Ensurepass

 

QUESTION 651

A security administrator must implement all requirements in the following corporate policy:

Passwords shall be protected against offline password brute force attacks. Passwords shall be protected against online password brute force attacks. Which of the following technical controls must be implemented to enforce the corporate policy? (Select THREE).

 

A.

Account lockout

B.

Account expiration

C.

Screen locks

D.

Password complexity

E.

Minimum password lifetime

F.

Minimum password length

 

Correct Answer: ADF

 

 

QUESTION 652

Which of the following is a best practice for error and exception handling?

 

A.

Log detailed exception but display generic error message

B.

Display detailed exception but log generic error message

C.

Log and display detailed error and exception messages

D.

Do not log or display error or exception messages

 

Correct Answer: A

 

 

QUESTION 653

A team of firewall administrators have access to a `master password list’ containing service account passwords. Which of the following BEST protects the master password list?

 

A.

File encryption

B.

Password hashing

C.

USB encryption

D.

Full disk encryption

 

Correct Answer: A

 

 

QUESTION 654

An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be stored so that it is protected from theft?

 

A.

Implement full disk encryption

B.

Store on encrypted removable media

C.

Utilize a hardware security module

D.

Store on web proxy file system

 

Correct Answer: C

 

 

QUESTION 655

An insurance company requires an account recovery process so that information created by an employee can be accessed after that employee is no longer with the firm. Which of the following is the BEST approach to implement this process?

 

A.

Employee is required to share their password with authorized staff prior to leaving the firm

B.

Passwords are stored in a reversible form so that they can be recovered when needed

C.

Authorized employees have the ability to reset passwords so that the data is accessible

D.

All employee data is exported and imported by the employee prior to them leaving the firm

 

Correct Answer: C

 

 

QUESTION 656

A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access. Which of the following is the BEST approach to implement this process?

 

A.

Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site.

B.

Require the customer to physically come into the company’s main office so that the customer can be authenticated prior to their password being reset.

C.

Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password.

D.

Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.

 

Correct Answer: D

 

 

QUESTION 657

A new MPLS network link has been established between a company and its business partner. The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link?

 

A.

MPLS should be run in IPVPN mode.

B.

SSL/TLS for all application flows.

C.

IPSec VPN tunnels on top of the MPLS link.

D.

HTTPS and SSH for all application flows.

Correct Answer: C

 

 

QUESTION 658

Which of the following authentication services should be replaced with a more secure alternative?

 

A.

RADIUS

B.

TACACS

C.

TACACS+

D.

XTACACS

 

Correct Answer: B

 

 

QUESTION 659

A financial company requires a new private network link with a business partner to cater for realtime and batched data flows. Which of the following activities should be performed by the IT security staff member prior to establishing the link?

 

A.

Baseline reporting

B.

Design review

C.

Code review

D.

SLA reporting

 

Correct Answer: B

 

 

QUESTION 660

Which device monitors network traffic in a passive manner?

 

A.

Sniffer

B.

IDS

C.

Firewall

D.

Web browser

 

Correct Answer: A

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.