Ensurepass.com : Ensure you pass the IT Exams
2018 Jan CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 171 – (Topic 1)

Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect.

Which of the following is MOST likely the reason?

  1. The company wireless is using a MAC filter.

  2. The company wireless has SSID broadcast disabled.

  3. The company wireless is using WEP.

  4. The company wireless is using WPA2.

Answer: A Explanation:

MAC filtering allows you to include or exclude computers and devices based on their MAC address.

Question No: 172 – (Topic 1)

After entering the following information into a SOHO wireless router, a mobile device’s user reports being unable to connect to the network:

PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB

Which of the following is preventing the device from connecting?

  1. WPA2-PSK requires a supplicant on the mobile device.

  2. Hardware address filtering is blocking the device.

  3. TCP/IP Port filtering has been implemented on the SOHO router.

  4. IP address filtering has disabled the device from connecting.

Answer: B Explanation:

MAC filtering allows you to include or exclude computers and devices based on their MAC address.

Question No: 173 – (Topic 1)

After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely.

Which of the following is the MOST likely reason the PC technician is unable to ping those devices?

  1. ICMP is being blocked

  2. SSH is not enabled

  3. DNS settings are wrong

  4. SNMP is not configured properly

Answer: A Explanation:

ICMP is a protocol that is commonly used by tools such as ping, traceroute, and pathping. ICMP offers no information If ICMP request queries go unanswered, or ICMP replies are lost or blocked.

Question No: 174 – (Topic 1)

Which of the following would Pete, a security administrator, MOST likely implement in order to allow employees to have secure remote access to certain internal network services such as file servers?

  1. Packet filtering firewall

  2. VPN gateway

  3. Switch

  4. Router

Answer: B Explanation:

VPNs are usually employed to allow remote access users to connect to and access the network, and offer connectivity between two or more private networks or LANs. A VPN gateway (VPN router) is a connection point that connects two LANs via a nonsecure network such as the Internet.

Question No: 175 – (Topic 1)

Which of the following best practices makes a wireless network more difficult to find?

  1. Implement MAC filtering

  2. UseWPA2-PSK

  3. Disable SSID broadcast

  4. Power down unused WAPs

Answer: C


Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.

Question No: 176 – (Topic 1)

Which of the following ports is used to securely transfer files between remote UNIX systems?

  1. 21

  2. 22

  3. 69

D. 445

Answer: B Explanation:

SCP copies files securely between hosts on a network. It uses SSH for data transfer, and uses the same authentication and provides the same security as SSH. Unlike RCP, SCP will ask for passwords or passphrases if they are needed for authentication.

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Question No: 177 – (Topic 1)

The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO’s direction but has mandated that key authentication systems be run within the organization’s network. Which of the following would BEST meet the CIO and CRO’s requirements?

  1. Software as a Service

  2. Infrastructure as a Service

  3. Platform as a Service

  4. Hosted virtualization service

Answer: A Explanation:

Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.

Question No: 178 – (Topic 1)

Configuring key/value pairs on a RADIUS server is associated with deploying which of the following?

  1. WPA2-Enterprise wireless network

  2. DNS secondary zones

  3. Digital certificates

  4. Intrusion detection system

Answer: A Explanation:

WPA2-Enterprise is designed for enterprise networks and requires a RADIUS authentication server.

Question No: 179 – (Topic 1)

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?

  1. Implicit deny

  2. VLAN management

  3. Port security

  4. Access control lists

Answer: D Explanation:

In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this question we need to configure routing. When configuring routing, you specify

which IP range (in this case, the IP subnet of the remote site) is allowed to route traffic through the router to the FTP server.

Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.

Question No: 180 – (Topic 1)

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model?

  1. Packet Filter Firewall

  2. Stateful Firewall

  3. Proxy Firewall

  4. Application Firewall

Answer: B Explanation:

Stateful inspections occur at all levels of the network.

100% Ensurepass Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
SY0-401 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No