SY0-401 CompTIA Security+ Certification Practice Exam Set 4

Jane, an administrator, needs to make sure the wireless network is not accessible from the
parking area of their office.
Which of the following would BEST help Jane when deploying a new access point?


Options are :

  • Implementing WPA2
  • Disabling the SSID
  • Enabling the MAC filtering
  • Placement of antenna (Correct)

Answer : Placement of antenna

A security administrator is tasked with ensuring that all devices have updated virus definition files
before they are allowed to access network resources.
Which of the following technologies would be used to accomplish this goal?


Options are :

  • DMZ
  • NAC (Correct)
  • NIDS
  • DLP
  • Port Security

Answer : NAC

Ann, a security administrator, has concerns regarding her companyís wireless network. The
network is open and available for visiting prospective clients in the conference room, but she
notices that many more devices are connecting to the network than should be.
Which of the following would BEST alleviate Annís concerns with minimum disturbance of current 
functionality for clients?


Options are :

  • Enable MAC filtering on the wireless access point.
  • Lower the antennaís broadcasting power. (Correct)
  • Disable SSID broadcasting.
  • Configure WPA2 encryption on the wireless access point.

Answer : Lower the antennaís broadcasting power.

Which of the following BEST describes the weakness in WEP encryption?


Options are :

  • The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.
  • The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key. (Correct)
  • The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.
  • The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.

Answer : The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.

Which of the following would satisfy wireless network implementation requirements to use mutual
authentication and usernames and passwords?


Options are :

  • PEAP-MSCHAPv2 (Correct)
  • WEP
  • EAP-MD5
  • EAP-TLS

Answer : PEAP-MSCHAPv2

Ann, the network administrator, is receiving reports regarding a particular wireless network in the
building. The network was implemented for specific machines issued to the developer department,
but the developers are stating that they are having connection issues as well as slow bandwidth.
Reviewing the wireless router's logs, she sees that devices not belonging to the developers are
connecting to the access point.
Which of the following would BEST alleviate the developer's reports?


Options are :

  • Implement connections via secure tunnel with additional software on the developer's computers.
  • Modify the connection's encryption method so that it is using WEP instead of WPA2.
  • Configure the router so that wireless access is based upon the connecting device's hardware address. (Correct)
  • Configure the router so that its name is not visible to devices scanning for wireless networks

Answer : Configure the router so that wireless access is based upon the connecting device's hardware address.

A security administrator must implement a firewall rule to allow remote employees to VPN onto the
company network. The VPN concentrator implements SSL VPN over the standard HTTPS port.
Which of the following is the MOST secure ACL to implement at the company's gateway firewall?


Options are :

  • PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY
  • PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY
  • PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443 (Correct)
  • PERMIT TCP FROM ANY 443 TO 199.70.5.25 443

Answer : PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443

Which of the following would be MOST appropriate to secure an existing SCADA system by
preventing connections from unauthorized networks?


Options are :

  • Implement a firewall to protect the SCADA system (Correct)
  • Implement a Layer 2 switch to access the SCADA system
  • Implement a HIDS to protect the SCADA system
  • Implement a NIDS to protect the SCADA system

Answer : Implement a firewall to protect the SCADA system

A security team has identified that the wireless signal is broadcasting into the parking lot.
To reduce the risk of an attack against the wireless network from the parking lot, which of the
following controls should be used? (Choose two.)
A.
Antenna placement
B.
Interference
C.
Use WEP
D.
Single Sign on
E.
Disable the SSID
F.
Power levels


Options are :

  • A,F (Correct)
  • A,E
  • A,C
  • A,B

Answer : A,F

An access point has been configured for AES encryption but a client is unable to connect to it.
Which of the following should be configured on the client to fix this issue?


Options are :

  • WEP
  • RC4
  • TKIP
  • CCMP (Correct)

Answer : CCMP

Which of the following devices would MOST likely have a DMZ interface?


Options are :

  • Proxy
  • Load balancer
  • Switch
  • Firewall (Correct)

Answer : Firewall

A corporation is looking to expand their data center but has run out of physical space in which to
store hardware.
Which of the following would offer the ability to expand while keeping their current data center
operated by internal staff?


Options are :

  • Subnetting
  • SaaS
  • IaaS
  • Virtualization (Correct)

Answer : Virtualization

The Chief Information Officer (CIO) has mandated web based Customer Relationship
Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads,
and improve availability. The Chief Risk Officer (CRO) has agreed with the CIOís direction but has
mandated that key authentication systems be run within the organizationís network.
Which of the following would BEST meet the CIO and CROís requirements?


Options are :

  • Infrastructure as a Service
  • Hosted virtualization service
  • Platform as a Service
  • Software as a Service (Correct)

Answer : Software as a Service

An auditor is given access to a conference room to conduct an analysis. When they connect their
laptopís Ethernet cable into the wall jack, they are not able to get a connection to the Internet but
have a link light.

Which of the following is MOST likely causing this issue?


Options are :

  • Ethernet cable is damaged
  • The switch port is administratively shutdown
  • Network Access Control (Correct)
  • The host firewall is set to disallow outbound connections

Answer : Network Access Control

A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs.
These will need to still be reviewed on a regular basis to ensure the security of the company has
not been breached.
Which of the following cloud service options would support this requirement?


Options are :

  • IaaS
  • PaaS
  • SaaS
  • MaaS (Correct)

Answer : MaaS

Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP
sessions to five different PCs and notices that the hardware properties are similar. Additionally, the
MAC addresses of all five servers appear on the same switch port.
Which of the following is MOST likely the cause?


Options are :

  • The system is in active-standby mode.
  • The system is running 802.1x.
  • The system is virtualized. (Correct)
  • The system is using NAC.

Answer : The system is virtualized.

An IT director is looking to reduce the footprint of their companyís server environment. They have
decided to move several internally developed software applications to an alternate environment,
supported by an external company.
Which of the following BEST describes this arrangement?


Options are :

  • Software as a Service
  • Storage as a Service
  • Platform as a Service
  • Infrastructure as a Service (Correct)

Answer : Infrastructure as a Service

Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be
considered components of:


Options are :

  • Separation of duties.
  • Application control.
  • Layered security. (Correct)
  • Redundant systems.

Answer : Layered security.

Which of the following offers the LEAST amount of protection against data theft by USB drives?


Options are :

  • DLP
  • Database encryption
  • TPM
  • Cloud computing (Correct)

Answer : Cloud computing

Which of the following would Pete, a security administrator, MOST likely implement in order to
allow employees to have secure remote access to certain internal network services such as file
servers?


Options are :

  • VPN gateway (Correct)
  • Packet filtering firewall
  • Router
  • Switch

Answer : VPN gateway

Which of the following BEST describes a demilitarized zone?


Options are :

  • A private network that is protected by a firewall and a VLAN.
  • A network where all servers exist and are monitored.
  • A buffer zone between protected and unprotected networks. (Correct)
  • A sterile, isolated network segment with access lists.

Answer : A buffer zone between protected and unprotected networks.

Which of the following is a programming interface that allows a remote computer to run programs
on a local machine?


Options are :

  • RPC (Correct)
  • RSH
  • SSL
  • SSH

Answer : RPC

A network engineer is designing a secure tunneled VPN.
Which of the following protocols would be the MOST secure?


Options are :

  • BGP
  • SFTP
  • IPsec (Correct)
  • PPTP

Answer : IPsec

Pete, a security administrator, is informed that people from the HR department should not have
access to the accounting departmentís server, and the accounting department should not have
access to the HR departmentís server. The network is separated by switches.
Which of the following is designed to keep the HR department users from accessing the
accounting departmentís server and vice-versa?


Options are :

  • DMZs
  • NATS
  • ACLs
  • VLANs (Correct)

Answer : VLANs

Joe, a security administrator, believes that a network breach has occurred in the datacenter as a
result of a misconfigured router access list, allowing outside access to an SSH server.
Which of the following should Joe search for in the log files?


Options are :

  • Network ping sweeps
  • Host port scans
  • Failed authentication attempts
  • Connections to port 22 (Correct)

Answer : Connections to port 22

A companyís business model was changed to provide more web presence and now its ERM
software is no longer able to support the security needs of the company. The current data center
will continue to provide network and security services.
Which of the following network elements would be used to support the new business model?


Options are :

  • Software as a Service (Correct)
  • DMZ
  • Infrastructure as a Service
  • Remote access support

Answer : Software as a Service

Which of the following devices is BEST suited to protect an HTTP-based application that is
susceptible to injection attacks?


Options are :

  • Layer 7 firewall (Correct)
  • Protocol filter
  • Load balancer
  • NIDS

Answer : Layer 7 firewall

A security analyst needs to ensure all external traffic is able to access the companyís front-end
servers but protects all access to internal resources.
Which of the following network design elements would MOST likely be recommended?


Options are :

  • DMZ (Correct)
  • VLAN
  • Virtualization
  • Cloud computing

Answer : DMZ

Due to limited resources, a company must reduce their hardware budget while still maintaining
availability.
Which of the following would MOST likely help them achieve their objectives?


Options are :

  • Network access control
  • Blade servers
  • Virtualization (Correct)
  • Remote access

Answer : Virtualization

Which of the following is BEST used as a secure replacement for TELNET?


Options are :

  • GPG
  • HMAC
  • HTTPS
  • SSH (Correct)

Answer : SSH

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions