD5
C. ECC
D. AES
E. Blowfish
F. HMAC
Answer: B,F
Explanation:
B: MD5 can be used to locate the data which has changed.
The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.
F: A common method of verifying integrity involves adding a message authentication code (MAC) to the message.
HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key.
Question No: 10
While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing?
A. EAP-TLS
B. PEAP
C. WEP
D. WPA
Answer: C
Explanation:
WEP is one of the more vulnerable security protocols. The only time to use WEP is when you must have compatibility with older devices that do not support new encryption.
Question No: 11
Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by?
A. Key escrow
B. Non-repudiation
C. Multifactor authentication
D. Hashing
Answer: B
Explanation:
Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean:
A service that provides proof of the integrity and origin of data.
An authentication that can be asserted to be genuine with high assurance.
P.S. Easily pass SY0-401 Exam with Surepassexam Top Quality Dumps & pdf vce, Try Free: https://www.surepassexam.com/SY0-401-exam-dumps.html (1781 New Questions)