Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 901-910

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 901 – (Topic 5)

A new intern was assigned to the system engineering department, which consists of the system architect and system software developer’s teams. These two teams have separate privileges. The intern requires privileges to view the system architectural drawings and comment on some software development projects. Which of the following methods should the system administrator implement?

  1. Group based privileges

  2. Generic account prohibition

  3. User access review

  4. Credential management

Answer: A Explanation:

You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). By assigning the intern’s user account to both groups, the intern will inherit the permissions assigned to those groups.

Question No: 902 – (Topic 5)

Speaking a passphrase into a voice print analyzer is an example of which of the following security concepts?

  1. Two factor authentication

  2. Identification and authorization

  3. Single sign-on

  4. Single factor authentication

Answer: A Explanation:

Two-factor authentication is when two different authentication factors are provided for authentication purposes.

Speaking (Voice) – something they are. Passphrase – something they know.

Question No: 903 – (Topic 5)

The company’s sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports.

Which of the following controls is preventing them from completing their work?

  1. Discretionary access control

  2. Role-based access control

  3. Time of Day access control

  4. Mandatory access control

Answer: C Explanation:

Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion. In this case, the sales team is prevented from saving or printing reports after a certain time.

Question No: 904 HOTSPOT – (Topic 5)

For each of the given items, select the appropriate authentication category from the dropdown choices.

Instructions: When you have completed the simulation, please select the Done button to submit.

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE


Ensurepass 2017 PDF and VCE


Ensurepass 2017 PDF and VCE

Something you are includes fingerprints, retina scans, or voice recognition. Something you have includes smart cards, token devices, or keys.

Something you know includes a passwords, codes, PINs, combinations, or secret phrases. Somewhere you are includes a physical location s or logical addresses, such as domain name, an IP address, or a MAC address.

Something you do includes your typing rhythm, a secret handshake, or a private knock.


Stewart, James Michael, CompTIA Security Review Guide, Sybex, Indianapolis, 2014, p. 285

Question No: 905 – (Topic 5)

A network administrator, Joe, arrives at his new job to find that none of the users have changed their network passwords since they were initially hired. Joe wants to have everyone change their passwords immediately. Which of the following policies should be enforced to initiate a password change?

  1. Password expiration

  2. Password reuse

  3. Password recovery

  4. Password disablement

Answer: A Explanation:

The Maximum password age policy setting determines the number of days that a password can be used before the system requires the user to change it. The password expiration setting determines that a user will not be able to log into a system without changing their password after the maximum password age has been reached.

Question No: 906 – (Topic 5)

One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?

  1. File level encryption with alphanumeric passwords

  2. Biometric authentication and cloud storage

  3. Whole disk encryption with two-factor authentication

  4. BIOS passwords and two-factor authentication

Answer: C

Explanation: Whole-disk encryption only provides reasonable protection when the system is fully powered off. to make the most of the defensive strength of whole-disk encryption, a long, complex passphrase should be used to unlock the system on bootup. Combining whole-disk encryption with two factor authentication would further increase protection.

Question No: 907 – (Topic 5)

Which of the following security benefits would be gained by disabling a terminated user account rather than deleting it?

  1. Retention of user keys

  2. Increased logging on access attempts

  3. Retention of user directories and files

  4. Access to quarantined files

Answer: A Explanation:

Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account and that the user keys for that account are retained which would not be the case if the account was deleted from the system.

Question No: 908 – (Topic 5)

An administrator implements SELinux on a production web server. After implementing this, the web server no longer serves up files from users#39; home directories. To rectify this, the administrator creates a new policy as the root user. This is an example of which of the following? (Select TWO).

  1. Enforcing SELinux in the OS kernel is role-based access control

  2. Enforcing SELinux in the OS kernel is rule-based access control

  3. The policy added by the root user is mandatory access control

  4. Enforcing SELinux in the OS kernel is mandatory access control

  5. The policy added by the root user is role-based access control

  6. The policy added by the root user is rule-based access control

Answer: D,F Explanation:

Enforcing SELinux in the OS kernel is mandatory access control. SELinux is Security Enhanced Linux which is a locked down version of the OS kernel.

Mandatory Access Control (MAC) is a relatively inflexible method for how information access is permitted. In a MAC environment, all access capabilities are predefined. Users can’t share information unless their rights to share it are established by administrators.

Consequently, administrators must make any changes that need to be made to such rights. This process enforces a rigid model of security. However, it is also considered the most secure security model.

The policy added by the root user is rule-based access control. The administrator has defined a policy that states that users folders should be served by the web server.

Rule-Based Access Control (RBAC) uses the settings in preconfigured security policies to make all decisions.

Question No: 909 – (Topic 5)

Joe Has read and write access to his own home directory. Joe and Ann are collaborating on a project, and Joe would like to give Ann write access to one particular file in this home directory. Which of the following types of access control would this reflect?

  1. Role-based access control

  2. Rule-based access control

  3. Mandatory access control

  4. Discretionary access control

Answer: D Explanation:

Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on user identity and on the discretion of the object owner.

Question No: 910 – (Topic 5)

A technician is reviewing the logical access control method an organization uses. One of the senior managers requests that the technician prevent staff members from logging on during nonworking days. Which of the following should the technician implement to meet managements request?

  1. Enforce Kerberos

  2. Deploy smart cards

  3. Time of day restrictions

  4. Access control lists

Answer: C

Explanation: Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE