Try CompTIA SY0-401 Exam Questions – Updated 2018

By | January 31, 2018

Are you having difficulties looking for reliable SY0-401 exam preparation materials for CompTIA SY0-401 exam Certification Exam? Don’t look any further. We are here to offer you the only review SY0-401 exam questions that can guarantee your successin SY0-401 exam. It is our commitment to being the sole provider of CompTIA Security Administration SY0-401 exam test preparation materials for every IT professional. All CompTIA SY0-401 exam dumps preparation material prepared by the subject matter experts who formulate, evaluate, and update our products.

♥♥ 2018 NEW RECOMMEND SY0-401 Exam Questions ♥♥

SY0-401 exam questions, SY0-401 PDF dumps; SY0-401 exam dumps:: https://www.dumpsschool.com/SY0-401-exam-dumps.html (1781 Q&A) (New Questions Are 100% Available! Also Free Practice Test Software!)

Latest and Most Accurate CompTIA SY0-401 Dumps Exam Questions and Answers:

Version: 39.0
Question: 21

While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?

A. Log Analysis
B. VLAN Management
C. Network separation
D. 802.1x

Answer: D

Explanation:
802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection-management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC).
Incorrect Answers:
A: Log analysis is the art and science of reviewing audit trails, log fi les, or other forms of computer-generated records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern.
B: VLAN management is the use of VLANs to control traffic for security or performance reasons.
C: Bridging between networks can be a desired feature of network design. Network bridging is self-configuring, is inexpensive, maintains collision-domain isolation, is transparent to Layer 3+ protocols, and avoids the 5-4-3 rule’s Layer 1 limitations. However, network bridging isn’t always desirable. It doesn’t limit or divide broadcast domains, doesn’t scale well, can cause latency, and can result in loops. In order to eliminate these problems, you can implement network separation or segmentation. There are two means to accomplish this. First, if communication is necessary between network segments, you can implement IP subnets and use routers. Second, you can create physically separate networks that don’t need to communicate. This can also be accomplished later using firewalls instead of routers to implement secured filtering and traffic management.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 23, 25, 26

Question: 22

A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface.
PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443
Which of the following rules would accomplish this task? (Select TWO).

A. Change the firewall default settings so that it implements an implicit deny
B. Apply the current ACL to all interfaces of the firewall
C. Remove the current ACL
D. Add the following ACL at the top of the current ACL
DENY TCP ANY ANY 53
E. Add the following ACL at the bottom of the current ACL
DENY ICMP ANY ANY 53
F. Add the following ACL at the bottom of the current ACL
DENY IP ANY ANY 53

Answer: A, F

Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.
DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. These are zone file exchanges between DNS servers, special manual queries, or used when a response exceeds 512 bytes. UDP port 53 is used for most typical DNS queries.
Incorrect Answers:
B: Applying the current ACL to all interfaces of the firewall, and adding a deny clause will also prevent internal users from performing the actions included in the deny clause.
C: Removing the current ACL will block web traffic coming in.
D: An implicit deny clause is implied at the end of each ACL.
E: ICMP is a network health and link-testing protocol, and is not related to the question.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 26, 44

Question: 23

The security administrator at ABC company received the following log information from an external party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack?

A. A NIDS was used in place of a NIPS.
B. The log is not in UTC.
C. The external party uses a firewall.
D. ABC company uses PAT.

Answer: D

Explanation:
PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port number assignment. The log information shows the IP address, not the port number, making it impossible to pin point the exact source.
Incorrect Answers:
A: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused attacks, such as bandwidth-based DoS attacks. This will not have any bearing on the security administrator at ABC Company finding the root of the attack.
B: UTC is the abbreviation for Coordinated Universal Time, which is the primary time standard by which the world regulates clocks and time. The time in the log is not the issue in this case.
C: Whether the external party uses a firewall or not will not have any bearing on the security administrator at ABC Company finding the root of the attack.
References:
http://www.webopedia.com/TERM/P/PAT.html
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://en.wikipedia.org/wiki/Coordinated_Universal_Time

Question: 24

Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic?

A. Sniffer
B. Router
C. Firewall
D. Switch

Answer: C

Explanation:
Ip tables are a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores.
Incorrect Answers:
A: A sniffer is a tool used in the process of monitoring the data that is transmitted across a network.
B, D: A router is connected to two or more data lines from different networks, whereas a network switch is connected to data lines from one single network. These may include a firewall, but not by default.
References:
http://en.wikipedia.org/wiki/Iptables
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 342
http://en.wikipedia.org/wiki/Router_(computing)

Question: 25

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model?

A. Packet Filter Firewall
B. Stateful Firewall
C. Proxy Firewall
D. Application Firewall

Answer: B

Explanation:
Stateful inspections occur at all levels of the network.
Incorrect Answers:
A: Packet-filtering firewalls operate at the Network layer (Layer 3) and the Transport layer (Layer 4) of the Open Systems Interconnect (OSI) model.
C: The proxy function can occur at either the application level or the circuit level.
D: Application Firewalls operates at the Application layer (Layer7) of the OSI model.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 98-100
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 6

Question: 26

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?

A. Sniffers
B. NIDS
C. Firewalls
D. Web proxies
E. Layer 2 switches

Answer: C

Explanation:
The basic purpose of a firewall is to isolate one network from another.
Incorrect Answers:
A: The terms protocol analyzer and packet sniffer are interchangeable. They refer to the tools used in the process of monitoring the data that is transmitted across a network.
B: A network-based IDS (NIDS) watches network traffic in real time. It’s reliable for detecting network-focused attacks, such as bandwidth-based DoS attacks.
D: Web proxies are used to forward HTTP requests.
E: Layer 2 switching uses the media access control address (MAC address) from the host’s network interface cards (NICs) to decide where to forward frames. Layer 2 switching is hardware based, which means switches use application-specific integrated circuit (ASICs) to build and maintain filter tables (also known as MAC address tables or CAM tables).
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 342
http://en.wikipedia.org/wiki/Intrusion_prevention_system
http://en.wikipedia.org/wiki/LAN_switching
http://en.wikipedia.org/wiki/Proxy_server#Web_proxy_servers

New Updated SY0-401 Exam Questions SY0-401 PDF dumps SY0-401 practice exam dumps: https://www.dumpsschool.com/SY0-401-exam-dumps.html

         

Facebook Comments