Ensurepass

 

QUESTION 211

DRAG DROP

You have been tasked with designing a security plan for your company. Drag and drop the appropriate security controls on the floor plan-Instructions: All objects must be used and all place holders must be filled Order does not matter When you have completed the simulation, please select the Done button to submit.

 

clip_image002

 

Correct Answer:

 

clip_image004

 

 

QUESTION 212

HOTSPOT

The security administrator has installed a new firewall which implements an implicit DENY policy by default Click on the firewall and configure it to allow ONLY the following communication.

 

1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.

 

2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port

 

3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

 

Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

 

clip_image006

clip_image008

 

 

clip_image009

 

Correct Answer:

clip_image010

 

 

 

 

 

 

 

 

 

 

 

QUESTION 213

Which of the following BEST describes a protective countermeasure for SQL injection?

 

A.

Eliminating cross-site scripting vulnerabilities

B.

Installing an IDS to monitor network traffic

C.

Validating user input in web applications

D.

Placing a firewall between the Internet and database servers

 

Correct Answer: C

 

 

QUESTION 214

Which of the following MOST interferes with network-based detection techniques?

 

A.

Mime-encoding

B.

SSL

C.

FTP

D.

Anonymous email accounts

 

Correct Answer: B

 

 

QUESTION 215

A certificate authority takes which of the following actions in PKI?

 

A.

Signs and verifies all infrastructure messages

B.

Issues and signs all private keys

C.

Publishes key escrow lists to CRLs

D.

Issues and signs all root certificates

 

Correct Answer: D

 

 

QUESTION 216

Use of a smart card to authenticate remote servers remains MOST susceptible to which of the following attacks?

 

A.

Malicious code on the local system

B.

Shoulder surfing

C.

Brute force certificate cracking

D.

Distributed dictionary attacks

 

Correct Answer: A

 

 

QUESTION 217

Separation of duties is often implemented between developers and administrators in order to separate which of the following?

 

A.

More experienced employees from less experienced employees

B.

Changes to program code and the ability to deploy to production

C.

Upper level management users from standard development employees

D.

The network access layer from the application access layer

Correct Answer: B

 

 

QUESTION 218

A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?

 

A.

The request needs to be sent to the incident management team.

B.

The request needs to be approved through the incident management process.

C.

The request needs to be approved through the change management process.

D.

The request needs to be sent to the change management team.

 

Correct Answer: C

 

 

QUESTION 219

Jane, an individual, has recently been calling various financial offices pretending to be another person to gain financial information. Which of the following attacks is being described?

 

A.

Phishing

B.

Tailgating

C.

Pharming

D.

Vishing

 

Correct Answer: D

 

 

QUESTION 220

A user in the company is in charge of various financial roles but needs to prepare for an upcoming audit. They use the same account to access each financial system. Which of the following security controls will MOST likely be implemented within the company?

 

A.

Account lockout policy

B.

Account password enforcement

C.

Password complexity enabled

D.

Separation of duties

 

Correct Answer: D

 

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.