Act now and download your CompTIA SY0-401 test today! Do not waste time for the worthless CompTIA SY0-401 tutorials. Download Regenerate CompTIA CompTIA Security+ Certification exam with real questions and answers and begin to learn CompTIA SY0-401 with a classic professional.


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

2021 Mar SY0-401 test

Q81. The Chief Information Officer (CIO) wants to implement a redundant server location to which the production server images can be moved within 48 hours and services can be quickly restored, in case of a catastrophic failure of the primary datacenter’s HVAC. Which of the following can be implemented? 

A. Cold site 

B. Load balancing 

C. Warm site 

D. Hot site 

Answer:

Explanation: 

Warm sites provide computer systems and compatible media capabilities. If a warm site is used, administrators and other staff will need to install and configure systems to resume operations. For most organizations, a warm site could be a remote office, a leased facility, or another organization with which yours has a reciprocal agreement. 


Q82. Which of the following authentication services uses a ticket granting system to provide access? 

A. RADIUS 

B. LDAP 

C. TACACS+ 

D. Kerberos 

Answer:

Explanation: 

The basic process of Kerberos authentication is as follows: 

The subject provides logon credentials. 

The Kerberos client system encrypts the password and transmits the protected credentials to the 

KDC. 

The KDC verifies the credentials and then creates a ticket-granting ticket (TGT—a hashed form of 

the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is 

encrypted and sent to the client. 

The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos 

realm. 

The subject requests access to resources on a network server. This causes the client to request a 

service ticket (ST) from the KDC. 

The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST 

includes a time stamp that indicates its valid lifetime. 

The client receives the ST. 

The client sends the ST to the network server that hosts the desired resource. 

The network server verifies the ST. If it’s verified, it initiates a communication session with the 

client. From this point forward, Kerberos is no longer involved. 


Q83. During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required? 

A. Conditional rules under which certain systems may be accessed 

B. Matrix of job titles with required access privileges 

C. Clearance levels of all company personnel 

D. Normal hours of business operation 

Answer:

Explanation: 

Role-based access control is a model where access to resources is determines by job role rather than by user account. 

Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer-system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department. 

To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role. 


Q84. A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following? 

A. Dual-factor authentication 

B. Multifactor authentication 

C. Single factor authentication 

D. Biometric authentication 

Answer:

Explanation: 

Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories: knowledge factors ("things only the user knows"), such as passwords possession factors ("things only the user has"), such as ATM cards inherence factors ("things only the user is"), such as biometrics 

In this question a username, password, and a four-digit security pin knowledge are all knowledge factors (something the user knows). Therefore, this is single-factor authentication. 


Q85. TION NO: 74 

Which of the following can be used as an equipment theft deterrent? 

A. Screen locks 

B. GPS tracking 

C. Cable locks 

D. Whole disk encryption 

Answer:

Explanation: 

Cable locks are theft deterrent devices that can be used to tether a device to a fixed point keep smaller devices from being easy to steal. 


Most up-to-date SY0-401 brain dumps:

Q86. Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted sources? 

A. Zero-day 

B. LDAP injection 

C. XML injection 

D. Directory traversal 

Answer:

Explanation: 

The security breaches have NOT yet been identified. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. 


Q87. To protect corporate data on removable media, a security policy should mandate that all removable devices use which of the following? 

A. Full disk encryption 

B. Application isolation 

C. Digital rights management 

D. Data execution prevention 

Answer:

Explanation: 

Full-disk encryption encrypts the data on the hard drive of the device or on a removable drive. This feature ensures that the data on the device or removable drive cannot be accessed in a useable form should it be stolen. 


Q88. Which of the following is used to verify data integrity? 

A. SHA 

B. 3DES 

C. AES 

D. RSA 

Answer:

Explanation: 

SHA stands for "secure hash algorithm". SHA-1 is the most widely used of the existing SHA hash 

functions, and is employed in several widely used applications and protocols including TLS and 

SSL, PGP, SSH, S/MIME, and IPsec. It is used to ensure data integrity. 

Note: 

A hash value (or simply hash), also called a message digest, is a number generated from a string 

of text. The hash is substantially smaller than the text itself, and is generated by a formula in such 

a way that it is extremely unlikely that some other text will produce the same hash value. 

Hashes play a role in security systems where they're used to ensure that transmitted messages 

have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they're the same, there is a very high probability that the message was transmitted intact. This is how hashing is used to ensure data integrity. 


Q89. Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Joe writes, signs and distributes paycheques, as well as other expenditures. Which of the following controls can she implement to address this concern? 

A. Mandatory vacations 

B. Time of day restrictions 

C. Least privilege 

D. Separation of duties 

Answer:

Explanation: 

Separation of duties divides administrator or privileged tasks into separate groupings, which in turn, is individually assigned to unique administrators. This helps in fraud prevention, error reduction, as well as conflict of interest prevention. For example, those who configure security should not be the same people who test security. In this case, Joe should not be allowed to write and sign paycheques. 


Q90. Which of the following represents a cryptographic solution where the encrypted stream cannot be captured by a sniffer without the integrity of the stream being compromised? 

A. Elliptic curve cryptography. 

B. Perfect forward secrecy. 

C. Steganography. 

D. Quantum cryptography. 

Answer:

Explanation: