This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Wed Jan 22 22:17:01 2025 / +0000 GMT ___________________________________________________ Title: [Lead2pass New] Free Share Lead2pass CompTIA SY0-401 VCE Dumps With New Update Exam Questions (676-700) --------------------------------------------------- At Lead2pass, we provide thoroughly reviewed CompTIA SY0-401 training resources which are the best for clearing SY0-401 test, and to get certified by CompTIA SY0-401. Following questions and answers are all new published by CompTIA Official Exam Center: https://www.lead2pass.com/sy0-401.html QUESTION 676Several employee accounts appear to have been cracked by an attacker.Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO). A.    Increase password complexityB.    Deploy an IDS to capture suspicious loginsC.    Implement password historyD.    Implement monitoring of loginsE.    Implement password expirationF.    Increase password length Answer: AFExplanation:The more difficult a password is the more difficult it is to be cracked by an attacker. By increasing the password complexity you make it more difficult.Passwords that are too short can easily be cracked. The more characters used in a password, combined with the increased complexity will mitigate password cracking attacks. QUESTION 677Human Resources suspect an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place? A.    Shared accounts should be prohibited.B.    Account lockout should be enabledC.    Privileges should be assigned to groups rather than individualsD.    Time of day restrictions should be in use Answer: AExplanation:Since distinguishing between the actions of one person and another isn't possible if they both use a shared account, shared accounts should not be allowed. If shared accounts are being used, the administrator will find the account, but have more than one suspect. To nullify this occurrence, Shared accounts should be prohibited. QUESTION 678A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department? A.    Time of day restrictionsB.    Group based privilegesC.    User assigned privilegesD.    Domain admin restrictions Answer: BExplanation:The question states that the sales department has a high employee turnover. You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). Then when a new employee starts, you simply add the new user account to the appropriate groups. The user then inherits all the permissions assigned to the groups. QUESTION 679A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security? A.    Assign users manually and perform regular user access reviewsB.    Allow read only access to all folders and require users to request permissionC.    Assign data owners to each folder and allow them to add individual users to each folderD.    Create security groups for each folder and assign appropriate users to each group Answer: DExplanation:Creating a security group for each folder and assigning necessary users to each group would only allow users belonging to the folder's security group access to the folder. It will make assigning folder privileges much easier, while also being more secure. QUESTION 680A new intern was assigned to the system engineering department, which consists of the system architect and system software developer's teams. These two teams have separate privileges.The intern requires privileges to view the system architectural drawings and comment on some software development projects. Which of the following methods should the system administrator implement? A.    Group based privilegesB.    Generic account prohibitionC.    User access reviewD.    Credential management Answer: AExplanation:You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). By assigning the intern's user account to both groups, the intern will inherit the permissions assigned to those groups. QUESTION 681A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments? A.    User assigned privilegesB.    Password disablementC.    Multiple account creationD.    Group based privileges Answer: DExplanation:Group-based privileges assign privileges or access to a resource to all members of a group. Group-based access control grants every member of the group the same level of access to a specific object. QUESTION 682Which of the following practices reduces the management burden of access management? A.    Password complexity policiesB.    User account auditC.    Log analysis and reviewD.    Group based privileges Answer: DExplanation:Granting permissions to all members of a group is quicker than individually assigning them to each user. This means an administrator will spend less time on assigning permissions to users who require the same access privileges. QUESTION 683A supervisor in the human resources department has been given additional job duties in the accounting department. Part of their new duties will be to check the daily balance sheet calculations on spreadsheets that are restricted to the accounting group. In which of the following ways should the account be handled? A.    The supervisor should be allowed to have access to the spreadsheet files, and their membership in the human resources group should be terminated.B.    The supervisor should be removed from the human resources group and added to the accounting group.C.    The supervisor should be added to the accounting group while maintaining their membership in the human resources group.D.    The supervisor should only maintain membership in the human resources group. Answer: CExplanation:You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). By assigning the human resources supervisor's user account to the group means the supervisor will inherit the permissions of that group, and allow him to carry out the new duties. Because the new duties are being added to his normal duties, maintaining membership in the human resources group will allow the supervisor to continue performing his normal duties. QUESTION 684A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles? A.    Leverage role-based access controls.B.    Perform user group clean-up.C.    Verify smart card access controls.D.    Verify SHA-256 for password hashes. Answer: BExplanation: Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user, group and computer objects accumulating over time and placing security and compliance objectives in jeopardy. You would therefore need to regularly clean-up these settings. QUESTION 685Privilege creep among long-term employees can be mitigated by which of the following procedures? A.    User permission reviewsB.    Mandatory vacationsC.    Separation of dutiesD.    Job function rotation Answer: AExplanation:Privilege creep is the steady build-up of access rights beyond what a user requires to perform his/her task. Privilege creep can be decreased by conducting sporadic access rights reviews, which will confirm each user's need to access specific roles and rights in an effort to find and rescind excess privileges. QUESTION 686A recent audit of a company's identity management system shows that 30% of active accounts belong to people no longer with the firm. Which of the following should be performed to help avoid this scenario? (Select TWO). A.    Automatically disable accounts that have not been utilized for at least 10 days.B.    Utilize automated provisioning and de-provisioning processes where possible.C.    Request that employees provide a list of systems that they have access to prior to leaving the firm.D.    Perform regular user account review / revalidation process.E.    Implement a process where new account creations require management approval. Answer: BDExplanation:Provisioning and de-provisioning processes can occur manually or automatically. Since the manual processes are so time consuming, the automated option should be used as it is more efficient. Revalidating user accounts would determine which users are no longer active. QUESTION 687In order for network monitoring to work properly, you need a PC and a network card running in what mode? A.    LaunchB.    ExposedC.    PromiscuousD.    Sweep Answer: CExplanation:Promiscuous mode allows the network card to look at any packet that it sees on the network.This even includes packets that are not addressed to that network card. QUESTION 688Which of the following techniques enables a highly secured organization to assess security weaknesses in real time? A.    Access control listsB.    Continuous monitoringC.    Video surveillanceD.    Baseline reporting Answer: BExplanation:Continuous monitoring point toward the never-ending review of what resources a user actually accesses, which is critical for preventing insider threats. Because the process is never-ending, assessments happen in real time. QUESTION 689Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session? A.    SFTPB.    HTTPSC.    TFTPD.    TLS Answer: DExplanation:SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption. QUESTION 690A company uses PGP to ensure that sensitive email is protected. Which of the following types of cryptography is being used here for the key exchange? A.    SymmetricB.    Session-basedC.    HashingD.    Asymmetric Answer: AExplanation:PGP combines symmetric-key encryption and public-key encryption. The message is encrypted using a symmetric encryption algorithm, which requires a symmetric key. Each symmetric key is used only once and is also called a session key. QUESTION 691Which of the following is true about asymmetric encryption? A.    A message encrypted with the private key can be decrypted by the same keyB.    A message encrypted with the public key can be decrypted with a shared key.C.    A message encrypted with a shared key, can be decrypted by the same key.D.    A message encrypted with the public key can be decrypted with the private key. Answer: DExplanation:Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes. QUESTION 692Encryption used by RADIUS is BEST described as: A.    QuantumB.    Elliptical curveC.    AsymmetricD.    Symmetric Answer: DExplanation:The RADIUS server uses a symmetric encryption method.Note: Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. QUESTION 693Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________. A.    Public keys, one timeB.    Shared keys, private keysC.    Private keys, session keysD.    Private keys, public keys Answer: DExplanation:Symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key.In more detail:* Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system.* Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes. QUESTION 694Users need to exchange a shared secret to begin communicating securely.Which of the following is another name for this symmetric key? A.    Session KeyB.    Public KeyC.    Private KeyD.    Digital Signature Answer: CExplanation:Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system. QUESTION 695In order to securely communicate using PGP, the sender of an email must do which of the following when sending an email to a recipient for the first time? A.    Import the recipient's public keyB.    Import the recipient's private keyC.    Export the sender's private keyD.    Export the sender's public key Answer: AExplanation:See step 4 below.1. When a user encrypts plaintext with PGP, PGP first compresses the plaintext.2. PGP then creates a session key, which is a one-time-only secret key.3. This session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext.4. Once the data is encrypted, the session key is then encrypted to the recipient's public key.This public key-encrypted session key is transmitted along with the ciphertext to the recipient. QUESTION 696A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected? A.    Block cipherB.    Stream cipherC.    CRCD.    Hashing algorithm Answer: AExplanation:With a block cipher the algorithm works on chunks of data--encrypting one and then moving to the next.Example: Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. QUESTION 697The concept of rendering data passing between two points over an IP based network impervious to all but the most sophisticated advanced persistent threats is BEST categorized as which of the following? A.    Stream ciphersB.    Transport encryptionC.    Key escrowD.    Block ciphers Answer: BExplanation:Transport encryption is the process of encrypting data ready to be transmitted over an insecure network. A common example of this would be online banking or online purchases where sensitive information such as account numbers or credit card numbers is transmitted. Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL). QUESTION 698Which of the following transportation encryption protocols should be used to ensure maximum security between a web browser and a web server? A.    SSLv2B.    SSHv1C.    RSAD.    TLS Answer: DExplanation:HTTP Secure HTTP Secure (HTTPS) is the protocol used for "secure" web pages that users should see when they must enter personal information such as credit card numbers, passwords, and other identifiers. It combines HTTP with SSL/TLS to provide encrypted communication. Transport Layer Security (TLS) is a security protocol that expands upon SSL. Many industry analysts predict that TLS will replace SSL, and it is also referred to as SSL 3.1. QUESTION 699Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO). A.    110B.    137C.    139D.    143E.    161F.    443 Answer: BCExplanation: NetBIOS provides four distinct services:Name service for name registration and resolution (port: 137/udp) Name service for name registration and resolution (port: 137/tcp) Datagram distribution service for connectionless communication (port: 138/udp) Session service for connection-oriented communication (port: 139/tcp) QUESTION 700Which of the following concepts is enforced by certifying that email communications have been sent by who the message says it has been sent by? A.    Key escrowB.    Non-repudiationC.    Multifactor authenticationD.    Hashing Answer: BExplanation:Regarding digital security, the cryptological meaning and application of non-repudiation shifts to mean:* A service that provides proof of the integrity and origin of data.* An authentication that can be asserted to be genuine with high assurance. More free Lead2pass SY0-401 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDLXZsWm9MWmh0a0E It is a best choice to accelerate your career as a professional in the Information Technology industry. We are proud of our reputation of helping people clear the SY0-401 test in their very first attempts. 2017 CompTIA SY0-401  (All 1868 Q&As) exam dumps (PDF&VCE) from Lead2pass: https://www.lead2pass.com/sy0-401.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-11-24 03:40:24 Post date GMT: 2017-11-24 03:40:24 Post modified date: 2017-11-24 03:40:24 Post modified date GMT: 2017-11-24 03:40:24 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com