SY0-401 CompTIA Security+ Certification Practice Exam Set 3

An organization recently switched from a cloud-based email solution to an in-house email server.
The firewall needs to be modified to allow for sending and receiving email.
Which of the following ports should be open on the firewall to allow for email traffic? (Choose
three.)
A.
TCP 22
B.
TCP 23
C.
TCP 25
D.
TCP 53
E.
TCP 110
F.
TCP 143
G.
TCP 445


Options are :

  • A,B,C
  • D,E,F
  • B,C,D
  • C,E,F (Correct)

Answer : C,E,F

The common method of breaking larger network address space into smaller networks is known as:


Options are :

  • phishing.
  • subnetting. (Correct)
  • packet filtering
  • virtualization.

Answer : subnetting.

While securing a network it is decided to allow active FTP connections into the network.
Which of the following ports MUST be configured to allow active FTP connections? (Choose two.)
A.
20
B.
21C.
22
D.
68
E.
69



Options are :

  • A,D
  • A,B (Correct)
  • A,F
  • A,C

Answer : A,B

SY0-401 CompTIA Security+ Certification Practice Exam Set 5

An administrator wants to establish a WiFi network using a high gain directional antenna with a
narrow radiation pattern to connect two buildings separated by a very long distance.
Which of the following antennas would be BEST for this situation?


Options are :

  • Dipole
  • Sector
  • Omni
  • Yagi (Correct)

Answer : Yagi

Which of the following would Pete, a security administrator, do to limit a wireless signal from
penetrating the exterior walls?


Options are :

  • Disable WPA
  • Consider antenna placement (Correct)
  • Implement TKIP encryption
  • Disable the SSID broadcast

Answer : Consider antenna placement

It is MOST important to make sure that the firewall is configured to do the following:


Options are :

  • Alert the administrator of a possible intrusion.
  • Deny all traffic based on known signatures.
  • Deny all traffic and only permit by exception (Correct)
  • Alert management of a possible intrusion.

Answer : Deny all traffic and only permit by exception

N10-006 CompTIA Network+ Certification Practice Test Set 7

A company provides secure wireless Internet access for visitors and vendors working onsite.
Some of the vendors using older technology report that they are unable to access the wireless
network after entering the correct network information.Which of the following is the MOST likely reason for this issue?


Options are :

  • The company is not using strong enough encryption.
  • The SSID broadcast is disabled. (Correct)
  • The company is using the wrong antenna type.
  • The MAC filtering is disabled on the access point.

Answer : The SSID broadcast is disabled.

Ann, a sales manager, successfully connected her company-issued smartphone to the wireless
network in her office without supplying a username/password combination. Upon disconnecting
from the wireless network, she attempted to connect her personal tablet computer to the same
wireless network and could not connect.
Which of the following is MOST likely the reason?


Options are :

  • The company wireless is using WPA2.
  • The company wireless is using WEP.
  • The company wireless has SSID broadcast disabled.
  • The company wireless is using a MAC filter. (Correct)

Answer : The company wireless is using a MAC filter.

A system administrator wants to enable WPA2 CCMP.
Which of the following is the only encryption used?


Options are :

  • 3DES
  • AES (Correct)
  • RC4
  • DES

Answer : AES

220-701 A+ Essentials Certification Practice Exam Set 9

Ann is an employee in the accounting department and would like to work on files from her home
computer. She recently heard about a new personal cloud storage service with an easy web
interface.
Before uploading her work related files into the cloud for access, which of the following is the
MOST important security concern Ann should be aware of?


Options are :

  • Availability of the files
  • Accessibility of the files from her mobile device
  • Size of the files
  • Sensitivity of the files (Correct)

Answer : Sensitivity of the files

After reviewing the firewall logs of her organizationís wireless APs, Ann discovers an unusually
high amount of failed authentication attempts in a particular segment of the building. She
remembers that a new business moved into the office space across the street.
Which of the following would be the BEST option to begin addressing the issue?


Options are :

  • Implement MAC filtering on the AP of the affected segment
  • Perform a site survey to see what has changed on the segment
  • Change the WPA2 encryption key of the AP in the affected segment
  • Reduce the power level of the AP on the network segment (Correct)

Answer : Reduce the power level of the AP on the network segment

An administrator needs to secure RADIUS traffic between two servers.
Which of the following is the BEST solution?


Options are :

  • Require a long and complex shared secret for the servers
  • Require IPSec with AH between the servers (Correct)
  • Use MSCHAPv2 with MPPE instead of PAP
  • Require the message-authenticator attribute for each message

Answer : Require IPSec with AH between the servers

CompTIA JK0-022 E2C Security+ Compliance & Operational Exam Set 5

A security analyst has been tasked with securing a guest wireless network. They recommend the
company use an authentication server but are told the funds are not available to set this up.
Which of the following BEST allows the analyst to restrict user access to approved devices?


Options are :

  • MAC filtering (Correct)
  • Antenna placement
  • Power level adjustment
  • Disable SSID broadcasting

Answer : MAC filtering

Which of the following is a directional antenna that can be used in point-to-point or point-to-multipoint
WiFi communication systems? (Choose two.)A.
Backfire
B.
Dipole
C.
Omni
D.
PTZ
E.
Dish



Options are :

  • A,D
  • A,B
  • A,E (Correct)
  • A,C

Answer : A,E

A security administrator wishes to increase the security of the wireless network.
Which of the following BEST addresses this concern?


Options are :

  • Enable all access points to broadcast their SSIDs.
  • Change the encryption from TKIP-based to CCMP-based. (Correct)
  • Set all nearby access points to operate on the same channel.
  • Configure the access point to use WEP instead of WPA2.

Answer : Change the encryption from TKIP-based to CCMP-based.

CompTIA Network+ 6 Certification Practice Exams - 2019 Set 16

An administrator needs to secure a wireless network and restrict access based on the hardware
address of the device.
Which of the following solutions should be implemented?


Options are :

  • Upgrade to WPA2 encryption
  • Use a stateful firewall
  • Force the WAP to use channel 1
  • Enable MAC filtering (Correct)

Answer : Enable MAC filtering

A network administrator has been tasked with securing the WLAN.
Which of the following cryptographic products would be used to provide the MOST secure
environment for the WLAN


Options are :

  • WPA2 TKIP
  • WPA
  • WPA with MAC filtering
  • WPA2 CCMP (Correct)

Answer : WPA2 CCMP

A Windows-based computer is infected with malware and is running too slowly to boot and run a
malware scanner.
Which of the following is the BEST way to run the malware scanner?


Options are :

  • Enable the firewall
  • Kill all system processes
  • Disable the network connection
  • Boot from CD/USB (Correct)

Answer : Boot from CD/USB

CompTIA Network+ N10 006 Set 6

Which of the following means of wireless authentication is easily vulnerable to spoofing?


Options are :

  • WPA - PEAP
  • WPA - LEAP
  • Enabled SSID
  • MAC Filtering (Correct)

Answer : MAC Filtering

An overseas branch office within a company has many more technical and non-technical securityincidents than other parts of the company.
Which of the following management controls should be introduced to the branch office to improve
their state of security?



Options are :

  • Event log analysis and incident response
  • Continuous security monitoring processes (Correct)
  • Firewall, IPS and network segmentation
  • Initial baseline configuration snapshots

Answer : Continuous security monitoring processes

The loss prevention department has purchased a new application that allows the employees to
monitor the alarm systems at remote locations. However, the application fails to connect to the
vendor's server and the users are unable to log in.
Which of the following are the MOST likely causes of this issue? (Choose two.)A.
URL filtering
B.
Role-based access controls
C.
MAC filtering
D.
Port Security
E.
Firewall rules


Options are :

  • A,C
  • A,E (Correct)
  • A,B
  • A,D

Answer : A,E

CompTIA Project+ (PK0-004) 5 Practice Test 2019 Set 1

An active directory setting restricts querying to only secure connections.
Which of the following ports should be selected to establish a successful connection?


Options are :

  • 636 (Correct)
  • 389
  • 3286
  • 440

Answer : 636

A retail store uses a wireless network for its employees to access inventory from anywhere in the
store. Due to concerns regarding the aging wireless network, the store manager has brought in a
consultant to harden the network. During the site survey, the consultant discovers that the network
was using WEP encryption.
Which of the following would be the BEST course of action for the consultant to recommend?


Options are :

  • Replace the unidirectional antenna at the front of the store with an omni-directional antenna.
  • Increase the access point's encryption from WEP to WPA TKIP.
  • Change the encryption used so that the encryption protocol is CCMP-based. (Correct)
  • Disable the network's SSID and configure the router to only access store devices based on MAC addresses.

Answer : Change the encryption used so that the encryption protocol is CCMP-based.

A technician wants to securely collect network device configurations and statistics through a
scheduled and automated process.
Which of the following should be implemented if configuration integrity is most important and a
credential compromise should not allow interactive logons?


Options are :

  • SNMPv3 (Correct)
  • TLS
  • SSH
  • TFTP

Answer : SNMPv3

JK0-802 CompTIA A+ Certification Exam Set 4

A company administrator has a firewall with an outside interface connected to the Internet and an
inside interface connected to the corporate network.
Which of the following should the administrator configure to redirect traffic destined for the default
HTTP port on the outside interface to an internal server listening on port 8080?


Options are :

  • Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port 80
  • Create a dynamic PAT from port 80 on the outside interface to the internal interface on port 8080
  • Create a static PAT from port 80 on the outside interface to the internal interface on port 8080 (Correct)
  • Create a static PAT from port 8080 on the outside interface to the server IP address on port 80

Answer : Create a static PAT from port 80 on the outside interface to the internal interface on port 8080

Which of the following best practices makes a wireless network more difficult to find?


Options are :

  • UseWPA2-PSK
  • Implement MAC filtering
  • Disable SSID broadcast (Correct)
  • Power down unused WAPs

Answer : Disable SSID broadcast

A company has recently implemented a high density wireless system by having a junior technician
install two new access points for every access point already deployed. Users are now reporting
random wireless disconnections and slow network connectivity.
Which of the following is the MOST likely cause?


Options are :

  • A site survey was not conducted (Correct)
  • The old APs use 802.11a
  • Users did not enter the MAC of the new APs
  • The new APs use MIMO

Answer : A site survey was not conducted

SY0-401 CompTIA Security+ Certification Practice Exam Set 5

While previously recommended as a security measure, disabling SSID broadcast is not effective
against most attackers because network SSIDs are:


Options are :

  • no longer used to authenticate to most wireless networks.
  • contained in all wireless broadcast packets by default.
  • no longer supported in 802.11 protocols.
  • contained in certain wireless packets in plaintext. (Correct)

Answer : contained in certain wireless packets in plaintext.

An organization has three divisions: Accounting, Sales, and Human Resources. Users in the
Accounting division require access to a server in the Sales division, but no users in the Human
Resources division should have access to resources in any other division, nor should any users in
the Sales division have access to resources in the Accounting division.
Which of the following network segmentation schemas would BEST meet this objective?


Options are :

  • Create three separate VLANS, one for each division. (Correct)
  • Create one VLAN for the entire organization.
  • Create two VLANS, one for Accounting and Sales, and one for Human Resources.
  • Create two VLANs, one for Sales and Human Resources, and one for Accounting.

Answer : Create three separate VLANS, one for each division.

A security architect wishes to implement a wireless network with connectivity to the companyís
internal network. Before they inform all employees that this network is being put in place, the
architect wants to roll it out to a small test segment.
Which of the following allows for greater secrecy about this network during this initial phase of
implementation?


Options are :

  • Filtering test workstations by MAC address
  • Disabling SSID broadcasting (Correct)
  • Implementing WPA2 - TKIP
  • Implementing WPA2 - CCMP

Answer : Disabling SSID broadcasting

Comptia Linux+ LX0-103 Certification Exam Practice Test Set 6

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions