Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 31-40

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 31 – (Topic 1)

It is MOST important to make sure that the firewall is configured to do which of the following?

  1. Alert management of a possible intrusion.

  2. Deny all traffic and only permit by exception.

  3. Deny all traffic based on known signatures.

  4. Alert the administrator of a possible intrusion.

Answer: B Explanation:

Firewalls manage traffic using filters, which is just a rule or set of rules. A recommended guideline for firewall rules is, “deny by default; allow by exception”.

Question No: 32 – (Topic 1)

Sara, the security administrator, must configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?

  1. PAT

  2. NAP

  3. DNAT

  4. NAC

Answer: A Explanation:

Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.

Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network#39;s router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP address with a different port number. Although both computers are sharing the same public IP address and accessing the Internet at the same time, the router knows exactly which computer to send specific packets to because each computer has a unique internal address.

Question No: 33 – (Topic 1)

Which of the following IP addresses would be hosts on the same subnet given the subnet mask (Select TWO).






Answer: C,D Explanation:

With the given subnet mask, a maximum number of 30 hosts between IP addresses and are allowed. Therefore, option C and D would be hosts on the same subnet, and the other options would not.


Question No: 34 CORRECT TEXT – (Topic 1)

Ensurepass 2017 PDF and VCE

Ensurepass 2017 PDF and VCE

Answer: Use the following answer for this simulation task. Source IP

Destination IP Port number TCP/UDP








Any Any Allow

Any Any Allow


Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule’s criteria:

Block the connection Allow the connection

Allow the connection only if it is secured

TCP is responsible for providing a reliable, one-to-one, connection-oriented session. TCP establishes a connection and ensures that the other end receives any packets sent. Two hosts communicate packet results with each other. TCP also ensures that packets are decoded and sequenced properly. This connection is persistent during the session. When the session ends, the connection is torn down.

UDP provides an unreliable connectionless communication method between hosts. UDP is considered a best-effort protocol, but it’s considerably faster than TCP. The sessions don’t establish a synchronized session like the kind used in TCP, and UDP doesn’t guarantee error-free communications. The primary purpose of UDP is to send small packets of information. The application is responsible for acknowledging the correct reception of the data.

Port 22 is used by both SSH and SCP with UDP.

Port 443 is used for secure web connections – HTTPS and is a TCP port.

Thus to make sure only the Accounting computer has HTTPS access to the Administrative server you should use TCP port 443 and set the rule to allow communication between (Accounting) and (Administrative server1)

Thus to make sure that only the HR computer has access to Server2 over SCP you need use of TCP port 22 and set the rule to allow communication between (HR) and (server2)

Thus to make sure that the IT computer can access both the Administrative servers you need to use a port and accompanying port number and set the rule to allow communication

between: (IT computer) and (Administrative server1) (IT computer) and (Administrative server2)


Dulaney, Emmett and Chuck Eastton, CompTIA Security Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 77, 83, 96, 157

Question No: 35 – (Topic 1)

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?

  1. Remove the staff group from the payroll folder

  2. Implicit deny on the payroll folder for the staff group

  3. Implicit deny on the payroll folder for the managers group

  4. Remove inheritance from the payroll folder

Answer: B

Explanation: Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.

Question No: 36 DRAG DROP – (Topic 1)

Drag and drop the correct protocol to its default port.

Ensurepass 2017 PDF and VCE


Ensurepass 2017 PDF and VCE


Ensurepass 2017 PDF and VCE

FTP uses TCP port 21. Telnet uses port 23.

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file- transfer facility based on SSH and Remote Copy Protocol (RCP). Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP).

SMTP uses TCP port 25.

Port 69 is used by TFTP.

SNMP makes use of UDP ports 161 and 162.


Stewart, James Michael, CompTIA Security Review Guide, Sybex, Indianapolis, 2014, pp. 42, 45, 51

Question No: 37 – (Topic 1)

When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator’s request?

  1. DMZ

  2. Cloud services

  3. Virtualization

  4. Sandboxing

Answer: A Explanation:

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Question No: 38 – (Topic 1)

A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company#39;s gateway firewall?




D. PERMIT TCP FROM ANY 1024-65535 TO 443

Answer: D Explanation:

The default HTTPS port is port 443. When configuring SSL VPN you can change the default port for HTTPS to a port within the 1024-65535 range. This ACL will allow traffic from VPNs using the 1024-65535 port range to access the company network via company#39;s gateway firewall on port 443.

Question No: 39 – (Topic 1)

A security analyst needs to ensure all external traffic is able to access the company’s front- end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?

  1. DMZ

  2. Cloud computing

  3. VLAN

  4. Virtualization

Answer: A Explanation:

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Question No: 40 – (Topic 1)

Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?

  1. EAP-MD5

  2. WEP


  4. EAP-TLS

Answer: C Explanation:

PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE