SY0-401 | All About Tested SY0-401 braindumps

Q10. The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help?

A. Account Disablements

B. Password Expiration

C. Password Complexity

D. Password Recovery

Answer: D

Explanation:

People tend to forget their own passwords and because a useru2021s password in not stored on the operating system, only a hash value is kept and most operating systems allows the administrator to change the value meaning that the password can then be recovered. If you allow end users to reset their own accounts then the password recovery process is helped along.

Q11. Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state they can access the banku2021s website, but not login. Which is the following is MOST likely the issue?

A. The IP addresses of the clients have change

B. The client certificate passwords have expired on the server

C. The certificates have not been installed on the workstations

D. The certificates have been installed on the CA

Answer: C

Explanation:

The computer certificates must be installed on the upgraded client computers.

Q12. Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).

A. Private hash

B. Recovery agent

C. Public key

D. Key escrow

E. CRL

Answer: B,D

Explanation:

B: If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered key to access the data.

A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to escrow, recovery agents are typically used to access information that is encrypted with older keys.

D: If a key need to be recovered for legal purposes the key escrow can be used.

Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employeeu2021s private messages have been called into question.

Q13. Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?

A. Kerberos

B. LDAP

C. SAML

D. RADIUS

Answer: D

Explanation:

EAP-TLS, defined in RFC 2716, is an IETF open standard, and is well-supported among wireless vendors. It offers a good deal of security, since TLS is considered the successor of the SSL standard. It uses PKI to secure communication to the RADIUS authentication server.

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e- mail services.

Q14. Which of the following is true about the CRL?

A. It should be kept public

B. It signs other keys

C. It must be kept secret

D. It must be encrypted

Answer: A

Explanation:

The CRL must be public so that it can be known which keys and certificates have been revoked.

In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates (or more specifically, a list of serial numbers for certificates) that have been revoked, and therefore, entities presenting those (revoked) certificates should no longer be trusted.

Q15. Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?

A. SFTP

B. HTTPS

C. TFTP

D. TLS

Answer: D

Explanation:

SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption.

Q16. Public keys are used for which of the following?

A. Decrypting wireless messages

B. Decrypting the hash of an electronic signature

C. Bulk encryption of IP based email traffic

D. Encrypting web browser traffic

Answer: B

Explanation:

The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.

Q17. One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?

A. File level encryption with alphanumeric passwords

B. Biometric authentication and cloud storage

C. Whole disk encryption with two-factor authentication

D. BIOS passwords and two-factor authentication

Answer: C

Explanation: Whole-disk encryption only provides reasonable protection when the system is fully powered off. to make the most of the defensive strength of whole-disk encryption, a long, complex passphrase should be used to unlock the system on bootup. Combining whole-disk encryption with two factor authentication would further increase protection.

Q18. A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts?

A. Implement Group Policy to add the account to the users group on the hosts

B. Add the account to the Domain Administrator group

C. Add the account to the Users group on the hosts

D. Implement Group Policy to add the account to the Power Users group on the hosts.

Answer: A

Explanation:

Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). This means that if the GPO is linked to the domain, all Users groups in the domain will include the service account.

Q19. Protecting the confidentiality of a message is accomplished by encrypting the message with which of the following?

A. Sender's private key

B. Recipient's public key

C. Sender's public key

D. Recipient's private key

Answer: B

Explanation:

To achieve both authentication and confidentiality, the sender should include the recipient's name in the message, sign it using his private key, and then encrypt both the message and the signature using the recipient's public key.