♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
Q131. A security administrator is reviewing the company’s continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?
A. Systems should be restored within six hours and no later than two days after the incident.
B. Systems should be restored within two days and should remain operational for at least six hours.
C. Systems should be restored within six hours with a minimum of two days worth of data.
D. Systems should be restored within two days with a minimum of six hours worth of data.
Answer: C
Explanation:
The recovery time objective (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable. Beyond this time, the break in business continuity is considered to affect the business negatively. The RTO is agreed on during the business impact analysis (BIA) creation.
The recovery point objective (RPO) is similar to RTO, but it defines the point at which the system needs to be restored. This could be where the system was two days before it crashed (whip out the old backup tapes) or five minutes before it crashed (requiring complete redundancy). As a general rule, the closer the RPO matches the item of the crash, the more expensive it is to obtain.
Q132. Which of the following would provide the STRONGEST encryption?
A. Random one-time pad
B. DES with a 56-bit key
C. AES with a 256-bit key
D. RSA with a 1024-bit key
Answer: A
Explanation:
One-time pads are the only truly completely secure cryptographic implementations.
They are so secure for two reasons. First, they use a key that is as long as a plaintext message.
That means there is no pattern in the key application for an attacker to use. Also, one-time pad
keys are used only once and then discarded. So even if you could break a one-time pad cipher,
that same key would never be used again, so knowledge of the key would be useless.
Q133. A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO).
A. Password age
B. Password hashing
C. Password complexity
D. Password history
E. Password length
Answer: A,D
Explanation:
D: Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a user from changing his password to any of his previous 5 passwords.
A: When a user is forced to change his password due to a maximum password age period expiring, he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the same password for at least 30 days.
Q134. Sara, an employee, tethers her smartphone to her work PC to bypass the corporate web security gateway while connected to the LAN. While Sara is out at lunch her PC is compromised via the tethered connection and corporate data is stolen. Which of the following would BEST prevent this from occurring again?
A. Disable the wireless access and implement strict router ACLs.
B. Reduce restrictions on the corporate web security gateway.
C. Security policy and threat awareness training.
D. Perform user rights and permissions reviews.
Answer: C
Explanation:
BYOD (In this case Sara’s smart phone) involves the possibility of a personal device that is infected with malware introducing that malware to the network and security awareness training will address the issue of the company’s security policy with regard to BYOD.
Q135. HOTSPOT
Select the appropriate attack from each drop down list to label the corresponding illustrated attack
Instructions: Attacks may only be used once, and will disappear from drop down list if selected.
When you have completed the simulation, please select the Done button to submit.
Answer:
Explanation:
References:
http://searchsecurity.techtarget.com/definition/spear-phishing http://www.webopedia.com/TERM/V/vishing.html http://www.webopedia.com/TERM/P/phishing.html
http://www.webopedia.com/TERM/P/pharming.html
Q136. Joe Has read and write access to his own home directory. Joe and Ann are collaborating on a project, and Joe would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect?
A. Role-based access control
B. Rule-based access control
C. Mandatory access control
D. Discretionary access control
Answer: D
Explanation:
Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.
Q137. Which of the following presents the STRONGEST access control?
A. MAC
B. TACACS
C. DAC
D. RBAC
Answer: A
Explanation:
A: With Mandatory Access Control (MAC) all access is predefined. This makes it the strongest access control of the options presented in the question.
Q138. Which of the following cryptographic related browser settings allows an organization to communicate securely?
A. SSL 3.0/TLS 1.0
B. 3DES
C. Trusted Sites
D. HMAC
Answer: A
Explanation:
Secure Sockets Layer (SSL) is used to establish a secure communication connection between two TCP-based machines. Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL in the future. TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As of February 2015, the latest versions of all major web browsers support TLS 1.0, 1.1, and 1.2, have them enabled by default.
Q139. Which of the following tools would allow Ann, the security administrator, to be able to BEST quantify all traffic on her network?
A. Honeypot
B. Port scanner
C. Protocol analyzer
D. Vulnerability scanner
Answer: C
Explanation:
A Protocol Analyzer is a hardware device or more commonly a software program used to capture
network data communications sent between devices on a network. By capturing and analyzing the
packets sent between the systems on the network, Ann would be able to quantify the amount of
traffic on the network.
Well known software protocol analyzers include Message Analyzer (formerly Network Monitor)
from Microsoft and Wireshark (formerly Ethereal).
Q140. Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?
A. Biometrics
B. PKI
C. Single factor authentication
D. Multifactor authentication
Answer: D
Explanation:
Multifactor authentication requires a user to provide two or more authentication factors for authentication purposes. In this case, a smart card (something they have) is one and a PIN (something they know) is the second.
