Cause all that matters here is passing the CompTIA sy0 401 dump exam. Cause all that you need is a high score of sy0 401 braindump CompTIA Security+ Certification exam. The only one thing you need to do is downloading Exambible sy0 401 dump exam study guides now. We will not let you down with our money-back guarantee.

P.S. Actual SY0-401 preparation are available on Google Drive, GET MORE:

New CompTIA SY0-401 Exam Dumps Collection (Question 7 - Question 16)

New Questions 7

A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not trusted. Which of the following BEST describes the service that should be implemented to meet these requirements?

A. Trust model

B. Key escrow



Answer: A


In this scenario we can put a CA in the local network and use an online CA as root CA in a hierarchical trust model.

A trust Model is collection of rules that informs application on how to decide the legitimacy of a Digital Certificate.

In a hierarchical trust model, also known as a tree, a root CA at the top provides all of the information. The intermediate CAs are next in the hierarchy, and they trust only information provided by the root CA. The root CA also trusts intermediate CAs that are in their level in the hierarchy and none that arenu2019t. This arrangement allows a high level of control at all

levels of the hierarchical tree.

New Questions 8

During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?

A. Account recovery

B. Account disablement

C. Account lockouts

D. Account expiration

Answer: B


Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account.

New Questions 9

Which of the following is the BEST reason for placing a password lock on a mobile device?

A. Prevents an unauthorized user from accessing owner's data

B. Enables remote wipe capabilities

C. Stops an unauthorized user from using the device again

D. Prevents an unauthorized user from making phone calls

Answer: A


A password lock on a mobile device is used to prevent an unauthorized user from accessing owner's data. When a device is turned off either by being manually switched off or by automatically turning off after a timeout, the device will automatically lock. When you turn the device on, you are prompted to enter a password or numeric code to gain access to the device.

New Questions 10

Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Joe writes, signs and distributes paycheques, as well as other expenditures. Which of the following controls can she implement to address this concern?

A. Mandatory vacations

B. Time of day restrictions

C. Least privilege

D. Separation of duties

Answer: D


Separation of duties divides administrator or privileged tasks into separate groupings, which in turn, is individually assigned to unique administrators. This helps in fraud prevention, error reduction, as well as conflict of interest prevention. For example, those who configure security should not be the same people who test security. In this case, Joe should not be allowed to write and sign paycheques.

New Questions 11

An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users' home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select TWO).

A. Enforcing SELinux in the OS kernel is role-based access control

B. Enforcing SELinux in the OS kernel is rule-based access control

C. The policy added by the root user is mandatory access control

D. Enforcing SELinux in the OS kernel is mandatory access control

E. The policy added by the root user is role-based access control

F. The policy added by the root user is rule-based access control

Answer: D,F


Enforcing SELinux in the OS kernel is mandatory access control. SELinux is Security Enhanced Linux which is a locked down version of the OS kernel.

Mandatory Access Control (MAC) is a relatively inflexible method for how information access is permitted. In a MAC environment, all access capabilities are predefined. Users canu2019t share information unless their rights to share it are established by administrators. Consequently, administrators must make any changes that need to be made to such rights. This process enforces a rigid model of security. However, it is also considered the most secure security model.

The policy added by the root user is rule-based access control. The administrator has defined a policy that states that users folders should be served by the web server.

Rule-Based Access Control (RBAC) uses the settings in preconfigured security policies to make all decisions.

New Questions 12

After encrypting all laptop hard drives, an executive officeru2019s laptop has trouble booting to the operating system. Now that it is successfully encrypted the helpdesk cannot retrieve the data.

Which of the following can be used to decrypt the information for retrieval?

A. Recovery agent

B. Private key

C. Trust models

D. Public key

Answer: A


To access the data the hard drive need to be decrypted. To decrypt the hard drive you would need the proper private key. The key recovery agent can retrieve the required key. A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed.

New Questions 13

A company hired Joe, an accountant. The IT administrator will need to create a new account for

Joe. The company uses groups for ease of management and administration of user accounts.

Joe will need network access to all directories, folders and files within the accounting department.

Which of the following configurations will meet the requirements?

A. Create a user account and assign the user account to the accounting group.

B. Create an account with role-based access control for accounting.

C. Create a user account with password reset and notify Joe of the account creation.

D. Create two accounts: a user account and an account with full network administration rights.

Answer: B


Role-based Access Control is basically based on a useru2019s job description. When a user is assigned a specific role in an environment, that useru2019s access to objects is granted based on the required tasks of that role. The IT administrator should, therefore, create an account with role-based access control for accounting for Joe.

New Questions 14

Symmetric encryption utilizes , while asymmetric encryption utilizes __ .

A. Public keys, one time

B. Shared keys, private keys

C. Private keys, session keys

D. Private keys, public keys

Answer: D


Symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key.

In more detail:

* Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isnu2019t disclosed to people who arenu2019t authorized to use the encryption system.

* Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what

* one key does, the other one undoes.

New Questions 15

A company has 5 users. Users 1, 2 and 3 need access to payroll and users 3, 4 and 5 need access to sales. Which of the following should be implemented to give the appropriate access while enforcing least privilege?

A. Assign individual permissions to users 1 and 2 for payroll. Assign individual permissions to users 4 and 5 for sales. Make user 3 an administrator.

B. Make all users administrators and then restrict users 1 and 2 from sales. Then restrict users 4 and 5 from payroll.

C. Create two additional generic accounts, one for payroll and one for sales that users utilize.

D. Create a sales group with users 3, 4 and 5. Create a payroll group with users 1, 2 and 3.

Answer: D


Assigning permissions to a group requires less effort than assigning permissions to individual users. When you have groups configured with the appropriate permissions, you can grant the permissions to individual users by adding the users to the groups. Users can be members of multiple groups and therefore have multiple sets of permissions assigned to them. In this answer, user 3 is a member of both groups which grants the user permission to both Sales and Payroll.

New Questions 16

Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?





Answer: D


3DES would be less secure compared to ECC, but 3DES would require less computational power.

Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and itu2019s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).

Recommend!! Get the Actual SY0-401 dumps in VCE and PDF From 2passeasy, Welcome to download: (New 1781 Q&As Version)