Certleader 2018 New SY0-401 Exam Dumps (PDF & VCE) Download: https://www.certleader.com/SY0-401-dumps.html

Our pass rate is high to 98.9% and the similarity percentage between our comptia security+ sy0 401 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA security+ sy0 401 exam in just one try? I am currently studying for the CompTIA sy0 401 vce exam. Latest CompTIA sy0 401 study guide pdf Test exam practice questions and answers, Try CompTIA sy0 401 braindump Brain Dumps First.

P.S. Precise SY0-401 tutorials are available on Google Drive, GET MORE: https://drive.google.com/open?id=1FzInfNT7xZoRgBhz3WNs4wusgK-UQOYg

New CompTIA SY0-401 Exam Dumps Collection (Question 5 - Question 14)

New Questions 5

Which of the following common access control models is commonly used on systems to ensure a "need to know" based on classification levels?

A. Role Based Access Controls

B. Mandatory Access Controls

C. Discretionary Access Controls

D. Access Control List

Answer: B


Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security restriction where some objects are restricted unless the subject has a need to know them.

New Questions 6

A security engineer is asked by the companyu2019s development team to recommend the most secure method for password storage.

Which of the following provide the BEST protection against brute forcing stored passwords? (Select TWO).


B. MD5


D. Bcrypt



Answer: A,D


A: PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5 v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.

D: bcrypt is a key derivation function for passwords based on the Blowfish cipher. Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power.

The bcrypt function is the default password hash algorithm for BSD and many other systems.


Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 109-110, 139, 143, 250, 255-256, 256

New Questions 7

During the information gathering stage of a deploying role-based access control model, which of the following information is MOST likely required?

A. Conditional rules under which certain systems may be accessed

B. Matrix of job titles with required access privileges

C. Clearance levels of all company personnel

D. Normal hours of business operation

Answer: B


Role-based access control is a model where access to resources is determines by job role rather than by user account.

Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Members or staff (or other system users) are assigned particular roles, and through those role assignments acquire the computer permissions to perform particular computer-system functions. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department.

To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges that should be assigned to each role.

New Questions 8

Which of the following services are used to support authentication services for several local devices from a central location without the use of tokens?


B. Smartcards

C. Biometrics

D. Kerberos

Answer: A


ACACS allows a client to accept a username and password and send a query to a TACACS authentication server. It would determine whether to accept or deny the authentication request and send a response back. The TIP would then allow access or not based upon the response, not tokens.

New Questions 9

An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO).

A. Password Complexity

B. Password Expiration

C. Password Age

D. Password Length

E. Password History

Answer: A,D


Passwords should have the strength to avoid discovery through attack, but it should also be easy enough for the user to remember. The length and complexity of a password combined are vital factors in defining a passwordu2019s strength.

New Questions 10

Ann wants to send a file to Joe using PKI. Which of the following should Ann use in order to sign the file?

A. Joeu2019s public key

B. Joeu2019s private key

C. Annu2019s public key

D. Annu2019s private key

Answer: D


The sender uses his private key, in this case Ann's private key, to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic.

The receiver uses a key provided by the senderu2014the public keyu2014to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.

New Questions 11

The security manager wants to unify the storage of credential, phone numbers, office numbers, and address information into one system. Which of the following is a system that will support the requirement on its own?





Answer: A


A u2018directoryu2019 contains information about users.

The Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs on a layer above the TCP/IP stack. It provides a mechanism used to connect to, search, and modify Internet directories.

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications by allowing the sharing of

information about users, systems, networks, services, and applications throughout the network. As examples, directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

New Questions 12

A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the useru2019s digital certificate. Which of the following will help resolve the issue? (Select TWO).

A. Revoke the digital certificate

B. Mark the key as private and import it

C. Restore the certificate using a CRL

D. Issue a new digital certificate

E. Restore the certificate using a recovery agent

Answer: A,D


The user's certificate must be revoked to ensure that the stolen computer cannot access resources the user has had access to.

To grant the user access to the resources he must be issued a new certificate.

New Questions 13

A system administrator needs to ensure that certain departments have more restrictive controls to their shared folders than other departments. Which of the following security controls would be implemented to restrict those departments?

A. User assigned privileges

B. Password disablement

C. Multiple account creation

D. Group based privileges

Answer: D


Group-based privileges assign privileges or access to a resource to all members of a group. Group-based access control grants every member of the group the same level of access to a specific object.

New Questions 14

Account lockout is a mitigation strategy used by Jane, the administrator, to combat which of the following attacks? (Select TWO).

A. Spoofing

B. Man-in-the-middle

C. Dictionary

D. Brute force

E. Privilege escalation

Answer: C,D


Account lockout is a useful method for slowing down online password-guessing attacks. A dictionary attack performs password guessing by making use of a pre-existing list of likely passwords. A brute-force attack is intended to try every possible valid combination of characters to create possible passwords in the attempt to discover the specific passwords used by user accounts.

To know more about the SY0-401 dumps download, click here.

100% Improve CompTIA SY0-401 Questions & Answers shared by Certleader, Get HERE: https://www.certleader.com/SY0-401-dumps.html (New 1781 Q&As)