Ensurepass

QUESTION 621

A security analyst performs the following activities: monitors security logs, installs surveillance cameras and analyzes trend reports. Which of the following job responsibilities is the analyst performing? (Select TWO).

 

A.

Detect security incidents

B.

Reduce attack surface of systems

C.

Implement monitoring controls

D.

Hardening network devices

E.

Prevent unauthorized access

 

Correct Answer: AC

 

 

QUESTION 622

A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire?

 

A.

The certificate will be added to the Certificate Revocation List (CRL).

B.

Clients will be notified that the certificate is invalid.

C.

The ecommerce site will not function until the certificate is renewed.

D.

The ecommerce site will no longer use encryption.

 

Correct Answer: B

 

QUESTION 623

An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used?

 

A.

Routing

B.

DMZ

C.

VLAN

D.

NAT

 

Correct Answer: C

 

 

QUESTION 624

The security administrator needs to restrict traffic on a layer 3 device to support FTP from a new remote site. Which of the following secure network administration principles will need to be implemented?

 

A.

Implicit deny

B.

VLAN management

C.

Port security

D.

Access control lists

 

Correct Answer: D

 

 

QUESTION 625

After a network outage, a PC technician is unable to ping various network devices. The network administrator verifies that those devices are working properly and can be accessed securely. Which of the following is the MOST likely reason the PC technician is unable to ping those devices?

 

A.

ICMP is being blocked

B.

SSH is not enabled

C.

DNS settings are wrong

D.

SNMP is not configured properly

 

Correct Answer: A

 

 

QUESTION 626

The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?

 

A.

WEP

B.

WPA2 CCMP

C.

Disable SSID broadcast and increase power levels

D.

MAC filtering

 

Correct Answer: B

 

 

 

QUESTION 627

After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?

 

A.

Change management

B.

Implementing policies to prevent data loss

C.

User rights and permissions review

D.

Lessons learned

 

Correct Answer: D

 

 

QUESTION 628

Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?

 

A.

User rights and permissions review

B.

Configuration management

C.

Incident management

D.

Implement security controls on Layer 3 devices

 

Correct Answer: A

 

 

QUESTION 629

A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?

 

A.

Symmetric encryption

B.

Non-repudiation

C.

Steganography

D.

Hashing

 

Correct Answer: C

 

 

QUESTION 630

Which of the following concepts describes the use of a one way transformation in order to validate the integrity of a program?

 

A.

Hashing

B.

Key escrow

C.

Non-repudiation

D.

Steganography

 

Correct Answer: A

 

Free VCE & PDF File for CompTIA SY0-401 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.