♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: http://www.exam.com/SY0-401-dumps.html


Our pass rate is high to 98.9% and the similarity percentage between our comptia security+ sy0 401 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA security+ sy0 401 exam in just one try? I am currently studying for the CompTIA sy0 401 vce exam. Latest CompTIA sy0 401 study guide pdf Test exam practice questions and answers, Try CompTIA sy0 401 braindump Brain Dumps First.

P.S. Precise SY0-401 tutorials are available on Google Drive, GET MORE: https://drive.google.com/open?id=1FzInfNT7xZoRgBhz3WNs4wusgK-UQOYg


New CompTIA SY0-401 Exam Dumps Collection (Question 7 - Question 16)

New Questions 7

Joe, the systems administrator, is setting up a wireless network for his teamu2019s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?

A. Disable default SSID broadcasting.

B. Use WPA instead of WEP encryption.

C. Lower the access pointu2019s power settings.

D. Implement MAC filtering on the access point.

Answer: D

Explanation:

If MAC filtering is turned off, any wireless client that knows the values looked for (MAC addresses) can join the network. When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with usersu2019 computers and enters those addresses. When a client attempts to connect and other values have been correctly entered, an additional check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is forbidden from doing so.


New Questions 8

Which of the following common access control models is commonly used on systems to ensure a "need to know" based on classification levels?

A. Role Based Access Controls

B. Mandatory Access Controls

C. Discretionary Access Controls

D. Access Control List

Answer: B

Explanation:

Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security restriction where some objects are restricted unless the subject has a need to know them.


New Questions 9

Which of the following concepts is used by digital signatures to ensure integrity of the data?

A. Non-repudiation

B. Hashing

C. Transport encryption

D. Key escrow

Answer: B

Explanation:

Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.


New Questions 10

A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security?

A. Assign users manually and perform regular user access reviews

B. Allow read only access to all folders and require users to request permission

C. Assign data owners to each folder and allow them to add individual users to each folder

D. Create security groups for each folder and assign appropriate users to each group

Answer: D

Explanation:

Creating a security group for each folder and assigning necessary users to each group would only allow users belonging to the folderu2019s security group access to the folder. It will make assigning folder privileges much easier, while also being more secure.


New Questions 11

Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure?

A. Trust Model

B. Recovery Agent

C. Public Key

D. Private Key

Answer: A

Explanation:

In a bridge trust model allows lower level domains to access resources in a separate PKI through the root CA.

A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate.

In a bridge trust model, a peer-to-peer relationship exists among the root CAs. The root CAs can communicate with one another, allowing cross certification. This arrangement allows a certification process to be established between organizations or departments.

Each intermediate CA trusts only the CAs above and below it, but the CA structure can be expanded without creating additional layers of CAs.


New Questions 12

An administrator needs to submit a new CSR to a CA. Which of the following is a valid

FIRST step?

A. Generate a new private key based on AES.

B. Generate a new public key based on RSA.

C. Generate a new public key based on AES.

D. Generate a new private key based on RSA.

Answer: D

Explanation:

Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The private key is needed to produce, but it is not part of, the CSR.

The private key is an RSA key. The private encryption key that will be used to protect sensitive information.

Note: A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually created at the same time that you create the CSR.


New Questions 13

Which of the following is a requirement when implementing PKI if data loss is unacceptable?

A. Web of trust

B. Non-repudiation

C. Key escrow

D. Certificate revocation list

Answer: C

Explanation:

Key escrow is a database of stored keys that later can be retrieved.

Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employeeu2019s private messages have been called into question.


New Questions 14

A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?

A. User assigned privileges

B. Password disablement

C. Multiple account creation

D. Group based privileges

Answer: D

Explanation:

Group-based privileges assign privileges or access to a resource to all members of a group. Group-based access control grants every member of the group the same level of access to a specific object.


New Questions 15

A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?

A. Single sign-on

B. Authorization

C. Access control

D. Authentication

Answer: D

Explanation:

Authentication generally requires one or more of the following:

Something you know: a password, code, PIN, combination, or secret phrase. Something you have: a smart card, token device, or key.

Something you are: a fingerprint, a retina scan, or voice recognition; often referred to as biometrics, discussed later in this chapter.

Somewhere you are: a physical or logical location.

Something you do: typing rhythm, a secret handshake, or a private knock.


New Questions 16

Joe, a network administrator, is able to manage the backup software console by using his network login credentials. Which of the following authentication services is the MOST likely using?

A. SAML

B. LDAP

C. iSCSI

D. Two-factor authentication

Answer: B

Explanation:

Joe is able to manage the backup system by logging into the network. This is an example of Single Sign-on.

A common usage of LDAP is to provide a "single sign on" where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.


100% Improve CompTIA SY0-401 Questions & Answers shared by exam, Get HERE: https://www.exam.com/SY0-401-dumps.html (New 1781 Q&As)