aiotestking uk

SY0-401 Exam Questions - Online Test


SY0-401 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

P.S. Refined SY0-401 braindumps are available on Google Drive, GET MORE: https://drive.google.com/open?id=1cWWp1M23MZ78HxR1-dlnysc_UeU-F4G1


New CompTIA SY0-401 Exam Dumps Collection (Question 4 - Question 13)

New Questions 4

Which of the following protocols encapsulates an IP packet with an additional IP header?

A. SFTP

B. IPSec

C. HTTPS

D. SSL

Answer: B

Explanation:

Authentication Header (AH) is a member of the IPsec protocol suite. AH operates directly on top of IP, using IP protocol number 51.


New Questions 5

An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that automatically change every 30 seconds. Which of the following type of authentication mechanism is this?

A. TOTP

B. Smart card

C. CHAP

D. HOTP

Answer: A

Explanation:

Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. In this case, itu2021s every 30 seconds.


New Questions 6

Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?

A. Biometrics

B. PKI

C. Single factor authentication

D. Multifactor authentication

Answer: D

Explanation:

Multifactor authentication requires a user to provide two or more authentication factors for authentication purposes. In this case, a smart card (something they have) is one and a PIN (something they know) is the second.


New Questions 7

In which of the following scenarios is PKI LEAST hardened?

A. The CRL is posted to a publicly accessible location.

B. The recorded time offsets are developed with symmetric keys.

C. A malicious CA certificate is loaded on all the clients.

D. All public keys are accessed by an unauthorized user.

Answer: C

Explanation:

A rogue Certification Authority (CA) certificate allows malicious users to impersonate any Web site on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. A rogue CA certificate would be seen as trusted by Web browsers, and it is harmful because it can appear to be signed by one of the root CAs that browsers trust by default. A rogue Certification Authority (CA) certificate can be created using a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure Web sites.


New Questions 8

A security administrator is tackling issues related to authenticating users at a remote site. There have been a large number of security incidents that resulted from either tailgating or impersonation of authorized users with valid credentials. The security administrator has been told to implement multifactor authentication in order to control facility access. To secure access to the remote facility, which of the following could be implemented without increasing the amount of space required at the entrance?

A. MOTD challenge and PIN pad

B. Retina scanner and fingerprint reader

C. Voice recognition and one-time PIN token

D. One-time PIN token and proximity reader

Answer: C

Explanation:

Authentication systems or methods are based on one or more of these five factors: Something you know, such as a password or PIN

Something you have, such as a smart card, token, or identification device

Something you are, such as your fingerprints or retinal pattern (often called biometrics) Something you do, such as an action you must take to complete authentication Somewhere you are (this is based on geolocation)

Multifactor authentication is authentication that uses two of more of the authentication factors listed above.

In this question, we can use voice recognition (something you are) and a one-time PIN token (something you have) to provide two factors of authentication. The one-time PIN token is a small device that generates a one-time PIN to enable access.


New Questions 9

The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?

A. Rule based access control

B. Mandatory access control

C. User assigned privilege

D. Discretionary access control

Answer: D

Explanation:

Discretionary access control (DAC) allows access to be granted or restricted by an objectu2021s owner based on user identity and on the discretion of the object owner.


New Questions 10

Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions?

A. TACACS

B. XTACACS

C. RADIUS

D. TACACS+

Answer: D

Explanation:

TACACS+ is not compatible with TACACS and XTACACS, and makes use of TCP.


New Questions 11

The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the banku2021s certificates are still valid?

A. Banku2021s CRL

B. Banku2021s private key

C. Banku2021s key escrow

D. Banku2021s recovery agent

Answer: A

Explanation:

The finance department can check if any of the bank's certificates are in the CRL or not. If a certificate is not in the CRL then it is still valid.

The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release.


New Questions 12

Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).

A. RC4

B. 3DES

C. AES

D. MD5

E. PGP

F. Blowfish

Answer: B,C,F

Explanation:

B: Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.

C: Advanced Encryption Standard (AES) is a block cipher that has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is the current product used by U.S. governmental agencies. F: Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds.


New Questions 13

When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?

A. Trust models

B. CRL

C. CA

D. Recovery agent

Answer: C

Explanation:

A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. The CA affirms the identity of the certificate owner.


Recommend!! Get the Refined SY0-401 dumps in VCE and PDF From Thedumpscentre, Welcome to download: http://www.thedumpscentre.com/SY0-401-dumps/ (New 1789 Q&As Version)