Prepare [2018] SY0-401 Dumps PDF Real SY0-401 Exam Questions
Source URL: https://itexamquestions.com/product/sy0-401-exam-questions/ Coupon Code: SAVE20 IT professionals are well-aware on the importance of the CompTIA Security+ SY0-401 exam in career development. They even have knowledge on the possibilities of becoming successful in the CompTIA SY0-401 exam with the thought of passing the SY0-401 test. This guarantees great potential in career development when you pass the SY0-401 exam. However, it seems like no one will pass the CompTIA Security+ SY0-401 test with the absence of the SY0-401 Exam Dumps. Thanks to itexamquestions.com, clients like you will now have assistance with our itexamquestions.com SY0-401 Exam Dumps. These dumps are specifically developed to enable users to get through the CompTIA Security+ certification SY0-401 questions. Just pay visit to our itexamquestions.com website.
Source URL: https://itexamquestions.com/product/sy0-401-exam-questions/
Coupon Code: SAVE20
IT professionals are well-aware on the importance of the CompTIA Security+ SY0-401 exam in career development. They even have knowledge on the possibilities of becoming successful in the CompTIA SY0-401 exam with the thought of passing the SY0-401 test. This guarantees great potential in career development when you pass the SY0-401 exam. However, it seems like no one will pass the CompTIA Security+ SY0-401 test with the absence of the SY0-401 Exam Dumps. Thanks to itexamquestions.com, clients like you will now have assistance with our itexamquestions.com SY0-401 Exam Dumps. These dumps are specifically developed to enable users to get through the CompTIA Security+ certification SY0-401 questions. Just pay visit to our itexamquestions.com website.
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CompTIA<br />
CompTIA Security+<br />
<strong>SY0</strong>-<strong>401</strong> <strong>Exam</strong><br />
Question & Answer <strong>PDF</strong><br />
(FREE --- DEMO VERSION)<br />
Get Full Version of <strong>SY0</strong>-<strong>401</strong> <strong>Exam</strong> Question Answer <strong>PDF</strong> Here:<br />
https://itexamquestions.com/product/sy0-<strong>401</strong>-exam-questions/<br />
Thank You For<br />
Reviewing <strong>SY0</strong>-<strong>401</strong> <strong>Exam</strong> <strong>PDF</strong> Demo
Question 1<br />
Version: 39.0<br />
Sara, the security administrator, must confiure the corporate freeaaa to aaaoe aaa pubaic IP addresses on<br />
the internaa interface of the freeaaa to be transaated to one pubaic IP address on the externaa interface of<br />
the same freeaaal Which of the foaaoeini shouad Sara confiuree<br />
Al PAT<br />
Bl NAP<br />
Cl DNAT<br />
Dl NAC<br />
Aoswern A<br />
Expaanatonn<br />
Port Address Transaaton (PAT), is an extension to neteork address transaaton (NAT) that permits<br />
muatpae devices on a aocaa area neteork (LAN) to be mapped to a siniae pubaic IP addressl The ioaa of<br />
PAT is to conserve IP addressesl<br />
Most home neteorks use PATl In such a scenario, the Internet Service Provider (ISP) assiins a siniae IP<br />
address to the home neteork's routerl When Computer X aois on the Internet, the router assiins the<br />
caient a port number, ehich is appended to the internaa IP addressl This, in efect, iives Computer X a<br />
unique addressl If Computer Z aois on the Internet at the same tme, the router assiins it the same aocaa<br />
IP address eith a diferent port numberl Aathouih both computers are sharini the same pubaic IP address<br />
and accessini the Internet at the same tme, the router knoes exactay ehich computer to send specifc<br />
packets to because each computer has a unique internaa addressl<br />
Incorrect Anseersn<br />
Bn NAP is a Microsof technoaoiy for controaaini neteork access of a computer host based on system<br />
heaath of the hostl<br />
Cn Destnaton neteork address transaaton (DNAT) is a technique for transparentay chaniini the<br />
destnaton IP address of an end route packet and performini the inverse functon for any repaiesl Any<br />
router situated beteeen teo endpoints can perform this transformaton of the packetl DNAT is<br />
commonay used to pubaish a service aocated in a private neteork on a pubaicay accessibae IP addressl This<br />
use of DNAT is aaso caaaed port foreardinil DNAT does not aaaoe for many internaa devices to share one<br />
pubaic IP addressl<br />
Dn NAC is an approach to computer neteork security that atempts to unify endpoint security technoaoiy<br />
(such as antvirus, host intrusion preventon, and vuanerabiaity assessment), user or system<br />
authentcaton and neteork security enforcementl<br />
Referencesn<br />
htpn::searchneteorkiniltechtarietlcom:defniton:Port-Address-Transaaton-PAT<br />
htpn::enleikipedialori:eiki:Neteork_Access_Protecton<br />
htpn::enleikipedialori:eiki:Neteork_address_transaatonoDNAT<br />
htpn::enleikipedialori:eiki:Neteork_Access_Controa<br />
Question 2<br />
Which of the foaaoeini devices is MOST aikeay beini used ehen processini the foaaoeinie
1 PERMIT IP ANY ANY EQ 80<br />
2 DENY IP ANY ANY<br />
Al Fireeaaa<br />
Bl NIPS<br />
Cl Load baaancer<br />
Dl URL fater<br />
Aoswern A<br />
Expaanatonn<br />
Fireeaaas, routers, and even seitches can use ACLs as a method of security manaiementl An access<br />
controa aist has a deny ip any any impaicitay at the end of any access controa aistl ACLs deny by defauat and<br />
aaaoe by exceptonl<br />
Incorrect Anseersn<br />
Bn Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc<br />
by anaayzini protocoa actvityl<br />
Cn A aoad baaancer is used to distribute neteork trafc aoad across severaa neteork ainks or neteork<br />
devicesl<br />
Dn A URL fater is used to baock URLs (eebsites) to prevent users accessini the eebsitel<br />
Referencesn<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 10, 24<br />
htpn::eeelciscolcom:c:en:us:support:docs:security:ios-freeaaa:22302-confaccessaistslhtma<br />
htpn::enleikipedialori:eiki:Intrusion_preventon_system<br />
htpn::eeelprovisionlro:threat-manaiement:eeb-appaicaton-security:ura-fateriniopaiei-1|paiep-1|<br />
Question 3<br />
The security administrator at ABC company received the foaaoeini aoi informaton from an externaa<br />
partyn<br />
10n45n01 EST, SRC 10l4l2l7n2053, DST 8l4l2l1n80, ALERT, Directory traversaa<br />
10n45n02 EST, SRC 10l4l2l7n2057, DST 8l4l2l1n80, ALERT, Account brute force<br />
10n45n02 EST, SRC 10l4l2l7n2058, DST 8l4l2l1n80, ALERT, Port scan<br />
The externaa party is reportni atacks comini from abc-companylcoml Which of the foaaoeini is the<br />
reason the ABC company’s security administrator is unabae to determine the oriiin of the atacke<br />
Al A NIDS eas used in paace of a NIPSl<br />
Bl The aoi is not in UTCl<br />
Cl The externaa party uses a freeaaal<br />
Dl ABC company uses PATl<br />
Aoswern D<br />
Expaanatonn<br />
PAT eouad ensure that computers on ABC’s LAN transaate to the same IP address, but eith a diferent<br />
port number assiinmentl The aoi informaton shoes the IP address, not the port number, makini it<br />
impossibae to pin point the exact sourcel
Incorrect Anseersn<br />
An A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused<br />
atacks, such as bandeidth-based DoS atacksl This eiaa not have any bearini on the security<br />
administrator at ABC Company fndini the root of the atackl<br />
Bn UTC is the abbreviaton for Coordinated Universaa Time, ehich is the primary tme standard by ehich<br />
the eorad reiuaates caocks and tmel The tme in the aoi is not the issue in this casel<br />
Cn Whether the externaa party uses a freeaaa or not eiaa not have any bearini on the security<br />
administrator at ABC Company fndini the root of the atackl<br />
Referencesn<br />
htpn::eeeleebopedialcom:TERM:P:PATlhtma<br />
htpn::enleikipedialori:eiki:Intrusion_preventon_system<br />
htpn::enleikipedialori:eiki:Coordinated_Universaa_Time<br />
Question 4<br />
Which of the foaaoeini security devices can be repaicated on a Linux based computer usini IP tabaes to<br />
inspect and properay handae neteork based trafce<br />
Al Snifer<br />
Bl Router<br />
Cl Fireeaaa<br />
Dl Seitch<br />
Aoswern C<br />
Expaanatonn<br />
Ip tabaes are a user-space appaicaton proiram that aaaoes a system administrator to confiure the tabaes<br />
provided by the Linux kernea freeaaa and the chains and ruaes it storesl<br />
Incorrect Anseersn<br />
An A snifer is a tooa used in the process of monitorini the data that is transmited across a neteorkl<br />
B, Dn A router is connected to teo or more data aines from diferent neteorks, ehereas a neteork seitch<br />
is connected to data aines from one siniae neteorkl These may incaude a freeaaa, but not by defauatl<br />
Referencesn<br />
htpn::enleikipedialori:eiki:Iptabaes<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, pl 242<br />
htpn::enleikipedialori:eiki:Router_(computni)<br />
Question 5<br />
Which of the foaaoeini freeaaa types inspects Ethernet trafc at the MOST aeveas of the OSI modeae<br />
Al Packet Fiater Fireeaaa<br />
Bl Statefua Fireeaaa<br />
Cl Proxy Fireeaaa<br />
Dl Appaicaton Fireeaaa
Aoswern B<br />
Expaanatonn<br />
Statefua inspectons occur at aaa aeveas of the neteorkl<br />
Incorrect Anseersn<br />
An Packet-faterini freeaaas operate at the Neteork aayer (Layer 2) and the Transport aayer (Layer 4) of the<br />
Open Systems Interconnect (OSI) modeal<br />
Cn The proxy functon can occur at either the appaicaton aevea or the circuit aeveal<br />
Dn Appaicaton Fireeaaas operates at the Appaicaton aayer (Layer7) of the OSI modeal<br />
Referencesn<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, ppl 98-100<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 3<br />
Question 6<br />
The Chief Informaton Security Ofcer (CISO) has mandated that aaa IT systems eith credit card data be<br />
seireiated from the main corporate neteork to prevent unauthorized access and that access to the IT<br />
systems shouad be aoiiedl Which of the foaaoeini eouad BEST meet the CISO’s requirementse<br />
Al Snifers<br />
Bl NIDS<br />
Cl Fireeaaas<br />
Dl Web proxies<br />
El Layer 2 seitches<br />
Aoswern C<br />
Expaanatonn<br />
The basic purpose of a freeaaa is to isoaate one neteork from anotherl<br />
Incorrect Anseersn<br />
An The terms protocoa anaayzer and packet snifer are interchanieabael They refer to the tooas used in the<br />
process of monitorini the data that is transmited across a neteorkl<br />
Bn A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused<br />
atacks, such as bandeidth-based DoS atacksl<br />
Dn Web proxies are used to foreard HTTP requestsl<br />
En Layer 2 seitchini uses the media access controa address (MAC address) from the host's neteork<br />
interface cards (NICs) to decide ehere to foreard framesl Layer 2 seitchini is hardeare based, ehich<br />
means seitches use appaicaton-specifc inteirated circuit (ASICs) to buiad and maintain fater tabaes (aaso<br />
knoen as MAC address tabaes or CAM tabaes)l<br />
Referencesn<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, pl 242<br />
htpn::enleikipedialori:eiki:Intrusion_preventon_system<br />
htpn::enleikipedialori:eiki:LAN_seitchini<br />
htpn::enleikipedialori:eiki:Proxy_serveroWeb_proxy_servers
Question 7<br />
Which of the foaaoeini neteork desiin eaements aaaoes for many internaa devices to share one pubaic IP<br />
addresse<br />
Al DNAT<br />
Bl PAT<br />
Cl DNS<br />
Dl DMZ<br />
Aoswern B<br />
Expaanatonn<br />
Port Address Transaaton (PAT), is an extension to neteork address transaaton (NAT) that permits<br />
muatpae devices on a aocaa area neteork (LAN) to be mapped to a siniae pubaic IP addressl The ioaa of<br />
PAT is to conserve IP addressesl<br />
Most home neteorks use PATl In such a scenario, the Internet Service Provider (ISP) assiins a siniae IP<br />
address to the home neteork's routerl When Computer X aois on the Internet, the router assiins the<br />
caient a port number, ehich is appended to the internaa IP addressl This, in efect, iives Computer X a<br />
unique addressl If Computer Z aois on the Internet at the same tme, the router assiins it the same aocaa<br />
IP address eith a diferent port numberl Aathouih both computers are sharini the same pubaic IP address<br />
and accessini the Internet at the same tme, the router knoes exactay ehich computer to send specifc<br />
packets to because each computer has a unique internaa addressl<br />
Incorrect Anseersn<br />
An Destnaton neteork address transaaton (DNAT) is a technique for transparentay chaniini the<br />
destnaton IP address of an end route packet and performini the inverse functon for any repaiesl Any<br />
router situated beteeen teo endpoints can perform this transformaton of the packetl DNAT is<br />
commonay used to pubaish a service aocated in a private neteork on a pubaicay accessibae IP addressl This<br />
use of DNAT is aaso caaaed port foreardinil DNAT does not aaaoe for many internaa devices to share one<br />
pubaic IP addressl<br />
Cn DNS (Domain Name System) is a service used to transaate hostnames or URLs to IP addressesl DNS<br />
does not aaaoe for many internaa devices to share one pubaic IP addressl<br />
Dn A DMZ or demiaitarized zone is a physicaa or aoiicaa subneteork that contains and exposes an<br />
orianizaton's externaa-facini services to a aarier and untrusted neteork, usuaaay the Internetl The<br />
purpose of a DMZ is to add an additonaa aayer of security to an orianizaton's aocaa area neteork (LAN);<br />
an externaa neteork node onay has direct access to equipment in the DMZ, rather than any other part of<br />
the neteorkl A DMZ does not aaaoe for many internaa devices to share one pubaic IP addressl<br />
Referencesn<br />
htpn::searchneteorkiniltechtarietlcom:defniton:Port-Address-Transaaton-PAT<br />
htpn::enleikipedialori:eiki:Neteork_address_transaatonoDNAT<br />
htpn::enleikipedialori:eiki:Domain_Name_System<br />
htpn::enleikipedialori:eiki:DMZ_(computni)<br />
Question 8<br />
Which of the foaaoeini is a best practce ehen securini a seitch from physicaa accesse
Al Disabae unnecessary accounts<br />
Bl Print baseaine confiuraton<br />
Cl Enabae access aists<br />
Dl Disabae unused ports<br />
Aoswern D<br />
Expaanatonn<br />
Disabaini unused seitch ports a simpae method many neteork administrators use to heap secure their<br />
neteork from unauthorized accessl<br />
Aaa ports not in use shouad be disabaedl Othereise, they present an open door for an atacker to enterl<br />
Incorrect Anseersn<br />
An Disabaini unnecessary accounts eouad onay baock those specifc accountsl<br />
Bn A security baseaine is a standardized minimaa aevea of security that aaa systems in an orianizaton must<br />
compay eithl Printni it eouad not secure the seitch from physicaa accessl<br />
Cn The purpose of an access aist is to identfy specifcaaay eho can enter a faciaityl<br />
Referencesn<br />
htpn::orbit-computer-soautonslcom:Hoe-To-Confiure-Seitch-Securitylphp<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, pl 30<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 207<br />
Question 9<br />
Which of the foaaoeini devices eouad be MOST usefua to ensure avaiaabiaity ehen there are a aarie<br />
number of requests to a certain eebsitee<br />
Al Protocoa anaayzer<br />
Bl Load baaancer<br />
Cl VPN concentrator<br />
Dl Web security iateeay<br />
Aoswern B<br />
Expaanatonn<br />
Load baaancini refers to shifini a aoad from one device to anotherl A aoad baaancer can be impaemented<br />
as a sofeare or hardeare soauton, and it is usuaaay associated eith a device—a router, a freeaaa, NAT<br />
appaiance, and so onl In its most common impaementaton, a aoad baaancer spaits the trafc intended for<br />
a eebsite into individuaa requests that are then rotated to redundant servers as they become avaiaabael<br />
Incorrect Anseersn<br />
An The terms protocoa anaayzini and packet snifni are interchanieabael They refer to the process of<br />
monitorini the data that is transmited across a neteorkl<br />
Cn A VPN concentrator is a hardeare device used to create remote access VPNsl The concentrator creates<br />
encrypted tunnea sessions beteeen hosts, and many use teo-factor authentcaton for additonaa<br />
securityl<br />
Dn One of the neeest buzzeords is eeb security iateeay, ehich can be thouiht of as a proxy server<br />
(performini proxy and cachini functons) eith eeb protecton sofeare buiat inl Dependini on the
vendor, the “eeb protectonn can ranie from a standard virus scanner on incomini packets to<br />
monitorini outioini user trafc for red fais as eeaal<br />
Referencesn<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, ppl 102, 104, 118<br />
Question 10<br />
Pete, the system administrator, eishes to monitor and aimit users’ access to externaa eebsitesl<br />
Which of the foaaoeini eouad BEST address thise<br />
Al Baock aaa trafc on port 80l<br />
Bl Impaement NIDSl<br />
Cl Use server aoad baaancersl<br />
Dl Instaaa a proxy serverl<br />
Aoswern D<br />
Expaanatonn<br />
A proxy is a device that acts on behaaf of other(s)l In the interest of security, aaa internaa user interacton<br />
eith the Internet shouad be controaaed throuih a proxy serverl The proxy server shouad automatcaaay<br />
baock knoen maaicious sitesl The proxy server shouad cache ofen-accessed sites to improve<br />
performancel<br />
Incorrect Anseersn<br />
An A neteork-based IDS (NIDS) approach to IDS ataches the system to a point in the neteork ehere it<br />
can monitor and report on aaa neteork trafcl<br />
Bn This eouad baock aaa eeb trafc, as port 80 is used for Worad Wide Webl<br />
Cn In its most common impaementaton, a aoad baaancer spaits the trafc intended for a eebsite into<br />
individuaa requests that are then rotated to redundant servers as they become avaiaabael<br />
Referencesn<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, ppl 98, 102, 111<br />
Question 11<br />
Mike, a neteork administrator, has been asked to passiveay monitor neteork trafc to the company’s<br />
saaes eebsitesl Which of the foaaoeini eouad be BEST suited for this taske<br />
Al HIDS<br />
Bl Fireeaaa<br />
Cl NIPS<br />
Dl Spam fater<br />
Expaanatonn<br />
Aoswern C
Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc by<br />
anaayzini protocoa actvityl<br />
Incorrect Anseersn<br />
An A host-based IDS (HIDS) eatches the audit traias and aoi f aes of a host systeml It’s reaiabae for<br />
detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini<br />
perpetrated by a user aocaaay aoiied in to the hostl<br />
Bn Fireeaaas provide protecton by controaaini trafc enterini and aeavini a neteorkl<br />
Dn A spam fater is a sofeare or hardeare tooa ehose primary purpose is to identfy and<br />
baock:fater:remove uneanted messaies (that is, spam)l Spam is most commonay associated eith emaia,<br />
but spam aaso exists in instant messaiini (IM), short messaie service (SMS), Usenet, and eeb<br />
discussions:forums:comments:baoisl<br />
Referencesn<br />
htpn::enleikipedialori:eiki:Intrusion_preventon_system<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 42, 47<br />
Question 12<br />
Which of the foaaoeini shouad be depaoyed to prevent the transmission of maaicious trafc beteeen<br />
virtuaa machines hosted on a siniuaar physicaa device on a neteorke<br />
Al HIPS on each virtuaa machine<br />
Bl NIPS on the neteork<br />
Cl NIDS on the neteork<br />
Dl HIDS on each virtuaa machine<br />
Aoswern A<br />
Expaanatonn<br />
Host-based intrusion preventon system (HIPS) is an instaaaed sofeare packaie ehich monitors a siniae<br />
host for suspicious actvity by anaayzini events occurrini eithin that hostl<br />
Incorrect Anseersn<br />
Bn Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc<br />
by anaayzini protocoa actvityl<br />
Cn A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused<br />
atacks, such as bandeidth-based DoS atacksl<br />
Dn A host-based IDS (HIDS) eatches the audit traias and aoi faes of a host systeml It’s reaiabae for<br />
detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini<br />
perpetrated by a user aocaaay aoiied in to the hostl<br />
Referencesn<br />
htpn::enleikipedialori:eiki:Intrusion_preventon_system<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 21<br />
Question 13<br />
Pete, a security administrator, has observed repeated atempts to break into the neteorkl Which of the<br />
foaaoeini is desiined to stop an intrusion on the neteorke
Al NIPS<br />
Bl HIDS<br />
Cl HIPS<br />
Dl NIDS<br />
Aoswern A<br />
Expaanatonn<br />
Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc by<br />
anaayzini protocoa actvityl The main functons of intrusion preventon systems are to identfy maaicious<br />
actvity, aoi informaton about this actvity, atempt to baock:stop it, and report it<br />
Incorrect Anseersn<br />
Bn A host-based IDS (HIDS) eatches the audit traias and aoi faes of a host systeml It’s reaiabae for<br />
detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini<br />
perpetrated by a user aocaaay aoiied in to the hostl<br />
Cn Host-based intrusion preventon system (HIPS) is an instaaaed sofeare packaie ehich monitors a<br />
siniae host for suspicious actvity by anaayzini events occurrini eithin that hostl<br />
Dn A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused<br />
atacks, such as bandeidth-based DoS atacksl<br />
Referencesn<br />
htpn::enleikipedialori:eiki:Intrusion_preventon_system<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 21<br />
Question 14<br />
An administrator is aookini to impaement a security device ehich eiaa be abae to not onay detect neteork<br />
intrusions at the orianizaton aevea, but heap defend aiainst them as eeaal Which of the foaaoeini is beini<br />
described heree<br />
Al NIDS<br />
Bl NIPS<br />
Cl HIPS<br />
Dl HIDS<br />
Aoswern B<br />
Expaanatonn<br />
Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc by<br />
anaayzini protocoa actvityl The main functons of intrusion preventon systems are to identfy maaicious<br />
actvity, aoi informaton about this actvity, atempt to baock:stop it, and report it<br />
Incorrect Anseersn<br />
An A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused<br />
atacks, such as bandeidth-based DoS atacksl<br />
Cn Host-based intrusion preventon system (HIPS) is an instaaaed sofeare packaie ehich monitors a<br />
siniae host for suspicious actvity by anaayzini events occurrini eithin that hostl<br />
Dn A host-based IDS (HIDS) eatches the audit traias and aoi faes of a host systeml It’s reaiabae for<br />
detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini
perpetrated by a user aocaaay aoiied in to the hostl<br />
Referencesn<br />
htpn::enleikipedialori:eiki:Intrusion_preventon_system<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 21<br />
Question 15<br />
In intrusion detecton system vernacuaar, ehich account is responsibae for setni the security poaicy for<br />
an orianizatone<br />
Al Supervisor<br />
Bl Administrator<br />
Cl Root<br />
Dl Director<br />
Aoswern B<br />
Expaanatonn<br />
The administrator is the person responsibae for setni the security poaicy for an orianizaton and is<br />
responsibae for makini decisions about the depaoyment and confiuraton of the IDSl<br />
Incorrect Anseersn<br />
A, Cn Aamost every operatni system in use today empaoys the concept of diferentaton beteeen users<br />
and iroups at varyini aeveasl As an exampae, there is aaeays a system administrator (SA) account that has<br />
iodaike controa over everythinin root in Unix:Linux, admin (or a deviaton of it) in Windoes,<br />
administrator in Appae OS X, supervisor in Noveaa NetWare, and so onl<br />
Dn A director is a person from a iroup of manaiers eho aeads or supervises a partcuaar area of a<br />
company, proiram, or projectl<br />
Referencesn<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, ppl 107, 152<br />
htpn::enleikipedialori:eiki:Director_(business)<br />
Question 16<br />
When performini the daiay reviee of the system vuanerabiaity scans of the neteork Joe, the<br />
administrator, notced severaa security reaated vuanerabiaites eith an assiined vuanerabiaity identfcaton<br />
numberl Joe researches the assiined vuanerabiaity identfcaton number from the vendor eebsitel Joe<br />
proceeds eith appayini the recommended soauton for identfed vuanerabiaityl<br />
Which of the foaaoeini is the type of vuanerabiaity describede<br />
Al Neteork based<br />
Bl IDS<br />
Cl Siinature based<br />
Dl Host based<br />
Aoswern C
Expaanatonn<br />
A siinature-based monitorini or detecton method reaies on a database of siinatures or paterns of<br />
knoen maaicious or uneanted actvityl The strenith of a siinature-based system is that it can quickay and<br />
accurateay detect any event from its database of siinaturesl<br />
Incorrect Anseersn<br />
An A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused<br />
atacks, such as bandeidth-based DoS atacksl<br />
Bn An intrusion detecton system (IDS) is an automated system that either eatches actvity in reaa tme or<br />
reviees the contents of audit aois in order to detect intrusions or security poaicy vioaatonsl<br />
Cn A host-based IDS (HIDS) eatches the audit traias and aoi f aes of a host systeml It’s reaiabae for<br />
detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini<br />
perpetrated by a user aocaaay aoiied in to the hostl<br />
Referencesn<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 21<br />
Question 17<br />
The neteork security eniineer just depaoyed an IDS on the neteork, but the Chief Technicaa Ofcer (CTO)<br />
has concerns that the device is onay abae to detect knoen anomaaiesl Which of the foaaoeini types of IDS<br />
has been depaoyede<br />
Al Siinature Based IDS<br />
Bl Heuristc IDS<br />
Cl Behavior Based IDS<br />
Dl Anomaay Based IDS<br />
Aoswern A<br />
Expaanatonn<br />
A siinature based IDS eiaa monitor packets on the neteork and compare them aiainst a database of<br />
siinatures or atributes from knoen maaicious threatsl<br />
Incorrect Anseersn<br />
B, Cn The technique used by anomaay-based IDS:IPS systems is aaso referred as neteork behavior anaaysis<br />
or heuristcs anaaysisl<br />
Dn An IDS ehich is anomaay based eiaa monitor neteork trafc and compare it aiainst an estabaished<br />
baseainel The baseaine eiaa identfy ehat is “normaan for that neteork- ehat sort of bandeidth is<br />
ieneraaay used, ehat protocoas are used, ehat ports and devices ieneraaay connect to each other- and<br />
aaert the administrator or user ehen trafc is detected ehich is anomaaous, or siinifcantay diferent,<br />
than the baseainel<br />
Referencesn<br />
htpsn::technetlmicrosoflcom:en-us:aibrary:dd277252laspx<br />
htpn::enleikipedialori:eiki:Intrusion_detecton_systemoSiinature-based_IDS<br />
htpn::enleikipedialori:eiki:Intrusion_detecton_systemoStatstcaa_anomaay-based_IDS<br />
Question 18
Joe, the Chief Technicaa Ofcer (CTO), is concerned about nee maaeare beini introduced into the<br />
corporate neteorkl He has tasked the security eniineers to impaement a technoaoiy that is capabae of<br />
aaertni the team ehen unusuaa trafc is on the neteorkl Which of the foaaoeini types of technoaoiies<br />
eiaa BEST address this scenarioe<br />
Al Appaicaton Fireeaaa<br />
Bl Anomaay Based IDS<br />
Cl Proxy Fireeaaa<br />
Dl Siinature IDS<br />
Aoswern B<br />
Expaanatonn<br />
Anomaay-based detecton eatches the onioini actvity in the environment and aooks for abnormaa<br />
occurrencesl An anomaay-based monitorini or detecton method reaies on defnitons of aaa vaaid forms of<br />
actvityl This database of knoen vaaid actvity aaaoes the tooa to detect any and aaa anomaaiesl Anomaaybased<br />
detecton is commonay used for protocoasl Because aaa the vaaid and aeiaa forms of a protocoa are<br />
knoen and can be defned, any variatons from those knoen vaaid constructons are seen as anomaaiesl<br />
Incorrect Anseersn<br />
An An appaicaton aeare freeaaa provides faterini services for specifc appaicatonsl<br />
Cn Proxy freeaaas are used to process requests from an outside neteork; the proxy freeaaa examines the<br />
data and makes ruae-based decisions about ehether the request shouad be forearded or refusedl The<br />
proxy intercepts aaa of the packets and reprocesses them for use internaaayl<br />
Dn A siinature-based monitorini or detecton method reaies on a database of siinatures or paterns of<br />
knoen maaicious or uneanted actvityl<br />
Referencesn<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 13, 20<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, pl 98<br />
Question 19<br />
Mat, an administrator, notces a food fraimented packet and retransmits from an emaia serverl<br />
Afer disabaini the TCP ofoad setni on the NIC, Mat sees normaa trafc eith packets foeini in<br />
sequence aiainl Which of the foaaoeini utaites eas he MOST aikeay usini to viee this issuee<br />
Al Spam fater<br />
Bl Protocoa anaayzer<br />
Cl Web appaicaton freeaaa<br />
Dl Load baaancer<br />
Aoswern B<br />
Expaanatonn<br />
A protocoa anaayzer is a tooa used to examine the contents of neteork trafcl Commonay knoen as a<br />
snifer, a protocoa anaayzer can be a dedicated hardeare device or sofeare instaaaed onto a typicaa host<br />
systeml In either case, a protocoa anaayzer is frst a packet capturini tooa that can coaaect neteork trafc
and store it in memory or onto a storaie devicel Once a packet is captured, it can be anaayzed either eith<br />
compaex automated tooas and scripts or manuaaayl<br />
Incorrect Anseersn<br />
An A spam fater is a sofeare or hardeare tooa ehose primary purpose is to identfy and<br />
baock:fater:remove uneanted messaies (that is, spam)l Spam is most commonay associated eith emaia,<br />
but spam aaso exists in instant messaiini (IM), short messaie service (SMS), Usenet, and eeb<br />
discussions:forums:comments:baoisl Because spam consumes about 89 percent of aaa emaia trafc (see<br />
the Inteaaiience Reports at eeelmessaieaabslcom), it’s essentaa to fater and baock spam at every<br />
opportunityl<br />
Cn A eeb appaicaton freeaaa is a device, server add-on, virtuaa service, or system fater that defnes a<br />
strict set of communicaton ruaes for a eebsite and aaa visitorsl It’s intended to be an appaicaton-specifc<br />
freeaaa to prevent cross-site scriptni, SQL injecton, and other eeb appaicaton atacksl<br />
Dn A aoad baaancer is used to spread or distribute neteork trafc aoad across severaa neteork ainks or<br />
neteork devicesl<br />
Referencesn<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 10, 18, 19<br />
Question 20<br />
Which the foaaoeini fais are used to estabaish a TCP connectone (Seaect TWO)l<br />
Al PSH<br />
Bl ACK<br />
Cl SYN<br />
Dl URG<br />
El FIN<br />
Aoswern B, C<br />
Expaanatonn<br />
To estabaish a TCP connecton, the three-eay (or 2-step) handshake occursn<br />
SYNn The actve open is performed by the caient sendini a SYN to the serverl The caient sets the<br />
seiment's sequence number to a random vaaue Al<br />
SYN-ACKn In response, the server repaies eith a SYN-ACKl The acknoeaediment number is set to one<br />
more than the received sequence number ilel A+1, and the sequence number that the server chooses for<br />
the packet is another random number, Bl<br />
ACKn Finaaay, the caient sends an ACK back to the serverl The sequence number is set to the received<br />
acknoeaediement vaaue ilel A+1, and the acknoeaediement number is set to one more than the<br />
received sequence number ilel B+1l<br />
Incorrect Anseersn<br />
An The PSH fai teaas the TCP stack to fush aaa bufers and send any outstandini data up to and incaudini<br />
the data that had the PSH fai setl<br />
Dn URG indicates that the urient pointer fead has a vaaid pointer to data that shouad be treated urientay<br />
and be transmited before non-urient datal<br />
En FIN is used to indicate that the caient eiaa send no more datal<br />
Referencesn<br />
htpn::ainuxpoisonlbaoispotlcom:2007:11:ehat-are-tcp-controa-bitslhtma
Question 21<br />
Which of the foaaoeini components of an aaa-in-one security appaiance eouad MOST aikeay be confiured<br />
in order to restrict access to peer-to-peer fae sharini eebsitese<br />
Al Spam fater<br />
Bl URL fater<br />
Cl Content inspecton<br />
Dl Maaeare inspecton<br />
Aoswern B<br />
Expaanatonn<br />
The queston asks hoe to prevent access to peer-to-peer fae sharini eebsitesl You access a eebsite by<br />
broesini to a URL usini a Web broeser or peer-to-peer fae sharini caient sofearel A URL fater is used<br />
to baock URLs (eebsites) to prevent users accessini the eebsitel<br />
Incorrect Anseern<br />
An A spam fater is used for emaial Aaa inbound (and sometmes outbound) emaia is passed throuih the<br />
spam fater to detect spam emaiasl The spam emaias are then discarded or taiied as potentaa spam<br />
accordini to the spam fater confiuratonl Spam faters do not prevent users accessini peer-to-peer fae<br />
sharini eebsitesl<br />
Cn Content inspecton is the process of inspectni the content of a eeb paie as it is doenaoadedl The<br />
content can then be baocked if it doesn’t compay eith the company’s eeb poaicyl Content-controa<br />
sofeare determines ehat content eiaa be avaiaabae or perhaps more ofen ehat content eiaa be baockedl<br />
Content inspecton does not prevent users accessini peer-to-peer fae sharini eebsites (aathouih it<br />
couad baock the content of the sites as it is doenaoaded)l<br />
Dn Maaeare inspecton is the process of scannini a computer system for maaearel Maaeare inspecton<br />
does not prevent users accessini peer-to-peer fae sharini eebsitesl<br />
Referencesn<br />
htpn::eeelprovisionlro:threat-manaiement:eeb-appaicaton-security:ura-fateriniopaiei-1|paiep-1|<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 18, 19<br />
Question 22<br />
Pete, the system administrator, eants to restrict access to advertsements, iames, and iambaini eeb<br />
sitesl Which of the foaaoeini devices eouad BEST achieve this ioaae<br />
Al Fireeaaa<br />
Bl Seitch<br />
Cl URL content fater<br />
Dl Spam fater<br />
Expaanatonn<br />
Aoswern C
URL faterini, aaso knoen as eeb faterini, is the act of baockini access to a site based on aaa or part of the<br />
URL used to request accessl URL faterini can focus on aaa or part of a fuaay quaaifed domain name<br />
(FQDN), specifc path names, specifc faenames, specifc f ae extensions, or entre specifc URLsl Many<br />
URL-faterini tooas can obtain updated master URL baock aists from vendors as eeaa as aaaoe<br />
administrators to add or remove URLs from a custom aistl<br />
Incorrect Anseersn<br />
An The basic purpose of a freeaaa is to isoaate one neteork from anotherl Fireeaaas are avaiaabae as<br />
appaiances, meanini they’re instaaaed as the primary device separatni teo neteorksl<br />
Bn Seitches are muatport devices that improve neteork efciencyl<br />
Dn A spam fater is a sofeare or hardeare tooa ehose primary purpose is to identfy and<br />
baock:fater:remove uneanted messaies (that is, spam)l<br />
Referencesn<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 18, 19<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, ppl 93, 102<br />
Question 23<br />
The administrator receives a caaa from an empaoyee named Joel Joe says the Internet is doen and he is<br />
receivini a baank paie ehen typini to connect to a popuaar sports eebsitel The administrator asks Joe to<br />
try visitni a popuaar search eniine site, ehich Joe reports as successfual Joe then says that he can iet to<br />
the sports site on this phonel Which of the foaaoeini miiht the administrator need to confiuree<br />
Al The access ruaes on the IDS<br />
Bl The pop up baocker in the empaoyee’s broeser<br />
Cl The sensitvity aevea of the spam fater<br />
Dl The defauat baock paie on the URL fater<br />
Aoswern D<br />
Expaanatonn<br />
A URL fater is used to baock access to a site based on aaa or part of a URLl There are a number of URLfaterini<br />
tooas that can acquire updated master URL baock aists from vendors, as eeaa as aaaoe<br />
administrators to add or remove URLs from a custom aistl<br />
Incorrect Anseersn<br />
An An intrusion detecton system (IDS) is an automated system that either eatches actvity in reaa tme or<br />
reviees the contents of audit aois in order to detect intrusions or security poaicy vioaatonsl<br />
Bn Pop-up baockers prevent eebsites from openini further eeb broeser eindoes eithout your approvaal<br />
Cn A spam fater deaas eith identfyini and baockini:faterini:removini unsoaicited messaiesl<br />
Referencesn<br />
Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 18, 19, 21, 243<br />
Question 24<br />
Layer 7 devices used to prevent specifc types of htma tais are caaaedn<br />
Al Fireeaaas
Bl Content faters<br />
Cl Routers<br />
Dl NIDS<br />
Aoswern B<br />
Expaanatonn<br />
A content fater is a is a type of sofeare desiined to restrict or controa the content a reader is authorised<br />
to access, partcuaaray ehen used to aimit materiaa deaivered over the Internet via the Web, e-maia, or<br />
other meansl Because the user and the OSI aayer interact directay eith the content fater, it operates at<br />
Layer 7 of the OSI modeal<br />
Incorrect Anseersn<br />
A, C, Dn These devices deaa eith controaaini hoe devices in a neteork iain access to data and permission<br />
to transmit it, as eeaa as controaaini error checkini and packet synchronizatonl It, therefore, operates at<br />
Layer 2 of the OSI modeal<br />
Referencesn<br />
htpn::enleikipedialori:eiki:Content-controa_sofeareoTypes_of_faterini<br />
htpn::enleikipedialori:eiki:OSI_modea<br />
Question 25<br />
Pete, an empaoyee, atempts to visit a popuaar sociaa neteorkini site but is baockedl Instead, a paie is<br />
dispaayed notfyini him that this site cannot be visitedl Which of the foaaoeini is MOST aikeay baockini<br />
Pete’s access to this sitee<br />
Al Internet content fater<br />
Bl Fireeaaa<br />
Cl Proxy server<br />
Dl Protocoa anaayzer<br />
Aoswern A<br />
Expaanatonn<br />
Web faterini sofeare is desiined to restrict or controa the content a reader is authorised to access,<br />
especiaaay ehen utaised to restrict materiaa deaivered over the Internet via the Web, e-maia, or other<br />
meansl<br />
Incorrect Anseersn<br />
Bn The basic purpose of a freeaaa is to isoaate one neteork from anotherl<br />
Cn A proxy server is a variaton of an appaicaton freeaaa or circuit-aevea freeaaa, and used as a middaeman<br />
beteeen caients and serversl Ofen a proxy serves as a barrier aiainst externaa threats to internaa caientsl<br />
Dn The terms protocoa anaayzer and packet snifer are interchanieabael They refer to the tooas used in the<br />
process of monitorini the data that is transmited across a neteorkl<br />
Referencesn<br />
htpn::enleikipedialori:eiki:Content-controa_sofeare<br />
Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais,<br />
2014, ppl 11, 93, 242
Passing the CompTIA <strong>SY0</strong>-<strong>401</strong> exam is not easy without having dumps. You can<br />
get <strong>SY0</strong>-<strong>401</strong> exam <strong>Questions</strong> and Answers from itexamquestions.com this is the<br />
authentic source for <strong>SY0</strong>-<strong>401</strong> exam study material. They can provide you latest<br />
and actual <strong>SY0</strong>-<strong>401</strong> exam questions with verified answers. They guaranteed, you<br />
will Pass your <strong>SY0</strong>-<strong>401</strong> exam in first attempt so don't waste any time and<br />
download your <strong>SY0</strong>-<strong>401</strong>exam from now.<br />
For Downloading<br />
<strong>SY0</strong>-<strong>401</strong> <strong>Exam</strong> <strong>Dumps</strong> <strong>PDF</strong><br />
Get Full Version of <strong>SY0</strong>-<strong>401</strong> <strong>Exam</strong> Question Answer <strong>PDF</strong> Here:<br />
https://itexamquestions.com/product/sy0-<strong>401</strong>-exam-questions/