SY0-401 CompTIA Security+ Certification Practice Exam Set 6

A security analyst noticed a colleague typing the following command:
`Telnet some-host 443í
Which of the following was the colleague performing?


Options are :

  • Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead.
  • A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack.
  • A mistaken port being entered because telnet servers typically do not listen on port 443.
  • A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. (Correct)

Answer : A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

A company has implemented PPTP as a VPN solution.
Which of the following ports would need to be opened on the firewall in order for this VPN to
function properly? (Choose two.)

A.
UDP 1723
B.
TCP 500
C.
TCP 1723
D.
UDP 47
E.
TCP 47


Options are :

  • C,D (Correct)
  • C,B
  • A,B
  • C,A

Answer : C,D

A UNIX administrator would like to use native commands to provide a secure way of connecting to
other devices remotely and to securely transfer files.
Which of the following protocols could be utilized? (Choose two.)
A.
RDP
B.
SNMP
C.
FTP
D.
SCP
E.
SSH


Options are :

  • D,E (Correct)
  • A,B
  • C,D
  • B,C

Answer : D,E

After a network outage, a PC technician is unable to ping various network devices. The network
administrator verifies that those devices are working properly and can be accessed securely.
Which of the following is the MOST likely reason the PC technician is unable to ping those
devices?


Options are :

  • DNS settings are wrong
  • ICMP is being blocked (Correct)
  • SSH is not enabled
  • SNMP is not configured properly

Answer : ICMP is being blocked

Which of the following protocols allows for secure transfer of files? (Choose two.)
A.
ICMP
B.
SNMP
C.
SFTP
D.
SCP

E.
TFTP



Options are :

  • B,C
  • A,B
  • C,D (Correct)
  • D,A

Answer : C,D

Which of the following allows Pete, a security technician, to provide the MOST secure wireless
implementation?


Options are :

  • Implement WPA (Correct)
  • Implement WEP
  • Adjust antenna placement
  • Disable SSID

Answer : Implement WPA

A technician is unable to manage a remote server.
Which of the following ports should be opened on the firewall for remote server management?
(Choose two.)
A.
22
B.
135
C.
137
D.
143
E.
443
F.
3389


Options are :

  • A,B
  • C,E
  • A,F (Correct)
  • B,C

Answer : A,F

Which of the following ports would be blocked if Pete, a security administrator, wants to deny
access to websites?


Options are :

  • 25
  • 3389
  • 21
  • 80 (Correct)

Answer : 80

An achievement in providing worldwide Internet security was the signing of certificates associated
with which of the following protocols?


Options are :

  • SSH
  • TCP/IP
  • SCP
  • SSL (Correct)

Answer : SSL

Which of the following ports is used for SSH, by default?


Options are :

  • 23
  • 32
  • 22 (Correct)
  • 12

Answer : 22

Which of the following uses TCP port 22 by default? (Choose three.)
A.
FTPS
B.
STELNET
C.
TLS
D.
SCP
E.
SSL
F.
HTTPS
G.
SSH

H.
SFTP



Options are :

  • A,B,C
  • D,G,H (Correct)
  • E,F,H
  • B,C,D

Answer : D,G,H

Which of the following uses port 22 by default? (Choose three.)
A.
SSH
B.
SSL
C.
TLS
D.
SFTP
E.
SCP
F.
FTPS
G.
SMTP
H.
SNMP


Options are :

  • A,D,F
  • A,D,E (Correct)
  • A,C,D
  • A,B,C

Answer : A,D,E

Ann, a technician, is attempting to establish a remote terminal session to an end userís computer
using Kerberos authentication, but she cannot connect to the destination machine.
Which of the following default ports should Ann ensure is open?


Options are :

  • 3389 (Correct)
  • 443
  • 139
  • 22

Answer : 3389

An information bank has been established to store contacts, phone numbers and other records. A
UNIX application needs to connect to the index server using port 389.
Which of the following authentication services should be used on this port by default?


Options are :

  • TACACS+
  • LDAP (Correct)
  • RADIUS
  • Kerberos

Answer : LDAP

When reviewing security logs, an administrator sees requests for the AAAA record of
www.comptia.com.
Which of the following BEST describes this type of record?


Options are :

  • IPSEC DNS record
  • IPv4 DNS record
  • IPv6 DNS record (Correct)
  • DNSSEC record

Answer : IPv6 DNS record

A network consists of various remote sites that connect back to two main locations. Pete, the
security administrator, needs to block TELNET access into the network.
Which of the following, by default, would be the BEST choice to accomplish this goal?


Options are :

  • Block port 23 on the network firewall (Correct)
  • Block port 23 on the L2 switch at each remote site
  • Block port 25 on the network firewall
  • Block port 25 on the L2 switch at each remote site

Answer : Block port 23 on the network firewall

Pete, a network administrator, is implementing IPv6 in the DMZ.
Which of the following protocols must he allow through the firewall to ensure the web servers can
be reached via IPv6 from an IPv6 enabled Internet host?


Options are :

  • TCP port 443 and SNMP
  • TCP port 80 and TCP port 443 (Correct)
  • TCP port 443 and IP protocol 46
  • TCP port 80 and ICMP

Answer : TCP port 80 and TCP port 443

A security administrator wishes to change their wireless network so that IPSec is built into the
protocol and NAT is no longer required for address range extension.
Which of the following protocols should be used in this scenario?


Options are :

  • IPv6 (Correct)
  • WPA2
  • WPA
  • IPv4

Answer : IPv6

A technician has just installed a new firewall onto the network. Users are reporting that they
cannot reach any website. Upon further investigation, the technician determines that websites can
be reached by entering their IP addresses.
Which of the following ports may have been closed to cause this issue?


Options are :

  • DHCP
  • DNS (Correct)
  • NetBIOS
  • HTTP

Answer : DNS

An administrator configures all wireless access points to make use of a new network certificate
authority.
Which of the following is being used?


Options are :

  • EAP-TLS (Correct)
  • WEP
  • LEAP
  • TKIP

Answer : EAP-TLS

During the analysis of a PCAP file, a security analyst noticed several communications with a
remote server on port 53.
Which of the following protocol types is observed in this traffic?


Options are :

  • DNS (Correct)
  • NetBIOS
  • Email
  • FTP

Answer : DNS

Pete needs to open ports on the firewall to allow for secure transmission of files.
Which of the following ports should be opened on the firewall?


Options are :

  • TCP 21
  • UDP 69
  • TCP 22 (Correct)
  • TCP 23

Answer : TCP 22

Which of the following is a difference between TFTP and FTP?


Options are :

  • TFTP is more secure than FTP.
  • TFTP utilizes UDP and FTP uses TCP. (Correct)
  • TFTP is slower than FTP.
  • TFTP utilizes TCP and FTP uses UDP.

Answer : TFTP utilizes UDP and FTP uses TCP.

Which of the following secure file transfer methods uses port 22 by default?


Options are :

  • SFTP (Correct)
  • FTPS
  • SSL
  • S/MIME

Answer : SFTP

Which of the following ports and protocol types must be opened on a host with a host-based
firewall to allow incoming SFTP connections?


Options are :

  • 21/UDP
  • 22/UDP
  • 21/TCP
  • 22/TCP (Correct)

Answer : 22/TCP

After a new firewall has been installed, devices cannot obtain a new IP address.
Which of the following ports should Matt, the security administrator, open on the firewall?


Options are :

  • 80
  • 68 (Correct)
  • 25
  • 443

Answer : 68

Which of the following should be implemented to stop an attacker from mapping out addresses
and/or devices on a network?


Options are :

  • Secure zone transfers (Correct)
  • IPv6
  • Single sign on
  • VoIP

Answer : Secure zone transfers

A security administrator must implement a wireless security system, which will require users to
enter a 30 character ASCII password on their accounts. Additionally, the system must support
3DS wireless encryption.
Which of the following should be implemented?


Options are :

  • WPA2-PSK
  • WPA2-CCMP
  • WPA2-CCMP with 802.1X
  • WPA2-Enterprise (Correct)

Answer : WPA2-Enterprise

A security engineer, Joe, has been asked to create a secure connection between his mail server
and the mail server of a business partner.
Which of the following protocol would be MOST appropriate?


Options are :

  • SSH
  • TLS (Correct)
  • FTP
  • HTTPS

Answer : TLS

Which of the following is the default port for TFTP?


Options are :

  • 20
  • 69 (Correct)
  • 21
  • 68

Answer : 69

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions