Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 871-880

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 871 – (Topic 5)

A file on a Linux server has default permissions of rw-rw-r-. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file?

  1. User ownership information for the file in question

  2. Directory permissions on the parent directory of the file in question

  3. Group memberships for the group owner of the file in question

  4. The file system access control list (FACL) for the file in question

Answer: C Explanation:

The file permissions according to the file system access control list (FACL) are rw-rw-r-. The first ‘rw-‘ are the file owner permissions (read and write).

The second ‘rw-‘ are the group permissions (read and write) for the group that has been assigned the file.

The third ‘r-‘ is the All Users permissions; in this case read only.

To enable Ann to access the file, we should add Ann to the group that has been assigned to the file.

Question No: 872 – (Topic 5)

A user has forgotten their account password. Which of the following is the BEST recovery strategy?

  1. Upgrade the authentication system to use biometrics instead.

  2. Temporarily disable password complexity requirements.

  3. Set a temporary password that expires upon first use.

  4. Retrieve the user password from the credentials database.

Answer: C Explanation:

Since a user’s password isn’t stored on most operating systems (only a hash value is kept), most operating systems allow the administrator to change the value for a user who has forgotten theirs. This new value allows the user to log in and then immediately change it to another value that they can (ideally) remember. Also setting a temporary password to expire upon first use will not allow a hacker the opportunity or time to use it.

Question No: 873 – (Topic 5)

Which of the following presents the STRONGEST access control?

  1. MAC


  3. DAC

  4. RBAC

Answer: A Explanation:

A: With Mandatory Access Control (MAC) all access is predefined. This makes it the strongest access control of the options presented in the question.

Question No: 874 – (Topic 5)

A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non-privileged access to the hosts?

  1. Implement Group Policy to add the account to the users group on the hosts

  2. Add the account to the Domain Administrator group

  3. Add the account to the Users group on the hosts

  4. Implement Group Policy to add the account to the Power Users group on the hosts.

Answer: A Explanation:

Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). This means that if the GPO is linked to the domain, all Users groups in the domain will include the service account.

Question No: 875 – (Topic 5)

A customer has provided an email address and password to a website as part of the login process. Which of the following BEST describes the email address?

  1. Identification

  2. Authorization

  3. Access control

  4. Authentication

Answer: A Explanation:

Identification is defined as the claiming of an identity and only has to take place once per authentication or access process. A login process typically consists of an identification such as a username or email address and an authentication which proves you are who you say you are.

Question No: 876 – (Topic 5)

A recent audit has discovered that at the time of password expiration clients are able to recycle the previous credentials for authentication. Which of the following controls should be used together to prevent this from occurring? (Select TWO).

  1. Password age

  2. Password hashing

  3. Password complexity

  4. Password history

  5. Password length

Answer: A,D Explanation:

D: Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a user from changing his password to any of his previous 5 passwords.

A: When a user is forced to change his password due to a maximum password age period expiring, he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the same password for at least 30 days.

Question No: 877 – (Topic 5)

ABC company has a lot of contractors working for them. The provisioning team does not always get notified that a contractor has left the company. Which of the following policies would prevent contractors from having access to systems in the event a contractor has left?

  1. Annual account review

  2. Account expiration policy

  3. Account lockout policy

  4. Account disablement

Answer: B Explanation:

Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day.

Question No: 878 – (Topic 5)

Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann#39;s administrative capabilities. Which of the following systems should be deployed?

  1. Role-based

  2. Mandatory

  3. Discretionary

  4. Rule-based

Answer: C Explanation:

In a Discretionary Access Control (DAC) model, network users have some fl exibility regarding how information is accessed. This model allows users to share information dynamically with other users.

Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.

In this question, Ann has requested that she have the ability to assign read and write privileges to her folders. Read and write access to Ann’s files will be granted by Ann at her discretion. Therefore, this is an example of Discretionary Access Control.

Question No: 879 – (Topic 5)

Which of the following techniques enables a highly secured organization to assess security weaknesses in real time?

  1. Access control lists

  2. Continuous monitoring

  3. Video surveillance

  4. Baseline reporting

Answer: B Explanation:

Continuous monitoring point toward the never-ending review of what resources a user actually accesses, which is critical for preventing insider threats. Because the process is never-ending, assessments happen in real time.

Question No: 880 – (Topic 5)

Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO).

  1. Spoofing

  2. Man-in-the-middle

  3. Dictionary

  4. Brute force

  5. Privilege escalation

Answer: C,D Explanation:

Account lockout is a useful method for slowing down online password-guessing attacks. A dictionary attack performs password guessing by making use of a pre-existing list of likely passwords. A brute-force attack is intended to try every possible valid combination of characters to create possible passwords in the attempt to discover the specific passwords used by user accounts.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE