[Free] 2018(June) Dumps4cert CompTIA SY0-401 Dumps with VCE and PDF Download 891-900

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 May CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 891 – (Topic 5)

Which of the following authentication services requires the use of a ticket-granting ticket (TGT) server in order to complete the authentication process?

  1. TACACS

  2. Secure LDAP

  3. RADIUS

  4. Kerberos

Answer: D Explanation:

The basic process of Kerberos authentication is as follows:

The subject provides logon credentials.

The Kerberos client system encrypts the password and transmits the protected credentials to the KDC.

The KDC verifies the credentials and then creates a ticket-granting ticket (TGT-a hashed form of the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is encrypted and sent to the client.

The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm.

The subject requests access to resources on a network server. This causes the client to request a service ticket (ST) from the KDC.

The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a time stamp that indicates its valid lifetime.

The client receives the ST.

The client sends the ST to the network server that hosts the desired resource.

The network server verifies the ST. If it’s verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved.

Question No: 892 – (Topic 5)

In order for network monitoring to work properly, you need a PC and a network card running in what mode?

  1. Launch

  2. Exposed

  3. Promiscuous

  4. Sweep

Answer: C Explanation:

Promiscuous mode allows the network card to look at any packet that it sees on the network. This even includes packets that are not addressed to that network card.

Question No: 893 – (Topic 5)

A company with a US-based sales force has requested that the VPN system be configured to authenticate the sales team based on their username, password and a client side

certificate.

Additionally, the security administrator has restricted the VPN to only allow authentication from the US territory. How many authentication factors are in use by the VPN system?

  1. 1

  2. 2

  3. 3

  4. 4

Answer: C Explanation:

Three different types of authentication factors have been used in this question: Something you know – username and password.

Something you have – client side certificate.

Somewhere you are – authentication to the VPN is only allowed from the U.S. territory.

Question No: 894 – (Topic 5)

A Chief Information Security Officer (CISO) wants to implement two-factor authentication within the company. Which of the following would fulfill the CISO’s requirements?

  1. Username and password

  2. Retina scan and fingerprint scan

  3. USB token and PIN

  4. Proximity badge and token

Answer: C Explanation:

Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories:

knowledge factors (quot;things only the user knowsquot;), such as passwords possession factors (quot;things only the user hasquot;), such as ATM cards inherence factors (quot;things only the user isquot;), such as biometrics

In this question, a USB token is a possession factor (something the user has) and a PIN is a knowledge factor (something the user knows).

Question No: 895 – (Topic 5)

A system administrator is configuring UNIX accounts to authenticate against an external server. The configuration file asks for the following information DC=ServerName and DC=COM. Which of the following authentication services is being used?

  1. RADIUS

  2. SAML

  3. TACACS

  4. LDAP

Answer: D Explanation:

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

An entry can look like this when represented in LDAP Data Interchange Format (LDIF) (LDAP itself is a binary protocol):

dn: cn=John Doe,dc=example,dc=com cn: John Doe

givenName: John sn: Doe

telephoneNumber: 1 888 555 6789

telephoneNumber: 1 888 555 1232 mail: john@example.com

manager: cn=Barbara Doe,dc=example,dc=com objectClass: inetOrgPerson

objectClass: organizationalPerson objectClass: person

objectClass: top

quot;dnquot; is the distinguished name of the entry; it is neither an attribute nor a part of the entry.

quot;cn=John Doequot; is the entry#39;s RDN (Relative Distinguished Name), and quot;dc=example,dc=comquot; is the DN of the parent entry, where quot;dcquot; denotes #39;Domain Component#39;. The other lines show the attributes in the entry. Attribute names are typically mnemonic strings, like quot;cnquot; for common name, quot;dcquot; for domain component, quot;mailquot; for e-mail address, and quot;snquot; for surname.

Question No: 896 – (Topic 5)

Which of the following allows a network administrator to implement an access control policy based on individual user characteristics and NOT on job function?

  1. Attributes based

  2. Implicit deny

  3. Role based

  4. Rule based

Answer: A Explanation:

Attribute-based access control allows access rights to be granted to users via policies, which combine attributes together. The policies can make use of any type of attributes, which includes user attributes, resource attributes and environment attributes.

Question No: 897 – (Topic 5)

A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege?

  1. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for sales. Make user 3 an administrator.

  2. Make all users administrators and then restrict users 1 and 2 from sales. Then restrict users 4 and 5 from payroll.

  3. Create two additional generic accounts, one for payroll and one for sales that users utilize.

  4. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.

Answer: D Explanation:

Assigning permissions to a group requires less effort than assigning permissions to individual users. When you have groups configured with the appropriate permissions, you can grant the permissions to individual users by adding the users to the groups. Users can be members of multiple groups and therefore have multiple sets of permissions assigned to them. In this answer, user 3 is a member of both groups which grants the user permission to both Sales and Payroll.

Question No: 898 – (Topic 5)

Which of the following types of authentication solutions use tickets to provide access to various resources from a central location?

  1. Biometrics

  2. PKI

  3. ACLs

  4. Kerberos

Answer: D Explanation:

The basic process of Kerberos authentication is as follows: The subject provides logon credentials.

The Kerberos client system encrypts the password and transmits the protected credentials to the KDC.

The KDC verifies the credentials and then creates a ticket-granting ticket (TGT-a hashed form of the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is encrypted and sent to the client.

The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm.

The subject requests access to resources on a network server. This causes the client to request a service ticket (ST) from the KDC.

The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a time stamp that indicates its valid lifetime.

The client receives the ST.

The client sends the ST to the network server that hosts the desired resource.

The network server verifies the ST. If it’s verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved.

Question No: 899 – (Topic 5)

A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices?

  1. Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED hardware.

  2. A malicious employee can gain the SED encryption keys through software extraction allowing access to other laptops.

  3. If the laptop does not use a Secure Boot BIOS, the SED hardware is not enabled allowing full data access.

  4. Laptops that are placed in a sleep mode allow full data access when powered back on.

Answer: D Explanation:

Hardware-based encryption when built into the drive is transparent to the user. The drive except for bootup authentication operates just like any drive with no degradation in performance. When the computer is started up, the user is prompted to enter a password to allow the system to boot and allow access to the encrypted drive.

When a laptop is placed into sleep mode (also known as standby mode), the computer is placed into a low power mode. In sleep mode, the computer is not fully shut down. The screen is turned off, the hard disks are turned off and the CPU is throttled down to its lowest power state. However, the computer state is maintained in memory (RAM).

Most computers can be ‘woken’ from sleep mode by pressing any key on the keyboard or pressing the power button. The computer can be configured to require a password on wake up, but if a password is not required, the computer will wake up and be logged in as it was at the time of going into sleep mode. This would enable full access to the data stored on the disks.

Question No: 900 – (Topic 5)

Human Resources suspect an employee is accessing the employee salary database. The administrator is asked to find out who it is. In order to complete this task, which of the following is a security control that should be in place?

  1. Shared accounts should be prohibited.

  2. Account lockout should be enabled

  3. Privileges should be assigned to groups rather than individuals

  4. Time of day restrictions should be in use

Answer: A Explanation:

Since distinguishing between the actions of one person and another isn’t possible if they both use a shared account, shared accounts should not be allowed. If shared accounts are being used, the administrator will find the account, but have more than one suspect. To nullify this occurrence, Shared accounts should be prohibited.

100% Dumps4cert Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Dumps4cert Pass Guaranteed!
Download 2018 Dumps4cert SY0-401 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps