SY0-401 CompTIA Security+ Certification Practice Exam Set 8

Which of the following would Pete, a security administrator, do to limit a wireless signal from penetrating the exterior walls?  
 


Options are :

  • Disable the SSID broadcast
  • Consider antenna placement (Correct)
  • Implement TKIP encryption
  • Disable WPA

Answer : Consider antenna placement

Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router's logs, she sees that devices not belonging to the developers are connecting to the access point.  Which of the following would BEST alleviate the developer's reports?  
 


Options are :

  • Modify the connection's encryption method so that it is using WEP instead of WPA2.
  • Configure the router so that wireless access is based upon the connecting device's hardware address. (Correct)
  • Implement connections via secure tunnel with additional software on the developer's computers.
  • Configure the router so that its name is not visible to devices scanning for wireless networks.

Answer : Configure the router so that wireless access is based upon the connecting device's hardware address.

An active directory setting restricts querying to only secure connections.  Which of the following ports should be selected to establish a successful connection?  


Options are :

  • 389
  • 440
  • 3286
  • 636 (Correct)

Answer : 636

Which of the following best practices makes a wireless network more difficult to find?  


Options are :

  • Disable SSID broadcast (Correct)
  • Power down unused WAPs
  • Implement MAC filtering
  • UseWPA2-PSK

Answer : Disable SSID broadcast

A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources.  Which of the following technologies would be used to accomplish this goal?  


Options are :

  • DLP
  • DMZ
  • Port Security
  • NIDS
  • NAC (Correct)

Answer : NAC

An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution?  


Options are :

  • Require IPSec with AH between the servers (Correct)
  • Use MSCHAPv2 with MPPE instead of PAP
  • Require a long and complex shared secret for the servers
  • Require the message-authenticator attribute for each message

Answer : Require IPSec with AH between the servers

 Which of the following means of wireless authentication is easily vulnerable to spoofing?  


Options are :

  • Enabled SSID
  • WPA - PEAP
  • MAC Filtering (Correct)
  • WPA - LEAP

Answer : MAC Filtering

An administrator needs to secure a wireless network and restrict access based on the hardware address of the device.  Which of the following solutions should be implemented?  


Options are :

  • Enable MAC filtering (Correct)
  • Use a stateful firewall
  • Force the WAP to use channel 1
  • Upgrade to WPA2 encryption

Answer : Enable MAC filtering

Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office.  Which of the following would BEST help Jane when deploying a new access point?  
 


Options are :

  • Placement of antenna (Correct)
  • Implementing WPA2
  • Enabling the MAC filtering
  • Disabling the SSID

Answer : Placement of antenna

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access.  Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Choose two.)  


A. Disable the wired ports 
B. Use channels 1, 4 and 7 only 
C. Enable MAC filtering 
D. Disable SSID broadcast 
E. Switch from 802.11a to 802.11b


Options are :

  • C,D (Correct)
  • B,D
  • A,E
  • E,F

Answer : C,D

Ann, the Chief Information Officer (CIO) of a company, sees cloud computing as a way to save money while providing valuable services. She is looking for a cost-effective solution to assist in capacity planning as well as visibility into the performance of the network.  Which of the following cloud technologies should she look into?  


Options are :

  • PaaS
  • SaaS
  • IaaS
  • MaaS (Correct)

Answer : MaaS

An access point has been configured for AES encryption but a client is unable to connect to it.  Which of the following should be configured on the client to fix this issue?  
 


Options are :

  • CCMP (Correct)
  • WEP
  • RC4
  • TKIP

Answer : CCMP

An organization has three divisions: Accounting, Sales, and Human Resources. Users in the Accounting division require access to a server in the Sales division, but no users in the Human Resources division should have access to resources in any other division, nor should any users in the Sales division have access to resources in the Accounting division.  Which of the following network segmentation schemas would BEST meet this objective?  
 


Options are :

  • Create one VLAN for the entire organization.
  • Create three separate VLANS, one for each division. (Correct)
  • Create two VLANS, one for Accounting and Sales, and one for Human Resources.
  • Create two VLANs, one for Sales and Human Resources, and one for Accounting.

Answer : Create three separate VLANS, one for each division.

A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity.  Which of the following is the MOST likely cause?  


Options are :

  • A site survey was not conducted (Correct)
  • The new APs use MIMO
  • The old APs use 802.11a
  • Users did not enter the MAC of the new APs

Answer : A site survey was not conducted

While securing a network it is decided to allow active FTP connections into the network.   Which of the following ports MUST be configured to allow active FTP connections? (Choose two.)  
A. 20 
B. 21 
C. 22 
D. 68 
E. 69 


Options are :

  • A,B (Correct)
  • C,E
  • B,D
  • B,E
  • A,E

Answer : A,B

The common method of breaking larger network address space into smaller networks is known as:  


Options are :

  • phishing.
  • virtualization.
  • packet filtering.
  • subnetting. (Correct)

Answer : subnetting.

A security team has identified that the wireless signal is broadcasting into the parking lot.   
To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Choose two.)  


A. Antenna placement 
B. Interference 
C. Use WEP 
D. Single Sign on 
E. Disable the SSID 
F. Power levels 


Options are :

  • A,F (Correct)
  • C,D
  • B,F
  • C,E
  • B,E

Answer : A,F

A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up.  Which of the following BEST allows the analyst to restrict user access to approved devices?  
 


Options are :

  • Antenna placement
  • MAC filtering (Correct)
  • Disable SSID broadcasting
  • Power level adjustment

Answer : MAC filtering

Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect. Which of the following is MOST likely the reason?  


Options are :

  • The company wireless is using WEP.
  • The company wireless is using a MAC filter. (Correct)
  • The company wireless has SSID broadcast disabled.
  • The company wireless is using WPA2.

Answer : The company wireless is using a MAC filter.

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance.  Which of the following antennas would be BEST for this situation?  


Options are :

  • Sector
  • Omni
  • Yagi (Correct)
  • Dipole

Answer : Yagi

After reviewing the firewall logs of her organizationís wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street.  Which of the following would be the BEST option to begin addressing the issue?  


Options are :

  • Change the WPA2 encryption key of the AP in the affected segment
  • Perform a site survey to see what has changed on the segment
  • Implement MAC filtering on the AP of the affected segment
  • Reduce the power level of the AP on the network segment (Correct)

Answer : Reduce the power level of the AP on the network segment

Which of the following wireless security technologies continuously supplies new keys for WEP?  


Options are :

  • WPA
  • Mac filtering
  • TKIP (Correct)
  • WPA2

Answer : TKIP

A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner.   Which of the following is the BEST way to run the malware scanner?  


Options are :

  • Disable the network connection
  • Kill all system processes
  • Boot from CD/USB (Correct)
  • Enable the firewall

Answer : Boot from CD/USB

While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network SSIDs are:  


Options are :

  • no longer supported in 802.11 protocols. (Correct)
  • contained in certain wireless packets in plaintext.
  • no longer used to authenticate to most wireless networks.
  • contained in all wireless broadcast packets by default.

Answer : no longer supported in 802.11 protocols.

Which of the following BEST describes the weakness in WEP encryption?  





Options are :

  • The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.
  • The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key. (Correct)
  • The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.
  • The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.

Answer : The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.

Signed digital certificates used to secure communication with a web server are MOST commonly associated with the following ports:  


Options are :

  • 443 (Correct)
  • 25
  • 143
  • 53

Answer : 443

After entering the following information into a SOHO wireless router, a mobile deviceís user reports being unable to connect to the network:  
PERMIT 0A: D1: FA. B1: 03: 37 
DENY 01: 33: 7F: AB: 10: AB  
Which of the following is preventing the device from connecting?  



Options are :

  • WPA2-PSK requires a supplicant on the mobile device.
  • IP address filtering has disabled the device from connecting.
  • Hardware address filtering is blocking the device. (Correct)
  • TCP/IP Port filtering has been implemented on the SOHO router.

Answer : Hardware address filtering is blocking the device.

It is MOST important to make sure that the firewall is configured to do the following:  


Options are :

  • Deny all traffic and only permit by exception. (Correct)
  • Alert management of a possible intrusion.
  • Deny all traffic and only permit by exception.
  • Alert the administrator of a possible intrusion.

Answer : Deny all traffic and only permit by exception.

Ann, a security administrator, has concerns regarding her companyís wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be.  Which of the following would BEST alleviate Annís concerns with minimum disturbance of current functionality for clients?  


Options are :

  • Enable MAC filtering on the wireless access point.
  • Disable SSID broadcasting
  • Lower the antennaís broadcasting power. (Correct)
  • Configure WPA2 encryption on the wireless access point.

Answer : Lower the antennaís broadcasting power.

Which of the following ports should be open on the firewall to allow for email traffic? (Choose three.)  


A. TCP 22 
B. TCP 23 
C. TCP 25 
D. TCP 53 
E. TCP 110 
F. TCP 143 
G. TCP 445 


Options are :

  • A,B,D
  • C,E,F (Correct)
  • D,F,G
  • A,C,G

Answer : C,E,F

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions