SY0-401 CompTIA Security+ Certification Practice Exam Set 9

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?  
 


Options are :

  • Event log analysis and incident response
  • Continuous security monitoring processes (Correct)
  • Firewall, IPS and network segmentation
  • Initial baseline configuration snapshots

Answer : Continuous security monitoring processes

Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks?  


Options are :

  • Implement a HIDS to protect the SCADA system
  • Implement a Layer 2 switch to access the SCADA system
  • Implement a firewall to protect the SCADA system (Correct)
  • Implement a NIDS to protect the SCADA system

Answer : Implement a firewall to protect the SCADA system

 Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption.   
Which credential type authentication method BEST fits these requirements?  



Options are :

  • EAP-FAST
  • EAP-TLS
  • PEAP-CHAP
  • PEAP-MSCHAPv2 (Correct)

Answer : PEAP-MSCHAPv2

Ann is an employee in the accounting department and would like to work on files from her home computer. She recently heard about a new personal cloud storage service with an easy web interface. Before uploading her work related files into the cloud for access, which of the following is the MOST important security concern Ann should be aware of?  
 


Options are :

  • Size of the files
  • Availability of the files
  • Sensitivity of the files (Correct)
  • Accessibility of the files from her mobile device

Answer : Sensitivity of the files

The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor's server and the users are unable to log in.  Which of the following are the MOST likely causes of this issue? (Choose two.) 
A. URL filtering 
B. Role-based access controls 
C. MAC filtering 
D. Port Security 
E. Firewall rules


Options are :

  • D,F
  • A,E (Correct)
  • C,E
  • B,D

Answer : A,E

A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption.  Which of the following would be the BEST course of action for the consultant to recommend?  
 


Options are :

  • Disable the network's SSID and configure the router to only access store devices based on MAC addresses.
  • Change the encryption used so that the encryption protocol is CCMP-based. (Correct)
  • Replace the unidirectional antenna at the front of the store with an omni-directional antenna.
  • Increase the access point's encryption from WEP to WPA TKIP.

Answer : Change the encryption used so that the encryption protocol is CCMP-based.

A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication works fine, but VLAN 12 does not.  Which of the following MUST happen before the server can communicate on VLAN 12?  


Options are :

  • The server's network switch port must be 802.1q tagged for VLAN 12. (Correct)
  • The server's network switch port must be 802.1q untagged for VLAN 12.
  • The server's network switch port must be enabled for 802.11x on VLAN 12.
  • The server's network switch port must use VLAN Q-in-Q for VLAN 12.

Answer : The server's network switch port must be 802.1q tagged for VLAN 12.

A technician wants to securely collect network device configurations and statistics through a scheduled and automated process.  Which of the following should be implemented if configuration integrity is most important and a credential compromise should not allow interactive logons?  
 


Options are :

  • SSH
  • TFTP
  • TLS
  • SNMPv3 (Correct)

Answer : SNMPv3

A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?  


Options are :

  • Create a static PAT from port 8080 on the outside interface to the server IP address on port 80
  • Create a static PAT from port 80 on the outside interface to the internal interface on port 8080 (Correct)
  • Create a dynamic PAT from port 80 on the outside interface to the internal interface on port 8080
  • Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port 80

Answer : Create a static PAT from port 80 on the outside interface to the internal interface on port 8080

An organization does not want the wireless network name to be easily discovered.  Which of the following software features should be configured on the access points?  


Options are :

  • SSID broadcast (Correct)
  • MAC filter
  • WPA2
  • Antenna placement

Answer : SSID broadcast

A network administrator is asked to send a large file containing PII to a business associate. Which of the following protocols is the BEST choice to use?  


Options are :

  • FTP
  • SMTP
  • SSH
  • SFTP (Correct)

Answer : SFTP

Which of the following is the default port for TFTP?  


Options are :

  • 20
  • 68
  • 69 (Correct)
  • 21

Answer : 69

A security technician needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should be opened? (Choose two.)  


A. TCP 21 
B. TCP 23 
C. TCP 53 
D. UDP 23 
E. UDP 53 


Options are :

  • A,D
  • B,E
  • C,E (Correct)
  • A,C

Answer : C,E

An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?  


Options are :

  • TKIP
  • LEAP
  • WEP
  • EAP-TLS (Correct)

Answer : EAP-TLS

A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?  


Options are :

  • Apache server
  • Exchange server
  • Bind server (Correct)
  • RADIUS server

Answer : Bind server

An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?  
  


Options are :

  • LDAP (Correct)
  • TACACS+
  • Kerberos
  • RADIUS

Answer : LDAP

Which of the following protocols allows for the LARGEST address space?  


Options are :

  • IPv6 (Correct)
  • IPv4
  • IPX
  • Appletalk

Answer : IPv6

Which of the following protocols is used to authenticate the client and serverís digital certificate?  


Options are :

  • ICMP
  • DNS
  • PEAP
  • TLS (Correct)

Answer : TLS

Which of the following is a step in deploying a WPA2-Enterprise wireless network?  


Options are :

  • Install a token on the authentication server
  • Install a digital certificate on the authentication server (Correct)
  • Install a DHCP server on the authentication server
  • Install an encryption key on the authentication server

Answer : Install a digital certificate on the authentication server

Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?  


Options are :

  • TCP port 80 and ICMP
  • TCP port 443 and IP protocol 46
  • TCP port 443 and SNMP
  • TCP port 80 and TCP port 443 (Correct)

Answer : TCP port 80 and TCP port 443

Which of the following ports is used to securely transfer files between remote UNIX systems?  


Options are :

  • 445
  • 21
  • 22 (Correct)
  • 69

Answer : 22

Pete needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall?  


Options are :

  • UDP 69
  • TCP 23
  • TCP 21
  • TCP 22 (Correct)

Answer : TCP 22

 Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?  
 


Options are :

  • 22/UDP
  • 22/TCP (Correct)
  • 21/UDP
  • 21/TCP

Answer : 22/TCP

A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized? (Choose two.) 


A. RDP 
B. SNMP 
C. FTP 
D. SCP 
E. SSH 


Options are :

  • A,D
  • B,C
  • B,E
  • D,E (Correct)

Answer : D,E

A technician is unable to manage a remote server.  Which of the following ports should be opened on the firewall for remote server management? (Choose two.)  
A. 22 
B. 135 
C. 137 
D. 143 
E. 443 
F. 3389


Options are :

  • B,D
  • D,F
  • A,E
  • C,D
  • A,F (Correct)

Answer : A,F

 Which of the following TCP ports uses FTP/S by default?  
 


Options are :

  • 443 and 22
  • 139 and 445
  • 20 and 21
  • 989 and 990 (Correct)

Answer : 989 and 990

A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68. Which of the following replies has the administrator received?  
 


Options are :

  • The local MAC address
  • IPv4 address
  • The loopback address
  • IPv6 address (Correct)

Answer : IPv6 address

A network consists of various remote sites that connect back to two main locations. Pete, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?  


Options are :

  • Block port 25 on the L2 switch at each remote site
  • Block port 23 on the L2 switch at each remote site
  • Block port 23 on the network firewall (Correct)
  • Block port 25 on the network firewall

Answer : Block port 23 on the network firewall

 A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?  


Options are :

  • DNS
  • NetBIOS (Correct)
  • BGP
  • ICMP

Answer : NetBIOS

A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network.  Which of the following should the administrator implement?  


Options are :

  • WPA2 over EAP-TTLS
  • WPA-PSK
  • WEP over EAP-PEAP (Correct)
  • WPA2 with WPS

Answer : WEP over EAP-PEAP

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions