Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 951-960

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 951 – (Topic 5)

Privilege creep among long-term employees can be mitigated by which of the following procedures?

  1. User permission reviews

  2. Mandatory vacations

  3. Separation of duties

  4. Job function rotation

Answer: A Explanation:

Privilege creep is the steady build-up of access rights beyond what a user requires to perform his/her task. Privilege creep can be decreased by conducting sporadic access rights reviews, which will confirm each user#39;s need to access specific roles and rights in an effort to find and rescind excess privileges.

Question No: 952 – (Topic 5)

Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee’s credential?

  1. Account expiration

  2. Password complexity

  3. Account lockout

  4. Dual factor authentication

Answer: A


Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day.

Question No: 953 – (Topic 5)

A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?

  1. Dual-factor authentication

  2. Multifactor authentication

  3. Single factor authentication

  4. Biometric authentication

Answer: C Explanation:

Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories:

knowledge factors (quot;things only the user knowsquot;), such as passwords possession factors (quot;things only the user hasquot;), such as ATM cards inherence factors (quot;things only the user isquot;), such as biometrics

In this question a username, password, and a four-digit security pin knowledge are all knowledge factors (something the user knows). Therefore, this is single-factor authentication.

Question No: 954 – (Topic 5)

A user reports being unable to access a file on a network share. The security administrator determines that the file is marked as confidential and that the user does not have the appropriate access level for that file. Which of the following is being implemented?

  1. Mandatory access control

  2. Discretionary access control

  3. Rule based access control

  4. Role based access control

Answer: A Explanation:

Mandatory Access Control (MAC) allows access to be granted or restricted based on the rules of classification. MAC in corporate business environments involve the following four sensitivity levels

Public Sensitive Private Confidential

MAC assigns subjects a clearance level and assigns objects a sensitivity label. The name of the clearance level must be the same as the name of the sensitivity label assigned to objects or resources. In this case the file is marked confidential, and the user does not have that clearance level and cannot access the file.

Question No: 955 – (Topic 5)

Ann, a security administrator at a call center, has been experiencing problems with users intentionally installing unapproved and occasionally malicious software on their computers. Due to the nature of their jobs, Ann cannot change their permissions. Which of the following would BEST alleviate her concerns?

  1. Deploy a HIDS suite on the users#39; computers to prevent application installation.

  2. Maintain the baseline posture at the highest OS patch level.

  3. Enable the pop-up blockers on the users#39; browsers to prevent malware.

  4. Create an approved application list and block anything not on it.

Answer: D Explanation:

You can use Software Restriction Policy or its successor AppLocker to prevent unauthorized applications from running or being installed on computers.

Software Restriction Policies (SRP) is Group Policy-based feature that identifies software programs running on computers in a domain, and controls the ability of those programs to run. Software restriction policies are part of the Microsoft security and management

strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers.

You can use AppLocker as part of your overall security strategy for the following scenarios: Help prevent malicious software (malware) and unsupported applications from affecting computers in your environment.

Prevent users from installing and using unauthorized applications.

Implement application control policy to satisfy portions of your security policy or compliance requirements in your organization.

Question No: 956 – (Topic 5)

Which of the following is best practice to put at the end of an ACL?

  1. Implicit deny

  2. Time of day restrictions

  3. Implicit allow

  4. SNMP string

Answer: A Explanation:

An implicit deny clause is implied at the end of each ACL. This implies that if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. The implicit deny clause is set by the system.

Question No: 957 – (Topic 5)

A new network administrator is setting up a new file server for the company. Which of the following would be the BEST way to manage folder security?

  1. Assign users manually and perform regular user access reviews

  2. Allow read only access to all folders and require users to request permission

  3. Assign data owners to each folder and allow them to add individual users to each folder

  4. Create security groups for each folder and assign appropriate users to each group

Answer: D Explanation:

Creating a security group for each folder and assigning necessary users to each group would only allow users belonging to the folder’s security group access to the folder. It will make assigning folder privileges much easier, while also being more secure.

Question No: 958 – (Topic 5)

Which of the following access controls enforces permissions based on data labeling at specific levels?

  1. Mandatory access control

  2. Separation of duties access control

  3. Discretionary access control

  4. Role based access control

Answer: A Explanation:

In a MAC environment everything is assigned a classification marker. Subjects are assigned a clearance level and objects are assigned a sensitivity label.

Question No: 959 – (Topic 5)

In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using?

  1. Three factor

  2. Single factor

  3. Two factor

  4. Four factor

Answer: B Explanation:

Single-factor authentication is when only one authentication factor is used. In this case, Something you know is being used as an authentication factor. Username, password, and PIN form part of Something you know.

Question No: 960 – (Topic 5)

A security administrator has installed a new KDC for the corporate environment. Which of the following authentication protocols is the security administrator planning to implement across the organization?

  1. LDAP


  3. Kerberos


Answer: C Explanation:

The fundamental component of a Kerberos solution is the key distribution centre (KDC), which is responsible for verifying the identity of principles and granting and controlling access within a network environment through the use of secure cryptographic keys and tickets.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE