aiotestking uk

SY0-401 Exam Questions - Online Test


SY0-401 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

P.S. Pinpoint SY0-401 practice exam are available on Google Drive, GET MORE: https://drive.google.com/open?id=1-cGZus8ct-Srv-6oYT2mo7R9fIxOVla2


New CompTIA SY0-401 Exam Dumps Collection (Question 11 - Question 20)

Q1. During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required?

A. Conditional rules under which certain systems may be accessed

B. Matrix of job titles with required access privileges

C. Clearance levels of all company personnel

D. Normal hours of business operation

Answer: B

Explanation:

Role-based access control is a model where access to resources is determines by job role rather than by user account.

Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer-system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department.

To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role.


Q2. Which of the following should a security technician implement to identify untrusted certificates?

A. CA

B. PKI

C. CRL

D. Recovery agent

Answer: C

Explanation:

Untrusted certificates and keys are revoked and put into the CRL.

Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included.


Q3. Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?

A. Joeu2021s public key

B. Joeu2021s private key

C. Annu2021s public key

D. Annu2021s private key

Answer: D

Explanation:

The sender uses his private key, in this case Ann's private key, to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.

The receiver uses a key provided by the senderu2014the public keyu2014to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.


Q4. Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?

A. Kerberos

B. LDAP

C. SAML

D. RADIUS

Answer: D

Explanation:

EAP-TLS, defined in RFC 2716, is an IETF open standard, and is well-supported among wireless vendors. It offers a good deal of security, since TLS is considered the successor of the SSL standard. It uses PKI to secure communication to the RADIUS authentication server.

Remote Authentication Dial In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect and use a network service. Because of the broad support and the ubiquitous nature of the RADIUS protocol, it is often used by ISPs and enterprises to manage access to the Internet or internal networks, wireless networks, and integrated e- mail services.


Q5. Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?

A. Hashing

B. Transport encryption

C. Digital signatures

D. Steganography

Answer: D

Explanation:

Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.

Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.


Q6. A file on a Linux server has default permissions of rw-rw-r--. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file?

A. User ownership information for the file in question

B. Directory permissions on the parent directory of the file in question

C. Group memberships for the group owner of the file in question

D. The file system access control list (FACL) for the file in question

Answer: C

Explanation:

The file permissions according to the file system access control list (FACL) are rw-rw-r--. The first u2021rw-u2021 are the file owner permissions (read and write).

The second u2021rw-u2021 are the group permissions (read and write) for the group that has been assigned the file.

The third u2021r--u2021 is the All Users permissions; in this case read only.

To enable Ann to access the file, we should add Ann to the group that has been assigned to the file.


Q7. Which of the following access controls enforces permissions based on data labeling at specific levels?

A. Mandatory access control

B. Separation of duties access control

C. Discretionary access control

D. Role based access control

Answer: A

Explanation:

In a MAC environment everything is assigned a classification marker. Subjects are assigned a clearance level and objects are assigned a sensitivity label.


Q8. Which of the following are restricted to 64-bit block sizes? (Select TWO).

A. PGP

B. DES

C. AES256

D. RSA

E. 3DES

F. AES

Answer: B,E

Explanation:

B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. Itu2021s based on a 56-bit key and has several modes that offer security and integrity. It is now considered insecure because of the small key size.

E: Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and itu2021s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).


Q9. Which of the following is a requirement when implementing PKI if data loss is unacceptable?

A. Web of trust

B. Non-repudiation

C. Key escrow

D. Certificate revocation list

Answer: C

Explanation:

Key escrow is a database of stored keys that later can be retrieved.

Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employeeu2021s private messages have been called into question.


Q10. Symmetric encryption utilizes , while asymmetric encryption utilizes __ .

A. Public keys, one time

B. Shared keys, private keys

C. Private keys, session keys

D. Private keys, public keys

Answer: D

Explanation:

Symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key.

In more detail:

* Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isnu2021t disclosed to people who arenu2021t authorized to use the encryption system.

* Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what

* one key does, the other one undoes.


P.S. Easily pass SY0-401 Exam with Certifytools Pinpoint Dumps & pdf vce, Try Free: https://www.certifytools.com/SY0-401-exam.html (1781 New Questions)