Want to know Pass4sure SY0-401 Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Exact CompTIA SY0-401 answers to Down to date SY0-401 questions at Pass4sure. Gat a success with an absolute guarantee to pass CompTIA SY0-401 (CompTIA Security+ Certification) test on your first attempt.
2021 Mar SY0-401 test questions
Q361. After an audit, it was discovered that the security group memberships were not properly adjusted for employees’ accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO).
A. Mandatory access control enforcement.
B. User rights and permission reviews.
C. Technical controls over account management.
D. Account termination procedures.
E. Management controls over account management.
F. Incident management and response plan.
Answer: B,E
Explanation:
Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions since they were all moved to different roles. Control over account management would have taken into account the different roles that employees have and adjusted the rights and permissions of these roles accordingly.
Q362. It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?
A. Integrity
B. Safety
C. Availability
D. Confidentiality
Answer: A
Explanation:
Integrity means that the messages/ data is not altered. PII is personally identifiable information that can be used to uniquely identify an individual. PII can be used to ensure the integrity of data/messages.
Q363. A company is looking to reduce the likelihood of employees in the finance department being involved with money laundering. Which of the following controls would BEST mitigate this risk?
A. Implement privacy policies
B. Enforce mandatory vacations
C. Implement a security policy
D. Enforce time of day restrictions
Answer: B
Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. And in the same time it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfy the need to have replication or duplication at all levels in addition to affording the company an opportunity to discover fraud for when others do the same job in the absence of the regular staff member then there is transparency.
Q364. Jane, a security administrator, has been tasked with explaining authentication services to the company’s management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company’s environment?
A. Kerberos
B. Least privilege
C. TACACS+
D. LDAP
Answer: A
Explanation:
Kerberos was accepted by Microsoft as the chosen authentication protocol for Windows 2000 and Active Directory domains that followed.
Q365. Which of the following is used to verify data integrity?
A. SHA
B. 3DES
C. AES
D. RSA
Answer: A
Explanation:
SHA stands for "secure hash algorithm". SHA-1 is the most widely used of the existing SHA hash
functions, and is employed in several widely used applications and protocols including TLS and
SSL, PGP, SSH, S/MIME, and IPsec. It is used to ensure data integrity.
Note:
A hash value (or simply hash), also called a message digest, is a number generated from a string
of text. The hash is substantially smaller than the text itself, and is generated by a formula in such
a way that it is extremely unlikely that some other text will produce the same hash value.
Hashes play a role in security systems where they're used to ensure that transmitted messages
have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they're the same, there is a very high probability that the message was transmitted intact. This is how hashing is used to ensure data integrity.
Abreast of the times SY0-401 exam question:
Q366. Connections using point-to-point protocol authenticate using which of the following? (Select TWO).
A. RIPEMD
B. PAP
C. CHAP
D. RC4
E. Kerberos
Answer: B,C
Explanation:
B: A password authentication protocol (PAP) is an authentication protocol that uses a password. PAP is used by Point to Point Protocol to validate users before allowing them access to server resources.
C: CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake.
Q367. Ann, a security analyst, has discovered that her company has very high staff turnover and often user accounts are not disabled after an employee leaves the company. Which of the following could Ann implement to help identify accounts that are still active for terminated employees?
A. Routine audits
B. Account expirations
C. Risk assessments
D. Change management
Answer: A
Explanation:
Q368. A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented?
A. Mandatory access control
B. Discretionary access control
C. Rule based access control
D. Role based access control
Answer: A
Explanation:
Mandatory Access Control (MAC) allows access to be granted or restricted based on the rules of classification. MAC in corporate business environments involve the following four sensitivity levels Public Sensitive Private Confidential
MAC assigns subjects a clearance level and assigns objects a sensitivity label. The name of the clearance level must be the same as the name of the sensitivity label assigned to objects or resources. In this case the file is marked confidential, and the user does not have that clearance level and cannot access the file.
Q369. A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?
A. Training staff on security policies
B. Establishing baseline reporting
C. Installing anti-malware software
D. Disabling unnecessary accounts/services
Answer: B
Explanation:
The IT baseline protection approach is a methodology to identify and implement computer security
measures in an organization. The aim is the achievement of an adequate and appropriate level of
security for IT systems. This is known as a baseline.
A baseline report compares the current status of network systems in terms of security updates,
performance or other metrics to a predefined set of standards (the baseline).
Q370. Which of the following technologies uses multiple devices to share work?
A. Switching
B. Load balancing
C. RAID
D. VPN concentrator
Answer: B
Explanation:
Load balancing is a way of providing high availability by splitting the workload across multiple computers.
see more SY0-401 dumps
