[Free] 2018(Aug) Dumps4cert CompTIA SY0-401 Dumps with VCE and PDF Download 931-940

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 931 – (Topic 5)

A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?

  1. Single sign-on

  2. Authorization

  3. Access control

  4. Authentication

Answer: D Explanation:

Authentication generally requires one or more of the following:

Something you know: a password, code, PIN, combination, or secret phrase. Something you have: a smart card, token device, or key.

Something you are: a fingerprint, a retina scan, or voice recognition; often referred to as biometrics, discussed later in this chapter.

Somewhere you are: a physical or logical location.

Something you do: typing rhythm, a secret handshake, or a private knock.

Question No: 932 – (Topic 5)

Joe, a network administrator, is able to manage the backup software console by using his network login credentials. Which of the following authentication services is the MOST likely using?

  1. SAML

  2. LDAP

  3. iSCSI

  4. Two-factor authentication

Answer: B Explanation:

Joe is able to manage the backup system by logging into the network. This is an example of Single Sign-on.

A common usage of LDAP is to provide a quot;single sign onquot; where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

Question No: 933 – (Topic 5)

Which of the following authentication services should be replaced with a more secure alternative?

  1. RADIUS

  2. TACACS

  3. TACACS

  4. XTACACS

Answer: B Explanation:

Terminal Access Controller Access-Control System (TACACS) is less secure than XTACACS, which is a proprietary extension of TACACS, and less secure than TACACS , which replaced TACACS and XTACACS.

Question No: 934 – (Topic 5)

Which of the following authentication services uses a ticket granting system to provide access?

  1. RADIUS

  2. LDAP

  3. TACACS

  4. Kerberos

Answer: D Explanation:

The basic process of Kerberos authentication is as follows: The subject provides logon credentials.

The Kerberos client system encrypts the password and transmits the protected credentials to the KDC.

The KDC verifies the credentials and then creates a ticket-granting ticket (TGT-a hashed form of the subject’s password with the addition of a time stamp that indicates a valid lifetime). The TGT is encrypted and sent to the client.

The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm.

The subject requests access to resources on a network server. This causes the client to request a service ticket (ST) from the KDC.

The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a time stamp that indicates its valid lifetime.

The client receives the ST.

The client sends the ST to the network server that hosts the desired resource.

The network server verifies the ST. If it’s verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved.

Question No: 935 – (Topic 5)

Use of group accounts should be minimized to ensure which of the following?

  1. Password security

  2. Regular auditing

  3. Baseline management

  4. Individual accountability

Answer: D Explanation:

Holding users accountable for their actions is part of security, and can only be achieved by users having their own user accounts. To adequately provide accountability, the use of shared or group accounts should be discouraged.

Question No: 936 – (Topic 5)

Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?

  1. A recent security breach in which passwords were cracked.

  2. Implementation of configuration management processes.

  3. Enforcement of password complexity requirements.

  4. Implementation of account lockout procedures.

Answer: A Explanation:

A password only needs to be changed if it doesn’t meet the compliance requirements of the company’s password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to possible compromise as a result of a system intrusion.

Question No: 937 – (Topic 5)

Ann was reviewing her company#39;s event logs and observed several instances of GUEST accessing the company print server, file server, and archive database. As she continued to investigate, Ann noticed that it seemed to happen at random intervals throughout the day, but mostly after the weekly automated patching and often logging in at the same time.

Which of the following would BEST mitigate this issue?

  1. Enabling time of day restrictions

  2. Disabling unnecessary services

  3. Disabling unnecessary accounts

  4. Rogue machine detection

Answer: C Explanation:

User account control is a very important part of operating system hardening. It is important that only active accounts be operational and that they be properly managed. This means disabling unnecessary accounts.

Enabled accounts that are not needed on a system provide a door through which attackers can gain access. You should disable all accounts that are not needed immediately-on servers and workstations alike. Here are some types of accounts that you should disable: Employees Who Have Left the Company: Be sure to disable immediately accounts for any employee who has left the company. This should be done the minute employment is terminated.

Temporary Employees: It is not uncommon to create short-term accounts for brief periods of time for access by temporary employees. These also need to be disabled the moment they are no longer needed.

Default Guest Accounts: In many operating systems, a guest account is created during installation and intended for use by those needing only limited access and lacking their own account on the system. This account presents a door into the system that should not be there, and all who have worked with the operating system knows of its existence, thus making it a likely target for attackers.

Question No: 938 – (Topic 5)

Which of the following was based on a previous X.500 specification and allows either unencrypted authentication or encrypted authentication through the use of TLS?

  1. Kerberos

  2. TACACS

  3. RADIUS

  4. LDAP

Answer: D Explanation:

The Lightweight Directory Access Protocol is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

A common usage of LDAP is to provide a quot;single sign onquot; where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged into the company intranet).

LDAP is based on a simpler subset of the standards contained within the X.500 standard. Because of this relationship, LDAP is sometimes called X.500-lite.

A client starts an LDAP session by connecting to an LDAP server, called a Directory System Agent (DSA), by default on TCP and UDP port 389, or on port 636 for LDAPS. Global Catalog is available by default on ports 3268, and 3269 for LDAPS. The client then sends an operation request to the server, and the server sends responses in return.

The client may request the following operations:

StartTLS – use the LDAPv3 Transport Layer Security (TLS) extension for a secure connection

Question No: 939 – (Topic 5)

A security administrator has been tasked to ensure access to all network equipment is controlled by a central server such as TACACS . This type of implementation supports which of the following risk mitigation strategies?

  1. User rights and permissions review

  2. Change management

  3. Data loss prevention

  4. Implement procedures to prevent data theft

Answer: A Explanation:

Terminal Access Controller Access-Control System (TACACS, and variations like XTACACS and TACACS ) is a client/server-oriented environment, and it operates in a manner similar to RADIUS. Furthermore TACACS allows for credential to be accepted from multiple methods. Thus you can perform user rights and permission reviews with TACACS .

Question No: 940 – (Topic 5)

A security administrator must implement a system that will support and enforce the following file system access control model:

FILE NAMESECURITY LABEL

Employees.docConfidential Salary.xlsConfidential OfficePhones.xlsUnclassified PersonalPhones.xlsRestricted

Which of the following should the security administrator implement?

  1. White and black listing

  2. SCADA system

  3. Trusted OS

  4. Version control

Answer: C Explanation:

A trusted operating system (TOS) is any operating system that meets the government’s requirements for security. Trusted OS uses a form of Mandatory access control called Multi-Level Security.

The Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications.

MLS is an implementation of MAC that focuses on confidentiality. A Multi-Level Security operating system is able to enforce the separation of multiple classifications of information as well as manage multiple users with varying levels of information clearance. The military and intelligence community must handle and process various hierarchical levels of classified information. At the high-end there is Top Secret, followed in turn by Secret, Confidential, and Unclassified:

100% Dumps4cert Free Download!
SY0-401 PDF
100% Dumps4cert Pass Guaranteed!
SY0-401 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com