Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 1-10

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 1 – (Topic 1)

A security architect wishes to implement a wireless network with connectivity to the company’s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?

  1. Disabling SSID broadcasting

  2. Implementing WPA2 – TKIP

  3. Implementing WPA2 – CCMP

  4. Filtering test workstations by MAC address

Answer: A Explanation:

Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.

Question No: 2 – (Topic 1)

Ann, a technician, is attempting to establish a remote terminal session to an end user’s computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open?

A. 22 B. 139 C. 443 D. 3389

Answer: D Explanation:

Remote Desktop Protocol (RDP) uses TCP port 3389.

Question No: 3 – (Topic 1)

Configuring the mode, encryption methods, and security associations are part of which of the following?

  1. IPSec

  2. Full disk encryption

C. 802.1x


Answer: A Explanation:

IPSec can operate in tunnel mode or transport mode. It uses symmetric cryptography to provide encryption security. Furthermore, it makes use of Internet Security Association and Key Management Protocol (ISAKMP).

Question No: 4 – (Topic 1)

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices.

Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected?

  1. VPN

  2. VLAN

  3. WPA2

  4. MAC filtering

Answer: B Explanation:

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Question No: 5 – (Topic 1)

Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports?

  1. 25

  2. 53 C. 143 D. 443

Answer: D Explanation:

HTTPS authenticates the website and corresponding web server with which one is communicating. HTTPS makes use of port 443.

Incorrect Options:

A: Port 25 is used by Simple Mail Transfer Protocol (SMTP) for routing e-mail between mail servers.

B: Port 53 is used by Domain Name System (DNS).

C: Port 143 is used by Internet Message Access Protocol (IMAP) for the management of email messages.


Question No: 6 – (Topic 1)

Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network.

Which of the following types of technologies will BEST address this scenario?

  1. Application Firewall

  2. Anomaly Based IDS

  3. Proxy Firewall

  4. Signature IDS

Answer: B Explanation:

Anomaly-based detection watches the ongoing activity in the environment and looks for abnormal occurrences. An anomaly-based monitoring or detection method relies on definitions of all valid forms of activity. This database of known valid activity allows the tool to detect any and all anomalies. Anomaly-based detection is commonly used for protocols. Because all the valid and legal forms of a protocol are known and can be defined, any variations from those known valid constructions are seen as anomalies.

Question No: 7 – (Topic 1)

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

  1. Install a token on the authentication server

  2. Install a DHCP server on the authentication server

  3. Install an encryption key on the authentication server

  4. Install a digital certificate on the authentication server

Answer: D Explanation:

When setting up a wireless network, you’ll find two very different modes of Wi-Fi Protected Access (WPA) security, which apply to both the WPA and WPA2 versions.

The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK) mode. It doesn’t require anything beyond the wireless router or access points (APs) and uses a single passphrase or password for all users/devices.

The other is the Enterprise mode -which should be used by businesses and organizations-and is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides better security and key management, and supports other enterprise-type functionality, such as VLANs and NAP. However, it requires an external authentication server, called a Remote Authentication Dial In User Service (RADIUS) server to handle the 802.1X authentication of users.

To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X, here’s the basic overall steps:

Choose, install, and configure a RADIUS server, or use a hosted service.

Create a certificate authority (CA), so you can issue and install a digital certificate onto the RADIUS server, which may be done as a part of the RADIUS server installation and configuration. Alternatively, you could purchase a digital certificate from a public CA, such

as GoDaddy or Verisign, so you don’t have to install the server certificate on all the clients. If using EAP-TLS, you’d also create digital certificates for each end-user.

On the server, populate the RADIUS client database with the IP address and shared secret for each AP.

On the server, populate user data with usernames and passwords for each end-user. On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server IP address and the shared secret you created for that particular AP.

On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and set the 802.1X authentication settings.

Question No: 8 – (Topic 1)

Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).

  1. Virtual switch

  2. NAT

  3. System partitioning

  4. Access-list

  5. Disable spanning tree

  6. VLAN

Answer: A,F Explanation:

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. A virtual switch is a software application that allows communication between virtual machines. A combination of the two would best satisfy the question.

Question No: 9 – (Topic 1)

Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE).

  1. Spam filter

  2. Load balancer

  3. Antivirus

  4. Proxies

  5. Firewall

  6. NIDS

  7. URL filtering

Answer: D,E,G Explanation:

A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.

Firewalls manage traffic using a rule or a set of rules.

A URL is a reference to a resource that specifies the location of the resource. A URL filter is used to block access to a site based on all or part of a URL.

Question No: 10 – (Topic 1)

A company’s business model was changed to provide more web presence and now its ERM software is no longer able to support the security needs of the company. The current data center will continue to provide network and security services. Which of the following network elements would be used to support the new business model?

  1. Software as a Service

  2. DMZ

  3. Remote access support

  4. Infrastructure as a Service

Answer: A Explanation:

Software as a Service (SaaS) allows for on-demand online access to specific software applications or suites without having to install it locally. This will allow the data center to continue providing network and security services.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE