SY0-401 Exam
Rebirth SY0-401: Exambible real resource from 161 to 170
Exact of SY0-401 practice exam materials and class for CompTIA certification for IT learners, Real Success Guaranteed with Updated SY0-401 pdf dumps vce Materials. 100% PASS CompTIA Security+ Certification exam Today!
2021 Mar SY0-401 exam engine
Q161. A large corporation has data centers geographically distributed across multiple continents. The company needs to securely transfer large amounts of data between the data center. The data transfer can be accomplished physically or electronically, but must prevent eavesdropping while the data is on transit. Which of the following represents the BEST cryptographic solution?
A. Driving a van full of Micro SD cards from data center to data center to transfer data
B. Exchanging VPN keys between each data center via an SSL connection and transferring the data in the VPN
C. Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN
D. Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server
Answer: B
Explanation:
A virtual private network (VPN) is an encrypted communication tunnel that connects two systems over an untrusted network, such as the Internet. They provide security for both authentication and data transmission through a process called encapsulation. Secure Sockets Layer (SSL) can be used to exchange the VPN keys securely. SSL is used to establish secure TCP communication between two machines by encrypting the communication.
Q162. The system administrator is reviewing the following logs from the company web server:
12:34:56 GET /directory_listing.php?user=admin&pass=admin1
12:34:57 GET /directory_listing.php?user=admin&pass=admin2
12:34:58 GET /directory_listing.php?user=admin&pass=1admin
12:34:59
GET /directory_listing.php?user=admin&pass=2admin Which of the following is this an example of?
A. Online rainbow table attack
B. Offline brute force attack
C. Offline dictionary attack
D. Online hybrid attack
Answer: D
Explanation:
Q163. Which of the following is a step in deploying a WPA2-Enterprise wireless network?
A. Install a token on the authentication server
B. Install a DHCP server on the authentication server
C. Install an encryption key on the authentication server
D. Install a digital certificate on the authentication server
Answer: D
Explanation:
When setting up a wireless network, you’ll find two very different modes of Wi-Fi Protected Access (WPA) security, which apply to both the WPA and WPA2 versions. The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK) mode. It doesn’t require anything beyond the wireless router or access points (APs) and uses a single passphrase or password for all users/devices. The other is the Enterprise mode —which should be used by businesses and organizations—and
is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides better security and key
management, and supports other enterprise-type functionality, such as VLANs and NAP.
However, it requires an external authentication server, called a Remote Authentication Dial In User
Service (RADIUS) server to handle the 802.1X authentication of users.
To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X,
here’s the basic overall steps:
Choose, install, and configure a RADIUS server, or use a hosted service.
Create a certificate authority (CA), so you can issue and install a digital certificate onto the
RADIUS server, which may be done as a part of the RADIUS server installation and configuration.
Alternatively, you could purchase a digital certificate from a public CA, such as GoDaddy or
Verisign, so you don’t have to install the server certificate on all the clients. If using EAP-TLS,
you’d also create digital certificates for each end-user.
On the server, populate the RADIUS client database with the IP address and shared secret for
each AP.
On the server, populate user data with usernames and passwords for each end-user.
On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server IP
address and the shared secret you created for that particular AP.
On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and set the
802.1X authentication settings.
Q164. Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data?
A. Social networking use training
B. Personally owned device policy training
C. Tailgating awareness policy training
D. Information classification training
Answer: D
Explanation:
Information classification is done by confidentiality and comprises of three categories, namely: public use, internal use and restricted use. Knowing these categories and how to handle data according to its category is essential in protecting the confidentiality of the data.
Q165. Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?
A. Malicious code on the local system
B. Shoulder surfing
C. Brute force certificate cracking
D. Distributed dictionary attacks
Answer: A
Explanation:
Once a user authenticates to a remote server, malicious code on the user’s workstation could then infect the server.
Renovate SY0-401 exam cost:
Q166. An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used?
A. Routing
B. DMZ
C. VLAN
D. NAT
Answer: C
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.
Q167. Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password?
A. Authentication server
B. Server certificate
C. Key length
D. EAP method
Answer: C
Explanation:
Key length is the main issue of concern since the wireless network uses a shared password. With risks of shared passwords makes the length of the password a crucial factor to risk mitigation.
Q168. A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?
A. Spoof the MAC address of an observed wireless network client
B. Ping the access point to discover the SSID of the network
C. Perform a dictionary attack on the access point to enumerate the WEP key
D. Capture client to access point disassociation packets to replay on the local PC’s loopback
Answer: A
Explanation:
With ARP spoofing (also known as ARP poisoning), the MAC (Media Access Control) address of the data is faked. By faking this value, it is possible to make it look as if the data came from a network that it did not. This can be used to gain access to the network, to fool the router into sending data here that was intended for another host, or to launch a DoS attack. In all cases, the address being faked is an address of a legitimate user, and that makes it possible to get around such measures as allow/deny lists. Note: As an example, the initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers to crack the WEP secret key. This is known as an IV attack.
Q169. Which of the following protocols is used to validate whether trust is in place and accurate by returning responses of either "good", "unknown", or "revoked"?
A. CRL
B. PKI
C. OCSP
D. RA
Answer: C
Explanation:
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'. If it cannot process the request, it may return an error code.
Q170. Which of the following can hide confidential or malicious data in the whitespace of other files (e.g. JPEGs)?
A. Hashing
B. Transport encryption
C. Digital signatures
D. Steganography
Answer: D
Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.