SY0-401 Exam Questions - Online Test
SY0-401 Premium VCE File
150 Lectures, 20 Hours
Q1. A company has just deployed a centralized event log storage system. Which of the following can be used to ensure the integrity of the logs after they are collected?
A. Write-once drives
B. Database encryption
C. Continuous monitoring
D. Role-based access controls
Answer: A
Explanation:
Q2. A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts?
A. Confidentiality
B. Availability
C. Succession planning
D. Integrity
Answer: B
Explanation:
Simply making sure that the data and systems are available for authorized users is what availability is all about. Data backups, redundant systems, and disaster recovery plans all support availability. And creating a hot site is about providing availability.
Q3. Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops?
A. TPM
B. HSM
C. CPU
D. FPU
Answer: A
Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.
Q4. Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO).
A. Acceptable use of social media
B. Data handling and disposal
C. Zero day exploits and viruses
D. Phishing threats and attacks
E. Clean desk and BYOD
F. Information security awareness
Answer: D,F
Explanation:
Managers/ i.e. executives in the company are concerned with more global issues in the organization, including enforcing security policies and procedures. Managers should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies. Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they are not trained to lookout for these attacks.
Q5. A technician wants to verify the authenticity of the system files of a potentially compromised system. Which of the following can the technician use to verify if a system file was compromised? (Select TWO).
A. AES
B. PGP
C. SHA
D. MD5
E. ECDHE
Answer: C,D
Explanation:
Q6. Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process?
A. TACACS+
B. Secure LDAP
C. RADIUS
D. Kerberos
Answer: D
Explanation:
The basic process of Kerberos authentication is as follows:
The subject provides logon credentials.
The Kerberos client system encrypts the password and transmits the protected credentials to the
KDC.
The KDC verifies the credentials and then creates a ticket-granting ticket (TGT—a hashed form of
the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is
encrypted and sent to the client.
The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos
realm.
The subject requests access to resources on a network server. This causes the client to request a
service ticket (ST) from the KDC.
The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST
includes a time stamp that indicates its valid lifetime.
The client receives the ST.
The client sends the ST to the network server that hosts the desired resource.
The network server verifies the ST. If it’s verified, it initiates a communication session with the
client. From this point forward, Kerberos is no longer involved.
Q7. An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?
A. Review past security incidents and their resolution
B. Rewrite the existing security policy
C. Implement an intrusion prevention system
D. Install honey pot systems
Answer: C
Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it
Q8. When reviewing a digital certificate for accuracy, which of the following would Matt, a security administrator, focus on to determine who affirms the identity of the certificate owner?
A. Trust models
B. CRL
C. CA
D. Recovery agent
Answer: C
Explanation:
A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. The CA affirms the identity of the certificate owner.
Q9. Which of the following authentication services uses a ticket granting system to provide access?
A. RADIUS
B. LDAP
C. TACACS+
D. Kerberos
Answer: D
Explanation:
The basic process of Kerberos authentication is as follows:
The subject provides logon credentials.
The Kerberos client system encrypts the password and transmits the protected credentials to the
KDC.
The KDC verifies the credentials and then creates a ticket-granting ticket (TGT—a hashed form of
the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is
encrypted and sent to the client.
The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos
realm.
The subject requests access to resources on a network server. This causes the client to request a
service ticket (ST) from the KDC.
The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST
includes a time stamp that indicates its valid lifetime.
The client receives the ST.
The client sends the ST to the network server that hosts the desired resource.
The network server verifies the ST. If it’s verified, it initiates a communication session with the
client. From this point forward, Kerberos is no longer involved.
Q10. A security engineer is asked by the company’s development team to recommend the most secure method for password storage.
Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO).
A. PBKDF2
B. MD5
C. SHA2
D. Bcrypt
E. AES
F. CHAP
Answer: A,D
Explanation:
A: PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5 v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.
D: bcrypt is a key derivation function for passwords based on the Blowfish cipher. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. The bcrypt function is the default password hash algorithm for BSD and many other systems.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex,
Indianapolis, 2014, pp 109-110, 139, 143, 250, 255-256, 256
- [2021-New] CompTIA 220-902 Dumps With Update Exam Questions (121-130)
- [2021-New] CompTIA SK0-004 Dumps With Update Exam Questions (131-136)
- [2021-New] CompTIA N10-006 Dumps With Update Exam Questions (71-80)
- [2021-New] CompTIA CAS-002 Dumps With Update Exam Questions (151-160)
- [2021-New] CompTIA 220-902 Dumps With Update Exam Questions (71-80)
- [2021-New] CompTIA 220-902 Dumps With Update Exam Questions (31-40)
- [2021-New] CompTIA CAS-002 Dumps With Update Exam Questions (6-15)
- Update CompTIA Advanced Security Practitioner (CASP) CAS-003 Samples
- [2021-New] CompTIA 220-902 Dumps With Update Exam Questions (1-10)
- Replace CompTIA Security+ Exam SY0-701 Free Demo