Consumers are absolve to opt for virtually any documentation checkups that they can think a good number of suitalbe privately, although they?¡¥d better not sign on earlier than these people view the objectives, the particular maket-oriented area and also valuation on the particular documentation, and not without knowing it properly go through tide. Probably the most critical factor would be to opt for documentation evaluation according to or you own specialities and developmental orientations. Such as, you are looking for circle and want to be a circle administrator, it is possible to opt for qualifications regarding microsoft MCP, MCSE, and Novells CNE, MCNE, and also Suns SCJP, etc; For anyone who is accomplished at repository, it is possible to use the checkups regarding documentation linked to repository, for example microsoft MCDBA as well as Oracle, Sybase, IBM. Apart from, you can also get a number of authentications with regards to the figure and picture, people today, who definitely are considering graphic design, web page making for example, may well look at them.

2021 Mar SY0-401 practice test

Q461. Jane, a security administrator, has been tasked with explaining authentication services to the company’s management team. The company runs an active directory infrastructure. Which of the following solutions BEST relates to the host authentication protocol within the company’s environment? 

A. Kerberos 

B. Least privilege 

C. TACACS+ 

D. LDAP 

Answer:

Explanation: 

Kerberos was accepted by Microsoft as the chosen authentication protocol for Windows 2000 and Active Directory domains that followed. 


Q462. Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO). 

A. Virtual switch 

B. NAT 

C. System partitioning 

D. Access-list 

E. Disable spanning tree 

F. VLAN 

Answer: A,F 

Explanation: 

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. A virtual switch is a software application that allows communication between virtual machines. A combination of the two would best satisfy the question. 


Q463. A CA is compromised and attacks start distributing maliciously signed software updates. Which of the following can be used to warn users about the malicious activity? 

A. Key escrow 

B. Private key verification 

C. Public key verification 

D. Certificate revocation list 

Answer:

Explanation: 

If we put the root certificate of the comprised CA in the CRL, users will know that this CA (and the certificates that it has issued) no longer can be trusted. The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release. 


Q464. A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements? 

A. OCSP 

B. PKI 

C. CA 

D. CRL 

Answer:

Explanation: 

A CRL is a locally stored record containing revoked certificates and revoked keys. 


Q465. Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks? 

A. Malicious logic 

B. Cross-site scripting 

C. SQL injection 

D. Buffer overflow 

Answer:

Explanation: 


Updated SY0-401 vce:

Q466. Which of the following should a company implement to BEST mitigate from zero-day malicious code executing on employees' computers? 

A. Least privilege accounts 

B. Host-based firewalls 

C. Intrusion Detection Systems 

D. Application white listing 

Answer:

Explanation: 


Q467. An organization is implementing a password management application which requires that all local administrator passwords be stored and automatically managed. Auditors will be responsible for monitoring activities in the application by reviewing the logs. Which of the following security controls is the BEST option to prevent auditors from accessing or modifying passwords in the application? 

A. Time of day restrictions 

B. Create user accounts for the auditors and assign read-only access 

C. Mandatory access control 

D. Role-based access with read-only 

Answer:

Explanation: 


Q468. Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption? 

A. AES 

B. Blowfish 

C. RC5 

D. 3DES 

Answer:

Explanation: 

Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). 


Q469. A password history value of three means which of the following? 

A. Three different passwords are used before one can be reused. 

B. A password cannot be reused once changed for three years. 

C. After three hours a password must be re-entered to continue. 

D. The server stores passwords in the database for three days. 

Answer:

Explanation: 

Password History defines the number of unique new passwords a user must use before an old password can be reused. 


Q470. Which of the following is BEST carried out immediately after a security breach is discovered? 

A. Risk transference 

B. Access control revalidation 

C. Change management 

D. Incident management 

Answer:

Explanation: 

Incident management is the steps followed when security incident occurs.