SY0-401 CompTIA Security+ Certification Practice Exam Set 5

A recent vulnerability scan found that Telnet is enabled on all network devices.
Which of the following protocols should be used instead of Telnet?


Options are :

  • SFTP
  • SCP
  • SSL
  • SSH (Correct)

Answer : SSH

Which of the following network architecture concepts is used to securely isolate at the boundary
between networks?


Options are :

  • NAT
  • DMZ (Correct)
  • Subnetting
  • VLAN

Answer : DMZ

Which of the following offerings typically allows the customer to apply operating system patches?


Options are :

  • Infrastructure as a service (Correct)
  • Cloud Based Storage
  • Software as a service
  • Public Clouds

Answer : Infrastructure as a service

A company’s legacy server requires administration using Telnet.
Which of the following protocols could be used to secure communication by offering encryption at
a lower OSI layer? (Choose two.)

A.
IPv6
B.
SFTP
C.
IPSec
D.
SSH
E.
IPv4


Options are :

  • A,B
  • A,C (Correct)
  • B,D
  • D,E

Answer : A,C

An administrator connects VoIP phones to the same switch as the network PCs and printers.
Which of the following would provide the BEST logical separation of these three device types while
still allowing traffic between them via ACL?


Options are :

  • Install a firewall and connect it to the switch
  • Create three VLANs on the switch connected to a router (Correct)
  • Install a firewall and connect it to a dedicated switch for each device type
  • Define three subnets, configure each device to use their own dedicated IP address range, and then connect the network to a router

Answer : Create three VLANs on the switch connected to a router

Review the following diagram depicting communication between PC1 and PC2 on each side of a
router. Analyze the network traffic logs which show communication between the two computers as
captured by the computer with IP 10.2.2.10.
DIAGRAM
PC1 PC2
[192.168.1.30]--[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]--[10.2.2.10] LOGS

10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN
10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK
10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK
Given the above information, which of the following can be inferred about the above environment?



Options are :

  • 192.168.1.30 is a web server.
  • The router filters port 80 traffic.
  • The web server listens on a non-standard port.
  • The router implements NAT. (Correct)

Answer : The router implements NAT.

Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?


Options are :

  • NAC
  • Subnetting (Correct)
  • Virtualization
  • NAT

Answer : Subnetting

Which of the following would allow the organization to divide a Class C IP address range into
several ranges?


Options are :

  • Subnetting (Correct)
  • DMZ
  • NAT
  • Virtual LANs

Answer : Subnetting

A company has established a network-level connection with several business partners to facilitate
business transactions. Each business partner interacts with the same four application servers
within the company.
Which of the following defense types should the company implement to protect the remainder of
the organization from those partners?


Options are :

  • DMZ (Correct)
  • IDS
  • NAC
  • VPN

Answer : DMZ

Which of the following should be performed to increase the availability of IP telephony by
prioritizing traffic?


Options are :

  • Quality of service (Correct)
  • NAT
  • NAC
  • Subnetting

Answer : Quality of service

A network engineer is setting up a network for a company. There is a BYOD policy for the
employees so that they can connect their laptops and mobile devices.
Which of the following technologies should be employed to separate the administrative network
from the network in which all of the employees’ devices are connected?


Options are :

  • VPN
  • WPA2
  • MAC filtering
  • VLAN (Correct)

Answer : VLAN

An administrator wishes to hide the network addresses of an internal network when connecting to
the Internet. The MOST effective way to mask the network address of the users would be by
passing the traffic through a:


Options are :

  • stateful firewall
  • NIPS
  • NAT (Correct)
  • packet-filtering firewall

Answer : NAT

Which of the following IP addresses would be hosts on the same subnet given the subnet mask
255.255.255.224? (Choose two.)
A.
10.4.4.125
B.
10.4.4.158
C.
10.4.4.165
D.
10.4.4.189
E.
10.4.4.199


Options are :

  • B,C
  • D,E
  • C,D (Correct)
  • A,E

Answer : C,D

Configuring the mode, encryption methods, and security associations are part of the following:


Options are :

  • 802.1x
  • PKI
  • Full disk encryption
  • IPSec (Correct)

Answer : IPSec

A network administrator needs to provide daily network usage reports on all layer 3 devices
without compromising any data while gathering the information.
Which of the following would be configured to provide these reports?


Options are :

  • SNMP
  • SNMPv3 (Correct)
  • ICMP
  • SSH

Answer : SNMPv3

An administrator needs to segment internal traffic between layer 2 devices within the LAN.
Which of the following types of network design elements would MOST likely be used?


Options are :

  • VLAN (Correct)
  • Routing
  • NAT
  • DMZ

Answer : VLAN

Matt, a security administrator, wants to configure all the switches and routers in the network in
order to securely monitor their status.
Which of the following protocols would he need to configure on each device?


Options are :

  • SNMPv3 (Correct)
  • SNMP
  • SMTP
  • IPSec

Answer : SNMPv3

Multi-tenancy is a concept found in the following:


Options are :

  • Data loss prevention
  • Removable media
  • Full disk encryption
  • Cloud computing (Correct)

Answer : Cloud computing

Which of the following would the security engineer set as the subnet mask for the servers below to
utilize host addresses on separate broadcast domains?
Server 1: 192.168.100.6
Server 2: 192.168.100.9
Server 3: 192.169.100.20


Options are :

  • /29 (Correct)
  • /30
  • /27
  • /24
  • /28

Answer : /29

The server administrator has noted that most servers have a lot of free disk space and low
memory utilization.
Which of the following statements will be correct if the server administrator migrates to a virtual
server environment?


Options are :

  • The administrator may spend more on licensing but less on hardware and equipment. (Correct)
  • The administrator will not be able to add a test virtual environment in the data center.
  • The administrator will need to deploy load balancing and clustering.
  • Servers will encounter latency and lowered throughput issues.

Answer : The administrator may spend more on licensing but less on hardware and equipment.

When designing a new network infrastructure, a security administrator requests that the intranet
web server be placed in an isolated area of the network for security purposes.
Which of the following design elements would be implemented to comply with the security
administrator’s request?


Options are :

  • Virtualization
  • DMZ (Correct)
  • Sandboxing
  • Cloud services

Answer : DMZ

Pete, a network administrator, is capturing packets on the network and notices that a large amount
of the traffic on the LAN is SIP and RTP protocols.
Which of the following should he do to segment that traffic from the other traffic?


Options are :

  • Connect the WAP to a different switch.
  • Create a voice VLAN. (Correct)
  • Create a DMZ.
  • Set the switch ports to 802.1q mode.

Answer : Create a voice VLAN.

Which of the following is required to allow multiple servers to exist on one physical server?


Options are :

  • Virtualization (Correct)
  • Software as a Service (SaaS)
  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)

Answer : Virtualization

A security analyst is reviewing firewall logs while investigating a compromised web server. The
following ports appear in the log:
22, 25, 445, 1433, 3128, 3389, 6667
Which of the following protocols was used to access the server remotely?


Options are :

  • HTTP
  • LDAP
  • RDP (Correct)
  • HTTPS

Answer : RDP

Which of the following technologies can store multi-tenant data with different security
requirements?


Options are :

  • Hard drive encryption
  • Data loss prevention
  • Trusted platform module
  • Cloud computing (Correct)

Answer : Cloud computing

An organization does not have adequate resources to administer its large infrastructure. A security
administrator wishes to combine the security controls of some of the network devices in the
organization.
Which of the following methods would BEST accomplish this goal?


Options are :

  • Role-based management
  • Single sign on
  • Virtual Private Network
  • Unified Threat Management (Correct)

Answer : Unified Threat Management

A computer is put into a restricted VLAN until the computer’s virus definitions are up-to-date.
Which of the following BEST describes this system type?


Options are :

  • NAT
  • NIPS
  • DMZ
  • NAC (Correct)

Answer : NAC

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3
wireless BYOD users and 2 web servers without wireless access.
Which of the following should the company configure to protect the servers from the user devices?
(Choose two.)
A.
Deny incoming connections to the outside router interface.
B.
Change the default HTTP port
C.
Implement EAP-TLS to establish mutual authentication
D.
Disable the physical switch ports
E.
Create a server VLAN

F.
Create an ACL to access the server



Options are :

  • E,F (Correct)
  • C,F
  • A,C
  • B,D

Answer : E,F

According to company policy an administrator must logically keep the Human Resources
department separated from the Accounting department.
Which of the following would be the simplest way to accomplish this?


Options are :

  • VLAN (Correct)
  • NIDS
  • DMZ
  • NAT

Answer : VLAN

A security administrator is segregating all web-facing server traffic from the internal network and
restricting it to a single interface on a firewall.
Which of the following BEST describes this new network?


Options are :

  • VPN
  • VLAN
  • Subnet
  • DMZ (Correct)
  • None

Answer : DMZ

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions