jdrad01-junk
Test por , creado hace más de 1 año

Security+ SY0-401 Test sobre SY0-401 - Section A (Network Security), creado por jdrad01-junk el 24/11/2014.

248
1
0
jdrad01-junk
Creado por jdrad01-junk hace alrededor de 10 años
Cerrar

SY0-401 - Section A (Network Security)

Pregunta 1 de 58

1

Which of the following means of wireless authentication is easily vulnerable to spoofing?

Selecciona una de las siguientes respuestas posibles:

  • MAC Filtering

  • WPA - LEAP

  • WPA - PEAP

  • Enabled SSID

Explicación

Pregunta 2 de 58

1

Which of the following implementation steps would be appropriate for a public wireless hot- spot?

Selecciona una de las siguientes respuestas posibles:

  • Reduce power level

  • Disable SSID broadcast

  • Open system authentication

  • MAC filter

Explicación

Pregunta 3 de 58

1

Which of the following controls would allow a company to reduce the exposure of sensitive systems from
unmanaged devices on internal networks?

Selecciona una de las siguientes respuestas posibles:

  • 802.1x

  • Data encryption

  • Password strength

  • BGP

Explicación

Pregunta 4 de 58

1

A network administrator has been tasked with securing the WLAN. Which of the following cryptographic
products would be used to provide the MOST secure environment for the WLAN?

Selecciona una de las siguientes respuestas posibles:

  • WPA2 CCMP

  • WPA

  • WPA with MAC filtering

  • WPA2 TKIP

Explicación

Pregunta 5 de 58

1

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to
a single interface on a firewall. Which of the following BEST describes this new network?

Selecciona una de las siguientes respuestas posibles:

  • VLAN

  • Subnet

  • VPN

  • DMZ

Explicación

Pregunta 6 de 58

1

Which of the following network design elements allows for many internal devices to share one public IP
address?

Selecciona una de las siguientes respuestas posibles:

  • DNAT

  • PAT

  • DNS

  • DMZ

Explicación

Pregunta 7 de 58

1

A company determines a need for additional protection from rogue devices plugging into physical ports around
the building. Which of the following provides the highest degree of protection from unauthorized wired network
access?

Selecciona una de las siguientes respuestas posibles:

  • Intrusion Prevention Systems

  • MAC filtering

  • Flood guards

  • 802.1x

Explicación

Pregunta 8 de 58

1

Due to hardware limitation, a technician must implement a wireless encryption algorithm that uses the RC4
protocol. Which of the following is a wireless encryption solution that the technician should implement while
ensuring the STRONGEST level of security?

Selecciona una de las siguientes respuestas posibles:

  • WPA2-AES

  • 802.11ac

  • WPA-TKIP

  • WEP

Explicación

Pregunta 9 de 58

1

An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and
network security, the administrator desires to provide network access for this group only. Which of the following
would BEST address this desire?

Selecciona una de las siguientes respuestas posibles:

  • Install a proxy server between the users' computers and the switch to filter inbound network traffic.

  • Block commonly used ports and forward them to higher and unused port numbers.

  • Configure the switch to allow only traffic from computers based upon their physical address.

  • Install host-based intrusion detection software to monitor incoming DHCP Discover requests.

Explicación

Pregunta 10 de 58

1

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD
users and 2 web servers without wireless access. Which of the following should the company configure to
protect the servers from the user devices? (Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • Deny incoming connections to the outside router interface.

  • Change the default HTTP port

  • Implement EAP-TLS to establish mutual authentication

  • Disable the physical switch ports

  • Create a server VLAN

  • Create an ACL to access the server

Explicación

Pregunta 11 de 58

1

An organization does not have adequate resources to administer its large infrastructure. A security
administrator wishes to combine the security controls of some of the network devices in the organization. Which
of the following methods would BEST accomplish this goal?

Selecciona una de las siguientes respuestas posibles:

  • Unified Threat Management

  • Virtual Private Network

  • Single sign on

  • Role-based management

Explicación

Pregunta 12 de 58

1

Which of the following would allow the organization to divide a Class C IP address range into several ranges?

Selecciona una de las siguientes respuestas posibles:

  • Which of the following would allow the organization to divide a Class C IP address range into several ranges?

  • Virtual LANs

  • NAT

  • Subnetting

Explicación

Pregunta 13 de 58

1

A network administrator wants to block both DNS requests and zone transfers coming from outside IP
addresses. The company uses a firewall which implements an implicit allow and is currently configured with the
following ACL applied to its external interface.
PERMIT TCP ANY ANY 80
PERMIT TCP ANY ANY 443
Which of the following rules would accomplish this task? (Select TWO).

Selecciona una o más de las siguientes respuestas posibles:

  • Change the firewall default settings so that it implements an implicit deny

  • Apply the current ACL to all interfaces of the firewall

  • Remove the current ACL

  • Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53

  • Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53

  • Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53

Explicación

Pregunta 14 de 58

1

A security administrator wishes to increase the security of the wireless network. Which of the following BEST
addresses this concern?

Selecciona una de las siguientes respuestas posibles:

  • Change the encryption from TKIP-based to CCMP-based.

  • Set all nearby access points to operate on the same channel.

  • Configure the access point to use WEP instead of WPA2.

  • Enable all access points to broadcast their SSIDs.

Explicación

Pregunta 15 de 58

1

Sally, a sales manager, successfully connected her company-issued smartphone to the wireless network in her
office without supplying a username/password combination. Upon disconnecting from the wireless network, she
attempted to connect her personal tablet computer to the same wireless network and could not connect.
Which of the following is MOST likely the reason?

Selecciona una de las siguientes respuestas posibles:

  • The company wireless is using a MAC filter.

  • The company wireless has SSID broadcast disabled.

  • The company wireless is using WEP.

  • The company wireless is using WPA2.

Explicación

Pregunta 16 de 58

1

A network technician is on the phone with the system administration team. Power to the server room was lost
and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are
powered off. Assuming each server only provides one service, which of the following should be powered on
FIRST to establish DNS services?

Selecciona una de las siguientes respuestas posibles:

  • Bind server

  • Apache server

  • Exchange server

  • RADIUS server

Explicación

Pregunta 17 de 58

1

A security technician at a small business is worried about the Layer 2 switches in the network suffering from a
DoS style attack caused by staff incorrectly cabling network connections between switches.
Which of the following will BEST mitigate the risk if implemented on the switches?

Selecciona una de las siguientes respuestas posibles:

  • Spanning tree

  • Flood guards

  • Access control lists

  • Syn flood

Explicación

Pregunta 18 de 58

1

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation
pattern to connect two buildings separated by a very long distance. Which of the following antennas would be
BEST for this situation?

Selecciona una de las siguientes respuestas posibles:

  • Dipole

  • Yagi

  • Sector

  • Omni

Explicación

Pregunta 19 de 58

1

A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports
appear in the log:
22, 25, 445, 1433, 3128, 3389, 6667
Which of the following protocols was used to access the server remotely?

Selecciona una de las siguientes respuestas posibles:

  • LDAP

  • HTTP

  • RDP

  • HTTPS

Explicación

Pregunta 20 de 58

1

An organization does not want the wireless network name to be easily discovered. Which of the following
software features should be configured on the access points?

Selecciona una de las siguientes respuestas posibles:

  • SSID broadcast

  • MAC filter

  • WPA2

  • Antenna placement

Explicación

Pregunta 21 de 58

1

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that
they can connect their laptops and mobile devices.
Which of the following technologies should be employed to separate the administrative network from the
network in which all of the employees' devices are connected?

Selecciona una de las siguientes respuestas posibles:

  • VPN

  • VLAN

  • WPA2

  • MAC filtering

Explicación

Pregunta 22 de 58

1

When performing the daily review of the system vulnerability scans of the network Bob, the administrator,
noticed several security related vulnerabilities with an assigned vulnerability identification number. Bob
researches the assigned vulnerability identification number from the vendor website. Bob proceeds with
applying the recommended solution for identified vulnerability.
Which of the following is the type of vulnerability described?

Selecciona una de las siguientes respuestas posibles:

  • Network based

  • IDS

  • Signature based

  • Host based

Explicación

Pregunta 23 de 58

1

While configuring a new access layer switch, the administrator, Bob, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?

Selecciona una de las siguientes respuestas posibles:

  • Log Analysis

  • VLAN Management

  • Network separation

  • 802.1x

Explicación

Pregunta 24 de 58

1

Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed
using the same password. The company's network device security policy mandates that at least one virtual
terminal have a different password than the other virtual terminals. Which of the following sets of commands
would meet this requirement?

Selecciona una de las siguientes respuestas posibles:

  • line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password

  • line console 0 password password line vty 0 4 password P@s5W0Rd

  • line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd

  • line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd

Explicación

Pregunta 25 de 58

1

After entering the following information into a SOHO wireless router, a mobile device's user reports being
unable to connect to the network:
PERMIT 0A: D1: FA. B1: 03: 37
DENY 01: 33: 7F: AB: 10: AB
Which of the following is preventing the device from connecting?

Selecciona una de las siguientes respuestas posibles:

  • WPA2-PSK requires a supplicant on the mobile device.

  • Hardware address filtering is blocking the device.

  • TCP/IP Port filtering has been implemented on the SOHO router.

  • IP address filtering has disabled the device from connecting.

Explicación

Pregunta 26 de 58

1

Which of the following MOST interferes with network-based detection techniques?

Selecciona una de las siguientes respuestas posibles:

  • Mime-encoding

  • SSL

  • FTP

  • Anonymous email accounts

Explicación

Pregunta 27 de 58

1

Thomas, a network administrator, is capturing packets on the network and notices that a large amount of the
traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from
the other traffic?

Selecciona una de las siguientes respuestas posibles:

  • Connect the WAP to a different switch.

  • Create a voice VLAN.

  • Create a DMZ.

  • Set the switch ports to 802.1q mode.

Explicación

Pregunta 28 de 58

1

Which of the following is BEST used as a secure replacement for TELNET?

Selecciona una de las siguientes respuestas posibles:

  • HTTPS

  • HMAC

  • GPG

  • SSH

Explicación

Pregunta 29 de 58

1

Which of the following is a difference between TFTP and FTP?

Selecciona una de las siguientes respuestas posibles:

  • TFTP is slower than FTP.

  • TFTP is more secure than FTP.

  • TFTP utilizes TCP and FTP uses UDP.

  • TFTP utilizes UDP and FTP uses TCP.

Explicación

Pregunta 30 de 58

1

Suspicious traffic without a specific signature was detected. Under further investigation, it was determined that
these were false indicators. Which of the following security devices needs to be configured to disable future
false alarms?

Selecciona una de las siguientes respuestas posibles:

  • Signature based IPS

  • Signature based IDS

  • Application based IPS

  • Anomaly based IDS

Explicación

Pregunta 31 de 58

1

Alice, a security administrator, has observed repeated attempts to break into a server. Which of the following is
designed to stop an intrusion on a specific server?

Selecciona una de las siguientes respuestas posibles:

  • HIPS

  • NIDS

  • HIDS

  • NIPS

Explicación

Pregunta 32 de 58

1

Which of the following allows Thomas, a security technician, to provide the MOST secure wireless
implementation?

Selecciona una de las siguientes respuestas posibles:

  • Implement WPA

  • Disable SSID

  • Adjust antenna placement

  • Implement WEP

Explicación

Pregunta 33 de 58

1

Thomas, the compliance manager, wants to meet regulations. Thomas would like certain ports blocked only on
all computers that do credit card transactions. Which of the following should Thomas implement to BEST
achieve this goal?

Selecciona una de las siguientes respuestas posibles:

  • A host-based intrusion prevention system

  • A host-based firewall

  • Antivirus update system

  • A network-based intrusion detection system

Explicación

Pregunta 34 de 58

1

Thomas, the system administrator, wishes to monitor and limit users' access to external websites.
Which of the following would BEST address this?

Selecciona una de las siguientes respuestas posibles:

  • Block all traffic on port 80.

  • Implement NIDS.

  • Use server load balancers.

  • Install a proxy server.

Explicación

Pregunta 35 de 58

1

Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the
internal interface of the firewall to be translated to one public IP address on the external interface of the same
firewall. Which of the following should Sara configure?

Selecciona una de las siguientes respuestas posibles:

  • PAT

  • NAP

  • DNAT

  • NAC

Explicación

Pregunta 36 de 58

1

Thomas needs to open ports on the firewall to allow for secure transmission of files. Which of the following
ports should be opened on the firewall?

Selecciona una de las siguientes respuestas posibles:

  • TCP 23

  • UDP 69

  • TCP 22

  • TCP 21

Explicación

Pregunta 37 de 58

1

Which statement is TRUE about the operation of a packet sniffer?

Selecciona una de las siguientes respuestas posibles:

  • It can only have one interface on a management network.

  • They are required for firewall operation and stateful inspection.

  • The Ethernet card must be placed in promiscuous mode.

  • It must be placed on a single virtual LAN interface.

Explicación

Pregunta 38 de 58

1

Which of the following firewall rules only denies DNS zone transfers?

Selecciona una de las siguientes respuestas posibles:

  • deny udp any any port 53

  • deny ip any any

  • deny tcp any any port 53

  • deny all dns packets

Explicación

Pregunta 39 de 58

1

Which of the following technologies can store multi-tenant data with different security requirements?

Selecciona una de las siguientes respuestas posibles:

  • Data loss prevention

  • Trusted platform module

  • Hard drive encryption

  • Cloud computing

Explicación

Pregunta 40 de 58

1

Which of the following devices would MOST likely have a DMZ interface?

Selecciona una de las siguientes respuestas posibles:

  • Firewall

  • Switch

  • Load balancer

  • Proxy

Explicación

Pregunta 41 de 58

1

Which default port number is secure?

Selecciona una de las siguientes respuestas posibles:

  • 21

  • 22

  • 23

  • 25

Explicación

Pregunta 42 de 58

1

Which should you do so that your wireless signal does not reach all the way out to the parking lot?

Selecciona una de las siguientes respuestas posibles:

  • Disable SSID broadcasting

  • Turn off MAC filtering

  • Lower the power level

  • Implement WEP encryption

Explicación

Pregunta 43 de 58

1

Admin Bob took a new WAP out of the box, plugged it in, and walked away. An attacker was able to access the
WAP using an administrator account. Which would have prevented the attack?

Selecciona una de las siguientes respuestas posibles:

  • Configure MAC filtering

  • Disable SSID broadcasting

  • Change the default password

  • Configure 802.1x authentication

Explicación

Pregunta 44 de 58

1

You enter the wireless network information into your computer correctly and connect to the network. You
remain connected, but you can't access any resources on the network. Which is the most likely reason?

Selecciona una de las siguientes respuestas posibles:

  • Mac filtering is turned on

  • The SSID is disabled

  • The encryption is too strong

  • The WAP power level is too low

Explicación

Pregunta 45 de 58

1

Which would allow home users to access internal company resources?

Selecciona una de las siguientes respuestas posibles:

  • NAT

  • VLANs

  • NAC

  • VPN

Explicación

Pregunta 46 de 58

1

You have two routers connected together, which then connect to two switches, which are also connected
together via fiber. How would you prevent unauthorized devices from connecting to the network?

Selecciona una de las siguientes respuestas posibles:

  • Configure only one of the routers to run DHCP

  • Implement port security on the switches

  • Enable VTP on both switches and set to the same domain

  • Configure each port on the switches to use the same VLAN other than the default one

Explicación

Pregunta 47 de 58

1

Which two would you need to use together to allow telecommuting while keeping it secure?

Selecciona una o más de las siguientes respuestas posibles:

  • DMZ

  • VLANs

  • NAC

  • Spam filter

  • VPN concentrator

Explicación

Pregunta 48 de 58

1

Your wireless network is dropping packets and degrading service only during certain times of day. What should
be your first troubleshooting step?

Selecciona una de las siguientes respuestas posibles:

  • Increase the power level

  • Change to a higher gain antenna

  • Perform a site survey

  • Configure stronger encryption

Explicación

Pregunta 49 de 58

1

You look at your router Access Control List and you see that it allows web, email, and SSH traffic. For some
reason though, some users are unable to access network printing services. Which could be blocking this?

Selecciona una de las siguientes respuestas posibles:

  • Port security

  • Flood guards

  • Implicit deny

  • Loop protection

Explicación

Pregunta 50 de 58

1

Your company allows business partners to connect to several of your application servers located at the main
office. What can the main office implement to protect the rest of the company from those business partners?

Selecciona una de las siguientes respuestas posibles:

  • VPN

  • NAC

  • IDS

  • DMZ

Explicación

Pregunta 51 de 58

1

Which protocol provides secure access to log on to a remote server's console to do some maintenance?

Selecciona una de las siguientes respuestas posibles:

  • SFTP

  • SCP

  • HTTPS

  • SSH

Explicación

Pregunta 52 de 58

1

Which provides a more secure connection than WPA TKIP?

Selecciona una de las siguientes respuestas posibles:

  • MAC filtering

  • WEP

  • WPA2 CCMP

  • Disable SSID broadcast and increase power levels

Explicación

Pregunta 53 de 58

1

Which solution would scan web traffic for malware and block it if malware is found, and could also block certain
websites that are inappropriate?

Selecciona una de las siguientes respuestas posibles:

  • IDS

  • Firewall

  • UTM

  • ACL

Explicación

Pregunta 54 de 58

1

How do you prevent unauthorized devices from connecting to the network via your network drops?

Selecciona una de las siguientes respuestas posibles:

  • Mandatory Access Control

  • WPA2

  • Port Security

  • Network Intrusion Pevention

Explicación

Pregunta 55 de 58

1

Which subnet mask would put these 4 PC's on different broadcast domains?
PC1 = 10.10.10.4
PC2 = 10.10.10.10
PC3 = 10.10.10.17
PC4 = 10.10.10.26

Selecciona una de las siguientes respuestas posibles:

  • /24

  • /27

  • /28

  • /29

  • /30

Explicación

Pregunta 56 de 58

1

Choose the port numbers in the proper order to match the order of these protocols: FTP, TFTP, Telnet, HTTP.

Selecciona una de las siguientes respuestas posibles:

  • 80, 21, 23, 69

  • 21, 69, 23, 80

  • 69, 23, 21, 80

  • 23, 21, 80, 69

Explicación

Pregunta 57 de 58

1

Choose the port numbers in the proper order to match the order of these protocols: HTTPS, SMTP, SNMP,
SCP.

Selecciona una de las siguientes respuestas posibles:

  • 161, 22, 25, 443

  • 443, 161, 22, 25

  • 443, 25, 161, 22

  • 161, 443, 161, 22

Explicación

Pregunta 58 de 58

1

Which of the following should be considered to mitigate data theft when using CAT5 wiring?

Selecciona una de las siguientes respuestas posibles:

  • CCTV

  • Environmental monitoring

  • Multimode fiber

  • EMI shielding

Explicación