It is impossible to pass CompTIA SY0-401 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed CompTIA SY0-401 practice questions. You will get a surprising result by our Refresh CompTIA Security+ Certification practice guides.

2021 Nov SY0-401 dumps

Q171. Which of the following types of trust models is used by a PKI? 

A. Transitive 

B. Open source 

C. Decentralized 

D. Centralized 

Answer:

Explanation: 

PKI uses a centralized trust model. In a simple PKI a single centralized certification authority (CA). 

In a hierarchical trust model the root CA is the center of the model, with subordinate CAs lower in 

the hierarchy. 

Note: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and 

procedures needed to create, manage, distribute, use, store, and revoke digital certificates. 

A trust Model is collection of rules that informs application on how to decide the legitimacy of a 

Digital Certificate. 

Topic 7 


Q172. A company requires that a user’s credentials include providing something they know and something they are in order to gain access to the network. Which of the following types of authentication is being described? 

A. Biometrics 

B. Kerberos 

C. Token 

D. Two-factor 

Answer:

Explanation: Two-factor authentication is when two different authentication factors are provided for authentication purposes. In this case, “something they know and something they are”. 


Q173. Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this? 

A. Hoax 

B. Phishing 

C. Vishing 

D. Whaling 

Answer:

Explanation: 

Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone. The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to "verify identity" or to "ensure that fraud does not occur." If the attack is carried out by telephone, caller ID spoofing can cause the victim's set to indicate a legitimate source, such as a bank or a government agency. 

Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many legitimate customer services, vishing scams are often outsourced to other countries, which may render sovereign law enforcement powerless. 

Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal activity, no matter what the medium or apparent source. Rather than calling a number given in any unsolicited message, a consumer should directly call the institution named, using a number that is known to be valid, to verify all recent activity and to ensure that the account information has not been tampered with. 


Q174. Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret? 

A. RIPEMD 

B. MD5 

C. SHA 

D. HMAC 

Answer:

Explanation: 

HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key. The hashing function provides data integrity, while the symmetric key provides authenticity. 


Q175. Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this? 

A. Disable default SSID broadcasting. 

B. Use WPA instead of WEP encryption. 

C. Lower the access point’s power settings. 

D. Implement MAC filtering on the access point. 

Answer:

Explanation: 

If MAC filtering is turned off, any wireless client that knows the values looked for (MAC addresses) can join the network. When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with users’ computers and enters those addresses. When a client attempts to connect and other values have been correctly entered, an additional check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is forbidden from doing so. 


Regenerate SY0-401 vce:

Q176. Which of the following can be used by a security administrator to successfully recover a user’s forgotten password on a password protected file? 

A. Cognitive password 

B. Password sniffing 

C. Brute force 

D. Social engineering 

Answer:

Explanation: 

One way to recover a user’s forgotten password on a password protected file is to guess it. A brute force attack is an automated attempt to open the file by using many different passwords. 

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security. A brute force attack may also be referred to as brute force cracking. For example, a form of brute force attack known as a dictionary attack might try all the words in a dictionary. Other forms of brute force attack might try commonly-used passwords or combinations of letters and numbers. An attack of this nature can be time- and resource-consuming. Hence the name "brute force attack;" success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm. 


Q177. Which of the following is a notification that an unusual condition exists and should be investigated? 

A. Alert 

B. Trend 

C. Alarm 

D. Trap 

Answer:

Explanation: 

We need to look carefully at the wording of the question to determine the answer. This question is asking about an “unusual condition” that should be investigated. There are different levels of alerts from Critical to Warning to Information only. An Alarm would be triggered by a serious definite problem that needs resolving urgently. An “unusual condition” probably wouldn’t trigger an alarm; it is more likely to trigger an Alert. 


Q178. A CRL is comprised of. 

A. Malicious IP addresses. 

B. Trusted CA’s. 

C. Untrusted private keys. 

D. Public keys. 

Answer:

Explanation: 

A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or 

key. 

By checking the CRL you can check if a particular certificate has been revoked. 

The certificates for which a CRL should be maintained are often X.509/public key certificates, as 

this format is commonly used by PKI schemes. 


Q179. Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations? 

A. Subnetting 

B. NAT 

C. Jabber 

D. DMZ 

Answer:

Explanation: 

Jabber is a new unified communications application and could possible expose you to attackers that want to capture conversations because Jabber provides a single interface across presence, instant messaging, voice, video messaging, desktop sharing and conferencing. 


Q180. A system administrator is responding to a legal order to turn over all logs from all company servers. The system administrator records the system time of all servers to ensure that: 

A. HDD hashes are accurate. 

B. the NTP server works properly. 

C. chain of custody is preserved. 

D. time offset can be calculated. 

Answer:

Explanation: 

It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as well. Since a forensic investigation is usually dependent on a step-by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system.