♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA SY0-401 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW SY0-401 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/SY0-401-exam-dumps.html
Q261. The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?
A. Implicit deny
B. VLAN management
C. Port security
D. Access control lists
Answer: D
Explanation:
In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this question we need to configure routing. When configuring routing, you specify which IP range (in this case, the IP subnet of the remote site) is allowed to route traffic through the router to the FTP server.
Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.
Q262. Which of the following can Joe, a security administrator, implement on his network to capture attack details that are occurring while also protecting his production network?
A. Security logs
B. Protocol analyzer
C. Audit logs
D. Honeypot
Answer: D
Explanation:
A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study
the attack to research current attack methodologies.
According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main
purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning
where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are
potentially invulnerable to future hackers.
There are two main types of honeypots:
Production - A production honeypot is one used within an organization's environment to help
mitigate risk.
Research – A research honeypot add value to research in computer security by providing a platform to study the threat.
Q263. Pete, the system administrator, has concerns regarding users losing their company provided smartphones. Pete’s focus is on equipment recovery. Which of the following BEST addresses his concerns?
A. Enforce device passwords.
B. Use remote sanitation.
C. Enable GPS tracking.
D. Encrypt stored data.
Answer: C
Explanation:
Global Positioning System (GPS) tracking can be used to identify its location of a stolen device and can allow authorities to recover the device. However, for GPS tracking to work, the device must have an Internet connection or a wireless phone service over which to send its location information.
Q264. Sara, the Chief Security Officer (CSO), has had four security breaches during the past two years.
Each breach has cost the company $3,000. A third party vendor has offered to repair the security hole in the system for $25,000. The breached system is scheduled to be replaced in five years.
Which of the following should Sara do to address the risk?
A. Accept the risk saving $10,000.
B. Ignore the risk saving $5,000.
C. Mitigate the risk saving $10,000.
D. Transfer the risk saving $5,000.
Answer: D
Explanation:
Risk transference involves sharing some of the risk burden with someone else, such as an insurance company. The cost of the security breach over a period of 5 years would amount to $30,000 and it is better to save $5,000.
Q265. A user was reissued a smart card after the previous smart card had expired. The user is able to log into the domain but is now unable to send digitally signed or encrypted email. Which of the following would the user need to perform?
A. Remove all previous smart card certificates from the local certificate store.
B. Publish the new certificates to the global address list.
C. Make the certificates available to the operating system.
D. Recover the previous smart card certificates.
Answer: B
Explanation:
CAs can be either private or public, with VeriSign being one of the best known of the public variety. Many operating system providers allow their systems to be configured as CA systems.
These CA systems can be used to generate internal certificates that are used within a business or in large external settings. The process provides certificates to the users. Since the user in question has been re-issued a smart card, the user must receive a new certificate by the CA to allow the user to send digitally signed email. This is achieved by publishing the new certificates to the global address list.
Q266. A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?
A. RADIUS
B. TACACS+
C. Kerberos
D. LDAP
Answer: B
Explanation:
TACACS makes use of TCP port 49 by default.
Q267. Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).
A. Disable the wired ports
B. Use channels 1, 4 and 7 only
C. Enable MAC filtering
D. Disable SSID broadcast
E. Switch from 802.11a to 802.11b
Answer: C,D
Explanation: Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use. A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.
Q268. Which of the following devices would MOST likely have a DMZ interface?
A. Firewall
B. Switch
C. Load balancer
D. Proxy
Answer: A
Explanation: The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
Q269. A system administrator has noticed that users change their password many times to cycle back to the original password when their passwords expire. Which of the following would BEST prevent this behavior?
A. Assign users passwords based upon job role.
B. Enforce a minimum password age policy.
C. Prevent users from choosing their own passwords.
D. Increase the password expiration time frame.
Answer: B
Explanation:
A minimum password age policy defines the period that a password must be used for before it can be changed.
Q270. A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application’s task. Which of the following is the security administrator practicing in this example?
A. Explicit deny
B. Port security
C. Access control lists
D. Implicit deny
Answer: C
Explanation:
Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.
