SY0-401 CompTIA Security+ Certification Practice Exam Set 4

Jane, an administrator, needs to make sure the wireless network is not accessible from the
parking area of their office.
Which of the following would BEST help Jane when deploying a new access point?


Options are :

  • Implementing WPA2
  • Disabling the SSID
  • Enabling the MAC filtering
  • Placement of antenna

Answer : Placement of antenna

A security administrator is tasked with ensuring that all devices have updated virus definition files
before they are allowed to access network resources.
Which of the following technologies would be used to accomplish this goal?


Options are :

  • DMZ
  • NAC
  • NIDS
  • DLP
  • Port Security

Answer : NAC

Ann, a security administrator, has concerns regarding her company’s wireless network. The
network is open and available for visiting prospective clients in the conference room, but she
notices that many more devices are connecting to the network than should be.
Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current 
functionality for clients?


Options are :

  • Enable MAC filtering on the wireless access point.
  • Lower the antenna’s broadcasting power.
  • Disable SSID broadcasting.
  • Configure WPA2 encryption on the wireless access point.

Answer : Lower the antenna’s broadcasting power.

220-701 A+ Essentials Certification Practice Exam Set 8

Which of the following BEST describes the weakness in WEP encryption?


Options are :

  • The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.
  • The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.
  • The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.
  • The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.

Answer : The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.

Which of the following would satisfy wireless network implementation requirements to use mutual
authentication and usernames and passwords?


Options are :

  • PEAP-MSCHAPv2
  • WEP
  • EAP-MD5
  • EAP-TLS

Answer : PEAP-MSCHAPv2

Ann, the network administrator, is receiving reports regarding a particular wireless network in the
building. The network was implemented for specific machines issued to the developer department,
but the developers are stating that they are having connection issues as well as slow bandwidth.
Reviewing the wireless router's logs, she sees that devices not belonging to the developers are
connecting to the access point.
Which of the following would BEST alleviate the developer's reports?


Options are :

  • Implement connections via secure tunnel with additional software on the developer's computers.
  • Modify the connection's encryption method so that it is using WEP instead of WPA2.
  • Configure the router so that wireless access is based upon the connecting device's hardware address.
  • Configure the router so that its name is not visible to devices scanning for wireless networks

Answer : Configure the router so that wireless access is based upon the connecting device's hardware address.

CompTIA Security+ Cert. (SY0-501) Practice Tests Set 5

A security administrator must implement a firewall rule to allow remote employees to VPN onto the
company network. The VPN concentrator implements SSL VPN over the standard HTTPS port.
Which of the following is the MOST secure ACL to implement at the company's gateway firewall?


Options are :

  • PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY
  • PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY
  • PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443
  • PERMIT TCP FROM ANY 443 TO 199.70.5.25 443

Answer : PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443

Which of the following would be MOST appropriate to secure an existing SCADA system by
preventing connections from unauthorized networks?


Options are :

  • Implement a firewall to protect the SCADA system
  • Implement a Layer 2 switch to access the SCADA system
  • Implement a HIDS to protect the SCADA system
  • Implement a NIDS to protect the SCADA system

Answer : Implement a firewall to protect the SCADA system

A security team has identified that the wireless signal is broadcasting into the parking lot.
To reduce the risk of an attack against the wireless network from the parking lot, which of the
following controls should be used? (Choose two.)
A.
Antenna placement
B.
Interference
C.
Use WEP
D.
Single Sign on
E.
Disable the SSID
F.
Power levels


Options are :

  • A,F
  • A,E
  • A,C
  • A,B

Answer : A,F

N10-006 CompTIA Network+ Certification Practice Test Set 1

An access point has been configured for AES encryption but a client is unable to connect to it.
Which of the following should be configured on the client to fix this issue?


Options are :

  • WEP
  • RC4
  • TKIP
  • CCMP

Answer : CCMP

Which of the following devices would MOST likely have a DMZ interface?


Options are :

  • Proxy
  • Load balancer
  • Switch
  • Firewall

Answer : Firewall

CompTIA JK0-019 E2C Network Media & Topologies Practice Exam Set 2

A corporation is looking to expand their data center but has run out of physical space in which to
store hardware.
Which of the following would offer the ability to expand while keeping their current data center
operated by internal staff?


Options are :

  • Subnetting
  • SaaS
  • IaaS
  • Virtualization

Answer : Virtualization

The Chief Information Officer (CIO) has mandated web based Customer Relationship
Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads,
and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO’s direction but has
mandated that key authentication systems be run within the organization’s network.
Which of the following would BEST meet the CIO and CRO’s requirements?


Options are :

  • Infrastructure as a Service
  • Hosted virtualization service
  • Platform as a Service
  • Software as a Service

Answer : Software as a Service

An auditor is given access to a conference room to conduct an analysis. When they connect their
laptop’s Ethernet cable into the wall jack, they are not able to get a connection to the Internet but
have a link light.Which of the following is MOST likely causing this issue?


Options are :

  • Ethernet cable is damaged
  • The switch port is administratively shutdown
  • Network Access Control
  • The host firewall is set to disallow outbound connections

Answer : Network Access Control

HT0-201 CEA- CompTIA DHTI+ Certification Practice Exam Set 3

A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs.
These will need to still be reviewed on a regular basis to ensure the security of the company has
not been breached.
Which of the following cloud service options would support this requirement?


Options are :

  • IaaS
  • PaaS
  • SaaS
  • MaaS

Answer : MaaS

Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP
sessions to five different PCs and notices that the hardware properties are similar. Additionally, the
MAC addresses of all five servers appear on the same switch port.
Which of the following is MOST likely the cause?


Options are :

  • The system is in active-standby mode.
  • The system is running 802.1x.
  • The system is virtualized.
  • The system is using NAC.

Answer : The system is virtualized.

An IT director is looking to reduce the footprint of their company’s server environment. They have
decided to move several internally developed software applications to an alternate environment,
supported by an external company.
Which of the following BEST describes this arrangement?


Options are :

  • Software as a Service
  • Storage as a Service
  • Platform as a Service
  • Infrastructure as a Service

Answer : Infrastructure as a Service

CT0-101 Convergence+ Certification Practice Exam Set 12

Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be
considered components of:


Options are :

  • Separation of duties.
  • Application control.
  • Layered security.
  • Redundant systems.

Answer : Layered security.

Which of the following offers the LEAST amount of protection against data theft by USB drives?


Options are :

  • DLP
  • Database encryption
  • TPM
  • Cloud computing

Answer : Cloud computing

Which of the following would Pete, a security administrator, MOST likely implement in order to
allow employees to have secure remote access to certain internal network services such as file
servers?


Options are :

  • VPN gateway
  • Packet filtering firewall
  • Router
  • Switch

Answer : VPN gateway

CompTIA HT0-201 DHTI+ Certification Practice Exam Set 2

Which of the following BEST describes a demilitarized zone?


Options are :

  • A private network that is protected by a firewall and a VLAN.
  • A network where all servers exist and are monitored.
  • A buffer zone between protected and unprotected networks.
  • A sterile, isolated network segment with access lists.

Answer : A buffer zone between protected and unprotected networks.

Which of the following is a programming interface that allows a remote computer to run programs
on a local machine?


Options are :

  • RPC
  • RSH
  • SSL
  • SSH

Answer : RPC

A network engineer is designing a secure tunneled VPN.
Which of the following protocols would be the MOST secure?


Options are :

  • BGP
  • SFTP
  • IPsec
  • PPTP

Answer : IPsec

CompTIA Security+ Certification (SY0-501): Tests

Pete, a security administrator, is informed that people from the HR department should not have
access to the accounting department’s server, and the accounting department should not have
access to the HR department’s server. The network is separated by switches.
Which of the following is designed to keep the HR department users from accessing the
accounting department’s server and vice-versa?


Options are :

  • DMZs
  • NATS
  • ACLs
  • VLANs

Answer : VLANs

Joe, a security administrator, believes that a network breach has occurred in the datacenter as a
result of a misconfigured router access list, allowing outside access to an SSH server.
Which of the following should Joe search for in the log files?


Options are :

  • Network ping sweeps
  • Host port scans
  • Failed authentication attempts
  • Connections to port 22

Answer : Connections to port 22

A company’s business model was changed to provide more web presence and now its ERM
software is no longer able to support the security needs of the company. The current data center
will continue to provide network and security services.
Which of the following network elements would be used to support the new business model?


Options are :

  • Software as a Service
  • DMZ
  • Infrastructure as a Service
  • Remote access support

Answer : Software as a Service

CompTIA PD1-001 PDI+ Beta Certification Practice Exam Set 18

Which of the following devices is BEST suited to protect an HTTP-based application that is
susceptible to injection attacks?


Options are :

  • Layer 7 firewall
  • Protocol filter
  • Load balancer
  • NIDS

Answer : Layer 7 firewall

A security analyst needs to ensure all external traffic is able to access the company’s front-end
servers but protects all access to internal resources.
Which of the following network design elements would MOST likely be recommended?


Options are :

  • DMZ
  • VLAN
  • Virtualization
  • Cloud computing

Answer : DMZ

Due to limited resources, a company must reduce their hardware budget while still maintaining
availability.
Which of the following would MOST likely help them achieve their objectives?


Options are :

  • Network access control
  • Blade servers
  • Virtualization
  • Remote access

Answer : Virtualization

JK0-017 CompTIA E2C Project+ Certification Practice Exam Set 13

Which of the following is BEST used as a secure replacement for TELNET?


Options are :

  • GPG
  • HMAC
  • HTTPS
  • SSH

Answer : SSH

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions