Ensurepass.com : Ensure you pass the IT Exams
2018 Apr CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!
CompTIA Security Certification
Question No: 941 – (Topic 5)
A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?
-
Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site.
-
Require the customer to physically come into the company’s main office so that the customer can be authenticated prior to their password being reset.
-
Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password.
-
Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.
Answer: D Explanation:
People tend to forget their passwords, thus you should have a password recovery system for them that will not increase risk exposure. Setting a temporary password will restrict the time that the password is valid and thus decrease risk; and in addition forcing the customer to change it upon first login will make the password more secure for the customer.
Question No: 942 – (Topic 5)
Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?
-
Malicious code on the local system
-
Shoulder surfing
-
Brute force certificate cracking
-
Distributed dictionary attacks
Answer: A Explanation:
Once a user authenticates to a remote server, malicious code on the user’s workstation could then infect the server.
Question No: 943 – (Topic 5)
After a recent internal audit, the security administrator was tasked to ensure that all credentials must be changed within 90 days, cannot be repeated, and cannot contain any dictionary words or patterns. All credentials will remain enabled regardless of the number of attempts made. Which of the following types of user account options were enforced? (Select TWO).
-
Recovery
-
User assigned privileges
-
Lockout
-
Disablement
-
Group based privileges
-
Password expiration
-
Password complexity
Answer: F,G Explanation:
Password complexity often requires the use of a minimum of three out of four standard character types for a password. The more characters in a password that includes some character type complexity, the more resistant it is to password-cracking techniques. In most cases, passwords are set to expire every 90 days.
Question No: 944 – (Topic 5)
A network administrator uses an RFID card to enter the datacenter, a key to open the server rack, and a username and password to logon to a server. These are examples of
which of the following?
-
Multifactor authentication
-
Single factor authentication
-
Separation of duties
-
Identification
Answer: B Explanation:
Single-factor authentication (SFA) is a process for securing access to a given system by identifying the party requesting access via a single category of credentials. In this case, the network administrator makes use of an RFID card to access the datacenter, a key to access the server rack, and a username and password to access a server.
Question No: 945 – (Topic 5)
A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage?
-
Biometrics
-
Mandatory access control
-
Single sign-on
-
Role-based access control
Answer: A Explanation:
This question is asking about “authorization”, not authentication.
Mandatory access control (MAC) is a form of access control commonly employed by government and military environments. MAC specifies that access is granted based on a set of rules rather than at the discretion of a user. The rules that govern MAC are hierarchical in nature and are often called sensitivity labels, security domains, or classifications.
MAC can also be deployed in private sector or corporate business environments. Such cases typically involve the following four security domain levels (in order from least sensitive to most sensitive):
Public Sensitive Private Confidential
A MAC environment works by assigning subjects a clearance level and assigning objects a sensitivity label-in other words, everything is assigned a classification marker. Subjects or users are assigned clearance levels. The name of the clearance level is the same as the name of the sensitivity label assigned to objects or resources. A person (or other subject, such as a program or a computer system) must have the same or greater assigned clearance level as the resources they wish to access. In this manner, access is granted or restricted based on the rules of classification (that is, sensitivity labels and clearance levels).
MAC is named as it is because the access control it imposes on an environment is mandatory. Its assigned classifications and the resulting granting and restriction of access can’t be altered by users. Instead, the rules that define the environment and judge the assignment of sensitivity labels and clearance levels control authorization.
MAC isn’t a very granularly controlled security environment. An improvement to MAC includes the use of need to know: a security restriction where some objects (resources or data) are restricted unless the subject has a need to know them. The objects that require a specific need to know are assigned a sensitivity label, but they’re compartmentalized from the rest of the objects with the same sensitivity label (in the same security domain). The need to know is a rule in and of itself, which states that access is granted only to users who have been assigned work tasks that require access to the cordoned-off object. Even if users have the proper level of clearance, without need to know, they’re denied access.
Need to know is the MAC equivalent of the principle of least privilege from DAC
Question No: 946 – (Topic 5)
Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit a file. Currently, the file has the following permissions:
Ann:read/write Sales Group:read IT Group:no access
If a discretionary access control list is in place for the files owned by Ann, which of the
following would be the BEST way to share the file with Joe?
-
Add Joe to the Sales group.
-
Have the system administrator give Joe full access to the file.
-
Give Joe the appropriate access to the file directly.
-
Remove Joe from the IT group and add him to the Sales group.
Answer: C Explanation:
Joe needs access to only one file. He also needs to ‘edit’ that file. Editing a file requires Read and Write access to the file. The best way to provide Joe with the minimum required permissions to edit the file would be to give Joe the appropriate access to the file directly.
Question No: 947 – (Topic 5)
An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would achieve this goal?
-
Add reverse encryption
-
Password complexity
-
Increase password length
-
Allow single sign on
Answer: B Explanation:
Generally, the minimum password length is considered to be 8 upper and lowercase characters. The use of at least one non-alpha character like punctuation, special characters, or numbers, combined with the password length produces strong passwords. Strong passwords are produced by the combination of a password’s length and complexity.
Question No: 948 – (Topic 5)
The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help?
-
Account Disablements
-
Password Expiration
-
Password Complexity
-
Password Recovery
Answer: D Explanation:
People tend to forget their own passwords and because a user’s password in not stored on the operating system, only a hash value is kept and most operating systems allows the administrator to change the value meaning that the password can then be recovered. If you allow end users to reset their own accounts then the password recovery process is helped along.
Question No: 949 – (Topic 5)
Which of the following common access control models is commonly used on systems to ensure a quot;need to knowquot; based on classification levels?
-
Role Based Access Controls
-
Mandatory Access Controls
-
Discretionary Access Controls
-
Access Control List
Answer: B Explanation:
Mandatory Access Control allows access to be granted or restricted based on the rules of classification. MAC also includes the use of need to know. Need to know is a security restriction where some objects are restricted unless the subject has a need to know them.
Question No: 950 – (Topic 5)
A security technician has been asked to recommend an authentication mechanism that will allow users to authenticate using a password that will only be valid for a predefined time interval. Which of the following should the security technician recommend?
-
CHAP
-
TOTP
-
HOTP
-
PAP
Answer: B
Explanation: Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. Therefore, the password will only be valid for a predefined time interval.
100% Ensurepass Free Download!
–Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
–SY0-401 Dumps
| EnsurePass | ExamCollection | Testking | |
|---|---|---|---|
| Lowest Price Guarantee | Yes | No | No |
| Up-to-Dated | Yes | No | No |
| Real Questions | Yes | No | No |
| Explanation | Yes | No | No |
| PDF VCE | Yes | No | No |
| Free VCE Simulator | Yes | No | No |
| Instant Download | Yes | No | No |
![[Free] 2018(Apr) EnsurePass Braindumps CompTIA SY0-401 Dumps with VCE and PDF 931-940](http://www.70-744.com/wp-content/themes/the-ultralight/images/the-ultralight-post-related.jpg)