Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 151-160

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 151 – (Topic 1)

A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?

  1. Virtualization

  2. Subnetting

  3. IaaS

  4. SaaS

Answer: A Explanation:

Virtualization allows a single set of hardware to host multiple virtual machines.

Question No: 152 – (Topic 1)

Which of the following would allow the organization to divide a Class C IP address range into several ranges?

  1. DMZ

  2. Virtual LANs

  3. NAT

  4. Subnetting

Answer: D Explanation:

Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.

Question No: 153 – (Topic 1)

An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?

  1. SSID broadcast

  2. MAC filter

  3. WPA2

  4. Antenna placement

Answer: A Explanation:

Numerous networks broadcast their name (known as an SSID broadcast) to reveal their


Question No: 154 – (Topic 1)

Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?

  1. Implement WPA

  2. Disable SSID

  3. Adjust antenna placement

  4. Implement WEP

Answer: A

Explanation: Of the options supplied, WiFi Protected Access (WPA) is the most secure and is the replacement for WEP.

Question No: 155 – (Topic 1)

By default, which of the following uses TCP port 22? (Select THREE).

  1. FTPS


  3. TLS

  4. SCP

  5. SSL

  6. HTTPS

  7. SSH

  8. SFTP

Answer: D,G,H Explanation:

G: Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login, remote command execution, but any network service can be secured with SSH. SSH uses port 22.

D: SCP stands for Secure Copy. SCP is used to securely copy files over a network. SCP uses SSH to secure the connection and therefore uses port 22.

H: SFTP stands for stands for Secure File Transfer Protocol and is used for transferring files using FTP over a secure network connection. SFTP uses SSH to secure the connection and therefore uses port 22.

Question No: 156 – (Topic 1)

Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?

  1. HIPS on each virtual machine

  2. NIPS on the network

  3. NIDS on the network

  4. HIDS on each virtual machine

Answer: A Explanation:

Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

Question No: 157 – (Topic 1)

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks.

Which of the following is MOST likely the reason for the sub-interfaces?

  1. The network uses the subnet of

  2. The switch has several VLANs configured on it.

  3. The sub-interfaces are configured for VoIP traffic.

  4. The sub-interfaces each implement quality of service.

Answer: B Explanation:

A subinterface is a division of one physical interface into multiple logical interfaces. Routers

commonly employ subinterfaces for a variety of purposes, most common of these are for routing traffic between VLANs. Also, IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.

Question No: 158 – (Topic 1)

After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?

  1. Reduce the power level of the AP on the network segment

  2. Implement MAC filtering on the AP of the affected segment

  3. Perform a site survey to see what has changed on the segment

  4. Change the WPA2 encryption key of the AP in the affected segment

Answer: A Explanation:

Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far.

Question No: 159 – (Topic 1)

If you don’t know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?

  1. macconfig

  2. ifconfig

  3. ipconfig

  4. config

Answer: B Explanation:

To find MAC address of a Unix/Linux workstation, use ifconfig or ip a.

Question No: 160 – (Topic 1)

On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages.

Which of the following is the MOST likely cause for this issue?

  1. Too many incorrect authentication attempts have caused users to be temporarily disabled.

  2. The DNS server is overwhelmed with connections and is unable to respond to queries.

  3. The company IDS detected a wireless attack and disabled the wireless network.

  4. The Remote Authentication Dial-In User Service server certificate has expired.

Answer: D Explanation:

The question states that the network uses 802.1x with PEAP. The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS). A RADIUS server will be configured with a digital certificate. When a digital certificate is created, an expiration period is configured by the Certificate Authority (CA). The expiration period is commonly one or two years.

The question states that no configuration changes have been made so it’s likely that the certificate has expired.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE