Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 71-80

September 20, 2017

EnsurePass
2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/SY0-401.html

CompTIA Security Certification

Question No: 71 – (Topic 1)

A security technician needs to open ports on a firewall to allow for domain name resolution. Which of the following ports should be opened? (Select TWO).

  1. TCP 21

  2. TCP 23

  3. TCP 53

  4. UDP 23

  5. UDP 53

Answer: C,E Explanation:

DNS uses TCP and UDP port 53. TCP port 53 is used for zone transfers, whereas UDP port 53 is used for queries.

Question No: 72 – (Topic 1)

Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar.

Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?

  1. The system is running 802.1x.

  2. The system is using NAC.

  3. The system is in active-standby mode.

  4. The system is virtualized.

Answer: D Explanation:

Virtualization allows a single set of hardware to host multiple virtual machines.

Question No: 73 – (Topic 1)

Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives?

  1. Virtualization

  2. Remote access

  3. Network access control

  4. Blade servers

Answer: A Explanation:

Because Virtualization allows a single set of hardware to host multiple virtual machines, it requires less hardware to maintain the current scenario.

Question No: 74 – (Topic 1)

A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?

  1. HTTPS

  2. SSH

  3. FTP

  4. TLS

Answer: D

Explanation: Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key. The TLS protocol allows client-server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.

Question No: 75 – (Topic 1)

A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?

  1. Implement a virtual firewall

  2. Install HIPS on each VM

  3. Virtual switches with VLANs

  4. Develop a patch management guide

Answer: C Explanation:

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments.

Question No: 76 – (Topic 1)

A company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?

  1. Create a dynamic PAT from port 80 on the outside interface to the internal interface on port 8080

  2. Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port 80

  3. Create a static PAT from port 80 on the outside interface to the internal interface on port 8080

  4. Create a static PAT from port 8080 on the outside interface to the server IP address on port 80

Answer: C Explanation:

Static PAT translations allow a specific UDP or TCP port on a global address to be translated to a specific port on a local address. In this case, the default HTTP port (80) is

the global address to be translated, and port 8080 is the specific port on a local address.

Incorrect Options:

A: Dynamic PAT is not a valid type of PAT.

B: Dynamic NAT translates a group of real addresses to a pool of mapped addresses that are routable on the destination network. The question also states that the internal server is listening on port 8080.

D: The question states that the internal server is listening on port 8080.

Reference:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_sta ticpat.html

Question No: 77 – (Topic 1)

An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:

  1. stateful firewall

  2. packet-filtering firewall

  3. NIPS

  4. NAT

Answer: D Explanation:

NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system’s request.

Question No: 78 – (Topic 1)

A company determines a need for additional protection from rogue devices plugging into physical ports around the building.

Which of the following provides the highest degree of protection from unauthorized wired network access?

  1. Intrusion Prevention Systems

  2. MAC filtering

  3. Flood guards

D. 802.1x

Answer: D Explanation:

IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless devices connecting to a LAN or WLAN.

Question No: 79 – (Topic 1)

Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?

  1. TCP port 443 and IP protocol 46

  2. TCP port 80 and TCP port 443

  3. TCP port 80 and ICMP

  4. TCP port 443 and SNMP

Answer: B Explanation:

HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall.

Question No: 80 – (Topic 1)

Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department’s server, and the accounting department should not have access to the HR department’s server. The network is separated by switches.

Which of the following is designed to keep the HR department users from accessing the accounting department’s server and vice-versa?

  1. ACLs

  2. VLANs

  3. DMZs

  4. NATS

Answer: B Explanation:

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE