★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/SY0-401-dumps.html
Q641. Which of the following MOST interferes with network-based detection techniques?
A. Mime-encoding
B. SSL
C. FTP
D. Anonymous email accounts
Answer: B
Explanation:
Secure Sockets Layer (SSL) is used to establish secure TCP communication between two machines by encrypting the communication. Encrypted communications cannot easily be inspected for anomalies by network-based intrusion detection systems (NIDS).
Q642. A database administrator would like to start encrypting database exports stored on the SAN, but the storage administrator warns that this may drastically increase the amount of disk space used by the exports. Which of the following explains the reason for the increase in disk space usage?
A. Deduplication is not compatible with encryption
B. The exports are being stored on smaller SAS drives
C. Encrypted files are much larger than unencrypted files
D. The SAN already uses encryption at rest
Answer: C
Explanation:
Encryption adds overhead to the data which results in and increase in file size. This overhead is attached to each file and could include the encryption/decryption key, data recovery files and data decryption field in file header. As a result, requires increased storage space.
Q643. A network administrator noticed various chain messages have been received by the company.
Which of the following security controls would need to be implemented to mitigate this issue?
A. Anti-spam
B. Antivirus
C. Host-based firewalls
D. Anti-spyware
Answer: A
Explanation: A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM).
Q644. Which of the following is true about PKI? (Select TWO).
A. When encrypting a message with the public key, only the public key can decrypt it.
B. When encrypting a message with the private key, only the private key can decrypt it.
C. When encrypting a message with the public key, only the CA can decrypt it.
D. When encrypting a message with the public key, only the private key can decrypt it.
E. When encrypting a message with the private key, only the public key can decrypt it.
Answer: D,E
Explanation:
E: You encrypt data with the private key and decrypt with the public key, though the opposite is
much more frequent.
Public-key cryptography, also known as asymmetric cryptography, is a class of cryptographic
protocols based on algorithms that require two separate keys, one of which is secret (or private)
and one of which is public. Although different, the two parts of this key pair are mathematically
linked.
D: In a PKI the sender encrypts the data using the receiver's public key. The receiver decrypts the
data using his own private key.
PKI is a two-key, asymmetric system with four main components: certificate authority (CA),
registration authority (RA), RSA (the encryption algorithm), and digital certificates. Messages are
encrypted with a public key and decrypted with a private key.
A PKI example:
1.
You want to send an encrypted message to Jordan, so you request his public key.
2.
Jordan responds by sending you that key.
3.
You use the public key he sends you to encrypt the message.
4.
You send the message to him.
5.
Jordan uses his private key to decrypt the message.
Q645. The Chief Information Officer (CIO) is concerned with moving an application to a SaaS cloud provider. Which of the following can be implemented to provide for data confidentiality assurance during and after the migration to the cloud?
A. HPM technology
B. Full disk encryption
C. DLP policy
D. TPM technology
Answer: C
Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. The Software as a Service (SaaS) applications are remotely run over the Web and as such requires DLP monitoring.
Q646. Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Joe writes, signs and distributes paycheques, as well as other expenditures. Which of the following controls can she implement to address this concern?
A. Mandatory vacations
B. Time of day restrictions
C. Least privilege
D. Separation of duties
Answer: D
Explanation:
Separation of duties divides administrator or privileged tasks into separate groupings, which in turn, is individually assigned to unique administrators. This helps in fraud prevention, error reduction, as well as conflict of interest prevention. For example, those who configure security should not be the same people who test security. In this case, Joe should not be allowed to write and sign paycheques.
Q647. An organization recently switched from a cloud-based email solution to an in-house email server. The firewall needs to be modified to allow for sending and receiving email. Which of the following ports should be open on the firewall to allow for email traffic? (Select THREE).
A. TCP 22
B. TCP 23
C. TCP 25
D. TCP 53
E. TCP 110
F. TCP 143
G. TCP 445
Answer: C,E,F
Explanation:
Q648. Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10.
DIAGRAM
PC1 PC2
[192.168.1.30]--------[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]---------[10.2.2.10] LOGS
10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK
Given the above information, which of the following can be inferred about the above environment?
A. 192.168.1.30 is a web server.
B. The web server listens on a non-standard port.
C. The router filters port 80 traffic.
D. The router implements NAT.
Answer: D
Explanation:
Network address translation (NAT) allows you to share a connection to the public Internet via a single interface with a single public IP address. NAT maps the private addresses to the public address. In a typical configuration, a local network uses one of the designated "private" IP address subnets. A router on that network has a private address (192.168.1.1) in that address space, and is also connected to the Internet with a "public" address (10.2.2.1) assigned by an Internet service provider.
Q649. A major security risk with co-mingling of hosts with different security requirements is:
A. Security policy violations.
B. Zombie attacks.
C. Password compromises.
D. Privilege creep.
Answer: A
Explanation:
The entire network is only as strong as the weakest host. Thus with the co-mingling of hosts with different security requirements would be risking security policy violations.
Q650. The administrator receives a call from an employee named Joe. Joe says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then says that he can get to the sports site on this phone. Which of the following might the administrator need to configure?
A. The access rules on the IDS
B. The pop up blocker in the employee’s browser
C. The sensitivity level of the spam filter
D. The default block page on the URL filter
Answer: D
Explanation:
A URL filter is used to block access to a site based on all or part of a URL. There are a number of URL-filtering tools that can acquire updated master URL block lists from vendors, as well as allow administrators to add or remove URLs from a custom list.