♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
Q291. Used in conjunction, which of the following are PII? (Select TWO).
A. Marital status
B. Favorite movie
C. Pet’s name
D. Birthday
E. Full name
Answer: D,E
Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. A birthday together with a full name makes it personally identifiable information.
Q292. A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?
A. Single sign-on
B. Authorization
C. Access control
D. Authentication
Answer: D
Explanation:
Authentication generally requires one or more of the following:
.
Something you know: a password, code, PIN, combination, or secret phrase.
.
Something you have: a smart card, token device, or key.
.
Something you are: a fingerprint, a retina scan, or voice recognition; often referred to as biometrics, discussed later in this chapter.
.
Somewhere you are: a physical or logical location.
.
Something you do: typing rhythm, a secret handshake, or a private knock.
Q293. Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?
A. Protocol analyzer
B. Router
C. Firewall
D. HIPS
Answer: A
Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture
network data communications sent between devices on a network. Capturing and analyzing the
packets sent from two systems that are not communicating properly could help determine the
cause of the issue.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor)
from Microsoft and Wireshark (formerly Ethereal).
Q294. A company is concerned that a compromised certificate may result in a man-in-the-middle attack against backend financial servers. In order to minimize the amount of time a compromised certificate would be accepted by other servers, the company decides to add another validation step to SSL/TLS connections. Which of the following technologies provides the FASTEST revocation capability?
A. Online Certificate Status Protocol (OCSP)
B. Public Key Cryptography (PKI)
C. Certificate Revocation Lists (CRL)
D. Intermediate Certificate Authority (CA)
Answer: A
Explanation:
Q295. An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender?
A. CRL
B. Non-repudiation
C. Trust models
D. Recovery agents
Answer: B
Explanation:
Nonrepudiation prevents one party from denying actions they carried out. This means that the identity of the email sender will not be repudiated.
Q296. Which of the following is characterized by an attack against a mobile device?
A. Evil twin
B. Header manipulation
C. Blue jacking
D. Rogue AP
Answer: C
Explanation:
A bluejacking attack is where unsolicited messages are sent to mobile devices using Bluetooth. Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames.
Q297. Users need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key?
A. Session Key
B. Public Key
C. Private Key
D. Digital Signature
Answer: C
Explanation:
Explanation: Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn’t disclosed to people who aren’t authorized to use the encryption system.
Q298. A recent audit has revealed weaknesses in the process of deploying new servers and network devices. Which of the following practices could be used to increase the security posture during deployment? (Select TWO).
A. Deploy a honeypot
B. Disable unnecessary services
C. Change default passwords
D. Implement an application firewall
E. Penetration testing
Answer: B,C
Explanation:
Q299. Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements?
A. EAP-TLS
B. EAP-FAST
C. PEAP-CHAP
D. PEAP-MSCHAPv2
Answer: D
Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards. Only servers running Network Policy Server (NPS) or PEAP-MS-CHAP v2 are required to have a certificate.
Q300. Which of the following relies on the use of shared secrets to protect communication?
A. RADIUS
B. Kerberos
C. PKI
D. LDAP
Answer: A
Explanation:
Obfuscated passwords are transmitted by the RADIUS protocol via a shared secret and the MD5 hashing algorithm.
