Prepare [2018] SY0-401 Dumps PDF Real SY0-401 Exam Questions

CompTIA 

CompTIA Security+ 

SY0-401 Exam 

Question & Answer PDF 

(FREE --- DEMO VERSION) 

Get Full Version of SY0-401 Exam Question Answer PDF Here: 

https://itexamquestions.com/product/sy0-401-exam-questions/ 

Thank You For 

Reviewing SY0-401 Exam PDF Demo

Question 1 

Version: 39.0 

Sara, the security administrator, must confiure the corporate freeaaa to aaaoe aaa pubaic IP addresses on 

the internaa interface of the freeaaa to be transaated to one pubaic IP address on the externaa interface of 

the same freeaaal Which of the foaaoeini shouad Sara confiuree 

Al PAT 

Bl NAP 

Cl DNAT 

Dl NAC 

Aoswern A 

Expaanatonn 

Port Address Transaaton (PAT), is an extension to neteork address transaaton (NAT) that permits 

muatpae devices on a aocaa area neteork (LAN) to be mapped to a siniae pubaic IP addressl The ioaa of 

PAT is to conserve IP addressesl 

Most home neteorks use PATl In such a scenario, the Internet Service Provider (ISP) assiins a siniae IP 

address to the home neteork's routerl When Computer X aois on the Internet, the router assiins the 

caient a port number, ehich is appended to the internaa IP addressl This, in efect, iives Computer X a 

unique addressl If Computer Z aois on the Internet at the same tme, the router assiins it the same aocaa 

IP address eith a diferent port numberl Aathouih both computers are sharini the same pubaic IP address 

and accessini the Internet at the same tme, the router knoes exactay ehich computer to send specifc 

packets to because each computer has a unique internaa addressl 

Incorrect Anseersn 

Bn NAP is a Microsof technoaoiy for controaaini neteork access of a computer host based on system 

heaath of the hostl 

Cn Destnaton neteork address transaaton (DNAT) is a technique for transparentay chaniini the 

destnaton IP address of an end route packet and performini the inverse functon for any repaiesl Any 

router situated beteeen teo endpoints can perform this transformaton of the packetl DNAT is 

commonay used to pubaish a service aocated in a private neteork on a pubaicay accessibae IP addressl This 

use of DNAT is aaso caaaed port foreardinil DNAT does not aaaoe for many internaa devices to share one 

pubaic IP addressl 

Dn NAC is an approach to computer neteork security that atempts to unify endpoint security technoaoiy 

(such as antvirus, host intrusion preventon, and vuanerabiaity assessment), user or system 

authentcaton and neteork security enforcementl 

Referencesn 

htpn::searchneteorkiniltechtarietlcom:defniton:Port-Address-Transaaton-PAT 

htpn::enleikipedialori:eiki:Neteork_Access_Protecton 

htpn::enleikipedialori:eiki:Neteork_address_transaatonoDNAT 

htpn::enleikipedialori:eiki:Neteork_Access_Controa 

Question 2 

Which of the foaaoeini devices is MOST aikeay beini used ehen processini the foaaoeinie

1 PERMIT IP ANY ANY EQ 80 

2 DENY IP ANY ANY 

Al Fireeaaa 

Bl NIPS 

Cl Load baaancer 

Dl URL fater 

Aoswern A 

Expaanatonn 

Fireeaaas, routers, and even seitches can use ACLs as a method of security manaiementl An access 

controa aist has a deny ip any any impaicitay at the end of any access controa aistl ACLs deny by defauat and 

aaaoe by exceptonl 


Bn Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc 

by anaayzini protocoa actvityl 

Cn A aoad baaancer is used to distribute neteork trafc aoad across severaa neteork ainks or neteork 

devicesl 

Dn A URL fater is used to baock URLs (eebsites) to prevent users accessini the eebsitel 

Referencesn 

Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 10, 24 

htpn::eeelciscolcom:c:en:us:support:docs:security:ios-freeaaa:22302-confaccessaistslhtma 

htpn::enleikipedialori:eiki:Intrusion_preventon_system 

htpn::eeelprovisionlro:threat-manaiement:eeb-appaicaton-security:ura-fateriniopaiei-1|paiep-1| 

Question 3 

The security administrator at ABC company received the foaaoeini aoi informaton from an externaa 

partyn 

10n45n01 EST, SRC 10l4l2l7n2053, DST 8l4l2l1n80, ALERT, Directory traversaa 

10n45n02 EST, SRC 10l4l2l7n2057, DST 8l4l2l1n80, ALERT, Account brute force 

10n45n02 EST, SRC 10l4l2l7n2058, DST 8l4l2l1n80, ALERT, Port scan 

The externaa party is reportni atacks comini from abc-companylcoml Which of the foaaoeini is the 

reason the ABC company’s security administrator is unabae to determine the oriiin of the atacke 

Al A NIDS eas used in paace of a NIPSl 

Bl The aoi is not in UTCl 

Cl The externaa party uses a freeaaal 

Dl ABC company uses PATl 

Aoswern D 

Expaanatonn 

PAT eouad ensure that computers on ABC’s LAN transaate to the same IP address, but eith a diferent 

port number assiinmentl The aoi informaton shoes the IP address, not the port number, makini it 

impossibae to pin point the exact sourcel


An A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused 

atacks, such as bandeidth-based DoS atacksl This eiaa not have any bearini on the security 

administrator at ABC Company fndini the root of the atackl 

Bn UTC is the abbreviaton for Coordinated Universaa Time, ehich is the primary tme standard by ehich 

the eorad reiuaates caocks and tmel The tme in the aoi is not the issue in this casel 

Cn Whether the externaa party uses a freeaaa or not eiaa not have any bearini on the security 

administrator at ABC Company fndini the root of the atackl 

Referencesn 

htpn::eeeleebopedialcom:TERM:P:PATlhtma 


htpn::enleikipedialori:eiki:Coordinated_Universaa_Time 

Question 4 

Which of the foaaoeini security devices can be repaicated on a Linux based computer usini IP tabaes to 

inspect and properay handae neteork based trafce 

Al Snifer 

Bl Router 

Cl Fireeaaa 

Dl Seitch 

Aoswern C 

Expaanatonn 

Ip tabaes are a user-space appaicaton proiram that aaaoes a system administrator to confiure the tabaes 

provided by the Linux kernea freeaaa and the chains and ruaes it storesl 


An A snifer is a tooa used in the process of monitorini the data that is transmited across a neteorkl 

B, Dn A router is connected to teo or more data aines from diferent neteorks, ehereas a neteork seitch 

is connected to data aines from one siniae neteorkl These may incaude a freeaaa, but not by defauatl 

Referencesn 

htpn::enleikipedialori:eiki:Iptabaes 

Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 

2014, pl 242 

htpn::enleikipedialori:eiki:Router_(computni) 

Question 5 

Which of the foaaoeini freeaaa types inspects Ethernet trafc at the MOST aeveas of the OSI modeae 

Al Packet Fiater Fireeaaa 

Bl Statefua Fireeaaa 

Cl Proxy Fireeaaa 

Dl Appaicaton Fireeaaa

Aoswern B 

Expaanatonn 

Statefua inspectons occur at aaa aeveas of the neteorkl 


An Packet-faterini freeaaas operate at the Neteork aayer (Layer 2) and the Transport aayer (Layer 4) of the 

Open Systems Interconnect (OSI) modeal 

Cn The proxy functon can occur at either the appaicaton aevea or the circuit aeveal 

Dn Appaicaton Fireeaaas operates at the Appaicaton aayer (Layer7) of the OSI modeal 

Referencesn 


2014, ppl 98-100 

Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 3 

Question 6 

The Chief Informaton Security Ofcer (CISO) has mandated that aaa IT systems eith credit card data be 

seireiated from the main corporate neteork to prevent unauthorized access and that access to the IT 

systems shouad be aoiiedl Which of the foaaoeini eouad BEST meet the CISO’s requirementse 

Al Snifers 

Bl NIDS 

Cl Fireeaaas 

Dl Web proxies 

El Layer 2 seitches 

Aoswern C 

Expaanatonn 

The basic purpose of a freeaaa is to isoaate one neteork from anotherl 


An The terms protocoa anaayzer and packet snifer are interchanieabael They refer to the tooas used in the 

process of monitorini the data that is transmited across a neteorkl 

Bn A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused 

atacks, such as bandeidth-based DoS atacksl 

Dn Web proxies are used to foreard HTTP requestsl 

En Layer 2 seitchini uses the media access controa address (MAC address) from the host's neteork 

interface cards (NICs) to decide ehere to foreard framesl Layer 2 seitchini is hardeare based, ehich 

means seitches use appaicaton-specifc inteirated circuit (ASICs) to buiad and maintain fater tabaes (aaso 

knoen as MAC address tabaes or CAM tabaes)l 

Referencesn 


2014, pl 242 


htpn::enleikipedialori:eiki:LAN_seitchini 

htpn::enleikipedialori:eiki:Proxy_serveroWeb_proxy_servers

Question 7 

Which of the foaaoeini neteork desiin eaements aaaoes for many internaa devices to share one pubaic IP 

addresse 

Al DNAT 

Bl PAT 

Cl DNS 

Dl DMZ 

Aoswern B 

Expaanatonn 

Port Address Transaaton (PAT), is an extension to neteork address transaaton (NAT) that permits 

muatpae devices on a aocaa area neteork (LAN) to be mapped to a siniae pubaic IP addressl The ioaa of 

PAT is to conserve IP addressesl 

Most home neteorks use PATl In such a scenario, the Internet Service Provider (ISP) assiins a siniae IP 

address to the home neteork's routerl When Computer X aois on the Internet, the router assiins the 

caient a port number, ehich is appended to the internaa IP addressl This, in efect, iives Computer X a 

unique addressl If Computer Z aois on the Internet at the same tme, the router assiins it the same aocaa 

IP address eith a diferent port numberl Aathouih both computers are sharini the same pubaic IP address 

and accessini the Internet at the same tme, the router knoes exactay ehich computer to send specifc 

packets to because each computer has a unique internaa addressl 


An Destnaton neteork address transaaton (DNAT) is a technique for transparentay chaniini the 

destnaton IP address of an end route packet and performini the inverse functon for any repaiesl Any 

router situated beteeen teo endpoints can perform this transformaton of the packetl DNAT is 

commonay used to pubaish a service aocated in a private neteork on a pubaicay accessibae IP addressl This 

use of DNAT is aaso caaaed port foreardinil DNAT does not aaaoe for many internaa devices to share one 

pubaic IP addressl 

Cn DNS (Domain Name System) is a service used to transaate hostnames or URLs to IP addressesl DNS 

does not aaaoe for many internaa devices to share one pubaic IP addressl 

Dn A DMZ or demiaitarized zone is a physicaa or aoiicaa subneteork that contains and exposes an 

orianizaton's externaa-facini services to a aarier and untrusted neteork, usuaaay the Internetl The 

purpose of a DMZ is to add an additonaa aayer of security to an orianizaton's aocaa area neteork (LAN); 

an externaa neteork node onay has direct access to equipment in the DMZ, rather than any other part of 

the neteorkl A DMZ does not aaaoe for many internaa devices to share one pubaic IP addressl 

Referencesn 

htpn::searchneteorkiniltechtarietlcom:defniton:Port-Address-Transaaton-PAT 

htpn::enleikipedialori:eiki:Neteork_address_transaatonoDNAT 

htpn::enleikipedialori:eiki:Domain_Name_System 

htpn::enleikipedialori:eiki:DMZ_(computni) 

Question 8 

Which of the foaaoeini is a best practce ehen securini a seitch from physicaa accesse

Al Disabae unnecessary accounts 

Bl Print baseaine confiuraton 

Cl Enabae access aists 

Dl Disabae unused ports 

Aoswern D 

Expaanatonn 

Disabaini unused seitch ports a simpae method many neteork administrators use to heap secure their 

neteork from unauthorized accessl 

Aaa ports not in use shouad be disabaedl Othereise, they present an open door for an atacker to enterl 


An Disabaini unnecessary accounts eouad onay baock those specifc accountsl 

Bn A security baseaine is a standardized minimaa aevea of security that aaa systems in an orianizaton must 

compay eithl Printni it eouad not secure the seitch from physicaa accessl 

Cn The purpose of an access aist is to identfy specifcaaay eho can enter a faciaityl 

Referencesn 

htpn::orbit-computer-soautonslcom:Hoe-To-Confiure-Seitch-Securitylphp 


2014, pl 30 


Question 9 

Which of the foaaoeini devices eouad be MOST usefua to ensure avaiaabiaity ehen there are a aarie 

number of requests to a certain eebsitee 

Al Protocoa anaayzer 

Bl Load baaancer 

Cl VPN concentrator 

Dl Web security iateeay 

Aoswern B 

Expaanatonn 

Load baaancini refers to shifini a aoad from one device to anotherl A aoad baaancer can be impaemented 

as a sofeare or hardeare soauton, and it is usuaaay associated eith a device—a router, a freeaaa, NAT 

appaiance, and so onl In its most common impaementaton, a aoad baaancer spaits the trafc intended for 

a eebsite into individuaa requests that are then rotated to redundant servers as they become avaiaabael 


An The terms protocoa anaayzini and packet snifni are interchanieabael They refer to the process of 

monitorini the data that is transmited across a neteorkl 

Cn A VPN concentrator is a hardeare device used to create remote access VPNsl The concentrator creates 

encrypted tunnea sessions beteeen hosts, and many use teo-factor authentcaton for additonaa 

securityl 

Dn One of the neeest buzzeords is eeb security iateeay, ehich can be thouiht of as a proxy server 

(performini proxy and cachini functons) eith eeb protecton sofeare buiat inl Dependini on the

vendor, the “eeb protectonn can ranie from a standard virus scanner on incomini packets to 

monitorini outioini user trafc for red fais as eeaal 

Referencesn 


2014, ppl 102, 104, 118 

Question 10 

Pete, the system administrator, eishes to monitor and aimit users’ access to externaa eebsitesl 

Which of the foaaoeini eouad BEST address thise 

Al Baock aaa trafc on port 80l 

Bl Impaement NIDSl 

Cl Use server aoad baaancersl 

Dl Instaaa a proxy serverl 

Aoswern D 

Expaanatonn 

A proxy is a device that acts on behaaf of other(s)l In the interest of security, aaa internaa user interacton 

eith the Internet shouad be controaaed throuih a proxy serverl The proxy server shouad automatcaaay 

baock knoen maaicious sitesl The proxy server shouad cache ofen-accessed sites to improve 

performancel 


An A neteork-based IDS (NIDS) approach to IDS ataches the system to a point in the neteork ehere it 

can monitor and report on aaa neteork trafcl 

Bn This eouad baock aaa eeb trafc, as port 80 is used for Worad Wide Webl 

Cn In its most common impaementaton, a aoad baaancer spaits the trafc intended for a eebsite into 

individuaa requests that are then rotated to redundant servers as they become avaiaabael 

Referencesn 


2014, ppl 98, 102, 111 

Question 11 

Mike, a neteork administrator, has been asked to passiveay monitor neteork trafc to the company’s 

saaes eebsitesl Which of the foaaoeini eouad be BEST suited for this taske 

Al HIDS 

Bl Fireeaaa 

Cl NIPS 

Dl Spam fater 

Expaanatonn 

Aoswern C

Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc by 

anaayzini protocoa actvityl 


An A host-based IDS (HIDS) eatches the audit traias and aoi f aes of a host systeml It’s reaiabae for 

detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini 

perpetrated by a user aocaaay aoiied in to the hostl 

Bn Fireeaaas provide protecton by controaaini trafc enterini and aeavini a neteorkl 

Dn A spam fater is a sofeare or hardeare tooa ehose primary purpose is to identfy and 

baock:fater:remove uneanted messaies (that is, spam)l Spam is most commonay associated eith emaia, 

but spam aaso exists in instant messaiini (IM), short messaie service (SMS), Usenet, and eeb 

discussions:forums:comments:baoisl 

Referencesn 



Question 12 

Which of the foaaoeini shouad be depaoyed to prevent the transmission of maaicious trafc beteeen 

virtuaa machines hosted on a siniuaar physicaa device on a neteorke 

Al HIPS on each virtuaa machine 

Bl NIPS on the neteork 

Cl NIDS on the neteork 

Dl HIDS on each virtuaa machine 

Aoswern A 

Expaanatonn 

Host-based intrusion preventon system (HIPS) is an instaaaed sofeare packaie ehich monitors a siniae 

host for suspicious actvity by anaayzini events occurrini eithin that hostl 


Bn Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc 

by anaayzini protocoa actvityl 

Cn A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused 


Dn A host-based IDS (HIDS) eatches the audit traias and aoi faes of a host systeml It’s reaiabae for 



Referencesn 



Question 13 

Pete, a security administrator, has observed repeated atempts to break into the neteorkl Which of the 

foaaoeini is desiined to stop an intrusion on the neteorke

Al NIPS 

Bl HIDS 

Cl HIPS 

Dl NIDS 

Aoswern A 

Expaanatonn 


anaayzini protocoa actvityl The main functons of intrusion preventon systems are to identfy maaicious 

actvity, aoi informaton about this actvity, atempt to baock:stop it, and report it 


Bn A host-based IDS (HIDS) eatches the audit traias and aoi faes of a host systeml It’s reaiabae for 



Cn Host-based intrusion preventon system (HIPS) is an instaaaed sofeare packaie ehich monitors a 

siniae host for suspicious actvity by anaayzini events occurrini eithin that hostl 

Dn A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteorkfocused 


Referencesn 



Question 14 

An administrator is aookini to impaement a security device ehich eiaa be abae to not onay detect neteork 

intrusions at the orianizaton aevea, but heap defend aiainst them as eeaal Which of the foaaoeini is beini 

described heree 

Al NIDS 

Bl NIPS 

Cl HIPS 

Dl HIDS 

Aoswern B 

Expaanatonn 


anaayzini protocoa actvityl The main functons of intrusion preventon systems are to identfy maaicious 

actvity, aoi informaton about this actvity, atempt to baock:stop it, and report it 




Cn Host-based intrusion preventon system (HIPS) is an instaaaed sofeare packaie ehich monitors a 

siniae host for suspicious actvity by anaayzini events occurrini eithin that hostl 

Dn A host-based IDS (HIDS) eatches the audit traias and aoi faes of a host systeml It’s reaiabae for 

detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini


Referencesn 



Question 15 

In intrusion detecton system vernacuaar, ehich account is responsibae for setni the security poaicy for 

an orianizatone 

Al Supervisor 

Bl Administrator 

Cl Root 

Dl Director 

Aoswern B 

Expaanatonn 

The administrator is the person responsibae for setni the security poaicy for an orianizaton and is 

responsibae for makini decisions about the depaoyment and confiuraton of the IDSl 


A, Cn Aamost every operatni system in use today empaoys the concept of diferentaton beteeen users 

and iroups at varyini aeveasl As an exampae, there is aaeays a system administrator (SA) account that has 

iodaike controa over everythinin root in Unix:Linux, admin (or a deviaton of it) in Windoes, 

administrator in Appae OS X, supervisor in Noveaa NetWare, and so onl 

Dn A director is a person from a iroup of manaiers eho aeads or supervises a partcuaar area of a 

company, proiram, or projectl 

Referencesn 


2014, ppl 107, 152 

htpn::enleikipedialori:eiki:Director_(business) 

Question 16 

When performini the daiay reviee of the system vuanerabiaity scans of the neteork Joe, the 

administrator, notced severaa security reaated vuanerabiaites eith an assiined vuanerabiaity identfcaton 

numberl Joe researches the assiined vuanerabiaity identfcaton number from the vendor eebsitel Joe 

proceeds eith appayini the recommended soauton for identfed vuanerabiaityl 

Which of the foaaoeini is the type of vuanerabiaity describede 

Al Neteork based 

Bl IDS 

Cl Siinature based 

Dl Host based 

Aoswern C

Expaanatonn 

A siinature-based monitorini or detecton method reaies on a database of siinatures or paterns of 

knoen maaicious or uneanted actvityl The strenith of a siinature-based system is that it can quickay and 

accurateay detect any event from its database of siinaturesl 




Bn An intrusion detecton system (IDS) is an automated system that either eatches actvity in reaa tme or 

reviees the contents of audit aois in order to detect intrusions or security poaicy vioaatonsl 

Cn A host-based IDS (HIDS) eatches the audit traias and aoi f aes of a host systeml It’s reaiabae for 



Referencesn 


Question 17 

The neteork security eniineer just depaoyed an IDS on the neteork, but the Chief Technicaa Ofcer (CTO) 

has concerns that the device is onay abae to detect knoen anomaaiesl Which of the foaaoeini types of IDS 

has been depaoyede 

Al Siinature Based IDS 

Bl Heuristc IDS 

Cl Behavior Based IDS 

Dl Anomaay Based IDS 

Aoswern A 

Expaanatonn 

A siinature based IDS eiaa monitor packets on the neteork and compare them aiainst a database of 

siinatures or atributes from knoen maaicious threatsl 


B, Cn The technique used by anomaay-based IDS:IPS systems is aaso referred as neteork behavior anaaysis 

or heuristcs anaaysisl 

Dn An IDS ehich is anomaay based eiaa monitor neteork trafc and compare it aiainst an estabaished 

baseainel The baseaine eiaa identfy ehat is “normaan for that neteork- ehat sort of bandeidth is 

ieneraaay used, ehat protocoas are used, ehat ports and devices ieneraaay connect to each other- and 

aaert the administrator or user ehen trafc is detected ehich is anomaaous, or siinifcantay diferent, 

than the baseainel 

Referencesn 

htpsn::technetlmicrosoflcom:en-us:aibrary:dd277252laspx 

htpn::enleikipedialori:eiki:Intrusion_detecton_systemoSiinature-based_IDS 

htpn::enleikipedialori:eiki:Intrusion_detecton_systemoStatstcaa_anomaay-based_IDS 

Question 18

Joe, the Chief Technicaa Ofcer (CTO), is concerned about nee maaeare beini introduced into the 

corporate neteorkl He has tasked the security eniineers to impaement a technoaoiy that is capabae of 

aaertni the team ehen unusuaa trafc is on the neteorkl Which of the foaaoeini types of technoaoiies 

eiaa BEST address this scenarioe 

Al Appaicaton Fireeaaa 

Bl Anomaay Based IDS 

Cl Proxy Fireeaaa 

Dl Siinature IDS 

Aoswern B 

Expaanatonn 

Anomaay-based detecton eatches the onioini actvity in the environment and aooks for abnormaa 

occurrencesl An anomaay-based monitorini or detecton method reaies on defnitons of aaa vaaid forms of 

actvityl This database of knoen vaaid actvity aaaoes the tooa to detect any and aaa anomaaiesl Anomaaybased 

detecton is commonay used for protocoasl Because aaa the vaaid and aeiaa forms of a protocoa are 

knoen and can be defned, any variatons from those knoen vaaid constructons are seen as anomaaiesl 


An An appaicaton aeare freeaaa provides faterini services for specifc appaicatonsl 

Cn Proxy freeaaas are used to process requests from an outside neteork; the proxy freeaaa examines the 

data and makes ruae-based decisions about ehether the request shouad be forearded or refusedl The 

proxy intercepts aaa of the packets and reprocesses them for use internaaayl 

Dn A siinature-based monitorini or detecton method reaies on a database of siinatures or paterns of 

knoen maaicious or uneanted actvityl 

Referencesn 



2014, pl 98 

Question 19 

Mat, an administrator, notces a food fraimented packet and retransmits from an emaia serverl 

Afer disabaini the TCP ofoad setni on the NIC, Mat sees normaa trafc eith packets foeini in 

sequence aiainl Which of the foaaoeini utaites eas he MOST aikeay usini to viee this issuee 

Al Spam fater 

Bl Protocoa anaayzer 

Cl Web appaicaton freeaaa 

Dl Load baaancer 

Aoswern B 

Expaanatonn 

A protocoa anaayzer is a tooa used to examine the contents of neteork trafcl Commonay knoen as a 

snifer, a protocoa anaayzer can be a dedicated hardeare device or sofeare instaaaed onto a typicaa host 

systeml In either case, a protocoa anaayzer is frst a packet capturini tooa that can coaaect neteork trafc

and store it in memory or onto a storaie devicel Once a packet is captured, it can be anaayzed either eith 

compaex automated tooas and scripts or manuaaayl 


An A spam fater is a sofeare or hardeare tooa ehose primary purpose is to identfy and 

baock:fater:remove uneanted messaies (that is, spam)l Spam is most commonay associated eith emaia, 

but spam aaso exists in instant messaiini (IM), short messaie service (SMS), Usenet, and eeb 

discussions:forums:comments:baoisl Because spam consumes about 89 percent of aaa emaia trafc (see 

the Inteaaiience Reports at eeelmessaieaabslcom), it’s essentaa to fater and baock spam at every 

opportunityl 

Cn A eeb appaicaton freeaaa is a device, server add-on, virtuaa service, or system fater that defnes a 

strict set of communicaton ruaes for a eebsite and aaa visitorsl It’s intended to be an appaicaton-specifc 

freeaaa to prevent cross-site scriptni, SQL injecton, and other eeb appaicaton atacksl 

Dn A aoad baaancer is used to spread or distribute neteork trafc aoad across severaa neteork ainks or 

neteork devicesl 

Referencesn 

Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 10, 18, 19 

Question 20 

Which the foaaoeini fais are used to estabaish a TCP connectone (Seaect TWO)l 

Al PSH 

Bl ACK 

Cl SYN 

Dl URG 

El FIN 

Aoswern B, C 

Expaanatonn 

To estabaish a TCP connecton, the three-eay (or 2-step) handshake occursn 

SYNn The actve open is performed by the caient sendini a SYN to the serverl The caient sets the 

seiment's sequence number to a random vaaue Al 

SYN-ACKn In response, the server repaies eith a SYN-ACKl The acknoeaediment number is set to one 

more than the received sequence number ilel A+1, and the sequence number that the server chooses for 

the packet is another random number, Bl 

ACKn Finaaay, the caient sends an ACK back to the serverl The sequence number is set to the received 

acknoeaediement vaaue ilel A+1, and the acknoeaediement number is set to one more than the 

received sequence number ilel B+1l 


An The PSH fai teaas the TCP stack to fush aaa bufers and send any outstandini data up to and incaudini 

the data that had the PSH fai setl 

Dn URG indicates that the urient pointer fead has a vaaid pointer to data that shouad be treated urientay 

and be transmited before non-urient datal 

En FIN is used to indicate that the caient eiaa send no more datal 

Referencesn 

htpn::ainuxpoisonlbaoispotlcom:2007:11:ehat-are-tcp-controa-bitslhtma

Question 21 

Which of the foaaoeini components of an aaa-in-one security appaiance eouad MOST aikeay be confiured 

in order to restrict access to peer-to-peer fae sharini eebsitese 

Al Spam fater 

Bl URL fater 

Cl Content inspecton 

Dl Maaeare inspecton 

Aoswern B 

Expaanatonn 

The queston asks hoe to prevent access to peer-to-peer fae sharini eebsitesl You access a eebsite by 

broesini to a URL usini a Web broeser or peer-to-peer fae sharini caient sofearel A URL fater is used 

to baock URLs (eebsites) to prevent users accessini the eebsitel 

Incorrect Anseern 

An A spam fater is used for emaial Aaa inbound (and sometmes outbound) emaia is passed throuih the 

spam fater to detect spam emaiasl The spam emaias are then discarded or taiied as potentaa spam 

accordini to the spam fater confiuratonl Spam faters do not prevent users accessini peer-to-peer fae 

sharini eebsitesl 

Cn Content inspecton is the process of inspectni the content of a eeb paie as it is doenaoadedl The 

content can then be baocked if it doesn’t compay eith the company’s eeb poaicyl Content-controa 

sofeare determines ehat content eiaa be avaiaabae or perhaps more ofen ehat content eiaa be baockedl 

Content inspecton does not prevent users accessini peer-to-peer fae sharini eebsites (aathouih it 

couad baock the content of the sites as it is doenaoaded)l 

Dn Maaeare inspecton is the process of scannini a computer system for maaearel Maaeare inspecton 

does not prevent users accessini peer-to-peer fae sharini eebsitesl 

Referencesn 

htpn::eeelprovisionlro:threat-manaiement:eeb-appaicaton-security:ura-fateriniopaiei-1|paiep-1| 


Question 22 

Pete, the system administrator, eants to restrict access to advertsements, iames, and iambaini eeb 

sitesl Which of the foaaoeini devices eouad BEST achieve this ioaae 

Al Fireeaaa 

Bl Seitch 

Cl URL content fater 

Dl Spam fater 

Expaanatonn 

Aoswern C

URL faterini, aaso knoen as eeb faterini, is the act of baockini access to a site based on aaa or part of the 

URL used to request accessl URL faterini can focus on aaa or part of a fuaay quaaifed domain name 

(FQDN), specifc path names, specifc faenames, specifc f ae extensions, or entre specifc URLsl Many 

URL-faterini tooas can obtain updated master URL baock aists from vendors as eeaa as aaaoe 

administrators to add or remove URLs from a custom aistl 


An The basic purpose of a freeaaa is to isoaate one neteork from anotherl Fireeaaas are avaiaabae as 

appaiances, meanini they’re instaaaed as the primary device separatni teo neteorksl 

Bn Seitches are muatport devices that improve neteork efciencyl 

Dn A spam fater is a sofeare or hardeare tooa ehose primary purpose is to identfy and 

baock:fater:remove uneanted messaies (that is, spam)l 

Referencesn 



2014, ppl 93, 102 

Question 23 

The administrator receives a caaa from an empaoyee named Joel Joe says the Internet is doen and he is 

receivini a baank paie ehen typini to connect to a popuaar sports eebsitel The administrator asks Joe to 

try visitni a popuaar search eniine site, ehich Joe reports as successfual Joe then says that he can iet to 

the sports site on this phonel Which of the foaaoeini miiht the administrator need to confiuree 

Al The access ruaes on the IDS 

Bl The pop up baocker in the empaoyee’s broeser 

Cl The sensitvity aevea of the spam fater 

Dl The defauat baock paie on the URL fater 

Aoswern D 

Expaanatonn 

A URL fater is used to baock access to a site based on aaa or part of a URLl There are a number of URLfaterini 

tooas that can acquire updated master URL baock aists from vendors, as eeaa as aaaoe 

administrators to add or remove URLs from a custom aistl 


An An intrusion detecton system (IDS) is an automated system that either eatches actvity in reaa tme or 

reviees the contents of audit aois in order to detect intrusions or security poaicy vioaatonsl 

Bn Pop-up baockers prevent eebsites from openini further eeb broeser eindoes eithout your approvaal 

Cn A spam fater deaas eith identfyini and baockini:faterini:removini unsoaicited messaiesl 

Referencesn 

Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 18, 19, 21, 243 

Question 24 

Layer 7 devices used to prevent specifc types of htma tais are caaaedn 

Al Fireeaaas

Bl Content faters 

Cl Routers 

Dl NIDS 

Aoswern B 

Expaanatonn 

A content fater is a is a type of sofeare desiined to restrict or controa the content a reader is authorised 

to access, partcuaaray ehen used to aimit materiaa deaivered over the Internet via the Web, e-maia, or 

other meansl Because the user and the OSI aayer interact directay eith the content fater, it operates at 

Layer 7 of the OSI modeal 


A, C, Dn These devices deaa eith controaaini hoe devices in a neteork iain access to data and permission 

to transmit it, as eeaa as controaaini error checkini and packet synchronizatonl It, therefore, operates at 

Layer 2 of the OSI modeal 

Referencesn 

htpn::enleikipedialori:eiki:Content-controa_sofeareoTypes_of_faterini 

htpn::enleikipedialori:eiki:OSI_modea 

Question 25 

Pete, an empaoyee, atempts to visit a popuaar sociaa neteorkini site but is baockedl Instead, a paie is 

dispaayed notfyini him that this site cannot be visitedl Which of the foaaoeini is MOST aikeay baockini 

Pete’s access to this sitee 

Al Internet content fater 

Bl Fireeaaa 

Cl Proxy server 

Dl Protocoa anaayzer 

Aoswern A 

Expaanatonn 

Web faterini sofeare is desiined to restrict or controa the content a reader is authorised to access, 

especiaaay ehen utaised to restrict materiaa deaivered over the Internet via the Web, e-maia, or other 

meansl 


Bn The basic purpose of a freeaaa is to isoaate one neteork from anotherl 

Cn A proxy server is a variaton of an appaicaton freeaaa or circuit-aevea freeaaa, and used as a middaeman 

beteeen caients and serversl Ofen a proxy serves as a barrier aiainst externaa threats to internaa caientsl 

Dn The terms protocoa anaayzer and packet snifer are interchanieabael They refer to the tooas used in the 

process of monitorini the data that is transmited across a neteorkl 

Referencesn 

htpn::enleikipedialori:eiki:Content-controa_sofeare 


2014, ppl 11, 93, 242

Passing the CompTIA SY0-401 exam is not easy without having dumps. You can 

get SY0-401 exam Questions and Answers from itexamquestions.com this is the 

authentic source for SY0-401 exam study material. They can provide you latest 

and actual SY0-401 exam questions with verified answers. They guaranteed, you 

will Pass your SY0-401 exam in first attempt so don't waste any time and 

download your SY0-401exam from now. 

For Downloading 

SY0-401 Exam Dumps PDF 

Get Full Version of SY0-401 Exam Question Answer PDF Here: 

https://itexamquestions.com/product/sy0-401-exam-questions/

Prepare [2018] SY0-401 Dumps PDF Real SY0-401 Exam Questions

Create successful ePaper yourself

Delete template?

Save as template?