Ensurepass.com : Ensure you pass the IT Exams
2018 Jan CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 181 – (Topic 1)

Which of the following protocols operates at the HIGHEST level of the OSI model?

  1. ICMP

  2. IPSec

  3. SCP

  4. TCP

Answer: C Explanation:

SCP (Secure Copy) uses SSH (Secure Shell). SSH runs in the application layer (layer 7) of the OSI model.

Question No: 182 – (Topic 1)

Which of the following BEST describes the weakness in WEP encryption?

  1. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.

  2. The WEP key is stored in plain text and split in portions across 224 packets of random data.

    Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.

  3. The WEP key has a weak MD4 hashing algorithm used.

    A simple rainbow table can be used to generate key possibilities due to MD4 collisions.

  4. The WEP key is stored with a very small pool of random numbers to make the cipher text.

As the random numbers are often reused it becomes easy to derive the remaining WEP key.

Answer: D Explanation:

WEP is based on RC4, but due to errors in design and implementation, WEP is weak in a number of areas, two of which are the use of a static common key and poor implementation of initiation vectors (IVs). When the WEP key is discovered, the attacker can join the network and then listen in on all other wireless client communications.

Question No: 183 – (Topic 1)

A security engineer is reviewing log data and sees the output below:

POST: /payload.php HTTP/1.1 HOST: localhost

Accept: */*

Referrer: http://localhost/


HTTP/1.1 403 Forbidden Connection: close

Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log?

  1. Host-based Intrusion Detection System

  2. Web application firewall

  3. Network-based Intrusion Detection System

  4. Stateful Inspection Firewall

  5. URL Content Filter

Answer: B Explanation:

A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. It’s intended to be an application-specific firewall to prevent cross-site scripting, SQL injection, and other web application attacks.

Question No: 184 – (Topic 1)

The security administrator at ABC company received the following log information from an external party:

10:45:01 EST, SRC, DST, ALERT, Directory traversal

10:45:02 EST, SRC, DST, ALERT, Account brute force

10:45:03 EST, SRC, DST, ALERT, Port scan

The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC company’s security administrator is unable to determine the origin of the attack?

  1. A NIDS was used in place of a NIPS.

  2. The log is not in UTC.

  3. The external party uses a firewall.

  4. ABC company uses PAT.

Answer: D Explanation:

PAT would ensure that computers on ABC’s LAN translate to the same IP address, but with a different port number assignment. The log information shows the IP address, not the port number, making it impossible to pin point the exact source.

Question No: 185 – (Topic 1)

A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?

  1. NAT and DMZ

  2. VPN and IPSec

  3. Switches and a firewall

  4. 802.1x and VLANs

Answer: D Explanation:

802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection- management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS ), and Network Access Control (NAC).

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. By default, all ports on a switch are part of VLAN 1. But as the switch administrator changes the VLAN assignment on a port-by-port basis, various ports can be grouped together and be distinct from other VLAN port designations. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Question No: 186 – (Topic 1)

Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point?

  1. Placement of antenna

  2. Disabling the SSID

  3. Implementing WPA2

  4. Enabling the MAC filtering

Answer: A Explanation:

You should try to avoid placing access points near metal (which includes appliances) or near the ground. Placing them in the center of the area to be served and high enough to get around most obstacles is recommended. On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided.

Question No: 187 – (Topic 1)

Pete, the system administrator, wishes to monitor and limit users’ access to external websites.

Which of the following would BEST address this?

  1. Block all traffic on port 80.

  2. Implement NIDS.

  3. Use server load balancers.

  4. Install a proxy server.

Answer: D Explanation:

A proxy is a device that acts on behalf of other(s). In the interest of security, all internal user interaction with the Internet should be controlled through a proxy server. The proxy server should automatically block known malicious sites. The proxy server should cache often-accessed sites to improve performance.

Question No: 188 – (Topic 1)

An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?

  1. WEP

  2. LEAP

  3. EAP-TLS

  4. TKIP

Answer: C Explanation:

The majority of the EAP-TLS implementations require client-side X.509 certificates without giving the option to disable the requirement.

Question No: 189 – (Topic 1)

Pete, an employee, attempts to visit a popular social networking site but is blocked. Instead, a page is displayed notifying him that this site cannot be visited. Which of the following is MOST likely blocking Pete’s access to this site?

  1. Internet content filter

  2. Firewall

  3. Proxy server

  4. Protocol analyzer

Answer: A Explanation:

Web filtering software is designed to restrict or control the content a reader is authorised to access, especially when utilised to restrict material delivered over the Internet via the Web, e-mail, or other means.

Question No: 190 – (Topic 1)

A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?

  1. 20

  2. 21

  3. 22

  4. 23

Answer: B Explanation:

When establishing an FTP session, clients start a connection to an FTP server that listens on TCP port 21 by default.

100% Ensurepass Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Comments are closed.