SY0-401 | Leading CompTIA SY0-401 exam dumps

Question No: 8

An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this?

A. TOTP

B. Smart card

C. CHAP

D. HOTP

Answer: A

Explanation:

Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. In this case, itu2021s every 30 seconds.

Question No: 9

An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to implement this process?

A. Employee is required to share their password with authorized staff prior to leaving the firm

B. Passwords are stored in a reversible form so that they can be recovered when needed

C. Authorized employees have the ability to reset passwords so that the data is accessible

D. All employee data is exported and imported by the employee prior to them leaving the firm

Answer: C

Explanation:

Since a useru2021s password isnu2021t stored on most operating systems (only a hash value is kept), most operating systems allow the administrator (or authorized person in this case) to change the value then the information/files/documents can be accessed. This is the safest

way of recovery by an authorized person and is not dependent on those who leave the firm.

Question No: 10

Which of the following is best practice to put at the end of an ACL?

A. Implicit deny

B. Time of day restrictions

C. Implicit allow

D. SNMP string

Answer: A

Explanation:

An implicit deny clause is implied at the end of each ACL. This implies that if you arenu2021t specifically granted access or privileges for a resource, youu2021re denied access by default. The implicit deny clause is set by the system.

Topic 6, Cryptography

1002.A new MPLS network link has been established between a company and its business partner.

The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link?

A. MPLS should be run in IPVPN mode.

B. SSL/TLS for all application flows.

C. IPSec VPN tunnels on top of the MPLS link.

D. HTTPS and SSH for all application flows.

Answer: C

Explanation:

IPSec can very well be used with MPLS. IPSec could provide VPN tunnels on top if the MPLS link.

Internet Protocol Security (IPSec) isnu2021t a tunneling protocol, but itu2021s used in conjunction with tunneling protocols. IPSec is oriented primarily toward LAN-to-LAN connections, but it can also be used with dial-up connections. IPSec provides secure authentication and encryption of data and headers; this makes it a good choice for security.

Question No: 11

Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?

A. Joeu2021s public key

B. Joeu2021s private key

C. Annu2021s public key

D. Annu2021s private key

Answer: D

Explanation:

The sender uses his private key, in this case Ann's private key, to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.

The receiver uses a key provided by the senderu2014the public keyu2014to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.

Question No: 12

Jane, a security administrator, has been tasked with explaining authentication services to the companyu2021s management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the companyu2021s environment?

A. Kerberos

B. Least privilege

C. TACACS+

D. LDAP

Answer: A

Explanation:

Kerberos was accepted by Microsoft as the chosen authentication protocol for Windows 2000 and Active Directory domains that followed.

Question No: 13

Which of the following ciphers would be BEST used to encrypt streaming video?

A. RSA

B. RC4

C. SHA1

D. 3DES

Answer: B

Explanation:

In cryptography, RC4 is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS). While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure protocols such as WEP.

Because RC4 is a stream cipher, it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable to a bit-flipping attack. The cipher is also vulnerable to a stream cipher attack if not implemented correctly. Furthermore, inadvertent double encryption of a message with the same key may accidentally output plaintext rather than ciphertext because the involutory nature of the XOR function would result in the second operation reversing the first.

It is noteworthy, however, that RC4, being a stream cipher, was for a period of time the only common cipher that was immune to the 2011 BEAST attack on TLS 1.0. The attack exploits a known weakness in the way cipher block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers.

Question No: 14

A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files?

A. Integrity

B. Confidentiality

C. Steganography

D. Availability

Answer: C

Explanation:

Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.

Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.

Question No: 15

Which of the following must be kept secret for a public key infrastructure to remain secure?

A. Certificate Authority

B. Certificate revocation list

C. Public key ring

D. Private key

Answer: D

Explanation:

The private key, which is also called the secret key, must be kept secret.

Question No: 16

Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

A. Deploy a HIDS suite on the users' computers to prevent application installation.

B. Maintain the baseline posture at the highest OS patch level.

C. Enable the pop-up blockers on the users' browsers to prevent malware.

D. Create an approved application list and block anything not on it.

Answer: D

Explanation:

You can use Software Restriction Policy or its successor AppLocker to prevent unauthorized applications from running or being installed on computers.

Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. Software restriction policies are part of the Microsoft security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers.

You can use AppLocker as part of your overall security strategy for the following scenarios: Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment.

Prevent users from installing and using unauthorized applications.

Implement application control policy to satisfy portions of your security policy or compliance requirements in your organization.

Question No: 17

RC4 is a strong encryption protocol that is generally used with which of the following?

A. WPA2 CCMP

B. PEAP

C. WEP

D. EAP-TLS

Answer: C

Explanation:

Rivest Cipher 4 (RC4) is a 128-bit stream cipher used WEP and WPA encryption.