This Lead2pass SY0-401 braindumps still valid, I got 979/1000 today. Thanks to Lead2pass.
Following questions and answers are all new published by CompTIA Official Exam Center: https://www.lead2pass.com/sy0-401.html
QUESTION 701
All of the following are valid cryptographic hash functions EXCEPT:
A. RIPEMD.
B. RC4.
C. SHA-512.
D. MD4.
Answer: B
Explanation:
RC4 is not a hash function. RC4 is popular with wireless and WEP/WPA encryption.
QUESTION 702
Which of the following concepts is used by digital signatures to ensure integrity of the data?
A. Non-repudiation
B. Hashing
C. Transport encryption
D. Key escrow
Answer: B
Explanation:
Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit.
QUESTION 703
A security administrator discovers an image file that has several plain text documents hidden in the file. Which of the following security goals is met by camouflaging data inside of other files?
A. Integrity
B. Confidentiality
C. Steganography
D. Availability
Answer: C
Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.
Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
QUESTION 704
A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?
A. Symmetric encryption
B. Non-repudiation
C. Steganography
D. Hashing
Answer: C
Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.
Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
QUESTION 705
Which of the following can hide confidential or malicious data in the whitespace of other files (e.g.
JPEGs)?
A. Hashing
B. Transport encryption
C. Digital signatures
D. Steganography
Answer: D
Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.
Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
QUESTION 706
Which of the following must a user implement if they want to send a secret message to a coworker by embedding it within an image?
A. Transport encryption
B. Steganography
C. Hashing
D. Digital signature
Answer: B
Explanation:
Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video.
Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message.
QUESTION 707
Digital Signatures provide which of the following?
A. Confidentiality
B. Authorization
C. Integrity
D. Authentication
E. Availability
Answer: C
Explanation:
A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender.
QUESTION 708
Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?
A. Twofish
B. Diffie-Hellman
C. ECC
D. RSA
Answer: C
Explanation:
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys of smaller size.
QUESTION 709
Which of the following types of cryptography should be used when minimal overhead is necessary for a mobile device?
A. Block cipher
B. Elliptical curve cryptography
C. Diffie-Hellman algorithm
D. Stream cipher
Answer: B
Explanation:
Regarding the performance of ECC applications on various mobile devices, ECC is the most suitable PKC (Public-key cryptography) scheme for use in a constrained environment. Note: Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys of smaller size. Using smaller key size would be faster.
QUESTION 710
A security technician is attempting to access a wireless network protected with WEP. The technician does not know any information about the network. Which of the following should the technician do to gather information about the configuration of the wireless network?
A. Spoof the MAC address of an observed wireless network client
B. Ping the access point to discover the SSID of the network
C. Perform a dictionary attack on the access point to enumerate the WEP key
D. Capture client to access point disassociation packets to replay on the local PC’s loopback
Answer: A
Explanation:
With ARP spoofing (also known as ARP poisoning), the MAC (Media Access Control) address of the data is faked. By faking this value, it is possible to make it look as if the data came from a network that it did not. This can be used to gain access to the network, to fool the router into sending data here that was intended for another host, or to launch a DoS attack. In all cases, the address being faked is an address of a legitimate user, and that makes it possible to get around such measures as allow/deny lists.
Note: As an example, the initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers to crack the WEP secret key. This is known as an IV attack.
QUESTION 711
The IT department has installed new wireless access points but discovers that the signal extends far into the parking lot. Which of the following actions should be taken to correct this?
A. Disable the SSID broadcasting
B. Configure the access points so that MAC filtering is not used
C. Implement WEP encryption on the access points
D. Lower the power for office coverage only
Answer: D
Explanation:
On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided.
QUESTION 712
Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?
A. Disable default SSID broadcasting.
B. Use WPA instead of WEP encryption.
C. Lower the access point’s power settings.
D. Implement MAC filtering on the access point.
Answer: D
Explanation:
If MAC filtering is turned off, any wireless client that knows the values looked for (MAC addresses) can join the network. When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with users’ computers and enters those addresses. When a client attempts to connect and other values have been correctly entered, an additional check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is forbidden from doing so.
QUESTION 713
Which of the following provides the strongest authentication security on a wireless network?
A. MAC filter
B. WPA2
C. WEP
D. Disable SSID broadcast
Answer: B
Explanation:
The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) authentication protocols were designed to address the core, easy-to-crack problems of WEP.
QUESTION 714
Which of the following is a concern when encrypting wireless data with WEP?
A. WEP displays the plain text entire key when wireless packet captures are reassembled
B. WEP implements weak initialization vectors for key transmission
C. WEP uses a very weak encryption algorithm
D. WEP allows for only four pre-shared keys to be configured
Answer: B
Explanation:
The initialization vector (IV) that WEP uses for encryption is 24-bit, which is quite weak and means that IVs are reused with the same key. By examining the repeating result, it was easy for attackers to crack the WEP secret key. This is known as an IV attack.
QUESTION 715
Which of the following provides the HIGHEST level of confidentiality on a wireless network?
A. Disabling SSID broadcast
B. MAC filtering
C. WPA2
D. Packet switching
Answer: C
Explanation:
The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) authentication protocols were designed to address the core, easy-to-crack problems of WEP.
QUESTION 716
While setting up a secure wireless corporate network, which of the following should Pete, an administrator, avoid implementing?
A. EAP-TLS
B. PEAP
C. WEP
D. WPA
Answer: C
Explanation:
WEP is one of the more vulnerable security protocols. The only time to use WEP is when you must have compatibility with older devices that do not support new encryption.
QUESTION 717
Joe, an employee, was escorted from the company premises due to suspicion of revealing trade secrets to a competitor. Joe had already been working for two hours before leaving the premises.
A security technician was asked to prepare a report of files that had changed since last night’s integrity scan.
Which of the following could the technician use to prepare the report? (Select TWO).
A. PGP
B. MD5
C. ECC
D. AES
E. Blowfish
F. HMAC
Answer: BF
Explanation:
B: MD5 can be used to locate the data which has changed. The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.
F: A common method of verifying integrity involves adding a message authentication code (MAC) to the message.
HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key.
QUESTION 718
Users report that after downloading several applications, their systems’ performance has noticeably decreased. Which of the following would be used to validate programs prior to installing them?
A. Whole disk encryption
B. SSH
C. Telnet
D. MD5
Answer: D
Explanation:
MD5 can be used to locate the data which has changed.
The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.
QUESTION 719
Which of the following is used to verify data integrity?
A. SHA
B. 3DES
C. AES
D. RSA
Answer: A
Explanation:
SHA stands for “secure hash algorithm”. SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely used applications and protocols including TLS and SSL, PGP, SSH, S/MIME, and IPsec. It is used to ensure data integrity.
Note:
A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value.
Hashes play a role in security systems where they’re used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they’re the same, there is a very high probability that the message was transmitted intact. This is how hashing is used to ensure data integrity.
QUESTION 720
Which of the following can be implemented with multiple bit strength?
A. AES
B. DES
C. SHA-1
D. MD5
E. MD4
Answer: A
Explanation:
AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits.
QUESTION 721
To ensure compatibility with their flagship product, the security engineer is tasked to recommend an encryption cipher that will be compatible with the majority of third party software and hardware vendors. Which of the following should be recommended?
A. SHA
B. MD5
C. Blowfish
D. AES
Answer: D
Explanation:
AES (Advanced Encryption Standard) has been adopted by the U.S. government and is now used worldwide. It supersedes the Data Encryption Standard (DES) which was published in 1977. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data. AES is used to encrypt data, not to verify data integrity.
QUESTION 722
Which of the following provides additional encryption strength by repeating the encryption process with additional keys?
A. AES
B. 3DES
C. TwoFish
D. Blowfish
Answer: B
Explanation:
Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).
QUESTION 723
Which of the following are restricted to 64-bit block sizes? (Select TWO).
A. PGP
B. DES
C. AES256
D. RSA
E. 3DES
F. AES
Answer: BE
Explanation:
B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It’s based on a 56-bit key and has several modes that offer security and integrity. It is now considered insecure because of the small key size.
E: Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).
QUESTION 724
A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?
A. AES
B. 3DES
C. RC4
D. WPA2
Answer: B
Explanation:
3DES (Triple DES) is based on DES.
In cryptography, Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. The electronic payment industry uses Triple DES and continues to develop and promulgate standards based upon it (e.g. EMV). Microsoft OneNote, Microsoft Outlook 2007, and Microsoft System Center Configuration Manager 2012, use Triple DES to password protect user content and system data.
QUESTION 725
Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?
A. ECC
B. RSA
C. SHA
D. 3DES
Answer: D
Explanation:
3DES would be less secure compared to ECC, but 3DES would require less computational power. Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it’s more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).
More free Lead2pass SY0-401 exam new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDLXZsWm9MWmh0a0E
Please read all of theory and then use this Lead2pass SY0-401 study guide.
2017 CompTIA SY0-401 (All 1868 Q&As) exam dumps (PDF&VCE) from Lead2pass:
https://www.lead2pass.com/sy0-401.html [100% Exam Pass Guaranteed]