♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
Q521. Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete’s access to this site?
A. Internet content filter
B. Firewall
C. Proxy server
D. Protocol analyzer
Answer: A
Explanation:
Web filtering software is designed to restrict or control the content a reader is authorised to access, especially when utilised to restrict material delivered over the Internet via the Web, e-mail, or other means.
Q522. Which of the following is synonymous with a server’s certificate?
A. Public key
B. CRL
C. Private key
D. Recovery agent
Answer: A
Explanation:
A public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key.
Q523. Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts?
A. badlog
B. faillog
C. wronglog
D. killlog
Answer: B
Explanation:
var/log/faillog - This Linux log fi le contains failed user logins. You’ll find this log useful when
tracking attempts to crack into your system.
/var/log/apport.log This log records application crashes. Sometimes these can reveal attempts to
compromise the system or the presence of a virus or spyware.
Q524. Which of the following BEST describes a demilitarized zone?
A. A buffer zone between protected and unprotected networks.
B. A network where all servers exist and are monitored.
C. A sterile, isolated network segment with access lists.
D. A private network that is protected by a firewall and a VLAN.
Answer: A
Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
Q525. Digital signatures are used for ensuring which of the following items? (Select TWO).
A. Confidentiality
B. Integrity
C. Non-Repudiation
D. Availability
E. Algorithm strength
Answer: B,C
Explanation:
A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Nonrepudiation prevents one party from denying actions that they carried out and in the electronic world nonrepudiation measures can be a two-key cryptographic system and the involvement of a third party to verify the validity. This respected third party ‘vouches’ for the individuals in the two-key system. Thus non-repudiation also impacts on integrity.
Q526. A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability?
A. Host-based firewall
B. IDS
C. IPS
D. Honeypot
Answer: B
Explanation:
Q527. Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?
A. Blowfish
B. DES
C. SHA256
D. HMAC
Answer: A
Explanation:
Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). Among the alternatives listed above, it is the only cipher that can use a 128-bit key and which does provide additional security through a symmetric key.
Q528. Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?
A. Joe’s public key
B. Joe’s private key
C. Ann’s public key
D. Ann’s private key
Answer: D
Explanation:
The sender uses his private key, in this case Ann's private key, to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic. The receiver uses a key provided by the sender—the public key—to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.
Q529. The chief Risk officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from the device. Which of the following BEST meets the requirements? (Select TWO)
A. Asset tracking
B. Screen-locks
C. GEO-Tracking
D. Device encryption
Answer: A,D
Explanation:
A: Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user.
D: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
Q530. In PKI, a key pair consists of: (Select TWO).
A. A key ring
B. A public key
C. A private key
D. Key escrow
E. A passphrase
Answer: B,C
Explanation:
In a PKI the sender encrypts the data using the receiver's public key. The receiver decrypts the data using his own private key. The key pair consists of these two keys.
