2018 Jan CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 1011 – (Topic 6)

A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network?

  1. A CRL

  2. Make the RA available

  3. A verification authority

  4. A redundant CA

Answer: A Explanation:

A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key.

By checking the CRL you can check if a particular certificate has been revoked.

Question No: 1012 – (Topic 6)

Which of the following allows an organization to store a sensitive PKI component with a trusted third party?

  1. Trust model

  2. Public Key Infrastructure

  3. Private key

  4. Key escrow

Answer: D Explanation:

Sensitive PKI data, such as private keys, can be put into key escrow data. The key escrow data can be kept at a trusted third party.

Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees#39; private communications, or governments, who may wish to be able to view the contents of encrypted communications.

Question No: 1013 – (Topic 6)

Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?

  1. Blowfish

  2. DES

  3. SHA256

  4. HMAC

Answer: A Explanation:

Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits).

Among the alternatives listed above, it is the only cipher that can use a 128-bit key and which does provide additional security through a symmetric key.

Question No: 1014 – (Topic 6)

Which of the following protocols encapsulates an IP packet with an additional IP header?

  1. SFTP

  2. IPSec

  3. HTTPS

  4. SSL

Answer: B Explanation:

Authentication Header (AH) is a member of the IPsec protocol suite. AH operates directly on top of IP, using IP protocol number 51.

Question No: 1015 – (Topic 6)

A system administrator is notified by a staff member that their laptop has been lost. The laptop contains the user’s digital certificate. Which of the following will help resolve the issue? (Select TWO).

  1. Revoke the digital certificate

  2. Mark the key as private and import it

  3. Restore the certificate using a CRL

  4. Issue a new digital certificate

  5. Restore the certificate using a recovery agent

Answer: A,D Explanation:

The user#39;s certificate must be revoked to ensure that the stolen computer cannot access resources the user has had access to.

To grant the user access to the resources he must be issued a new certificate.

Question No: 1016 – (Topic 6)

Which of the following are restricted to 64-bit block sizes? (Select TWO).

  1. PGP

  2. DES

  3. AES256

  4. RSA

  5. 3DES

  6. AES

Answer: B,E Explanation:

B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It’s based on a 56-bit key and has several modes that offer security and integrity. It is now considered insecure because of the small key size.

E: Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).

Question No: 1017 – (Topic 6)

Which of the following can be implemented with multiple bit strength?

  1. AES

  2. DES

  3. SHA-1

  4. MD5

  5. MD4

Answer: A Explanation:

AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits.

Question No: 1018 – (Topic 6)

Which of the following allows a company to maintain access to encrypted resources when employee turnover is high?

  1. Recovery agent

  2. Certificate authority

  3. Trust model

  4. Key escrow

Answer: A


If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered key to access the data.

A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to escrow, recovery agents are typically used to access information that is encrypted with older keys.

Question No: 1019 – (Topic 6)

While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing?

  1. EAP-TLS

  2. PEAP

  3. WEP

  4. WPA

Answer: C Explanation:

WEP is one of the more vulnerable security protocols. The only time to use WEP is when you must have compatibility with older devices that do not support new encryption.

Question No: 1020 – (Topic 6)

Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?

  1. Certification authority

  2. Key escrow

  3. Certificate revocation list

  4. Registration authority

Answer: A Explanation:

A certificate authority (CA) is an organization that is responsible for issuing, revoking, and

distributing certificates.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2018 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2018 EnsurePass IT Certification PDF and VCE

Comments are closed.