How to pass security+ sy0 401 in May 2017
Want to know Testking sy0 401 study guide pdf Exam practice test features? Want to lear more about CompTIA CompTIA Security+ Certification certification experience? Study Guaranteed CompTIA sy0 401 practice test answers to Updated security+ sy0 401 questions at Testking. Gat a success with an absolute guarantee to pass CompTIA comptia security+ study guide sy0 401 (CompTIA Security+ Certification) test on your first attempt.
Q621. According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.
Q622. Which of the following pseudocodes can be used to handle program exceptions?
A. If program detects another instance of itself, then kill program instance.
B. If user enters invalid input, then restart program.
C. If program module crashes, then restart program module.
D. If user’s input exceeds buffer length, then truncate the input.
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture all errors and exceptions that could cause the application or its modules to crash. Restarting the application or module would ensure that the application reverts back to a secure state.
Q623. Which of the following is used to certify intermediate authorities in a large PKI deployment?
A. Root CA
B. Recovery agent
C. Root user
D. Key escrow
The root CA certifies other certification authorities to publish and manage certificates within the organization. In a hierarchical trust model, also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that aren’t. This arrangement allows a high level of control at all levels of the hierarchical tree. .
Q624. Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens?
ACACS allows a client to accept a username and password and send a query to a TACACS authentication server. It would determine whether to accept or deny the authentication request and send a response back. The TIP would then allow access or not based upon the response, not tokens.
Q625. A security administrator at a company which implements key escrow and symmetric encryption only, needs to decrypt an employee's file. The employee refuses to provide the decryption key to the file. Which of the following can the administrator do to decrypt the file?
A. Use the employee's private key
B. Use the CA private key
C. Retrieve the encryption key
D. Use the recovery agent
Q626. Which of the following MUST be updated immediately when an employee is terminated to prevent unauthorized access?
D. Recovery agent
Certificates or keys for the terminated employee should be put in the CRL.
A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or
By checking the CRL you can check if a particular certificate has been revoked.
Q627. Encryption used by RADIUS is BEST described as:
B. Elliptical curve
The RADIUS server uses a symmetric encryption method.
Note: Symmetric algorithms require both ends of an encrypted message to have the same key and
processing algorithms. Symmetric algorithms generate a secret key that must be protected.
Q628. Which of the following symmetric key algorithms are examples of block ciphers? (Select THREE).
B: Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.
C: Advanced Encryption Standard (AES) is a block cipher that has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is the current product used by U.S. governmental agencies.
F: Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds.
Q629. Which of the following concepts is used by digital signatures to ensure integrity of the data?
C. Transport encryption
D. Key escrow
Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.
Q630. A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?
Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud.