EnsurePass
2018 Jan CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/SY0-401.html

CompTIA Security Certification

Question No: 51 – (Topic 1)

An IT director is looking to reduce the footprint of their company’s server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement?

  1. Infrastructure as a Service

  2. Storage as a Service

  3. Platform as a Service

  4. Software as a Service

Answer: A Explanation:

Cloud users install operating-system images and their application software on the cloud infrastructure to deploy their applications. In this model, the cloud user patches and maintains the operating systems and the application software.

Question No: 52 – (Topic 1)

Which of the following BEST describes a demilitarized zone?

  1. A buffer zone between protected and unprotected networks.

  2. A network where all servers exist and are monitored.

  3. A sterile, isolated network segment with access lists.

  4. A private network that is protected by a firewall and a VLAN.

Answer: A Explanation:

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Question No: 53 – (Topic 1)

Which of the following is the default port for TFTP?

  1. 20

  2. 69

  3. 21

  4. 68

Answer: B Explanation:

TFTP makes use of UDP port 69.

Question No: 54 – (Topic 1)

Which of the following firewall rules only denies DNS zone transfers?

  1. deny udp any any port 53

  2. deny ip any any

  3. deny tcp any any port 53

  4. deny all dns packets

Answer: C

Explanation:

DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers.

Question No: 55 – (Topic 1)

Which of the following is BEST used as a secure replacement for TELNET?

  1. HTTPS

  2. HMAC

  3. GPG

  4. SSH

Answer: D Explanation:

SSH transmits both authentication traffic and data in a secured encrypted form, whereas Telnet transmits both authentication credentials and data in clear text.

Question No: 56 – (Topic 1)

Which of the following protocols is used to authenticate the client and server’s digital certificate?

  1. PEAP

  2. DNS

  3. TLS

  4. ICMP

Answer: C Explanation:

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. It uses X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom it is communicating, and to exchange a symmetric key.

Question No: 57 – (Topic 1)

Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?

  1. Connect the WAP to a different switch.

  2. Create a voice VLAN.

  3. Create a DMZ.

  4. Set the switch ports to 802.1q mode.

Answer: B Explanation:

It is a common and recommended practice to separate voice and data traffic by using VLANs. Separating voice and data traffic using VLANs provides a solid security boundary, preventing data applications from reaching the voice traffic. It also gives you a simpler method to deploy QoS, prioritizing the voice traffic over the data.

Question No: 58 – (Topic 1)

The administrator receives a call from an employee named Joe. Joe says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then says that he can get to the sports site on this phone. Which of the following might the administrator need to configure?

  1. The access rules on the IDS

  2. The pop up blocker in the employee’s browser

  3. The sensitivity level of the spam filter

  4. The default block page on the URL filter

Answer: D Explanation:

A URL filter is used to block access to a site based on all or part of a URL. There are a number of URL-filtering tools that can acquire updated master URL block lists from vendors, as well as allow administrators to add or remove URLs from a custom list.

Question No: 59 – (Topic 1)

A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?

  1. SaaS

  2. MaaS

  3. IaaS

  4. PaaS

Answer: B Explanation:

Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud.

Question No: 60 – (Topic 1)

An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?

  1. Initial baseline configuration snapshots

  2. Firewall, IPS and network segmentation

  3. Event log analysis and incident response

  4. Continuous security monitoring processes

Answer: D Explanation:

Continuous monitoring may involve regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations. It also points toward the never-ending review of what resources a user actually accesses, which is critical for preventing insider threats.

Incorrect Options:

A: An initial baseline configuration snapshot would allow for the standardized minimal level of security that all systems in an organization must comply with to be enforced. This will not

cover the non-technical security incidents.

B: A Firewall, IPS and network segmentation will offer technical protection, but not non- technical security protection.

C: Event log analysis and incident response will not cover the non-technical security incidents.

Reference:

Dulaney, Emmett and Chuck Eastton, CompTIA Security Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 154.

Stewart, James Michael, CompTIA Security Review Guide, Sybex, Indianapolis, 2014, pp. 207, 208

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2018 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2018 EnsurePass IT Certification PDF and VCE