Want to know Actualtests SY0-401 Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Actual CompTIA SY0-401 answers to Refresh SY0-401 questions at Actualtests. Gat a success with an absolute guarantee to pass CompTIA SY0-401 (CompTIA Security+ Certification) test on your first attempt.
2021 Mar SY0-401 exam answers
Q611. A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?
A. Database field encryption
B. File-level encryption
C. Data loss prevention system
D. Full disk encryption
Answer: A
Explanation:
Database encryption makes use of cryptography functions that are built into the database software to encrypt the data stored in the data base. This often offers granular encryption options which allows for the encryptions of the entire database, specific database tables, or specific database fields, such as a credit card number field.
Q612. During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?
A. Account recovery
B. Account disablement
C. Account lockouts
D. Account expiration
Answer: B
Explanation:
Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account.
Q613. Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?
A. 21
B. 25
C. 80
D. 3389
Answer: C
Explanation:
Port 80 is used by HTTP, which is the foundation of data communication for the World Wide Web.
Q614. Which of the following types of authentication solutions use tickets to provide access to various resources from a central location?
A. Biometrics
B. PKI
C. ACLs
D. Kerberos
Answer: D
Explanation:
The basic process of Kerberos authentication is as follows:
The subject provides logon credentials.
The Kerberos client system encrypts the password and transmits the protected credentials to the
KDC.
The KDC verifies the credentials and then creates a ticket-granting ticket (TGT—a hashed form of
the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is
encrypted and sent to the client.
The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos
realm.
The subject requests access to resources on a network server. This causes the client to request a
service ticket (ST) from the KDC.
The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST
includes a time stamp that indicates its valid lifetime.
The client receives the ST.
The client sends the ST to the network server that hosts the desired resource.
The network server verifies the ST. If it’s verified, it initiates a communication session with the
client. From this point forward, Kerberos is no longer involved.
Q615. Two members of the finance department have access to sensitive information. The company is concerned they may work together to steal information. Which of the following controls could be implemented to discover if they are working together?
A. Least privilege access
B. Separation of duties
C. Mandatory access control
D. Mandatory vacations
Answer: D
Explanation:
A mandatory vacation policy requires all users to take time away from work to refresh. Mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels. Mandatory vacations also provide an opportunity to discover fraud. In this case mandatory vacations can prevent the two members from colluding to steal the information that they have access to.
Leading SY0-401 dumps:
Q616. When creating a public / private key pair, for which of the following ciphers would a user need to specify the key strength?
A. SHA
B. AES
C. DES
D. RSA
Answer: D
Explanation:
RSA (an asymmetric algorithm) uses keys of a minimum length of 2048 bits.
Q617. Highly sensitive data is stored in a database and is accessed by an application on a DMZ server. The disk drives on all servers are fully encrypted. Communication between the application server and end-users is also encrypted. Network ACLs prevent any connections to the database server except from the application server. Which of the following can still result in exposure of the sensitive data in the database server?
A. SQL Injection
B. Theft of the physical database server
C. Cookies
D. Cross-site scripting
Answer: A
Explanation:
The question discusses a very secure environment with disk and transport level encryption and access control lists restricting access. SQL data in a database is accessed by SQL queries from an application on the application server. The data can still be compromised by a SQL injection attack. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Q618. A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity?
A. Key escrow
B. Private key verification
C. Public key verification
D. Certificate revocation list
Answer: D
Explanation:
If we put the root certificate of the comprised CA in the CRL, users will know that this CA (and the certificates that it has issued) no longer can be trusted. The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release.
Q619. Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost-effective solution to assist in capacity planning as well as visibility into the performance of the network. Which of the following cloud technologies should she look into?
A. IaaS
B. MaaS
C. SaaS
D. PaaS
Answer: B
Explanation:
Q620. The common method of breaking larger network address space into smaller networks is known as:
A. subnetting.
B. phishing.
C. virtualization.
D. packet filtering.
Answer: A
Explanation:
see more SY0-401 dumps
