Latest Certified Success Dumps Download

SY0-401 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 81-90

September 20, 2017

2017 Sep CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 81 – (Topic 1)

Ann is an employee in the accounting department and would like to work on files from her home computer. She recently heard about a new personal cloud storage service with an easy web interface. Before uploading her work related files into the cloud for access, which of the following is the MOST important security concern Ann should be aware of?

  1. Size of the files

  2. Availability of the files

  3. Accessibility of the files from her mobile device

  4. Sensitivity of the files

Answer: D Explanation:

Cloud computing has privacy concerns, regulation compliance difficulties, use of open-

/closed-source solutions, and adoption of open standards. It is also unsure whether cloud- based data is actually secured (or even securable).

Question No: 82 – (Topic 1)

Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be considered components of:

  1. Redundant systems.

  2. Separation of duties.

  3. Layered security.

  4. Application control.

Answer: C Explanation:

Layered security is the practice of combining multiple mitigating security controls to protect resources and data.

Question No: 83 – (Topic 1)

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?

  1. WAF

  2. NIDS

  3. Routers

  4. Switches

Answer: A Explanation:

A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the OSI model, then web application firewall (WAF) is the correct answer.

Question No: 84 – (Topic 1)

An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?

  1. Use a stateful firewall

  2. Enable MAC filtering

  3. Upgrade to WPA2 encryption

  4. Force the WAP to use channel 1

Answer: B Explanation:

MAC addresses are also known as an Ethernet hardware address (EHA), hardware address or physical address. Enabling MAC filtering would allow for a WAP to restrict or allow access based on the hardware address of the device.

Question No: 85 – (Topic 1)

Users are unable to connect to the web server at IP Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?


  1. It implements stateful packet filtering.

  2. It implements bottom-up processing.

  3. It failed closed.

  4. It implements an implicit deny.

Answer: D Explanation:

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.

Question No: 86 – (Topic 1)

Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files?

  1. Failed authentication attempts

  2. Network ping sweeps

  3. Host port scans

  4. Connections to port 22

Answer: D Explanation:

Log analysis is the art and science of reviewing audit trails, log files, or other forms of computer-generated records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern.

SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP, SHTTP, SCP, SExec, and slogin.

Question No: 87 – (Topic 1)

An organization has three divisions: Accounting, Sales, and Human Resources. Users in the Accounting division require access to a server in the Sales division, but no users in the Human Resources division should have access to resources in any other division, nor should any users in the Sales division have access to resources in the Accounting division. Which of the following network segmentation schemas would BEST meet this objective?

  1. Create two VLANS, one for Accounting and Sales, and one for Human Resources.

  2. Create one VLAN for the entire organization.

  3. Create two VLANs, one for Sales and Human Resources, and one for Accounting.

  4. Create three separate VLANS, one for each division.

Answer: D Explanation:

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Question No: 88 – (Topic 1)

An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution?

  1. Require IPSec with AH between the servers

  2. Require the message-authenticator attribute for each message

  3. Use MSCHAPv2 with MPPE instead of PAP

  4. Require a long and complex shared secret for the servers

Answer: A Explanation:

IPsec is used for a secure point-to-point connection traversing an insecure network such as the Internet. Authentication Header (AH) is a primary IPsec protocol that provides authentication of the sender’s data.

Question No: 89 – (Topic 1)

A security administrator is tasked with ensuring that all devices have updated virus definition files before they are allowed to access network resources. Which of the following technologies would be used to accomplish this goal?

  1. NIDS

  2. NAC

  3. DLP

  4. DMZ

  5. Port Security

Answer: B Explanation:

Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies.

Question No: 90 – (Topic 1)

Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website?

  1. Protocol analyzer

  2. Load balancer

  3. VPN concentrator

  4. Web security gateway

Answer: B Explanation:

Load balancing refers to shifting a load from one device to another. A load balancer can be implemented as a software or hardware solution, and it is usually associated with a device-a router, a firewall, NAT appliance, and so on. In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE