Ensurepass

 

 

QUESTION 611

A security administrator is reviewing the below output from a password auditing tool:

 

P@ss.

@pW1.

S3cU4

 

Which of the following additional policies should be implemented based on the tool’s output?

 

A.

Password age

B.

Password history

C.

Password length

D.

Password complexity

 

Correct Answer: C

 

 

QUESTION 612

Joe, a user, in a coffee shop is checking his email over a wireless network. An attacker records the temporary credentials being passed to Joe’s browser. The attacker later uses the credentials to impersonate Joe and creates SPAM messages. Which of the following attacks allows for this impersonation?

 

A.

XML injection

B.

Directory traversal

C.

Header manipulation

D.

Session hijacking

 

Correct Answer: D

 

 

QUESTION 613

A security architect wishes to implement a wireless network with connectivity to the company’s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?

 

A.

Disabling SSID broadcasting

B.

Implementing WPA2 – TKIP

C.

Implementing WPA2 – CCMP

D.

Filtering test workstations by MAC address

 

Correct Answer: A

 

 

QUESTION 614

Digital certificates can be used to ensure which of the following? (Select TWO).

 

A.

Availability

B.

Confidentiality

C.

Verification

D.

Authorization

E.

Non-repudiation

Correct Answer: BE

 

 

QUESTION 615

A network administrator is looking for a way to automatically update company browsers so they import a list of root certificates from an online source. This online source will then be responsible for tracking which certificates are to be trusted or not trusted. Which of the following BEST describes the service that should be implemented to meet these requirements?

 

A.

Trust model

B.

Key escrow

C.

OCSP

D.

PKI

 

Correct Answer: A

 

 

QUESTION 616

A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing?

 

A.

Black box

B.

Penetration

C.

Gray box

D.

White box

 

Correct Answer: D

 

 

QUESTIO
N 617

The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?

 

A.

Black box

B.

Penetration

C.

Gray box

D.

White box

 

Correct Answer: A

 

 

QUESTION 618

Which of the following types of cryptography should be used when minimal overhead is necessary for a mobile device?

 

A.

Block cipher

B.

Elliptical curve cryptography

C.

Diffie-Hellman algorithm

D.

Stream cipher

 

Correct Answer: B

 

 

QUESTION 619

The server administrator has noted that most servers have a lot of free disk space and low memory utilization. Which of the following statements will be correct if the server administrator migrates to a virtual server environment?

 

A.

The administrator will need to deploy load balancing and clustering.

B.

The administrator may spend more on licensing but less on hardware and equipment.

C.

The administrator will not be able to add a test virtual environment in the data center.

D.

Servers will encounter latency and lowered throughput issues.

 

Correct Answer: B

 

 

QUESTION 620

Configuring key/value pairs on a RADIUS server is associated with deploying which of the following?

 

A.

WPA2-Enterprise wireless network

B.

DNS secondary zones

C.

Digital certificates

D.

Intrusion detection system

 

Correct Answer: A

 

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.