Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 991-1000

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 991 – (Topic 5)

A hacker has discovered a simple way to disrupt business for the day in a small company which relies on staff working remotely. In a matter of minutes the hacker was able to deny remotely working staff access to company systems with a script. Which of the following security controls is the hacker exploiting?

  1. DoS

  2. Account lockout

  3. Password recovery

  4. Password complexity

Answer: B Explanation:

B: Account lockout automatically disables an account due to repeated failed log on attempts. The hacker must have executed a script to repeatedly try logging on to the remote accounts, forcing the account lockout policy to activate.

Question No: 992 – (Topic 5)

Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Joe writes, signs and distributes paycheques, as well as other expenditures. Which of the following controls can she implement to address this concern?

  1. Mandatory vacations

  2. Time of day restrictions

  3. Least privilege

  4. Separation of duties

Answer: D Explanation:

Separation of duties divides administrator or privileged tasks into separate groupings, which in turn, is individually assigned to unique administrators. This helps in fraud prevention, error reduction, as well as conflict of interest prevention. For example, those who configure security should not be the same people who test security. In this case, Joe should not be allowed to write and sign paycheques.

Question No: 993 – (Topic 5)

Which of the following BEST describes using a smart card and typing in a PIN to gain access to a system?

  1. Biometrics

  2. PKI

  3. Single factor authentication

  4. Multifactor authentication

Answer: D Explanation:

Multifactor authentication requires a user to provide two or more authentication factors for authentication purposes. In this case, a smart card (something they have) is one and a PIN (something they know) is the second.

Question No: 994 – (Topic 5)

Which of the following is mainly used for remote access into the network?



  3. Kerberos


Answer: D Explanation:

Most gateways that control access to the network have a RADIUS client component that communicates with the RADIUS server. Therefore, it can be inferred that RADIUS is primarily used for remote access.

Question No: 995 – (Topic 5)

A security analyst implemented group-based privileges within the company active directory. Which of the following account management techniques should be undertaken regularly to ensure least privilege principles?

  1. Leverage role-based access controls.

  2. Perform user group clean-up.

  3. Verify smart card access controls.

  4. Verify SHA-256 for password hashes.

Answer: B

Explanation: Active Directory (AD) has no built-in clean-up feature. This can result in obsolete user, group and computer objects accumulating over time and placing security and compliance objectives in jeopardy. You would therefore need to regularly clean-up these settings.

Question No: 996 – (Topic 5)

Pete, a security auditor, has detected clear text passwords between the RADIUS server and the authenticator. Which of the following is configured in the RADIUS server and what technologies should the authentication protocol be changed to?

  1. PAP, MSCHAPv2

  2. CHAP, PAP

  3. MSCHAPv2, NTLMv2

  4. NTLM, NTLMv2

Answer: A Explanation:

PAP transmits the username and password to the authentication server in plain text. MSCHAPv2 is utilized as an authentication option for RADIUS servers that are used for Wi- Fi security using the WPA-Enterprise protocol.

Question No: 997 – (Topic 5)

Several employee accounts appear to have been cracked by an attacker. Which of the following should the security administrator implement to mitigate password cracking attacks? (Select TWO).

  1. Increase password complexity

  2. Deploy an IDS to capture suspicious logins

  3. Implement password history

  4. Implement monitoring of logins

  5. Implement password expiration

  6. Increase password length

Answer: A,F Explanation:

The more difficult a password is the more difficult it is to be cracked by an attacker. By increasing the password complexity you make it more difficult.

Passwords that are too short can easily be cracked. The more characters used in a password, combined with the increased complexity will mitigate password cracking attacks.

Question No: 998 – (Topic 5)

A recent review of accounts on various systems has found that after employees#39; passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO).

  1. Reverse encryption

  2. Minimum password age

  3. Password complexity

  4. Account lockouts

  5. Password history

  6. Password expiration

Answer: B,E Explanation:

E: Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a user from changing his password to any of his previous 5 passwords.

B: When a user is forced to change his password due to a maximum password age period expiring, he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the same password for at least 30 days.

Question No: 999 – (Topic 5)

Users report that they are unable to access network printing services. The security technician checks the router access list and sees that web, email, and secure shell are allowed. Which of the following is blocking network printing?

  1. Port security

  2. Flood guards

  3. Loop protection

  4. Implicit deny

Answer: D Explanation:

Implicit deny says that if you aren’t explicitly granted access or privileges for a resource, you’re denied access by default. The scenario does not state that network printing is allowed in the router access list, therefore, it must be denied by default.

Question No: 1000 – (Topic 5)

A security administrator is concerned about the strength of user’s passwords. The company does not want to implement a password complexity policy. Which of the following can the security Administrator implement to mitigate the risk of an online password attack against users with weak passwords?

  1. Increase the password length requirements

  2. Increase the password history

  3. Shorten the password expiration period

  4. Decrease the account lockout time

Answer: C Explanation:

Reducing the password expiration period will require passwords to be changed at the end of that period. A password needs to be changed if it doesn’t meet the compliance requirements of the company’s password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to possible compromise as a result of a system intrusion. This will give online password attackers less time to crack the weak passwords.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE