Real of sy0 401 pdf brain dumps materials and bootcamp for CompTIA certification for IT candidates, Real Success Guaranteed with Updated sy0 401 study guide pdf pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!
Q311. A security administrator at a company which implements key escrow and symmetric encryption only, needs to decrypt an employee's file. The employee refuses to provide the decryption key to the file. Which of the following can the administrator do to decrypt the file?
A. Use the employee's private key
B. Use the CA private key
C. Retrieve the encryption key
D. Use the recovery agent
Answer: C
Explanation:
Q312. A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS+. This type of implementation supports which of the following risk mitigation strategies?
A. User rights and permissions review
B. Change management
C. Data loss prevention
D. Implement procedures to prevent data theft
Answer: A
Explanation:
Terminal Access Controller Access-Control System (TACACS, and variations like XTACACS and TACACS+) is a client/server-oriented environment, and it operates in a manner similar to RADIUS. Furthermore TACACS+ allows for credential to be accepted from multiple methods. Thus you can perform user rights and permission reviews with TACACS+.
Q313. The security administrator at ABC company received the following log information from an external party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack?
A. A NIDS was used in place of a NIPS.
B. The log is not in UTC.
C. The external party uses a firewall.
D. ABC company uses PAT.
Answer: D
Explanation:
PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port number assignment. The log information shows the IP address, not the port number, making it impossible to pin point the exact source.
Q314. The security officer is preparing a read-only USB stick with a document of important personal phone numbers, vendor contacts, an MD5 program, and other tools to provide to employees. At which of the following points in an incident should the officer instruct employees to use this information?
A. Business Impact Analysis
B. First Responder
C. Damage and Loss Control
D. Contingency Planning
Answer: B
Explanation:
Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. In this scenario the security officer is carrying out an incident response measure that will address and be of benefit to those in the vanguard, i.e. the employees and they are the first responders.
Q315. Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices. A security administrator should perform which of the following before deploying new software?
A. Application white listing
B. Network penetration testing
C. Application hardening
D. Input fuzzing testing
Answer: C
Explanation:
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.
Q316. Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?
A. HTTPS
B. WEP
C. WPA
D. WPA 2
Answer: B
Explanation:
WEP offers no end-to-end TLS encryption.
The WEP process consists of a series of steps as follows:
The wireless client sends an authentication request.
The Access Point (AP) sends an authentication response containing clear-text (uh-oh!) challenge
text.
The client takes the challenge text received and encrypts it using a static WEP key.
The client sends the encrypted authentication packet to the AP.
The AP encrypts the challenge text using its own static WEP key and compares the result to the
authentication packet sent by the client. If the results match, the AP begins the association
process for the wireless client.
The big issue with WEP is the fact that it is very susceptible to a Man in the Middle attack. The
attacker captures the clear-text challenge and then the authentication packet reply. The attacker
then reverses the RC4 encryption in order to derive the static WEP key. Yikes!
As you might guess, the designers attempted to strengthen WEP using the approach of key
lengths. The native Windows client supported a 104-bit key as opposed to the initial 40-bit key.
The fundamental weaknesses in the WEP process still remained however.
Q317. A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?
A. Virtualization
B. Subnetting
C. IaaS
D. SaaS
Answer: A
Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.
Q318. Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits?
A. Botnet
B. Rootkit
C. Adware
D. Virus
Answer: C
Explanation:
Adware is free software that is supported by advertisements. Common adware programs are toolbars, games and utilities. They are free to use, but require you to watch advertisements as long as the programs are open. Adware typically requires an active Internet connection to run.
Q319. An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?
A. WEP
B. LEAP
C. EAP-TLS
D. TKIP
Answer: C
Explanation:
The majority of the EAP-TLS implementations require client-side X.509 certificates without giving the option to disable the requirement.
Q320. Which of the following is being tested when a company’s payroll server is powered off for eight hours?
A. Succession plan
B. Business impact document
C. Continuity of operations plan
D. Risk assessment plan
Answer: C
Explanation:
Continuity of operations plan is the effort to ensure the continued performance of critical business functions during a wide range of potential emergencies.