Proper study guides for Leading CompTIA CompTIA Security+ Certification certified begins with CompTIA SY0-401 preparation products which designed to deliver the Download SY0-401 questions by making you pass the SY0-401 test at your first time. Try the free SY0-401 demo right now.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
2021 Apr SY0-401 practice test
Q641. Which of the following should be considered to mitigate data theft when using CAT5 wiring?
A. CCTV
B. Environmental monitoring
C. Multimode fiber
D. EMI shielding
Answer: D
Explanation:
EMI Shielding refers to the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities. Thus all wiring should be shielded to mitigate data theft.
Q642. Which of the following is a BEST practice when dealing with user accounts that will only need to be active for a limited time period?
A. When creating the account, set the account to not remember password history.
B. When creating the account, set an expiration date on the account.
C. When creating the account, set a password expiration date on the account.
D. When creating the account, set the account to have time of day restrictions.
Answer: B
Explanation:
Disablement is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day.
Q643. Which of the following can be used to mitigate risk if a mobile device is lost?
A. Cable lock
B. Transport encryption
C. Voice encryption
D. Strong passwords
Answer: D
Explanation:
Passwords are the most likely mechanism that can be used to mitigate risk when a mobile device is lost. A strong password would be more difficult to crack.
Q644. Company A sends a PGP encrypted file to company B. If company A used company B’s public key to encrypt the file, which of the following should be used to decrypt data at company B?
A. Registration
B. Public key
C. CRLs
D. Private key
Answer: D
Explanation:
In a PKI the sender encrypts the data using the receiver's public key. The receiver decrypts the
data using his own private key.
PKI is a two-key, asymmetric system with four main components: certificate authority (CA),
registration authority (RA), RSA (the encryption algorithm), and digital certificates. Messages are
encrypted with a public key and decrypted with a private key.
A PKI example:
1.
You want to send an encrypted message to Jordan, so you request his public key.
2.
Jordan responds by sending you that key.
3.
You use the public key he sends you to encrypt the message.
4.
You send the message to him.
5.
Jordan uses his private key to decrypt the message.
Q645. A company needs to receive data that contains personally identifiable information. The company requires both the transmission and data at rest to be encrypted. Which of the following achieves this goal? (Select TWO).
A. SSH
B. TFTP
C. NTLM
D. TKIP
E. SMTP
F. PGP/GPG
Answer: A,F
Explanation:
We can use SSH to encrypt the transmission and PGP/GPG to encrypt the data at rest (on disk).
A: Secure Shell (SSH) is a cryptographic protocol that can be used to secure network communication. It establishes a secure tunnel over an insecure network.
F: Pretty Good Privacy (PGP) is a data encryption and decryption solution that can be used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.
Rebirth SY0-401 testing engine:
Q646. Which of the following algorithms has well documented collisions? (Select TWO).
A. AES
B. MD5
C. SHA
D. SHA-256
E. RSA
Answer: B,C
Explanation:
B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use.
C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, "Federal agencies should stop using SHA-1 for...applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010", though that was later relaxed. Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output. Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA-1 in particular both have published techniques more efficient than brute force for finding collisions.
Q647. Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not understand the company's rules, and she wants to limit potential legal concerns. Which of the following is the CTO concerned with?
A. Data ownership
B. Device access control
C. Support ownership
D. Acceptable use
Answer: A
Explanation:
Q648. A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure?
A. IPsec
B. SFTP
C. BGP
D. PPTP
Answer: A
Explanation:
Layer 2 Tunneling Protocol (L2TP) came about through a partnership between Cisco and Microsoft with the intention of providing a more secure VPN protocol. L2TP is considered to be a more secure option than PPTP, as the IPSec protocol which holds more secure encryption algorithms, is utilized in conjunction with it. It also requires a pre-shared certificate or key. L2TP’s strongest level of encryption makes use of 168 bit keys, 3 DES encryption algorithm and requires two levels of authentication. L2TP has a number of advantages in comparison to PPTP in terms of providing data integrity and authentication of origin verification designed to keep hackers from compromising the system. However, the increased overhead required to manage this elevated security means that it performs at a slower pace than PPTP.
Q649. A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?
A. Virtualization
B. Subnetting
C. IaaS
D. SaaS
Answer: A
Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.
Q650. An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?
A. Add reverse encryption
B. Password complexity
C. Increase password length
D. Allow single sign on
Answer: B
Explanation:
Generally, the minimum password length is considered to be 8 upper and lowercase characters. The use of at least one non-alpha character like punctuation, special characters, or numbers, combined with the password length produces strong passwords. Strong passwords are produced by the combination of a password’s length and complexity.
