Our professionals help to make the CompTIA SY0-401 exam questions and also answers understandable and undemanding. It?¡¥s a perfect approach to prepare to your SY0-401 exam. All the CompTIA CompTIA SY0-401 exam braindumps retain pace with all the latest CompTIA certification exam syllabus. All of us update the Pdf demos regularly and keep them up-to-date. All of us promise that you can be capable to pass the CompTIA CompTIA real exam with the assist of our own products. Otherwise, you can claim the particular full money back. 100% promise! For further information with regards to CompTIA SY0-401 exam or our own exam products, please get in touch with our client support. Or email to support@Exambible.internet. You will have a satisfied answer.
2021 Dec SY0-401 test
Q491. A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?
A. Remove all previous smart card certificates from the local certificate store.
B. Publish the new certificates to the global address list.
C. Make the certificates available to the operating system.
D. Recover the previous smart card certificates.
Answer: B
Explanation:
CAs can be either private or public, with VeriSign being one of the best known of the public variety. Many operating system providers allow their systems to be configured as CA systems.
These CA systems can be used to generate internal certificates that are used within a business or in large external settings. The process provides certificates to the users. Since the user in question has been re-issued a smart card, the user must receive a new certificate by the CA to allow the user to send digitally signed email. This is achieved by publishing the new certificates to the global address list.
Q492. A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?
A. Spoof the MAC address of an observed wireless network client
B. Ping the access point to discover the SSID of the network
C. Perform a dictionary attack on the access point to enumerate the WEP key
D. Capture client to access point disassociation packets to replay on the local PC’s loopback
Answer: A
Explanation:
With ARP spoofing (also known as ARP poisoning), the MAC (Media Access Control) address of the data is faked. By faking this value, it is possible to make it look as if the data came from a network that it did not. This can be used to gain access to the network, to fool the router into sending data here that was intended for another host, or to launch a DoS attack. In all cases, the address being faked is an address of a legitimate user, and that makes it possible to get around such measures as allow/deny lists. Note: As an example, the initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers to crack the WEP secret key. This is known as an IV attack.
Q493. Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts?
A. Two factor authentication
B. Identification and authorization
C. Single sign-on
D. Single factor authentication
Answer: A
Explanation:
Two-factor authentication is when two different authentication factors are provided for
authentication purposes.
Speaking (Voice) – something they are.
Passphrase – something they know.
Q494. Which of the following is the term for a fix for a known software problem?
A. Skiff
B. Patch
C. Slipstream
D. Upgrade
Answer: B
Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems from newly discovered attacks and vulnerabilities.
Q495. Joe, an administrator, installs a web server on the Internet that performs credit card transactions for customer payments. Joe also sets up a second web server that looks like the first web server.
However, the second server contains fabricated files and folders made to look like payments were processed on this server but really were not. Which of the following is the second server?
A. DMZ
B. Honeynet
C. VLAN
D. Honeypot
Answer: D
Explanation:
In this scenario, the second web server is a ‘fake’ webserver designed to attract attacks. We can then monitor the second server to view the attacks and then ensure that the ‘real’ web server is secure against such attacks. The second web server is a honeypot.
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning
where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are
potentially invulnerable to future hackers.
There are two main types of honeypots:
Production - A production honeypot is one used within an organization's environment to help
mitigate risk.
Research – A research honeypot add value to research in computer security by providing a
platform to study the threat.
Latest SY0-401 exam answers:
Q496. After entering the following information into a SOHO wireless router, a mobile device’s user reports being unable to connect to the network:
PERMIT 0A: D1: FA. B1: 03: 37
DENY 01: 33: 7F: AB: 10: AB
Which of the following is preventing the device from connecting?
A. WPA2-PSK requires a supplicant on the mobile device.
B. Hardware address filtering is blocking the device.
C. TCP/IP Port filtering has been implemented on the SOHO router.
D. IP address filtering has disabled the device from connecting.
Answer: B
Explanation:
MAC filtering allows you to include or exclude computers and devices based on their MAC address.
Q497. Which of the following should a security technician implement to identify untrusted certificates?
A. CA
B. PKI
C. CRL
D. Recovery agent
Answer: C
Explanation:
Untrusted certificates and keys are revoked and put into the CRL. Note: The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included.
Q498. Which of the following concepts is used by digital signatures to ensure integrity of the data?
A. Non-repudiation
B. Hashing
C. Transport encryption
D. Key escrow
Answer: B
Explanation:
Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.
Q499. Human Resources suspect an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place?
A. Shared accounts should be prohibited.
B. Account lockout should be enabled
C. Privileges should be assigned to groups rather than individuals
D. Time of day restrictions should be in use
Answer: A
Explanation:
Since distinguishing between the actions of one person and another isn’t possible if they both use a shared account, shared accounts should not be allowed. If shared accounts are being used, the administrator will find the account, but have more than one suspect. To nullify this occurrence, Shared accounts should be prohibited.
Q500. During a routine audit a web server is flagged for allowing the use of weak ciphers. Which of the following should be disabled to mitigate this risk? (Select TWO).
A. SSL 1.0
B. RC4
C. SSL 3.0
D. AES
E. DES
F. TLS 1.0
Answer: A,E
Explanation:
TLS 1.0 and SSL 1.0 both have known vulnerabilities and have been replaced by later versions. Any systems running these ciphers should have them disabled. Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication Netscape developed the original SSL protocol. Version 1.0 was never publicly released because of serious security flaws in the protocol; version 2.0, released in February 1995, "contained a number of security flaws which ultimately led to the design of SSL version 3.0”. TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0. As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0". TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security. TLS 1.1 and then TLS 1.2 were created to replace TLS 1.0.