[Free] 2018(Apr) EnsurePass Braindumps CompTIA SY0-401 Dumps with VCE and PDF 861-870

Ensurepass.com : Ensure you pass the IT Exams
2018 Apr CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 861 – (Topic 5)

The fundamental information security principals include confidentiality, availability and which of the following?

  1. The ability to secure data against unauthorized disclosure to external sources

  2. The capacity of a system to resist unauthorized changes to stored information

  3. The confidence with which a system can attest to the identity of a user

  4. The characteristic of a system to provide uninterrupted service to authorized users

Answer: B

Explanation: Confidentiality, integrity, and availability, which make up the CIA triad, are the three most important concepts in security. In this instance, the answer describes the Integrity part of the CIA triad.

Question No: 862 – (Topic 5)

Which of the following protocols uses TCP instead of UDP and is incompatible with all previous versions?





Answer: D Explanation:

TACACS is not compatible with TACACS and XTACACS, and makes use of TCP.

Question No: 863 – (Topic 5)

During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?

  1. Account recovery

  2. Account disablement

  3. Account lockouts

  4. Account expiration

Answer: B Explanation:

Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account.

Question No: 864 – (Topic 5)

Which of the following relies on the use of shared secrets to protect communication?


  2. Kerberos

  3. PKI

  4. LDAP

Answer: A Explanation:

Obfuscated passwords are transmitted by the RADIUS protocol via a shared secret and the MD5 hashing algorithm.

Question No: 865 – (Topic 5)

The security manager wants to unify the storage of credential, phone numbers, office numbers, and address information into one system. Which of the following is a system that will support the requirement on its own?

  1. LDAP

  2. SAML



Answer: A Explanation:

A ‘directory’ contains information about users.

The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories.

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

Question No: 866 – (Topic 5)

A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?



  3. Kerberos

  4. LDAP

Answer: B Explanation:

TACACS makes use of TCP port 49 by default.

Question No: 867 – (Topic 5)

Employee badges are encoded with a private encryption key and specific personal information.

The encoding is then used to provide access to the network. Which of the following describes this access control type?

  1. Smartcard

  2. Token

  3. Discretionary access control

  4. Mandatory access control

Answer: A Explanation:

Smart cards are credit-card-sized IDs, badges, or security passes with an embedded integrated circuit chip that can include data regarding the authorized bearer. This data can then be used for identification and/or authentication purposes.

Question No: 868 – (Topic 5)

A recent audit of a company’s identity management system shows that 30% of active accounts belong to people no longer with the firm. Which of the following should be performed to help avoid this scenario? (Select TWO).

  1. Automatically disable accounts that have not been utilized for at least 10 days.

  2. Utilize automated provisioning and de-provisioning processes where possible.

  3. Request that employees provide a list of systems that they have access to prior to leaving the firm.

  4. Perform regular user account review / revalidation process.

  5. Implement a process where new account creations require management approval.

Answer: B,D Explanation:

Provisioning and de-provisioning processes can occur manually or automatically. Since the manual processes are so time consuming, the automated option should be used as it is more efficient. Revalidating user accounts would determine which users are no longer active.

Question No: 869 – (Topic 5)

An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO).

  1. Length of password

  2. Password history

  3. Minimum password age

  4. Password expiration

  5. Password complexity

  6. Non-dictionary words

Answer: B,C Explanation:

In this question, users are forced to change their passwords every six weeks. However, they are able to change their password and enter the same password as the new password.

Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a user from changing his password to any of his previous 5 passwords.

When a user is forced to change his password due to a maximum password age period expiring, (the question states that the network requires that the passwords be changed

every six weeks) he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the same password for at least 30 days.

Question No: 870 – (Topic 5)

Jane, a security administrator, needs to implement a secure wireless authentication method that uses a remote RADIUS server for authentication.

Which of the following is an authentication method Jane should use?

  1. WPA2-PSK

  2. WEP-PSK

  3. CCMP

  4. LEAP

Answer: D Explanation:

A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access.

The Lightweight Extensible Authentication Protocol (LEAP) is a proprietary wireless LAN authentication method developed by Cisco Systems. Important features of LEAP are dynamic WEP keys and mutual authentication (between a wireless client and a RADIUS server). LEAP allows for clients to reauthenticate frequently; upon each successful authentication, the clients acquire a new WEP key (with the hope that the WEP keys don#39;t live long enough to be cracked). LEAP may be configured to use TKIP instead of dynamic WEP.

100% Ensurepass Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply