SY0-401V37.0.pdf - 0 Exam SY0-401 CompTIA Security Certification Version 37.0 Total Questions 1781 Exam Questions and Answer Topic 1 Network Security

SY0-401V37.0.pdf - 0 Exam SY0-401 CompTIA Security...

This preview shows page 1 out of 869 pages.

You've reached the end of your free preview.

Want to read all 869 pages?

Unformatted text preview: 0 Exam SY0-401 CompTIA Security+ Certification Version: 37.0 [ Total Questions: 1781 ] Exam Questions and Answer Topic 1, Network Security 1. - (Topic 1) Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files? A. Failed authentication attempts B. Network ping sweeps C. Host port scans D. Connections to port 22 Answer: D Explanation: Log analysis is the art and science of reviewing audit trails, log files, or other forms of computer-generated records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern. SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP, SHTTP, SCP, SExec, and slogin. 2. - (Topic 1) Which of the following secure file transfer methods uses port 22 by default? A. FTPS B. SFTP C. SSL D. S/MIME Answer: B Explanation: SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. 3. - (Topic 1) A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following The No.1 IT Certification Guide 1 Exam Questions and Answer protocols would have been affected by this? A. ICMP B. BGP C. NetBIOS D. DNS Answer: C Explanation: The LMHOSTS file provides a NetBIOS name resolution method that can be used for small networks that do not use a WINS server. NetBIOS has been adapted to run on top of TCP/IP, and is still extensively used for name resolution and registration in Windows-based environments. 4. - (Topic 1) A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic. Which of the following would accomplish this task? A. Deny TCP port 68 B. Deny TCP port 69 C. Deny UDP port 68 D. Deny UDP port 69 Answer: D Explanation: Trivial File Transfer Protocol (TFTP) is a simple file-exchange protocol that doesn’t require authentication. It operates on UDP port 69. 5. HOTSPOT - (Topic 1) The security administrator has installed a new firewall which implements an implicit DENY policy by default. Click on the firewall and configure it to allow ONLY the following communication. 1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks. 2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the The No.1 IT Certification Guide 2 Exam Questions and Answer default SCP port 3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port. Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit. The No.1 IT Certification Guide 3 Exam Questions and Answer Answer: The No.1 IT Certification Guide 4 Exam Questions and Answer Explanation: Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443. The No.1 IT Certification Guide 5 Exam Questions and Answer Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22 Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44 6. - (Topic 1) Pete needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall? A. TCP 23 B. UDP 69 C. TCP 22 D. TCP 21 Answer: C Explanation: SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file- transfer facility based on SSH and Remote Copy Protocol (RCP). Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP). 7. - (Topic 1) After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue? A. Reduce the power level of the AP on the network segment B. Implement MAC filtering on the AP of the affected segment C. Perform a site survey to see what has changed on the segment The No.1 IT Certification Guide 6 Exam Questions and Answer D. Change the WPA2 encryption key of the AP in the affected segment Answer: A Explanation: Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far. 8. - (Topic 1) It is MOST important to make sure that the firewall is configured to do which of the following? A. Alert management of a possible intrusion. B. Deny all traffic and only permit by exception. C. Deny all traffic based on known signatures. D. Alert the administrator of a possible intrusion. Answer: B Explanation: Firewalls manage traffic using filters, which is just a rule or set of rules. A recommended guideline for firewall rules is, “deny by default; allow by exception”. 9. - (Topic 1) Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? PERMIT TCP ANY HOST 192.168.0.10 EQ 80 PERMIT TCP ANY HOST 192.168.0.10 EQ 443 A. It implements stateful packet filtering. B. It implements bottom-up processing. C. It failed closed. D. It implements an implicit deny. Answer: D Explanation: Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or The No.1 IT Certification Guide 7 Exam Questions and Answer deny isn’t present. 10. - (Topic 1) A technician wants to securely collect network device configurations and statistics through a scheduled and automated process. Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons? A. SNMPv3 B. TFTP C. SSH D. TLS Answer: A Explanation: SNMPv3 provides the following security features: Message integrity--Ensures that a packet has not been tampered with in transit. Authentication--Determines that the message is from a valid source. Encryption--Scrambles the content of a packet to prevent it from being learned by an unauthorized source. 11. - (Topic 1) Which of the following firewall rules only denies DNS zone transfers? A. deny udp any any port 53 B. deny ip any any C. deny tcp any any port 53 D. deny all dns packets Answer: C Explanation: DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. 12. - (Topic 1) Pete, the system administrator, wants to restrict access to advertisements, games, and gambling web sites. Which of the following devices would BEST achieve this goal? The No.1 IT Certification Guide 8 Exam Questions and Answer A. Firewall B. Switch C. URL content filter D. Spam filter Answer: C Explanation: URL filtering, also known as web filtering, is the act of blocking access to a site based on all or part of the URL used to request access. URL filtering can focus on all or part of a fully qualified domain name (FQDN), specific path names, specific filenames, specific fi le extensions, or entire specific URLs. Many URL-filtering tools can obtain updated master URL block lists from vendors as well as allow administrators to add or remove URLs from a custom list. 13. - (Topic 1) A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another? A. Implement a virtual firewall B. Install HIPS on each VM C. Virtual switches with VLANs D. Develop a patch management guide Answer: C Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. 14. - (Topic 1) Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host? A. TCP port 443 and IP protocol 46 The No.1 IT Certification Guide 9 Exam Questions and Answer B. TCP port 80 and TCP port 443 C. TCP port 80 and ICMP D. TCP port 443 and SNMP Answer: B Explanation: HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall. 15. - (Topic 1) A security architect wishes to implement a wireless network with connectivity to the company’s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation? A. Disabling SSID broadcasting B. Implementing WPA2 - TKIP C. Implementing WPA2 - CCMP D. Filtering test workstations by MAC address Answer: A Explanation: Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use. 16. - (Topic 1) A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause? A. The old APs use 802.11a B. Users did not enter the MAC of the new APs The No.1 IT Certification Guide 10 Exam Questions and Answer C. The new APs use MIMO D. A site survey was not conducted Answer: D Explanation: To test the wireless AP placement, a site survey should be performed. 17. - (Topic 1) Which of the following offerings typically allows the customer to apply operating system patches? A. Software as a service B. Public Clouds C. Cloud Based Storage D. Infrastructure as a service Answer: D Explanation: Cloud users install operating-system images and their application software on the cloud infrastructure to deploy their applications. In this model, the cloud user patches and maintains the operating systems and the application software. 18. - (Topic 1) Which of the following best practices makes a wireless network more difficult to find? A. Implement MAC filtering B. UseWPA2-PSK C. Disable SSID broadcast D. Power down unused WAPs Answer: C Explanation: Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use. The No.1 IT Certification Guide 11 Exam Questions and Answer 19. - (Topic 1) After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely. Which of the following is the MOST likely reason the PC technician is unable to ping those devices? A. ICMP is being blocked B. SSH is not enabled C. DNS settings are wrong D. SNMP is not configured properly Answer: A Explanation: ICMP is a protocol that is commonly used by tools such as ping, traceroute, and pathping. ICMP offers no information If ICMP request queries go unanswered, or ICMP replies are lost or blocked. 20. - (Topic 1) An organization recently switched from a cloud-based email solution to an in-house email server. The firewall needs to be modified to allow for sending and receiving email. Which of the following ports should be open on the firewall to allow for email traffic? (Select THREE). A. TCP 22 B. TCP 23 C. TCP 25 D. TCP 53 E. TCP 110 F. TCP 143 G. TCP 445 Answer: C,E,F Explanation: Port 25 is used by Simple Mail Transfer Protocol (SMTP) for routing e-mail between mail servers. Port 110 is used for Post Office Protocol v3 (POP3), which is an application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. The No.1 IT Certification Guide 12 Exam Questions and Answer Port 143 is used by Internet Message Access Protocol (IMAP) for the management of email messages. 21. - (Topic 1) A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up. Which of the following BEST allows the analyst to restrict user access to approved devices? A. Antenna placement B. Power level adjustment C. Disable SSID broadcasting D. MAC filtering Answer: D Explanation: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. 22. - (Topic 1) A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements? A. NAT and DMZ B. VPN and IPSec C. Switches and a firewall D. 802.1x and VLANs Answer: D Explanation: 802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection- management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System The No.1 IT Certification Guide 13 Exam Questions and Answer Plus (TACACS+), and Network Access Control (NAC). A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. By default, all ports on a switch are part of VLAN 1. But as the switch administrator changes the VLAN assignment on a port-by-port basis, various ports can be grouped together and be distinct from other VLAN port designations. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function. 23. - (Topic 1) An auditor is given access to a conference room to conduct an analysis. When they connect their laptop’s Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue? A. Ethernet cable is damaged B. The host firewall is set to disallow outbound connections C. Network Access Control D. The switch port is administratively shutdown Answer: C Explanation: Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control. 24. - (Topic 1) A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected? A. VPN B. VLAN C. WPA2 D. MAC filtering The No.1 IT Certification Guide 14 Exam Questions and Answer Answer: B Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function. 25. - (Topic 1) An administrator is looking to implement a security device which will be able to not only detect network intrusions at the organization level, but help defend against them as well. Which of the following is being described here? A. NIDS B. NIPS C. HIPS D. HIDS Answer: B Explanation: Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it 26. - (Topic 1) A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO). A. Antenna placement B. Interference C. Use WEP D. Single Sign on E. Disable the SSID F. Power levels The No.1 IT Certification Guide 15 Exam Questions and Answer Answer: A,F Explanation: Placing the antenna in the correct position is crucial. You can then adjust the power levels to exclude the parking lot. 27. - (Topic 1) Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of technologies will BEST address this scenario? A. Application Firewall B. Anomaly Based IDS C. Proxy Firewall D. Signature IDS Answer: B Explanation: Anomaly-based detection watches the ongoing activity in the environment and looks for abnormal occurrences. An anomaly-based monitoring or detection method relies on definitions of all valid forms of activity. This database of known valid activity allows the tool to detect any and all anomalies. Anomaly-based detection is commonly used for protocols. Because all the valid and legal forms of a protocol are known and can be defined, any variations from those known valid constructions are seen as anomalies. 28. - (Topic 1) Which of the following network architecture concepts is used to securely isolate at the boundary between networks? A. VLAN B. Subnetting C. DMZ D. NAT The No.1 IT Certification Guide 16 Exam Questions and Answer Answer: C Explanation: A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall. 29. - (Topic 1) An administrator wants to establish a WiFi network using ...
View Full Document

  • Spring '13
  • Zingler

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes