SY0-401 CompTIA Security+ Certification Practice Exam Set 10

 A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally, the system must support 3DS wireless encryption.  
Which of the following should be implemented?



Options are :

  • WPA2-Enterprise (Correct)
  • WPA2-PSK
  • WPA2-CCMP
  • WPA2-CCMP with 802.1X

Answer : WPA2-Enterprise

 A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue?  


Options are :

  • NetBIOS
  • DNS (Correct)
  • HTTP
  • DHCP

Answer : DNS

Which of the following protocols operates at the HIGHEST level of the OSI model?  
 


Options are :

  • SCP (Correct)
  • ICMP
  • IPSec
  • TCP

Answer : SCP

Which of the following should be implemented to stop an attacker from mapping out addresses and/or devices on a network?  


Options are :

  • Secure zone transfers (Correct)
  • Single sign on
  • VoIP
  • IPv6

Answer : Secure zone transfers

A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened on the firewall in order for this VPN to function properly? (Choose two.) 

A. UDP 1723 
B. TCP 500 
C. TCP 1723 
D. UDP 47 
E. TCP 47 


Options are :

  • A,E
  • B,D
  • A,C
  • C,D (Correct)

Answer : C,D

During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53.  Which of the following protocol types is observed in this traffic?  


Options are :

  • NetBIOS
  • DNS (Correct)
  • FTP
  • Email

Answer : DNS

Configuring key/value pairs on a RADIUS server is associated with deploying of the following:  


Options are :

  • Intrusion detection system
  • DNS secondary zones
  • Digital certificates
  • WPA2-Enterprise wireless network (Correct)

Answer : WPA2-Enterprise wireless network

Which of the following is the MOST secure protocol to transfer files?  
 


Options are :

  • FTP
  • TELNET
  • FTPS (Correct)
  • SSH

Answer : FTPS

A security analyst noticed a colleague typing the following command:  
`Telnet some-host 443í  
Which of the following was the colleague performing?  

 


Options are :

  • A mistaken port being entered because telnet servers typically do not listen on port 443.
  • Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead.
  • A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. (Correct)
  • A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack.

Answer : A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

Ann, a technician, is attempting to establish a remote terminal session to an end userís computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open?  


Options are :

  • 3389 (Correct)
  • 443
  • 22
  • 139

Answer : 3389

When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record?  
 


Options are :

  • DNSSEC record
  • IPSEC DNS record
  • IPv6 DNS record (Correct)
  • IPv4 DNS record

Answer : IPv6 DNS record

Which of the following uses TCP port 22 by default? (Choose three.)  
A. FTPS 
B. STELNET 
C. TLS 
D. SCP 
E. SSL 
F. HTTPS 
G. SSH
H. SFTP  



Options are :

  • D,G,H (Correct)
  • AEF
  • BCD
  • A,B,D
  • D,E,G

Answer : D,G,H

Which of the following ports is used for SSH, by default?  



Options are :

  • 22 (Correct)
  • 23
  • 32
  • 12

Answer : 22

Which of the following protocols allows for secure transfer of files? (Choose two.) 


A. ICMP 
B. SNMP 
C. SFTP 
D. SCP 
E. TFTP 


Options are :

  • A,C
  • C,D (Correct)
  • A,D
  • B,E

Answer : C,D

 Which of the following is a difference between TFTP and FTP?  


Options are :

  • TFTP utilizes TCP and FTP uses UDP.
  • TFTP utilizes UDP and FTP uses TCP. (Correct)
  • TFTP is more secure than FTP.
  • TFTP is slower than FTP.

Answer : TFTP utilizes UDP and FTP uses TCP.

A security analyst needs to logon to the console to perform maintenance on a remote server.  Which of the following protocols would provide secure access?  


Options are :

  • HTTPS
  • SSH (Correct)
  • SFTP
  • SCP

Answer : SSH

Which of the following uses port 22 by default? (Choose three.)   
A. SSH 
B. SSL 
C. TLS 
D. SFTP 
E. SCP 
F. FTPS 
G. SMTP 
H. SNMP 


Options are :

  • D,F,H
  • A,B,F
  • B,C,F
  • A,D,E (Correct)
  • B,C,D
  • A,E,H

Answer : A,D,E

Which of the following ports should be used by a system administrator to securely manage a remote server?  


Options are :

  • 69
  • 137
  • 22 (Correct)
  • 445

Answer : 22

A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?  


Options are :

  • SSH
  • FTP
  • TLS (Correct)
  • HTTPS

Answer : TLS

A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?  


Options are :

  • Rogue AP
  • WPA cracking (Correct)
  • IV attack
  • WEP cracking

Answer : WPA cracking

After a new firewall has been installed, devices cannot obtain a new IP address. Which of the following ports should Matt, the security administrator, open on the firewall?  
 


Options are :

  • 68 (Correct)
  • 443
  • 80
  • 25

Answer : 68

 Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?  


Options are :

  • Disable SSID
  • Implement WPA (Correct)
  • Adjust antenna placement
  • Implement WEP

Answer : Implement WPA

Which of the following protocols is used by IPv6 for MAC address resolution?  


Options are :

  • NDP (Correct)
  • NCP
  • DNS
  • ARP

Answer : NDP

An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?  


Options are :

  • SSH
  • SCP
  • TCP/IP
  • SSL (Correct)

Answer : SSL

A security administrator has configured FTP in passive mode.  Which of the following ports should the security administrator allow on the firewall by default?  


Options are :

  • 23
  • 21 (Correct)
  • 20
  • 22

Answer : 21

Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?  


Options are :

  • 21
  • 80 (Correct)
  • 3389
  • 25

Answer : 80

A security administrator wishes to change their wireless network so that IPSec is built into the protocol and NAT is no longer required for address range extension. Which of the following protocols should be used in this scenario?  


Options are :

  • IPv4
  • IPv6 (Correct)
  • WPA
  • WPA2

Answer : IPv6

Which of the following secure file transfer methods uses port 22 by default?  


Options are :

  • S/MIME
  • SSL
  • FTPS
  • SFTP (Correct)

Answer : SFTP

After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely. Which of the following is the MOST likely reason the PC technician is unable to ping those devices?  


Options are :

  • SSH is not enabled
  • ICMP is being blocked (Correct)
  • SNMP is not configured properly
  • DNS settings are wrong

Answer : ICMP is being blocked

A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?  
 


Options are :

  • Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP
  • Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS
  • Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS
  • Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS (Correct)

Answer : Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions