SY0-401 CompTIA Security+ Certification Practice Exam Set 4

A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log:  
22, 25, 445, 1433, 3128, 3389, 6667  Which of the following protocols was used to access the server remotely?  

Options are :

  • HTTP
  • RDP (Correct)
  • LDAP

Answer : RDP

A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports?  

Options are :

  • SNMP
  • SSH
  • SNMPv3 (Correct)
  • ICMP

Answer : SNMPv3

Which of the following is a programming interface that allows a remote computer to run programs on a local machine?  

Options are :

  • RPC (Correct)
  • SSL
  • RSH
  • SSH

Answer : RPC

A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?  

Options are :

  • SaaS
  • MaaS (Correct)
  • PaaS
  • IaaS

Answer : MaaS

Which of the following is BEST used as a secure replacement for TELNET?  

Options are :

  • HMAC
  • GPG
  • SSH (Correct)

Answer : SSH

An administrator needs to segment internal traffic between layer 2 devices within the LAN.  Which of the following types of network design elements would MOST likely be used?  

Options are :

  • Routing
  • DMZ
  • NAT
  • VLAN (Correct)

Answer : VLAN

Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status.  Which of the following protocols would he need to configure on each device?

Options are :

  • SNMP
  • SMTP
  • IPSec
  • SNMPv3 (Correct)

Answer : SNMPv3

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected?  

Options are :

  • VLAN (Correct)
  • WPA2
  • VPN
  • MAC filtering

Answer : VLAN

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?  

Options are :

  • Virtual Private Network
  • Role-based management
  • Single sign on
  • Unified Threat Management (Correct)

Answer : Unified Threat Management

Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks?  

Options are :

  • Load balancer
  • Layer 7 firewall (Correct)
  • NIDS
  • Protocol filter

Answer : Layer 7 firewall

Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall.   Which of the following should Sara configure?  

Options are :

  • DNAT
  • NAC
  • PAT (Correct)
  • NAP

Answer : PAT

A security engineer is reviewing log data and sees the output below:  
 POST: /payload.php HTTP/1.1 
 HOST: localhost 
 Accept: */* 
 Referrer: http://localhost/ 
 HTTP/1.1 403 Forbidden 
 Connection: close  
Log: Access denied with 403. Pattern matches form bypass.   
Which of the following technologies was MOST likely being used to generate this log?  

Options are :

  • Stateful Inspection Firewall
  • URL Content Filter
  • Web application firewall (Correct)
  • Network-based Intrusion Detection System
  • Host-based Intrusion Detection System

Answer : Web application firewall

Users are unable to connect to the web server at IP  Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?  

Options are :

  • It failed closed.
  • It implements stateful packet filtering.
  • It implements bottom-up processing.
  • It implements an implicit deny (Correct)

Answer : It implements an implicit deny

Pete, an employee, attempts to visit a popular social networking site but it is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete’s access to this site?  

Options are :

  • Firewall
  • Proxy server
  • Internet content filter (Correct)
  • Protocol analyzer

Answer : Internet content filter

Layer 7 devices used to prevent specific types of html tags are called:  

Options are :

  • NIDS
  • Routers
  • Content filters (Correct)
  • Firewalls

Answer : Content filters

The security administrator at ABC company received the following log information from an external party:  
10:45:01 EST, SRC, DST, ALERT, Directory traversal 
10:45:02 EST, SRC, DST, ALERT, Account brute force 
10:45:03 EST, SRC, DST, ALERT, Port scan  
The external party is reporting attacks coming from Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack?  

Options are :

  • ABC company uses PAT. (Correct)
  • The external party uses a firewall.
  • The log is not in UTC.
  • A NIDS was used in place of a NIPS.

Answer : ABC company uses PAT.

Which the following flags are used to establish a TCP connection? (Choose two.)  


Options are :

  • A,B
  • A,E
  • B,D
  • B,C (Correct)

Answer : B,C

 While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources.  Which of the following should the administrator implement to ensure this happens?  

Options are :

  • Log Analysis
  • VLAN Management
  • Network separation
  • 802.1x (Correct)

Answer : 802.1x

Which of the following devices is MOST likely being used when processing the following? 

Options are :

  • NIPS
  • URL filter
  • Load balancer
  • Firewall (Correct)

Answer : Firewall

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?  

Options are :

  • Commission a stand-alone switch
  • Remove the network from the routing table.
  • Create a virtual switch. (Correct)
  • Create a VLAN without a default gateway.

Answer : Create a virtual switch.

Pete, the system administrator, wants to restrict access to advertisements, games, and gambling websites. Which of the following devices would BEST achieve this goal?  

Options are :

  • Spam filter
  • Firewall
  • Switch
  • URL content filter (Correct)

Answer : URL content filter

Which of the following is the best practice when securing a switch from physical access?  

Options are :

  • Print baseline configuration
  • Enable access lists
  • Disable unnecessary accounts
  • Disable unused ports (Correct)

Answer : Disable unused ports

An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network?  

Options are :

  • Implement port security on the switches (Correct)
  • Configure only one of the routers to run DHCP services
  • Configure each port on the switches to use the same VLAN other than the default one
  • Enable VTP on both switches and set to the same domain

Answer : Implement port security on the switches

Pete, the system administrator, wishes to monitor and limit users’ access to external websites.  Which of the following would BEST address this?  

Options are :

  • Block all traffic on port 80.
  • Implement NIDS.
  • Use server load balancers.
  • Install a proxy server. (Correct)

Answer : Install a proxy server.

Which of the following should the security administrator implement to limit web traffic based on country of origin? (Choose three.)  

A. Spam filter 
B. Load balancer 
C. Antivirus 
D. Proxies 
E. Firewall 
G. URL filtering 

Options are :

  • A,E,F
  • A,B,F
  • D,E,G (Correct)
  • D,F,G

Answer : D,E,G

Which of the following firewall rules only denies DNS zone transfers?  

Options are :

  • deny ip any any
  • deny udp any any port 53
  • deny all dns packets
  • deny tcp any any port 53 (Correct)

Answer : deny tcp any any port 53

In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization?  

Options are :

  • Root
  • Supervisor
  • Director
  • Administrator (Correct)

Answer : Administrator

A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic. Which of the following would accomplish this task?  


Options are :

  • Deny UDP port 69 (Correct)
  • Deny TCP port 68
  • Deny TCP port 69
  • Deny UDP port 68

Answer : Deny UDP port 69

A company determines a need for additional protection from rogue devices plugging into physical ports around the building.  
Which of the following provides the highest degree of protection from unauthorized wired network access?  

Options are :

  • 802.1x (Correct)
  • Intrusion Prevention Systems
  • Flood guards
  • MAC filtering

Answer : 802.1x

An administrator is looking to implement a security device which will be able not only to detect network intrusions at the organization level, but also help to defend against them. Which of the following is being described here?  

Options are :

  • NIPS
  • HIDS (Correct)
  • HIPS
  • NIDS

Answer : HIDS

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions