Surprising sy0 401 study guide pdf

Exam Code: comptia security+ sy0 401 pdf (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Security+ Certification
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass sy0 401 braindump Exam.

Q341. Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? 

PERMIT TCP ANY HOST 192.168.0.10 EQ 80 

PERMIT TCP ANY HOST 192.168.0.10 EQ 443 

A. It implements stateful packet filtering. 

B. It implements bottom-up processing. 

C. It failed closed. 

D. It implements an implicit deny. 

Answer:

Explanation: 

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present. 


Q342. A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another? 

A. Implement a virtual firewall 

B. Install HIPS on each VM 

C. Virtual switches with VLANs 

D. Develop a patch management guide 

Answer:

Explanation: 

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. 


Q343. A security administrator must implement a wireless encryption system to secure mobile devices’ communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented? 

A. RC4 

B. AES 

C. MD5 

D. TKIP 

Answer:

Explanation: 

RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS. 


Q344. A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption. 

Which of the following should be implemented? 

A. WPA2-CCMP with 802.1X 

B. WPA2-PSK 

C. WPA2-CCMP 

D. WPA2-Enterprise 

Answer:

Explanation: 

D: WPA-Enterprise is also referred to as WPA-802.1X mode, and sometimes just WPA (as opposed to WPA-PSK), this is designed for enterprise networks and requires a RADIUS authentication server. This requires a more complicated setup, but provides additional security 

(e.g. protection against dictionary attacks on short passwords). Various kinds of the Extensible Authentication Protocol (EAP) are used for authentication. RADIUS can be managed centrally, and the servers that allow access to a network can verify with a RADIUS server whether an incoming caller is authorized. Thus the RADIUS server can perform all authentications. This will require users to use their passwords on their user accounts. 


Q345. Which of the following is an authentication service that uses UDP as a transport medium? 

A. TACACS+ 

B. LDAP 

C. Kerberos 

D. RADIUS 

Answer:

Explanation: RADIUS runs in the application layer and makes use of UDP as transport. 


Q346. Public keys are used for which of the following? 

A. Decrypting wireless messages 

B. Decrypting the hash of an electronic signature 

C. Bulk encryption of IP based email traffic 

D. Encrypting web browser traffic 

Answer:

Explanation: 

The sender uses the private key to create a digital signature. The message is, in effect, signed with the private key. The sender then sends the message to the receiver. The receiver uses the public key attached to the message to validate the digital signature. If the values match, the receiver knows the message is authentic. 


Q347. Which of the following security architecture elements also has sniffer functionality? (Select TWO). 

A. HSM 

B. IPS 

C. SSL accelerator 

D. WAP 

E. IDS 

Answer: B,E 

Explanation: 

Sniffer functionality means the ability to capture and analyze the content of data packets as they 

are transmitted across the network. 

IDS and IPS systems perform their functions by capturing and analyzing the content of data 

packets. 

An intrusion detection system (IDS) is a device or software application that monitors network or 

system activities for malicious activities or policy violations and produces reports to a management 

station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in 

different ways. There are network based (NIDS) and host based (HIDS) intrusion detection 

systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor 

expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily 

focused on identifying possible incidents, logging information about them, and reporting attempts. 

In addition, organizations use IDPSes for other purposes, such as identifying problems with 

security policies, documenting existing threats and deterring individuals from violating security 

policies. IDPSes have become a necessary addition to the security infrastructure of nearly every 

organization. 

IDPSes typically record information related to observed events, notify security administrators of 

important observed events and produce reports. Many IDPSes can also respond to a detected 

threat by attempting to prevent it from succeeding. They use several response techniques, which 

involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a 

firewall) or changing the attack's content. 


Q348. During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic? 

A. FTP 

B. DNS 

C. Email 

D. NetBIOS 

Answer:

Explanation: 

DNS (Domain Name System) uses port 53. 


Q349. Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit a file. Currently, the file has the following permissions: Ann: read/write 

Sales Group: read 

IT Group: no access 

If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Joe? 

A. Add Joe to the Sales group. 

B. Have the system administrator give Joe full access to the file. 

C. Give Joe the appropriate access to the file directly. 

D. Remove Joe from the IT group and add him to the Sales group. 

Answer:

Explanation: 


Q350. Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption? 

A. AES 

B. Blowfish 

C. RC5 

D. 3DES 

Answer:

Explanation: 

Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits).