It is more faster and easier to pass the CompTIA comptia security+ get certified get ahead sy0 401 study guide exam by using Refined CompTIA CompTIA Security+ Certification questuins and answers. Immediate access to the Rebirth security+ sy0 401 Exam and find the same core area comptia security+ get certified get ahead sy0 401 study guide questions with professionally verified answers, then PASS your exam with a high score now.

P.S. Refined SY0-401 faq are available on Google Drive, GET MORE: https://drive.google.com/open?id=1725x6txe6_CCe14yNl1HAjULucSaec4_


New CompTIA SY0-401 Exam Dumps Collection (Question 8 - Question 17)

Q8. Which of the following algorithms has well documented collisions? (Select TWO).

A. AES

B. MD5

C. SHA

D. SHA-256

E. RSA

Answer: B,C

Explanation:

B: MD5 biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use.

C: SHA-1 (also known as SHA) is being retired from most government uses; the U.S. National Institute of Standards and Technology said, "Federal agencies should stop using SHA-1 for...applications that require collision resistance as soon as practical, and must use the SHA-2 family of hash functions for these applications after 2010", though that was later relaxed.

Note: The hashing algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.

Cryptographic hash functions are usually designed to be collision resistant. But many hash functions that were once thought to be collision resistant were later broken. MD5 and SHA- 1 in particular both have published techniques more efficient than brute force for finding collisions.


Q9. Which of the following concepts is used by digital signatures to ensure integrity of the data?

A. Non-repudiation

B. Hashing

C. Transport encryption

D. Key escrow

Answer: B

Explanation:

Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.


Q10. Which of the following is a concern when encrypting wireless data with WEP?

A. WEP displays the plain text entire key when wireless packet captures are reassembled

B. WEP implements weak initialization vectors for key transmission

C. WEP uses a very weak encryption algorithm

D. WEP allows for only four pre-shared keys to be configured

Answer: B

Explanation:

The initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers to crack the WEP secret key. This is known as an IV attack.


Q11. Connections using point-to-point protocol authenticate using which of the following? (Select TWO).

A. RIPEMD

B. PAP

C. CHAP

D. RC4

E. Kerberos

Answer: B,C

Explanation:

B: A password authentication protocol (PAP) is an authentication protocol that uses a password. PAP is used by Point to Point Protocol to validate users before allowing them access to server resources.

C: CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake.


Q12. Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?

A. ECC

B. RSA

C. SHA

D. 3DES

Answer: D

Explanation:

3DES would be less secure compared to ECC, but 3DES would require less computational power.

Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and itu2021s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).


Q13. Which of the following protocols provides transport security for virtual terminal emulation?

A. TLS

B. SSH

C. SCP

D. S/MIME

Answer: B

Explanation:

Secure Shell (SSH) is a tunneling protocol originally designed for Unix systems. It uses encryption to establish a secure connection between two systems. SSH also provides alternative, security-equivalent programs for such Unix standards as Telnet, FTP, and many other communications-oriented applications. SSH is available for use on Windows systems as well. This makes it the preferred method of security for Telnet and other cleartext oriented programs in the Unix environment.


Q14. Several employee accounts appear to have been cracked by an attacker. Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO).

A. Increase password complexity

B. Deploy an IDS to capture suspicious logins

C. Implement password history

D. Implement monitoring of logins

E. Implement password expiration

F. Increase password length

Answer: A,F

Explanation:

The more difficult a password is the more difficult it is to be cracked by an attacker. By increasing the password complexity you make it more difficult.

Passwords that are too short can easily be cracked. The more characters used in a password, combined with the increased complexity will mitigate password cracking attacks.


Q15. A security administrator is tackling issues related to authenticating users at a remote site. There have been a large number of security incidents that resulted from either tailgating or impersonation of authorized users with valid credentials. The security administrator has been told to implement multifactor authentication in order to control facility access. To secure access to the remote facility, which of the following could be implemented without increasing the amount of space required at the entrance?

A. MOTD challenge and PIN pad

B. Retina scanner and fingerprint reader

C. Voice recognition and one-time PIN token

D. One-time PIN token and proximity reader

Answer: C

Explanation:

Authentication systems or methods are based on one or more of these five factors: Something you know, such as a password or PIN

Something you have, such as a smart card, token, or identification device

Something you are, such as your fingerprints or retinal pattern (often called biometrics) Something you do, such as an action you must take to complete authentication Somewhere you are (this is based on geolocation)

Multifactor authentication is authentication that uses two of more of the authentication factors listed above.

In this question, we can use voice recognition (something you are) and a one-time PIN token (something you have) to provide two factors of authentication. The one-time PIN token is a small device that generates a one-time PIN to enable access.


Q16. A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used?

A. RADIUS

B. SAML

C. TACACS+

D. LDAP

Answer: D

Explanation:

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol):

dn: cn=John Doe,dc=example,dc=com cn: John Doe

givenName: John sn: Doe

telephoneNumber: +1 888 555 6789

telephoneNumber: +1 888 555 1232 mail: john@example.com

manager: cn=Barbara Doe,dc=example,dc=com objectClass: inetOrgPerson

objectClass: organizationalPerson objectClass: person

objectClass: top

"dn" is the distinguished name of the entry; it is neither an attribute nor a part of the entry. "cn=John Doe" is the entry's RDN (Relative Distinguished Name), and "dc=example,dc=com" is the DN of the parent entry, where "dc" denotes 'Domain Component'. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like "cn" for common name, "dc" for domain component, "mail" for e-mail address, and "sn" for surname.


Q17. A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files?

A. Integrity

B. Confidentiality

C. Steganography

D. Availability

Answer: C

Explanation:

Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.

Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.


Recommend!! Get the Refined SY0-401 dumps in VCE and PDF From Dumpscollection, Welcome to download: http://www.dumpscollection.net/dumps/SY0-401/ (New 1789 Q&As Version)