★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/SY0-401-dumps.html


Q81. Which of the following is the BEST reason for placing a password lock on a mobile device? 

A. Prevents an unauthorized user from accessing owner's data 

B. Enables remote wipe capabilities 

C. Stops an unauthorized user from using the device again 

D. Prevents an unauthorized user from making phone calls 

Answer:

Explanation: 


Q82. A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage? 

A. Biometrics 

B. Mandatory access control 

C. Single sign-on 

D. Role-based access control 

Answer:

Explanation: 

This question is asking about “authorization”, not authentication. 

Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications. 

MAC can also be deployed in private sector or corporate business environments. Such cases typically involve the following four security domain levels (in order from least sensitive to most sensitive): 

Public Sensitive Private Confidential 

A MAC environment works by assigning subjects a clearance level and assigning objects a sensitivity label—in other words, everything is assigned a classification marker. Subjects or users are assigned clearance levels. The name of the clearance level is the same as the name of the sensitivity label assigned to objects or resources. A person (or other subject, such as a program or a computer system) must have the same or greater assigned clearance level as the resources they wish to access. In this manner, access is granted or restricted based on the rules of classification (that is, sensitivity labels and clearance levels). MAC is named as it is because the access control it imposes on an environment is mandatory. Its assigned classifications and the resulting granting and restriction of access can’t be altered by users. Instead, the rules that define the environment and judge the assignment of sensitivity labels and clearance levels control authorization. MAC isn’t a very granularly controlled security environment. An improvement to MAC includes the use of need to know: a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but they’re compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain). The need to know is a rule in and of itself, which states that access is granted only to users who have been assigned work tasks that require access to the cordoned-off object. Even if users have the proper level of clearance, without need to know, they’re denied access. Need to know is the MAC equivalent of the principle of least privilege from DAC 


Q83. A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed? 

A. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP 

B. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS 

C. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS 

D. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS 

Answer:

Explanation: 

The question states that traffic on port 21, 69, 80, and 137-139 is blocked, while ports 22 and 443 are allowed. 

Port 21 is used for FTP by default. 

Port 69 is used for TFTP. 

Port 80 is used for HTTP. 

Ports 137-139 are used for NetBIOS. 

VMM uses SFTP over default port 22. 

Port 22 is used for SSH by default. 

SCP runs over TCP port 22 by default. 

Port 443 is used for HTTPS. 


Q84. A security technician wishes to gather and analyze all Web traffic during a particular time period. 

Which of the following represents the BEST approach to gathering the required data? 

A. Configure a VPN concentrator to log all traffic destined for ports 80 and 443. 

B. Configure a proxy server to log all traffic destined for ports 80 and 443. 

C. Configure a switch to log all traffic destined for ports 80 and 443. 

D. Configure a NIDS to log all traffic destined for ports 80 and 443. 

Answer:

Explanation: 

A proxy server is in essence a device that acts on behalf of others and in security terms all internal user interaction with the Internet should be controlled through a proxy server. This makes a proxy server the best tool to gather the required data. 


Q85. Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption? 

A. AES 

B. Blowfish 

C. RC5 

D. 3DES 

Answer:

Explanation: 

Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). 


Q86. Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection? 

A. HIPS 

B. Antivirus 

C. NIDS 

D. ACL 

Answer:

Explanation: 

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. 

Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. A Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. As a zero-day attack is an unknown vulnerability (a vulnerability that does not have a fix or a patch to prevent it), the best defence would be an intrusion prevention system. 


Q87. Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO). 

A. The CA’s public key 

B. Ann’s public key 

C. Joe’s private key 

D. Ann’s private key 

E. The CA’s private key 

F. Joe’s public key 

Answer: D,F 

Explanation: 

Joe wants to send a message to Ann. It’s important that this message not be altered. Joe will use the private key to create a digital signature. The message is, in effect, signed with the private key. Joe then sends the message to Ann. Ann will use the public key attached to the message to validate the digital signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key provided by Joe—the public key—to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus Ann would compare the signature area referred to as a message in the message with the calculated value digest (her private key in this case). If the values match, the message hasn’t been tampered with and the originator is verified as the person they claim to be. 


Q88. An internal audit has detected that a number of archived tapes are missing from secured storage. There was no recent need for restoration of data from the missing tapes. The location is monitored by access control and CCTV systems. Review of the CCTV system indicates that it has not been recording for three months. The access control system shows numerous valid entries into the storage location during that time. The last audit was six months ago and the tapes were accounted for at that time. Which of the following could have aided the investigation? 

A. Testing controls 

B. Risk assessment 

C. Signed AUP 

D. Routine audits 

Answer:

Explanation: 


Q89. Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO). 

A. Separation of duties 

B. Job rotation 

C. Mandatory vacation 

D. Time of day restrictions 

E. Least privilege 

Answer: A,E 

Explanation: 


Q90. An encrypted message is sent using PKI from Sara, a client, to a customer. Sara claims she never sent the message. Which of the following aspects of PKI BEST ensures the identity of the sender? 

A. CRL 

B. Non-repudiation 

C. Trust models 

D. Recovery agents 

Answer:

Explanation: 

Nonrepudiation prevents one party from denying actions they carried out. This means that the identity of the email sender will not be repudiated.