Security +

Flashcard maker : Lily Taylor
QUESTION NO: 1

Sara, the security administrator, must configure the corporate firewall to allow all public IP
addresses on the internal interface of the firewall to be translated to one public IP address on the
external interface of the same firewall. Which of the following should Sara configure?
A. PAT
B. NAP
C. DNAT
D. NAC

Answer: A
Explanation:
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits
multiple devices on a local area network (LAN) to be mapped to a single public IP address. The
goal of PAT is to conserve IP addresses.
Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a
single IP address to the home network’s router. When Computer X logs on the Internet, the router
assigns the client a port number, which is appended to the internal IP address. This, in effect,
gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the
router assigns it the same local IP address with a different port number. Although both computers
are sharing the same public IP address and accessing the Internet at the same time, the router
knows exactly which computer to send specific packets to because each computer has a unique
internal address.
QUESTION NO: 2

Which of the following devices is MOST likely being used when processing the following?
1 PERMIT IP ANY ANY EQ 80
2 DENY IP ANY ANY
A. Firewall
B. NIPS
C. Load balancer
D. URL filter
CompTIA SY0-401 Exam

Answer: A
Explanation:
Firewalls, routers, and even switches can use ACLs as a method of security management. An
access control list has a deny ip any any implicitly at the end of any access control list. ACLs deny
by default and allow by exception.
QUESTION NO: 3

The security administrator at ABC company received the following log information from an external
party:
10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan
The external party is reporting attacks coming from abc-company.com. Which of the following is
the reason the ABC company’s security administrator is unable to determine the origin of the
attack?
A. A NIDS was used in place of a NIPS.
B. The log is not in UTC.
C. The external party uses a firewall.
D. ABC company uses PAT.

Answer: D
Explanation:
PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a
different port number assignment. The log information shows the IP address, not the port number,
making it impossible to pin point the exact source.
QUESTION NO: 4

Which of the following security devices can be replicated on a Linux based computer using IP
tables to inspect and properly handle network based traffic?
A. Sniffer
B. Router
C. Firewall
D. Switch

Answer: C
Explanation:
Ip tables are a user-space application program that allows a system administrator to configure the
tables provided by the Linux kernel firewall and the chains and rules it stores.
QUESTION NO: 5

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI
model?
A. Packet Filter Firewall
B. Stateful Firewall
C. Proxy Firewall
D. Application Firewall

Answer: B
Explanation:
Stateful inspections occur at all levels of the network.
QUESTION NO: 6

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card
data be segregated from the main corporate network to prevent unauthorized access and that
access to the IT systems should be logged. Which of the following would BEST meet the CISO’s
requirements?
A. Sniffers
B. NIDS
C. Firewalls
D. Web proxies
E. Layer 2 switches

Answer: C
Explanation:
The basic purpose of a firewall is to isolate one network from another.
QUESTION NO: 7

Which of the following network design elements allows for many internal devices to share one
public IP address?
A. DNAT
B. PAT
C. DNS
D. DMZ

Answer: B
Explanation:
Port Address Translation (PAT), is an extension to network address translation (NAT) that permits
multiple devices on a local area network (LAN) to be mapped to a single public IP address. The
goal of PAT is to conserve IP addresses.

Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a
single IP address to the home network’s router. When Computer X logs on the Internet, the router
assigns the client a port number, which is appended to the internal IP address. This, in effect,
gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the
router assigns it the same local IP address with a different port number. Although both computers
are sharing the same public IP address and accessing the Internet at the same time, the router
knows exactly which computer to send specific packets to because each computer has a unique
internal address.

QUESTION NO: 8

Which of the following is a best practice when securing a switch from physical access?
A. Disable unnecessary accounts
B. Print baseline configuration
C. Enable access lists
D. Disable unused ports

Answer: D
Explanation:
Disabling unused switch ports a simple method many network administrators use to help secure
their network from unauthorized access.
All ports not in use should be disabled. Otherwise, they present an open door for an attacker to enter.
QUESTION NO: 9

Which of the following devices would be MOST useful to ensure availability when there are a large
number of requests to a certain website?
A. Protocol analyzer
B. Load balancer
C. VPN concentrator
D. Web security gateway

Answer: B
Explanation:
Load balancing refers to shifting a load from one device to another. A load balancer can be
implemented as a software or hardware solution, and it is usually associated with a device—a
router, a firewall, NAT appliance, and so on. In its most common implementation, a load balancer
splits the traffic intended for a website into individual requests that are then rotated to redundant
servers as they become available.
QUESTION NO: 10

Pete, the system administrator, wishes to monitor and limit users’ access to external websites.
Which of the following would BEST address this?
A. Block all traffic on port 80.
B. Implement NIDS.
C. Use server load balancers.
D. Install a proxy server.

Answer: D
Explanation:
A proxy is a device that acts on behalf of other(s). In the interest of security, all internal user
interaction with the Internet should be controlled through a proxy server. The proxy server should
automatically block known malicious sites. The proxy server should cache often-accessed sites to
improve performance.
QUESTION NO: 11
Mike, a network administrator, has been asked to passively monitor network traffic to the
company’s sales websites. Which of the following would be BEST suited for this task?
A. HIDS
B. Firewall
C. NIPS
D. Spam filter
Answer: C
Explanation:
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious
traffic by analyzing protocol activity.
QUESTION NO: 12
Which of the following should be deployed to prevent the transmission of malicious traffic between
virtual machines hosted on a singular physical device on a network?
A. HIPS on each virtual machine
B. NIPS on the network
C. NIDS on the network
D. HIDS on each virtual machine
Answer: A
Explanation:
Host-based intrusion prevention system (HIPS) is an installed software package which monitors a
single host for suspicious activity by analyzing events occurring within that host.
QUESTION NO: 13
Pete, a security administrator, has observed repeated attempts to break into the network. Which of
the following is designed to stop an intrusion on the network?
A. NIPS
B. HIDS
C. HIPS
D. NIDS
CompTIA SY0-401 Exam
Answer: A
Explanation:
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious
traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to
identify malicious activity, log information about this activity, attempt to block/stop it, and report it
QUESTION NO: 14
An administrator is looking to implement a security device which will be able to not only detect
network intrusions at the organization level, but help defend against them as well. Which of the
following is being described here?
A. NIDS
B. NIPS
C. HIPS
D. HIDS
Answer: B
Explanation:
Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious
traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to
identify malicious activity, log information about this activity, attempt to block/stop it, and report it
QUESTION NO: 15
In intrusion detection system vernacular, which account is responsible for setting the security
policy for an organization?
A. Supervisor
B. Administrator
C. Root
D. Director
Answer: B
Explanation:
The administrator is the person responsible for setting the security policy for an organization and is
responsible for making decisions about the deployment and configuration of the IDS.
QUESTION NO: 16
When performing the daily review of the system vulnerability scans of the network Joe, the
administrator, noticed several security related vulnerabilities with an assigned vulnerability
identification number. Joe researches the assigned vulnerability identification number from the
vendor website. Joe proceeds with applying the recommended solution for identified vulnerability.
Which of the following is the type of vulnerability described?
A. Network based
B. IDS
C. Signature based
D. Host based
Answer: C
Explanation:
A signature-based monitoring or detection method relies on a database of signatures or patterns
of known malicious or unwanted activity. The strength of a signature-based system is that it can
quickly and accurately detect any event from its database of signatures.
QUESTION NO: 17
The network security engineer just deployed an IDS on the network, but the Chief Technical
Officer (CTO) has concerns that the device is only able to detect known anomalies. Which of the
following types of IDS has been deployed?
A. Signature Based IDS
B. Heuristic IDS
C. Behavior Based IDS
D. Anomaly Based IDS
Answer: A
Explanation:
A signature based IDS will monitor packets on the network and compare them against a database
of signatures or attributes from known malicious threats.
QUESTION NO: 18
Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the
corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of
technologies will BEST address this scenario?
A. Application Firewall
B. Anomaly Based IDS
C. Proxy Firewall
D. Signature IDS
Answer: B
Explanation:
Anomaly-based detection watches the ongoing activity in the environment and looks for abnormal
occurrences. An anomaly-based monitoring or detection method relies on definitions of all valid
forms of activity. This database of known valid activity allows the tool to detect any and all
anomalies. Anomaly-based detection is commonly used for protocols. Because all the valid and
legal forms of a protocol are known and can be defined, any variations from those known valid
constructions are seen as anomalies.
QUESTION NO: 19
Matt, an administrator, notices a flood fragmented packet and retransmits from an email server.
After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in
sequence again. Which of the following utilities was he MOST likely using to view this issue?
A. Spam filter
B. Protocol analyzer
C. Web application firewall
D. Load balancer
Answer: B
Explanation:
A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as
a sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a
typical host system. In either case, a protocol analyzer is first a packet capturing tool that can
collect network traffic and store it in memory or onto a storage device. Once a packet is captured,
it can be analyzed either with complex automated tools and scripts or manually.
QUESTION NO: 20
Which the following flags are used to establish a TCP connection? (Select TWO).
A. PSH
B. ACK
C. SYN
D. URG
E. FIN
Answer: B,C
Explanation:
To establish a TCP connection, the three-way (or 3-step) handshake occurs:

SYN: The active open is performed by the client sending a SYN to the server. The client sets the
segment’s sequence number to a random value A.
SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to
one more than the received sequence number i.e. A+1, and the sequence number that the server
chooses for the packet is another random number, B.
ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the
received acknowledgement value i.e. A+1, and the acknowledgement number is set to one more
than the received sequence number i.e. B+1.

QUESTION NO: 21
Which of the following components of an all-in-one security appliance would MOST likely be
configured in order to restrict access to peer-to-peer file sharing websites?
A. Spam filter
B. URL filter
C. Content inspection
D. Malware inspection
Answer: B
Explanation:
The question asks how to prevent access to peer-to-peer file sharing websites. You access a
website by browsing to a URL using a Web browser or peer-to-peer file sharing client software. A
URL filter is used to block URLs (websites) to prevent users accessing the website.

Incorrect Answer:
A: A spam filter is used for email. All inbound (and sometimes outbound) email is passed through
the spam filter to detect spam emails. The spam emails are then discarded or tagged as potential
spam according to the spam filter configuration. Spam filters do not prevent users accessing peerto-
peer file sharing websites.
C: Content inspection is the process of inspecting the content of a web page as it is downloaded. The content can then be blocked if it doesn’t comply with the company’s web policy. Contentcontrol
software determines what content will be available or perhaps more often what content will
be blocked. Content inspection does not prevent users accessing peer-to-peer file sharing
websites (although it could block the content of the sites as it is downloaded).
D: Malware inspection is the process of scanning a computer system for malware. Malware
inspection does not prevent users accessing peer-to-peer file sharing websites.

QUESTION NO: 22
Pete, the system administrator, wants to restrict access to advertisements, games, and gambling
web sites. Which of the following devices would BEST achieve this goal?
A. Firewall
B. Switch
C. URL content filter
D. Spam filter
Answer: C
Explanation:
URL filtering, also known as web filtering, is the act of blocking access to a site based on all or
part of the URL used to request access. URL filtering can focus on all or part of a fully qualified
domain name (FQDN), specific path names, specific filenames, specific fi le extensions, or entire
specific URLs. Many URL-filtering tools can obtain updated master URL block lists from vendors
as well as allow administrators to add or remove URLs from a custom list.
QUESTION NO: 23
The administrator receives a call from an employee named Joe. Joe says the Internet is down and
he is receiving a blank page when typing to connect to a popular sports website. The administrator
asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then
says that he can get to the sports site on this phone. Which of the following might the administrator
need to configure?
A. The access rules on the IDS
B. The pop up blocker in the employee’s browser
C. The sensitivity level of the spam filter
D. The default block page on the URL filter
Answer: D
Explanation:
A URL filter is used to block access to a site based on all or part of a URL. There are a number of
URL-filtering tools that can acquire updated master URL block lists from vendors, as well as allow
administrators to add or remove URLs from a custom list.
QUESTION NO: 24
Layer 7 devices used to prevent specific types of html tags are called:
A. Firewalls
B. Content filters
C. Routers
D. NIDS
Answer: B
Explanation:
A content filter is a is a type of software designed to restrict or control the content a reader is
authorised to access, particularly when used to limit material delivered over the Internet via the
Web, e-mail, or other means. Because the user and the OSI layer interact directly with the content
filter, it operates at Layer 7 of the OSI model.
QUESTION NO: 25
Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a
page is displayed notifying him that this site cannot be visited. Which of the following is MOST
likely blocking Pete’s access to this site?
A. Internet content filter
B. Firewall
C. Proxy server
D. Protocol analyzer
Answer: A
Explanation:
Web filtering software is designed to restrict or control the content a reader is authorised to access, especially when utilised to restrict material delivered over the Internet via the Web, e-mail,
or other means.
QUESTION NO: 26
A review of the company’s network traffic shows that most of the malware infections are caused by
users visiting gambling and gaming websites. The security manager wants to implement a solution
that will block these websites, scan all web traffic for signs of malware, and block the malware
before it enters the company network. Which of the following is suited for this purpose?
A. ACL
B. IDS
C. UTM
D. Firewall
Answer: C
Explanation:
An all-in-one appliance, also known as Unified Threat Management (UTM) and Next Generation
Firewall (NGFW), is one that provides a good foundation for security. A variety is available; those
that you should be familiar with for the exam fall under the categories of providing URL filtering,
content inspection, or malware inspection.
Malware inspection is the use of a malware scanner to detect unwanted software content in
network traffic. If malware is detected, it can be blocked or logged and/or trigger an alert.
QUESTION NO: 27
Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI
model?
A. WAF
B. NIDS
C. Routers
D. Switches
Answer: A
Explanation:
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules
to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can
be identified and blocked. The effort to perform this customization can be significant and needs to
be maintained as the application is modified.
As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the
OSI model, then web application firewall (WAF) is the correct answer.
QUESTION NO: 28
Which of the following should the security administrator implement to limit web traffic based on
country of origin? (Select THREE).
A. Spam filter
B. Load balancer
C. Antivirus
D. Proxies
E. Firewall
F. NIDS
G. URL filtering
Answer: D,E,G
Explanation:
A proxy server is a server that acts as an intermediary for requests from clients seeking resources
from other servers.
Firewalls manage traffic using a rule or a set of rules.
A URL is a reference to a resource that specifies the location of the resource. A URL filter is used
to block access to a site based on all or part of a URL.
QUESTION NO: 29
A security engineer is reviewing log data and sees the output below:
POST: /payload.php HTTP/1.1
HOST: localhost
Accept: */*
Referrer: http://localhost/
HTTP/1.1 403 Forbidden
Connection: close
Log: Access denied with 403. Pattern matches form bypass Which of the following technologies
was MOST likely being used to generate this log?
A. Host-based Intrusion Detection System
B. Web application firewall
C. Network-based Intrusion Detection System
D. Stateful Inspection Firewall
E. URL Content Filter
Answer: B
Explanation:
A web application firewall is a device, server add-on, virtual service, or system filter that defines a
strict set of communication rules for a website and all visitors. It’s intended to be an applicationspecific
firewall to prevent cross-site scripting, SQL injection, and other web application attacks.
QUESTION NO: 30
An administrator would like to review the effectiveness of existing security in the enterprise. Which
of the following would be the BEST place to start?
A. Review past security incidents and their resolution
B. Rewrite the existing security policy
C. Implement an intrusion prevention system
D. Install honey pot systems
Answer: C
Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log
information about this activity, attempt to block/stop it, and report it
QUESTION NO: 31
A company has proprietary mission critical devices connected to their network which are
configured remotely by both employees and approved customers. The administrator wants to
monitor device security without changing their baseline configuration. Which of the following
should be implemented to secure the devices without risking availability?
A. Host-based firewall
B. IDS
C. IPS
D. Honeypot
Answer: B
Explanation:
An intrusion detection system (IDS) is a device or software application that monitors network or
system activities for malicious activities or policy violations and produces reports to a management
station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in
different ways. There are network based (NIDS) and host based (HIDS) intrusion detection
systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor
expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily
focused on identifying possible incidents, logging information about them, and reporting attempts.
In addition, organizations use IDPSes for other purposes, such as identifying problems with
security policies, documenting existing threats and deterring individuals from violating security
policies. IDPSes have become a necessary addition to the security infrastructure of nearly every
organization.
IDPSes typically record information related to observed events, notify security administrators of
important observed events and produce reports. Many IDPSes can also respond to a detected
threat by attempting to prevent it from succeeding. They use several response techniques, which
involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a
firewall) or changing the attack’s content.
QUESTION NO: 32 CORRECT TEXT

Configure firewall, (cannot upload photo without paying.)

Answer: Use the following answer for this simulation task.
Source IP
Destination IP
Port number
TCP/UDP
Allow/Deny
10.4.255.10/24
10.4.255.101
443
TCP
Allow
10.4.255.10/23
10.4.255.2
22
TCP
Allow
CompTIA SY0-401 Exam
“Pass Any Exam. Any Time.” – www.actualtests.com 18
10.4.255.10/25
10.4.255.101
Any
Any
Allow
10.4.255.10/25
10.4.255.102
Any
Any
Allow

Explanation:
Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall
and the internal network. Three possible actions can be taken based on the rule’s criteria:
Block the connection
Allow the connection
Allow the connection only if it is secured
TCP is responsible for providing a reliable, one-to-one, connection-oriented session. TCP
establishes a connection and ensures that the other end receives any packets sent. Two hosts
communicate packet results with each other. TCP also ensures that packets are decoded and
sequenced properly. This connection is persistent during the session. When the session ends, the
connection is torn down.
UDP provides an unreliable connectionless communication method between hosts. UDP is
considered a best-effort protocol, but it’s considerably faster than TCP. The sessions don’t
establish a synchronized session like the kind used in TCP, and UDP doesn’t guarantee error-free
communications. The primary purpose of UDP is to send small packets of information. The
application is responsible for acknowledging the correct reception of the data.
Port 22 is used by both SSH and SCP with UDP.
Port 443 is used for secure web connections – HTTPS and is a TCP port.
Thus to make sure only the Accounting computer has HTTPS access to the Administrative server
you should use TCP port 443 and set the rule to allow communication between 10.4.255.10/24
(Accounting) and 10.4.255.101 (Administrative server1)
Thus to make sure that only the HR computer has access to Server2 over SCP you need use of
TCP port 22 and set the rule to allow communication between 10.4.255.10/23 (HR) and 10.4.255.2
(server2)
Thus to make sure that the IT computer can access both the Administrative servers you need to
use a port and accompanying port number and set the rule to allow communication between:
10.4.255.10.25 (IT computer) and 10.4.255.101 (Administrative server1)
10.4.255.10.25 (IT computer) and 10.4.255.102 (Administrative server2)
QUESTION NO: 33 HOTSPOT
The security administrator has installed a new firewall which implements an implicit DENY policy
by default. Click on the firewall and configure it to allow ONLY the following communication.
1. The Accounting workstation can ONLY access the web server on the public network over the
default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over
the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over
the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The
port number must be typed in and only one port number can be entered per rule Type ANY for all
ports. The original firewall configuration can be reset at any time by pressing the reset button.
Once you have met the simulation requirements, click save and then Done to submit.
Implicit deny is the default security stance that says if you aren’t specifically granted access or
privileges for a resource, you’re denied access by default.
Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443.
Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the
default SCP port, which is TCP Port 22
Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing
servers located on the secure network over the default TFTP port, which is Port 69.
QUESTION NO: 34
Which of the following firewall rules only denies DNS zone transfers?
A. deny udp any any port 53
B. deny ip any any
C. deny tcp any any port 53
D. deny all dns packets
Answer: C
Explanation:
DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers.
QUESTION NO: 35
A security administrator suspects that an increase in the amount of TFTP traffic on the network is
due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic.
Which of the following would accomplish this task?
A. Deny TCP port 68
B. Deny TCP port 69
C. Deny UDP port 68
D. Deny UDP port 69
Answer: D
Explanation:
Trivial File Transfer Protocol (TFTP) is a simple file-exchange protocol that doesn’t require authentication. It operates on UDP port 69.
QUESTION NO: 36
Sara, a security technician, has received notice that a vendor coming in for a presentation will
require access to a server outside of the network. Currently, users are only able to access remote
sites through a VPN connection. How could Sara BEST accommodate the vendor?
A. Allow incoming IPSec traffic into the vendor’s IP address.
B. Set up a VPN account for the vendor, allowing access to the remote site.
C. Turn off the firewall while the vendor is in the office, allowing access to the remote site.
D. Write a firewall rule to allow the vendor to have access to the remote site.
Answer: D
Explanation:
Firewall rules are used to define what traffic is able pass between the firewall and the internal
network. Firewall rules block the connection, allow the connection, or allow the connection only if it
is secured. Firewall rules can be applied to inbound traffic or outbound traffic and any type of
network.
QUESTION NO: 37
A technician is deploying virtual machines for multiple customers on a single physical host to
reduce power consumption in a data center. Which of the following should be recommended to
isolate the VMs from one another?
A. Implement a virtual firewall
B. Install HIPS on each VM
C. Virtual switches with VLANs
D. Develop a patch management guide
Answer: C
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by
switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between
network segments.
QUESTION NO: 38
A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet
interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks.
Which of the following is MOST likely the reason for the sub-interfaces?
A. The network uses the subnet of 255.255.255.128.
B. The switch has several VLANs configured on it.
C. The sub-interfaces are configured for VoIP traffic.
D. The sub-interfaces each implement quality of service.
Answer: B
Explanation:
A subinterface is a division of one physical interface into multiple logical interfaces. Routers
commonly employ subinterfaces for a variety of purposes, most common of these are for routing
traffic between VLANs. Also, IEEE 802.1Q is the networking standard that supports virtual LANs
(VLANs) on an Ethernet network.
QUESTION NO: 39
Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles
during the week. Further investigation by the system engineering team determined that a timed
.exe file had been uploaded to the system control console during a visit by international
contractors. Which of the following actions should Joe recommend?
A. Create a VLAN for the SCADA
B. Enable PKI for the MainFrame
C. Implement patch management
D. Implement stronger WPA2 Wireless
Answer: A
Explanation:
VLANs are used for traffic management. VLANs can be used to isolate traffic between network
segments. This can be accomplished by not defining a route between different VLANs or by
specifying a deny filter between certain VLANs (or certain members of a VLAN). Any network
segment that doesn’t need to communicate with another in order to accomplish a work
task/function shouldn’t be able to do so.
QUESTION NO: 40

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new
remote site. Which of the following would need to be implemented?
A. Implicit deny
B. VLAN management
C. Port security
D. Access control lists

Answer: D
Explanation:
In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this
question we need to configure routing. When configuring routing, you specify which IP range (in
this case, the IP subnet of the remote site) is allowed to route traffic through the router to the FTP
server.
Traffic that comes into the router is compared to ACL entries based on the order that the entries
occur in the router. New statements are added to the end of the list. The router continues to look
until it has a match. If no matches are found when the router reaches the end of the list, the traffic
is denied. For this reason, you should have the frequently hit entries at the top of the list. There is
an implied deny for traffic that is not permitted.
QUESTION NO: 41
Matt, the network engineer, has been tasked with separating network traffic between virtual
machines on a single hypervisor. Which of the following would he implement to BEST address this
requirement? (Select TWO).
A. Virtual switch
B. NAT
C. System partitioning
D. Access-list
E. Disable spanning tree
F. VLAN
Answer: A,F
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by
switches. A virtual switch is a software application that allows communication between virtual
machines. A combination of the two would best satisfy the question.
QUESTION NO: 42
A database administrator contacts a security administrator to request firewall changes for a
connection to a new internal application. The security administrator notices that the new
application uses a port typically monopolized by a virus. The security administrator denies the
request and suggests a new port or service be used to complete the application’s task. Which of
the following is the security administrator practicing in this example?
A. Explicit deny
B. Port security
C. Access control lists
D. Implicit deny
Answer: C
Explanation:
Traffic that comes into the router is compared to ACL entries based on the order that the entries
occur in the router. New statements are added to the end of the list. The router continues to look
until it has a match. If no matches are found when the router reaches the end of the list, the traffic
is denied. For this reason, you should have the frequently hit entries at the top of the list. There is
an implied deny for traffic that is not permitted.
QUESTION NO: 43
An administrator needs to connect a router in one building to a router in another using Ethernet.
Each router is connected to a managed switch and the switches are connected to each other via a
fiber line. Which of the following should be configured to prevent unauthorized devices from
connecting to the network?
A. Configure each port on the switches to use the same VLAN other than the default one
B. Enable VTP on both switches and set to the same domain
C. Configure only one of the routers to run DHCP services
D. Implement port security on the switches
Answer: D
Explanation:
Port security in IT can mean several things:
The physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no
unauthorized users or unauthorized devices can attempt to connect into an open port.
The management of TCP and User Datagram Protocol (UDP) ports. If a service is active and
assigned to a port, then that port is open. All the other 65,535 ports (of TCP or UDP) are closed if
a service isn’t actively using them.
Port knocking is a security system in which all ports on a system appear closed. However, if the client sends packets to a specific set of ports in a certain order, a bit like a secret knock, then the
desired service port becomes open and allows the client software to connect to the service.
QUESTION NO: 44
At an organization, unauthorized users have been accessing network resources via unused
network wall jacks. Which of the following would be used to stop unauthorized access?
A. Configure an access list.
B. Configure spanning tree protocol.
C. Configure port security.
D. Configure loop protection.
Answer: C
Explanation:
Port security in IT can mean several things. It can mean the physical control of all connection
points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized
devices can attempt to connect into an open port. This can be accomplished by locking down the
wiring closet and server vaults and then disconnecting the workstation run from the patch panel (or
punch-down block) that leads to a room’s wall jack. Any unneeded or unused wall jacks can (and
should) be physically disabled in this manner. Another option is to use a smart patch panel that
can monitor the MAC address of any device connected to each and every wall port across a
building and detect not just when a new device is connected to an empty port, but also when a
valid device is disconnected or replaced by an invalid device.
QUESTION NO: 45
On Monday, all company employees report being unable to connect to the corporate wireless
network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were
made to the wireless network and its supporting infrastructure, and that there are no outages.
Which of the following is the MOST likely cause for this issue?
A. Too many incorrect authentication attempts have caused users to be temporarily disabled.
B. The DNS server is overwhelmed with connections and is unable to respond to queries.
C. The company IDS detected a wireless attack and disabled the wireless network.
D. The Remote Authentication Dial-In User Service server certificate has expired.
Answer: D

Explanation:
The question states that the network uses 802.1x with PEAP. The 802.1x authentication server is
typically an EAP-compliant Remote Access Dial-In User Service (RADIUS). A RADIUS server will
be configured with a digital certificate. When a digital certificate is created, an expiration period is
configured by the Certificate Authority (CA). The expiration period is commonly one or two years.
The question states that no configuration changes have been made so it’s likely that the certificate
has expired.

QUESTION NO: 46
A company determines a need for additional protection from rogue devices plugging into physical
ports around the building.
Which of the following provides the highest degree of protection from unauthorized wired network
access?
A. Intrusion Prevention Systems
B. MAC filtering
C. Flood guards
D. 802.1x
Answer: D
Explanation:
IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the
IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless
devices connecting to a LAN or WLAN.
QUESTION NO: 47
While configuring a new access layer switch, the administrator, Joe, was advised that he needed
to make sure that only devices authorized to access the network would be permitted to login and
utilize resources. Which of the following should the administrator implement to ensure this
happens?
A. Log Analysis
B. VLAN Management
C. Network separation
D. 802.1x
Answer: D
Explanation:
802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol
(EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to
compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a
component in more complex authentication and connection-management systems, including
Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal
Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC).
QUESTION NO: 48
A network administrator wants to block both DNS requests and zone transfers coming from
outside IP addresses. The company uses a firewall which implements an implicit allow and is
currently configured with the following ACL applied to its external interface.
PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443
Which of the following rules would accomplish this task? (Select TWO).
A. Change the firewall default settings so that it implements an implicit deny
B. Apply the current ACL to all interfaces of the firewall
C. Remove the current ACL
D. Add the following ACL at the top of the current ACL
DENY TCP ANY ANY 53
E. Add the following ACL at the bottom of the current ACL
DENY ICMP ANY ANY 53
F. Add the following ACL at the bottom of the current ACL
DENY IP ANY ANY 53
Answer: A,F
Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or
privileges for a resource, you’re denied access by default. Implicit deny is the default response
when an explicit allow or deny isn’t present.
DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. These are zone
file exchanges between DNS servers, special manual queries, or used when a response exceeds
512 bytes. UDP port 53 is used for most typical DNS queries.
QUESTION NO: 49
Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be
inferred of a firewall that is configured ONLY with the following ACL?
PERMIT TCP ANY HOST 192.168.0.10 EQ 80
PERMIT TCP ANY HOST 192.168.0.10 EQ 443
A. It implements stateful packet filtering.
B. It implements bottom-up processing.
C. It failed closed.
D. It implements an implicit deny.
Answer: D
Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or
privileges for a resource, you’re denied access by default. Implicit deny is the default response
when an explicit allow or deny isn’t present.
QUESTION NO: 50
The Human Resources department has a parent shared folder setup on the server. There are two
groups that have access, one called managers and one called staff. There are many sub folders
under the parent shared folder, one is called payroll. The parent folder access control list
propagates all subfolders and all subfolders inherit the parent permission. Which of the following is
the quickest way to prevent the staff group from gaining access to the payroll folder?
A. Remove the staff group from the payroll folder
B. Implicit deny on the payroll folder for the staff group
C. Implicit deny on the payroll folder for the managers group
D. Remove inheritance from the payroll folder
Answer: B
Explanation: Implicit deny is the default security stance that says if you aren’t specifically granted
access or privileges for a resource, you’re denied access by default.
QUESTION NO: 51
A company has several conference rooms with wired network jacks that are used by both
employees and guests. Employees need access to internal resources and guests only need
access to the Internet. Which of the following combinations is BEST to meet the requirements?
A. NAT and DMZ
B. VPN and IPSec
C. Switches and a firewall
D. 802.1x and VLANs
Answer: D
Explanation:
802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication
Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was
initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s
often used as a component in more complex authentication and connection-management
systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco
System’s Terminal Access Controller Access-Control System Plus (TACACS+), and Network
Access Control (NAC). A virtual local area network (VLAN) is a hardware-imposed network segmentation created by
switches. By default, all ports on a switch are part of VLAN 1. But as the switch administrator
changes the VLAN assignment on a port-by-port basis, various ports can be grouped together and
be distinct from other VLAN port designations. VLANs are used for traffic management.
Communications between ports within the same VLAN occur without hindrance, but
communications between VLANs require a routing function.
QUESTION NO: 52
Matt, the IT Manager, wants to create a new network available to virtual servers on the same
hypervisor, and does not want this network to be routable to the firewall. How could this BEST be
accomplished?
A. Create a VLAN without a default gateway.
B. Remove the network from the routing table.
C. Create a virtual switch.
D. Commission a stand-alone switch.
Answer: C
Explanation:
A Hyper-V Virtual Switch implements policy enforcement for security, isolation, and service levels.
QUESTION NO: 53
A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs.
These will need to still be reviewed on a regular basis to ensure the security of the company has
not been breached. Which of the following cloud service options would support this requirement?
A. SaaS
B. MaaS
C. IaaS
D. PaaS
Answer: B
Explanation:
Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service
(XaaS). MaaS allows for the deployment of monitoring functionalities for several other services
and applications within the cloud.
QUESTION NO: 54
Joe, a security administrator, believes that a network breach has occurred in the datacenter as a
result of a misconfigured router access list, allowing outside access to an SSH server. Which of
the following should Joe search for in the log files?
A. Failed authentication attempts
B. Network ping sweeps
C. Host port scans
D. Connections to port 22
Answer: D
Explanation:
Log analysis is the art and science of reviewing audit trails, log files, or other forms of computergenerated
records for evidence of policy violations, malicious events, downtimes, bottlenecks, or
other issues of concern.
SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP,
SHTTP, SCP, SExec, and slogin.
QUESTION NO: 55
An organization does not have adequate resources to administer its large infrastructure. A security
administrator wishes to combine the security controls of some of the network devices in the
organization. Which of the following methods would BEST accomplish this goal?
A. Unified Threat Management
B. Virtual Private Network
C. Single sign on
D. Role-based management
Answer: A
Explanation:
When you combine a firewall with other abilities (intrusion prevention, antivirus, content filtering,
etc.), what used to be called an all-in-one appliance is now known as a unified threat management
(UTM) system. The advantages of combining everything into one include a reduced learning curve
(you only have one product to learn), a single vendor to deal with, and—typically—reduced
complexity.
QUESTION NO: 56
An organization does not have adequate resources to administer its large infrastructure. A security
administrator wishes to integrate the security controls of some of the network devices in the
organization. Which of the following methods would BEST accomplish this goal?
A. Unified Threat Management
B. Virtual Private Network
C. Single sign on
D. Role-based management
Answer: A
Explanation:
Unified Threat Management (UTM) is, basically, the combination of a firewall with other abilities.
These abilities include intrusion prevention, antivirus, content filtering, etc. Advantages of
combining everything into one:
You only have one product to learn.
You only have to deal with a single vendor.
IT provides reduced complexity.
QUESTION NO: 57
A security administrator is segregating all web-facing server traffic from the internal network and
restricting it to a single interface on a firewall. Which of the following BEST describes this new
network?
A. VLAN
B. Subnet
C. VPN
D. DMZ
Answer: D
Explanation:
A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or
logical subnetwork that contains and exposes an organization’s external-facing services to a larger
and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of
security to an organization’s local area network (LAN); an external network node only has direct
access to equipment in the DMZ, rather than any other part of the network. The name is derived
from the term “demilitarized zone”, an area between nation states in which military operation is not
permitted.
QUESTION NO: 58
Which of the following devices would MOST likely have a DMZ interface?
A. Firewall
B. Switch
C. Load balancer
D. Proxy
Answer: A
Explanation: The DMZ is a buffer network between the public untrusted Internet and the private
trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
QUESTION NO: 59
A security analyst needs to ensure all external traffic is able to access the company’s front-end
servers but protect all access to internal resources. Which of the following network design
elements would MOST likely be recommended?
A. DMZ
B. Cloud computing
C. VLAN
D. Virtualization
Answer: A
Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to
access. The DMZ is a buffer network between the public untrusted Internet and the private trusted
LAN. Often a DMZ is deployed through the use of a multihomed firewall.
QUESTION NO: 60
Which of the following network architecture concepts is used to securely isolate at the boundary
between networks?
A. VLAN
B. Subnetting
C. DMZ
D. NAT

Answer: C
Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to
access. The DMZ is a buffer network between the public untrusted Internet and the private trusted
LAN. Often a DMZ is deployed through the use of a multihomed firewall.

CompTIA SY0-401 Exam

QUESTION NO: 61
When designing a new network infrastructure, a security administrator requests that the intranet
web server be placed in an isolated area of the network for security purposes. Which of the
following design elements would be implemented to comply with the security administrator’s
request?
A. DMZ
B. Cloud services
C. Virtualization
D. Sandboxing
Answer: A
Explanation: A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to
access. The DMZ is a buffer network between the public untrusted Internet and the private trusted
LAN. Often a DMZ is deployed through the use of a multihomed firewall.
QUESTION NO: 62
Which of the following BEST describes a demilitarized zone?
A. A buffer zone between protected and unprotected networks.
B. A network where all servers exist and are monitored.
C. A sterile, isolated network segment with access lists.
D. A private network that is protected by a firewall and a VLAN.
Answer: A
Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to
access. The DMZ is a buffer network between the public untrusted Internet and the private trusted
LAN. Often a DMZ is deployed through the use of a multihomed firewall.
QUESTION NO: 63
Which of the following would allow the organization to divide a Class C IP address range into
several ranges?
A. DMZ
B. Virtual LANs
C. NAT
D. Subnetting
Answer: D
Explanation:
Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller
collections.
QUESTION NO: 64
Which of the following IP addresses would be hosts on the same subnet given the subnet mask
255.255.255.224? (Select TWO).
A. 10.4.4.125
B. 10.4.4.158
C. 10.4.4.165
D. 10.4.4.189
E. 10.4.4.199
Answer: C,D
Explanation:
With the given subnet mask, a maximum number of 30 hosts between IP addresses 10.4.4.161
and 10.4.4.190 are allowed. Therefore, option C and D would be hosts on the same subnet, and
the other options would not.
QUESTION NO: 65
Which of the following would the security engineer set as the subnet mask for the servers below to
utilize host addresses on separate broadcast domains?
Server 1: 192.168.100.6
Server 2: 192.168.100.9
Server 3: 192.169.100.20
A. /24
B. /27
C. /28
D. /29
E. /30
Answer: D
Explanation:
Using this option will result in all three servers using host addresses on different broadcast
domains.
QUESTION NO: 66
Which of the following is BEST used to break a group of IP addresses into smaller network
segments or blocks?
A. NAT
B. Virtualization
C. NAC
D. Subnetting
Answer: D
Explanation:
Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller
collections.
QUESTION NO: 67
A small company can only afford to buy an all-in-one wireless router/switch. The company has 3
wireless BYOD users and 2 web servers without wireless access. Which of the following should
the company configure to protect the servers from the user devices? (Select TWO).
A. Deny incoming connections to the outside router interface.
B. Change the default HTTP port
C. Implement EAP-TLS to establish mutual authentication
D. Disable the physical switch ports
E. Create a server VLAN
F. Create an ACL to access the server
Answer: E,F
Explanation:
We can protect the servers from the user devices by separating them into separate VLANs (virtual
local area networks).
The network device in the question is a router/switch. We can use the router to allow access from devices in one VLAN to the servers in the other VLAN. We can configure an ACL (Access Control
List) on the router to determine who is able to access the server.
In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via
one or more routers; such a domain is referred to as a virtual local area network, virtual LAN or
VLAN.
This is usually achieved on switch or router devices. Simpler devices only support partitioning on a
port level (if at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More sophisticated devices can mark packets through tagging, so that a single interconnect
(trunk) may be used to transport data for multiple VLANs.
Grouping hosts with a common set of requirements regardless of their physical location by VLAN
can greatly simplify network design. A VLAN has the same attributes as a physical local area
network (LAN), but it allows for end stations to be grouped together more easily even if they are
not on the same network switch. The network described in this question is a DMZ, not a VLAN.
QUESTION NO: 68
A network engineer is setting up a network for a company. There is a BYOD policy for the
employees so that they can connect their laptops and mobile devices.
Which of the following technologies should be employed to separate the administrative network
from the network in which all of the employees’ devices are connected?
A. VPN
B. VLAN
C. WPA2
D. MAC filtering
Answer: B
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by
switches. VLANs are used for traffic management. Communications between ports within the
same VLAN occur without hindrance, but communications between VLANs require a routing
function.
QUESTION NO: 69
Pete, a network administrator, is capturing packets on the network and notices that a large amount
of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment
that traffic from the other traffic?
A. Connect the WAP to a different switch.
B. Create a voice VLAN.
C. Create a DMZ.
D. Set the switch ports to 802.1q mode.
Answer: B
Explanation:
It is a common and recommended practice to separate voice and data traffic by using VLANs.
Separating voice and data traffic using VLANs provides a solid security boundary, preventing data
applications from reaching the voice traffic. It also gives you a simpler method to deploy QoS,
prioritizing the voice traffic over the data.

QUESTION NO: 70
An administrator connects VoIP phones to the same switch as the network PCs and printers.
Which of the following would provide the BEST logical separation of these three device types while
still allowing traffic between them via ACL?
A. Create three VLANs on the switch connected to a router
B. Define three subnets, configure each device to use their own dedicated IP address range, and
then connect the network to a router
C. Install a firewall and connect it to the switch
D. Install a firewall and connect it to a dedicated switch for each device type
Answer: A
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by
switches. VLANs are used for traffic management. Communications between ports within the
same VLAN occur without hindrance, but communications between VLANs require a routing
function.
QUESTION NO: 71
An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which
of the following types of network design elements would MOST likely be used?
A. Routing
B. DMZ
C. VLAN
D. NAT
Answer: C
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by
switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing
function.
QUESTION NO: 72
Pete, a security administrator, is informed that people from the HR department should not have
access to the accounting department’s server, and the accounting department should not have
access to the HR department’s server. The network is separated by switches. Which of the
following is designed to keep the HR department users from accessing the accounting
department’s server and vice-versa?
A. ACLs
B. VLANs
C. DMZs
D. NATS
Answer: B
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by
switches. VLANs are used for traffic management. Communications between ports within the
same VLAN occur without hindrance, but communications between VLANs require a routing
function.
QUESTION NO: 73
According to company policy an administrator must logically keep the Human Resources
department separated from the Accounting department. Which of the following would be the
simplest way to accomplish this?
A. NIDS
B. DMZ
C. NAT
D. VLAN
Answer: D
Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation
created by switches.
QUESTION NO: 74
Review the following diagram depicting communication between PC1 and PC2 on each side of a
router. Analyze the network traffic logs which show communication between the two computers as
captured by the computer with IP 10.2.2.10.
DIAGRAM
PC1 PC2
[192.168.1.30]——–[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]———[10.2.2.10] LOGS
10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK
Given the above information, which of the following can be inferred about the above environment?
A. 192.168.1.30 is a web server.
B. The web server listens on a non-standard port.
C. The router filters port 80 traffic.
D. The router implements NAT.
Answer: D
Explanation:
Network address translation (NAT) allows you to share a connection to the public Internet via a
single interface with a single public IP address. NAT maps the private addresses to the public
address. In a typical configuration, a local network uses one of the designated “private” IP address
subnets. A router on that network has a private address (192.168.1.1) in that address space, and
is also connected to the Internet with a “public” address (10.2.2.1) assigned by an Internet service
provider.
QUESTION NO: 75
An administrator wishes to hide the network addresses of an internal network when connecting to
the Internet. The MOST effective way to mask the network address of the users would be by
passing the traffic through a:
A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT
Answer: D
Explanation:
NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal
system’s request.
QUESTION NO: 76
A security analyst is reviewing firewall logs while investigating a compromised web server. The
following ports appear in the log:
22, 25, 445, 1433, 3128, 3389, 6667
Which of the following protocols was used to access the server remotely?
A. LDAP
B. HTTP
C. RDP
D. HTTPS
Answer: C
Explanation:
RDP uses TCP port 3389.
QUESTION NO: 77
Which of the following is a programming interface that allows a remote computer to run programs
on a local machine?
A. RPC
B. RSH
C. SSH
D. SSL
Answer: A
Explanation:
Remote Procedure Call (RPC) is a programming interface that allows a remote computer to run programs on a local machine.
QUESTION NO: 78
Which of the following would Pete, a security administrator, MOST likely implement in order to
allow employees to have secure remote access to certain internal network services such as file
servers?
A. Packet filtering firewall
B. VPN gateway
C. Switch
D. Router
Answer: B
Explanation:
VPNs are usually employed to allow remote access users to connect to and access the network,
and offer connectivity between two or more private networks or LANs. A VPN gateway (VPN
router) is a connection point that connects two LANs via a nonsecure network such as the Internet.
QUESTION NO: 79
Which of the following should be performed to increase the availability of IP telephony by
prioritizing traffic?
A. Subnetting
B. NAT
C. Quality of service
D. NAC
Answer: C
Explanation:
Quality of Service (QoS) facilitates the deployment of media-rich applications, such as video
conferencing and Internet Protocol (IP) telephony, without adversely affecting network throughput.
QUESTION NO: 80
An auditor is given access to a conference room to conduct an analysis. When they connect their
laptop’s Ethernet cable into the wall jack, they are not able to get a connection to the Internet buthave a link light. Which of the following is MOST likely causing this issue?
A. Ethernet cable is damaged
B. The host firewall is set to disallow outbound connections
C. Network Access Control
D. The switch port is administratively shutdown
Answer: C
Explanation:
Network Access Control (NAC) means controlling access to an environment through strict
adherence to and implementation of security policies. The goals of NAC are to prevent/reduce
zero-day attacks, enforce security policy throughout the network, and use identities to perform
access control.
QUESTION NO: 81
A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date.
Which of the following BEST describes this system type?
A. NAT
B. NIPS
C. NAC
D. DMZ
Answer: C
Explanation:
Network Access Control (NAC) means controlling access to an environment through strict
adherence to and implementation of security policies. The goals of NAC are to prevent/reduce
zero-day attacks, enforce security policy throughout the network, and use identities to perform
access control.
QUESTION NO: 82
Which of the following is required to allow multiple servers to exist on one physical server?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Virtualization
D. Infrastructure as a Service (IaaS)
Answer: C
Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.
QUESTION NO: 83
A corporation is looking to expand their data center but has run out of physical space in which to
store hardware. Which of the following would offer the ability to expand while keeping their current
data center operated by internal staff?
A. Virtualization
B. Subnetting
C. IaaS
D. SaaS
Answer: A
Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.
QUESTION NO: 84
The server administrator has noted that most servers have a lot of free disk space and low
memory utilization. Which of the following statements will be correct if the server administrator
migrates to a virtual server environment?
A. The administrator will need to deploy load balancing and clustering.
B. The administrator may spend more on licensing but less on hardware and equipment.
C. The administrator will not be able to add a test virtual environment in the data center.
D. Servers will encounter latency and lowered throughput issues.
Answer: B
Explanation:
Migrating to a virtual server environment reduces cost by eliminating the need to purchase,
manage, maintain and power physical machines. The fewer physical machines you have, the less
money it costs.
QUESTION NO: 85
Due to limited resources, a company must reduce their hardware budget while still maintaining
availability. Which of the following would MOST likely help them achieve their objectives?
A. Virtualization
B. Remote access
C. Network access control
D. Blade servers
Answer: A
Explanation:
Because Virtualization allows a single set of hardware to host multiple virtual machines, it requires
less hardware to maintain the current scenario.
QUESTION NO: 86
Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP
sessions to five different PCs and notices that the hardware properties are similar. Additionally, the
MAC addresses of all five servers appear on the same switch port. Which of the following is MOST
likely the cause?
A. The system is running 802.1x.
B. The system is using NAC.
C. The system is in active-standby mode.
D. The system is virtualized.
Answer: D
Explanation:
Virtualization allows a single set of hardware to host multiple virtual machines.
QUESTION NO: 87
Which of the following offers the LEAST amount of protection against data theft by USB drives?
A. DLP
B. Database encryption
C. TPM
D. Cloud computing
Answer: D
Explanation:
Cloud computing refers to performing data processing and storage elsewhere, over a network
connection, rather than locally. Because users have access to the data, it can easily be copied to
a USB device.
QUESTION NO: 88
A company’s business model was changed to provide more web presence and now its ERM
software is no longer able to support the security needs of the company. The current data center
will continue to provide network and security services. Which of the following network elements
would be used to support the new business model?
A. Software as a Service
B. DMZ
C. Remote access support
D. Infrastructure as a Service
Answer: A
Explanation:
Software as a Service (SaaS) allows for on-demand online access to specific software
applications or suites without having to install it locally. This will allow the data center to continue
providing network and security services.
QUESTION NO: 89
The Chief Information Officer (CIO) has mandated web based Customer Relationship
Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads,
and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO’s direction but has
mandated that key authentication systems be run within the organization’s network. Which of the
following would BEST meet the CIO and CRO’s requirements?
A. Software as a Service
B. Infrastructure as a Service
C. Platform as a Service
D. Hosted virtualization service
Answer: A
Explanation:
Software as a Service (SaaS) is a software distribution model in which applications are hosted by
a vendor or service provider and made available to customers over a network, typically the
Internet.
QUESTION NO: 90
An IT director is looking to reduce the footprint of their company’s server environment. They have
decided to move several internally developed software applications to an alternate environment,
supported by an external company. Which of the following BEST describes this arrangement?
A. Infrastructure as a Service
B. Storage as a Service
C. Platform as a Service
D. Software as a Service
Answer: A
Explanation:
Cloud users install operating-system images and their application software on the cloud
infrastructure to deploy their applications. In this model, the cloud user patches and maintains the
operating systems and the application software.
QUESTION NO: 91
Which of the following offerings typically allows the customer to apply operating system patches?
A. Software as a service
B. Public Clouds
C. Cloud Based Storage
D. Infrastructure as a service
Answer: D
Explanation:
Cloud users install operating-system images and their application software on the cloud
infrastructure to deploy their applications. In this model, the cloud user patches and maintains the
operating systems and the application software.
QUESTION NO: 92
Which of the following technologies can store multi-tenant data with different security
requirements?
A. Data loss prevention
B. Trusted platform module
C. Hard drive encryption
D. Cloud computing
Answer: D
Explanation:
One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various
clients on the same machines. This “multitenant” nature means that workloads from different
clients can be on the same system, and a flaw in implementation could compromise security.
QUESTION NO: 93
Multi-tenancy is a concept found in which of the following?
A. Full disk encryption
B. Removable media
C. Cloud computing
D. Data loss prevention
Answer: C
Explanation:
One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various
clients on the same machines. This “multitenant” nature means that workloads from different
clients can be on the same system, and a flaw in implementation could compromise security.
QUESTION NO: 94
Which of the following devices is BEST suited to protect an HTTP-based application that is
susceptible to injection attacks?
A. Protocol filter
B. Load balancer
C. NIDS
D. Layer 7 firewall
Answer: D
Explanation:
An application-level gateway firewall filters traffic based on user access, group membership, the
application or service used, or even the type of resources being transmitted. This type of firewall operates at the Application layer (Layer 7) of the OSI model.
QUESTION NO: 95
Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be
considered components of:
A. Redundant systems.
B. Separation of duties.
C. Layered security.
D. Application control.
Answer: C
Explanation:
Layered security is the practice of combining multiple mitigating security controls to protect
resources and data.
QUESTION NO: 96
A network engineer is designing a secure tunneled VPN. Which of the following protocols would
be the MOST secure?
A. IPsec
B. SFTP
C. BGP
D. PPTP
Answer: A
Explanation:
Layer 2 Tunneling Protocol (L2TP) came about through a partnership between Cisco and
Microsoft with the intention of providing a more secure VPN protocol. L2TP is considered to be a
more secure option than PPTP, as the IPSec protocol which holds more secure encryption
algorithms, is utilized in conjunction with it. It also requires a pre-shared certificate or key. L2TP’s
strongest level of encryption makes use of 168 bit keys, 3 DES encryption algorithm and requires
two levels of authentication.
L2TP has a number of advantages in comparison to PPTP in terms of providing data integrity and
authentication of origin verification designed to keep hackers from compromising the system.
However, the increased overhead required to manage this elevated security means that it performs at a slower pace than PPTP.
QUESTION NO: 97
Configuring the mode, encryption methods, and security associations are part of which of the
following?
A. IPSec
B. Full disk encryption
C. 802.1x
D. PKI
Answer: A
Explanation:
IPSec can operate in tunnel mode or transport mode. It uses symmetric cryptography to provide
encryption security. Furthermore, it makes use of Internet Security Association and Key
Management Protocol (ISAKMP).
QUESTION NO: 98
A company’s legacy server requires administration using Telnet. Which of the following protocols
could be used to secure communication by offering encryption at a lower OSI layer? (Select
TWO).
A. IPv6
B. SFTP
C. IPSec
D. SSH
E. IPv4
Answer: A,C
Explanation:
Telnet supports IPv6 connections.
IPv6 is the communications protocol that provides an identification and location system for
computers on networks and routes traffic across the Internet. IPsec is a protocol suite for securing
Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a
communication session. IPsec is a compulsory component for IPv6.
IPsec operates at Layer 3 of the OSI model, whereas Telnet operates at Layer 7.
QUESTION NO: 99
A network administrator needs to provide daily network usage reports on all layer 3 devices
without compromising any data while gathering the information. Which of the following would be
configured to provide these reports?
A. SNMP
B. SNMPv3
C. ICMP
D. SSH
Answer: B
Explanation:
Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3
defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.
QUESTION NO: 100
Matt, a security administrator, wants to configure all the switches and routers in the network in
order to securely monitor their status. Which of the following protocols would he need to configure
on each device?
A. SMTP
B. SNMPv3
C. IPSec
D. SNMP
Answer: B
Explanation: Currently, SNMP is predominantly used for monitoring and performance
management. SNMPv3 defines a secure version of SNMP and also facilitates remote
configuration of the SNMP entities.
QUESTION NO: 101
A recent vulnerability scan found that Telnet is enabled on all network devices. Which of the
following protocols should be used instead of Telnet?
A. SCP
B. SSH
C. SFTP
D. SSL
Answer: B
Explanation:
SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet
transmits both authentication credentials and data in clear text.
QUESTION NO: 102
Which of the following is BEST used as a secure replacement for TELNET?
A. HTTPS
B. HMAC
C. GPG
D. SSH
Answer: D
Explanation:
SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet
transmits both authentication credentials and data in clear text.
QUESTION NO: 103
A security analyst needs to logon to the console to perform maintenance on a remote server.
Which of the following protocols would provide secure access?
A. SCP
B. SSH
C. SFTP
D. HTTPS
Answer: B
Explanation:
Secure Shell (SSH) is a tunneling protocol originally used on Unix systems. It’s now available for
both Unix and Windows environments. SSH is primarily intended for interactive terminal sessions.
SSH is used to establish a command-line, text-only interface connection with a server, router,
switch, or similar device over any distance.

Get instant access to
all materials

Become a Member