we provide Tested CompTIA sy0 401 study guide pdf torrent which are the best for clearing sy0 401 practice exam test, and to get certified by CompTIA CompTIA Security+ Certification. The comptia security+ sy0 401 Questions & Answers covers all the knowledge points of the real sy0 401 practice test exam. Crack your CompTIA comptia security+ sy0 401 Exam with latest dumps, guaranteed!

Q231. Which of the following types of authentication solutions use tickets to provide access to various resources from a central location? 

A. Biometrics 

B. PKI 

C. ACLs 

D. Kerberos 

Answer:

Explanation: 

The basic process of Kerberos authentication is as follows: 

The subject provides logon credentials. 

The Kerberos client system encrypts the password and transmits the protected credentials to the 

KDC. 

The KDC verifies the credentials and then creates a ticket-granting ticket (TGT—a hashed form of 

the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is 

encrypted and sent to the client. 

The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos 

realm. 

The subject requests access to resources on a network server. This causes the client to request a 

service ticket (ST) from the KDC. 

The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST 

includes a time stamp that indicates its valid lifetime. 

The client receives the ST. 

The client sends the ST to the network server that hosts the desired resource. 

The network server verifies the ST. If it’s verified, it initiates a communication session with the 

client. From this point forward, Kerberos is no longer involved. 


Q232. Which of the following BEST describes the type of attack that is occurring? 

A. Smurf Attack 

B. Man in the middle 

C. Backdoor 

D. Replay 

E. Spear Phishing 

F. Xmas Attack 

G. Blue Jacking 

H. Ping of Death 

Answer:

Explanation: 

The exhibit shows that all the computers on the network are being ‘pinged’. This indicates that the ping request was sent to the network broadcast address. We can also see that all the replies were received by one (probably with a spoofed address) host on the network. This is typical of a smurf attack. 

A smurf attack is a type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker's victim. All the hosts receiving the PING request reply to this victim's address instead of the real sender's address. A single attacker sending hundreds or thousands of these PING messages per second can fill the victim's T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees. Smurfing falls under the general category of Denial of Service attacks -- security attacks that don't try to steal information, but instead attempt to disable a computer or network. 


Q233. In order to secure additional budget, a security manager wants to quantify the financial impact of a one-time compromise. Which of the following is MOST important to the security manager? 

A. Impact 

B. SLE 

C. ALE 

D. ARO 

Answer:

Explanation: 


Q234. An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation? 

A. Testing controls 

B. Risk assessment 

C. Signed AUP 

D. Routine audits 

Answer:

Explanation: 


Q235. Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host? 

A. TCP port 443 and IP protocol 46 

B. TCP port 80 and TCP port 443 

C. TCP port 80 and ICMP 

D. TCP port 443 and SNMP 

Answer:

Explanation: 

HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall. 


Q236. Which of the following identifies certificates that have been compromised or suspected of being compromised? 

A. Certificate revocation list 

B. Access control list 

C. Key escrow registry 

D. Certificate authority 

Answer:

Explanation: 

Certificates that have been compromised or are suspected of being compromised are revoked. A CRL is a locally stored record containing revoked certificates and revoked keys. 


Q237. During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required? 

A. Conditional rules under which certain systems may be accessed 

B. Matrix of job titles with required access privileges 

C. Clearance levels of all company personnel 

D. Normal hours of business operation 

Answer:

Explanation: 

Role-based access control is a model where access to resources is determines by job role rather than by user account. 

Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer-system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department. 

To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role. 


Q238. A user has forgotten their account password. Which of the following is the BEST recovery strategy? 

A. Upgrade the authentication system to use biometrics instead. 

B. Temporarily disable password complexity requirements. 

C. Set a temporary password that expires upon first use. 

D. Retrieve the user password from the credentials database. 

Answer:

Explanation: 

Since a user’s password isn’t stored on most operating systems (only a hash value is kept), most operating systems allow the administrator to change the value for a user who has forgotten theirs. This new value allows the user to log in and then immediately change it to another value that they can (ideally) remember. Also setting a temporary password to expire upon first use will not allow a hacker the opportunity or time to use it. 


Q239. A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request? 

A. Enforce Kerberos 

B. Deploy smart cards 

C. Time of day restrictions 

D. Access control lists 

Answer:

Explanation: Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours. 


Q240. Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network? 

A. Cross-platform compatibility issues between personal devices and server-based applications 

B. Lack of controls in place to ensure that the devices have the latest system patches and signature files 

C. Non-corporate devices are more difficult to locate when a user is terminated 

D. Non-purchased or leased equipment may cause failure during the audits of company-owned assets 

Answer:

Explanation: 

With employees who want to bring their own devices you will have to make them understand why they cannot. You do not want them plugging in a flash drive, let alone a camera, smartphone, tablet computer, or other device, on which company fi les could get intermingled with personal files. Allowing this to happen can create situations where data can leave the building that shouldn’t as well as introduce malware to the system. Employees should not sync unauthorized smartphones to their work systems. Some smartphones use multiple wireless spectrums and unwittingly open up the possibility for an attacker in the parking lot to gain access through the phone to the internal network. Thus if you do not have controls in place then your network is definitely at risk.