Questions Ask for comptia security+ study guide sy0 401

Testking offers free demo for comptia security+ sy0 401 pdf exam. "CompTIA Security+ Certification", also known as comptia sy0 401 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA security+ sy0 401 exam, will help you answer those questions. The sy0 401 practice exam Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA comptia sy0 401 exams and revised by experts!


♥♥ 2021 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/SY0-401-exam-dumps.html

Q661. Which of the following would provide the STRONGEST encryption? 

A. Random one-time pad 

B. DES with a 56-bit key 

C. AES with a 256-bit key 

D. RSA with a 1024-bit key 

Answer:

Explanation: 

One-time pads are the only truly completely secure cryptographic implementations. 

They are so secure for two reasons. First, they use a key that is as long as a plaintext message. 

That means there is no pattern in the key application for an attacker to use. Also, one-time pad 

keys are used only once and then discarded. So even if you could break a one-time pad cipher, 

that same key would never be used again, so knowledge of the key would be useless. 


Q662. A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports? 

A. SNMP 

B. SNMPv3 

C. ICMP 

D. SSH 

Answer:

Explanation: 

Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities. 


Q663. Which of the following is an example of a false positive? 

A. Anti-virus identifies a benign application as malware. 

B. A biometric iris scanner rejects an authorized user wearing a new contact lens. 

C. A user account is locked out after the user mistypes the password too many times. 

D. The IDS does not identify a buffer overflow. 

Answer:

Explanation: 

A false positive is an error in some evaluation process in which a condition tested for is mistakenly found to have been detected. In spam filters, for example, a false positive is a legitimate message mistakenly marked as UBE --unsolicited bulk email, as junk email is more formally known. Messages that are determined to be spam -- whether correctly or incorrectly -- may be rejected by a server or client-side spam filter and returned to the sender as bounce e-mail. One problem with many spam filtering tools is that if they are configured stringently enough to be effective, there is a fairly high chance of getting false positives. The risk of accidentally blocking an important message has been enough to deter many companies from implementing any anti-spam measures at all. False positives are also common in security systems. A host intrusion prevention system (HIPS), for example, looks for anomalies, such as deviations in bandwidth, protocols and ports. When activity varies outside of an acceptable range – for example, a remote application attempting to open a normally closed port -- an intrusion may be in progress. However, an anomaly, such as a sudden spike in bandwidth use, does not guarantee an actual attack, so this approach amounts to an educated guess and the chance for false positives can be high. False positives contrast with false negatives, which are results indicating mistakenly that some condition tested for is absent. 


Q664. Which of the following security architecture elements also has sniffer functionality? (Select TWO). 

A. HSM 

B. IPS 

C. SSL accelerator 

D. WAP 

E. IDS 

Answer: B,E 

Explanation: 

Sniffer functionality means the ability to capture and analyze the content of data packets as they 

are transmitted across the network. 

IDS and IPS systems perform their functions by capturing and analyzing the content of data 

packets. 

An intrusion detection system (IDS) is a device or software application that monitors network or 

system activities for malicious activities or policy violations and produces reports to a management 

station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in 

different ways. There are network based (NIDS) and host based (HIDS) intrusion detection 

systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor 

expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily 

focused on identifying possible incidents, logging information about them, and reporting attempts. 

In addition, organizations use IDPSes for other purposes, such as identifying problems with 

security policies, documenting existing threats and deterring individuals from violating security 

policies. IDPSes have become a necessary addition to the security infrastructure of nearly every 

organization. 

IDPSes typically record information related to observed events, notify security administrators of 

important observed events and produce reports. Many IDPSes can also respond to a detected 

threat by attempting to prevent it from succeeding. They use several response techniques, which 

involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a 

firewall) or changing the attack's content. 


Q665. A security administrator is notified that users attached to a particular switch are having intermittent connectivity issues. Upon further research, the administrator finds evidence of an ARP spoofing attack. Which of the following could be utilized to provide protection from this type of attack? 

A. Configure MAC filtering on the switch. 

B. Configure loop protection on the switch. 

C. Configure flood guards on the switch. 

D. Configure 802.1x authentication on the switch. 

Answer:

Explanation: 


Q666. Which of the following concepts are included on the three sides of the "security triangle"? (Select THREE). 

A. Confidentiality 

B. Availability 

C. Integrity 

D. Authorization 

E. Authentication 

F. Continuity 

Answer: A,B,C 

Explanation: 

Confidentiality, integrity, and availability are the three most important concepts in security. Thus they form the security triangle. 


Q667. A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue? 

A. The SSID broadcast is disabled. 

B. The company is using the wrong antenna type. 

C. The MAC filtering is disabled on the access point. 

D. The company is not using strong enough encryption. 

Answer:

Explanation: 

When the SSID is broadcast, any device with an automatic detect and connect feature is able to see the network and can initiate a connection with it. The fact that they cannot access the network means that they are unable to see it. 


Q668. Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity’s of Joe’s certificate? (Select TWO). 

A. The CA’s public key 

B. Joe’s private key 

C. Ann’s public key 

D. The CA’s private key 

E. Joe’s public key 

F. Ann’s private key 

Answer: A,E 

Explanation: 

Joe wants to send a message to Ann. It’s important that this message not be altered. Joe will use the private key to create a digital signature. The message is, in effect, signed with the private key. Joe then sends the message to Ann. Ann will use the public key attached to the message to validate the digital signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key provided by Joe—the public key—to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus Ann would compare the signature area referred to as a message in the message with the calculated value digest (her private key in this case). If the values match, the message hasn’t been tampered with and the originator is verified as the person they claim to be. This process provides message integrity, nonrepudiation, and authentication. A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. A certificate is nothing more than a mechanism that associates the public key with an individual. If Joe wants to send Ann an encrypted e-mail, there should be a mechanism to verify to Ann that the message received from Mike is really from Joe. If a third party (the CA) vouches for Joe and Ann trusts that third party, Ann can assume that the message is authentic because the third party says so. 


Q669. A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not trusted. Which of the following BEST describes the service that should be implemented to meet these requirements? 

A. Trust model 

B. Key escrow 

C. OCSP 

D. PKI 

Answer:

Explanation: 

In this scenario we can put a CA in the local network and use an online CA as root CA in a hierarchical trust model. A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate. In a hierarchical trust model, also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren’t. This arrangement allows a high level of control at all levels of the hierarchical tree. 


Q670. An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security? 

A. Initial baseline configuration snapshots 

B. Firewall, IPS and network segmentation 

C. Event log analysis and incident response 

D. Continuous security monitoring processes 

Answer:

Explanation: