It is more faster and easier to pass the CompTIA sy0 401 braindump exam by using Practical CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Up to date comptia security+ study guide sy0 401 Exam and find the same core area sy0 401 dump questions with professionally verified answers, then PASS your exam with a high score now.

P.S. Practical SY0-401 torrent are available on Google Drive, GET MORE: https://drive.google.com/open?id=1CtCHpKjwDjtpc6kyJ3kqeuSfo4sAV0NU


New CompTIA SY0-401 Exam Dumps Collection (Question 9 - Question 18)

Question No: 9

During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?

A. Account recovery

B. Account disablement

C. Account lockouts

D. Account expiration

Answer: B

Explanation:

Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account.


Question No: 10

A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISOu2019s requirements?

A. Username and password

B. Retina scan and fingerprint scan

C. USB token and PIN

D. Proximity badge and token

Answer: C

Explanation:

Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories:

knowledge factors ("things only the user knows"), such as passwords possession factors ("things only the user has"), such as ATM cards inherence factors ("things only the user is"), such as biometrics

In this question, a USB token is a possession factor (something the user has) and a PIN is a knowledge factor (something the user knows).


Question No: 11

All of the following are valid cryptographic hash functions EXCEPT:

A. RIPEMD.

B. RC4.

C. SHA-512.

D. MD4.

Answer: B

Explanation:

RC4 is not a hash function. RC4 is popular with wireless and WEP/WPA encryption.


Question No: 12

A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts?

A. Implement Group Policy to add the account to the users group on the hosts

B. Add the account to the Domain Administrator group

C. Add the account to the Users group on the hosts

D. Implement Group Policy to add the account to the Power Users group on the hosts.

Answer: A

Explanation:

Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). This means that if the GPO is linked to the domain, all Users groups in the domain will include the service account.


Question No: 13

Which of the following common access control models is commonly used on systems to ensure a "need to know" based on classification levels?

A. Role Based Access Controls

B. Mandatory Access Controls

C. Discretionary Access Controls

D. Access Control List

Answer: B

Explanation:

Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security restriction where some objects are restricted unless the subject has a need to know them.


Question No: 14

A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password?

A. Annu2019s user account has administrator privileges.

B. Joeu2019s user account was not added to the group policy.

C. Annu2019s user account was not added to the group policy.

D. Joeu2019s user account was inadvertently disabled and must be re-created.

Answer: C

Explanation:

Group policy is used to manage Windows systems in a Windows network domain

environment by means of a Group Policy Object (GPO). GPOu2019s include a number of settings related to credentials, which includes password expiration. Because Anne was not prompted to change her password, it could only mean that her user account was not added to the group policy.


Question No: 15

A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this?

A. Multi-factor authentication

B. Smart card access

C. Same Sign-On

D. Single Sign-On

Answer: D

Explanation:

Single sign-on means that once a user (or other subject) is authenticated into a realm, re- authentication is not required for access to resources on any realm entity. Single sign-on is able to internally translate and store credentials for the various mechanisms, from the credential used for original authentication.


Question No: 16

A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used?

A. RADIUS

B. SAML

C. TACACS+

D. LDAP

Answer: D

Explanation:

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol):

dn: cn=John Doe,dc=example,dc=com cn: John Doe

givenName: John sn: Doe

telephoneNumber: +1 888 555 6789

telephoneNumber: +1 888 555 1232 mail: john@example.com

manager: cn=Barbara Doe,dc=example,dc=com objectClass: inetOrgPerson

objectClass: organizationalPerson objectClass: person

objectClass: top

"dn" is the distinguished name of the entry; it is neither an attribute nor a part of the entry. "cn=John Doe" is the entry's RDN (Relative Distinguished Name), and "dc=example,dc=com" is the DN of the parent entry, where "dc" denotes 'Domain Component'. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like "cn" for common name, "dc" for domain component, "mail" for e-mail address, and "sn" for surname.


Question No: 17

Joe, a network administrator, is able to manage the backup software console by using his network login credentials. Which of the following authentication services is the MOST likely using?

A. SAML

B. LDAP

C. iSCSI

D. Two-factor authentication

Answer: B

Explanation:

Joe is able to manage the backup system by logging into the network. This is an example of Single Sign-on.

A common usage of LDAP is to provide a "single sign on" where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.


Question No: 18

RADIUS provides which of the following?

A. Authentication, Authorization, Availability

B. Authentication, Authorization, Auditing

C. Authentication, Accounting, Auditing

D. Authentication, Authorization, Accounting

Answer: D

Explanation:

The Remote Authentication Dial In User Service (RADIUS) networking protocol offers centralized Authentication, Authorization, and Accounting (AAA) management for users who make use of a network service. It is for this reason that A, B, and C: are incorrect.

References: http://en.wikipedia.org/wiki/RADIUS


P.S. Easily pass SY0-401 Exam with Allfreedumps Practical Dumps & pdf vce, Try Free: https://www.allfreedumps.com/SY0-401-dumps.html (1781 New Questions)