[Free] 2018(June) Ensurepass CompTIA SY0-401 Dumps with VCE and PDF 131-140

Ensurepass.com : Ensure you pass the IT Exams
2018 May CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 131 – (Topic 1)

Which of the following secure file transfer methods uses port 22 by default?

  1. FTPS

  2. SFTP

  3. SSL

  4. S/MIME

Answer: B Explanation:

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Question No: 132 – (Topic 1)

When reviewing security logs, an administrator sees requests for the AAAA record of www.comptia.com. Which of the following BEST describes this type of record?

  1. DNSSEC record

  2. IPv4 DNS record

  3. IPSEC DNS record

  4. IPv6 DNS record

Answer: D

Explanation: The AAAA Address record links a FQDN to an IPv6 address.

Question No: 133 – (Topic 1)

The common method of breaking larger network address space into smaller networks is known as:

  1. subnetting.

  2. phishing.

  3. virtualization.

  4. packet filtering.

Answer: A Explanation:

Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.

Question No: 134 – (Topic 1)

A server is configured to communicate on both VLAN 1 and VLAN 12. VLAN 1 communication works fine, but VLAN 12 does not. Which of the following MUST happen before the server can communicate on VLAN 12?

  1. The server#39;s network switch port must be enabled for 802.11x on VLAN 12.

  2. The server#39;s network switch port must use VLAN Q-in-Q for VLAN 12.

  3. The server#39;s network switch port must be 802.1q untagged for VLAN 12.

  4. The server#39;s network switch port must be 802.1q tagged for VLAN 12.

Answer: D Explanation:

802.1q is a standard that defines a system of VLAN tagging for Ethernet frames. The purpose of a tagged port is to pass traffic for multiple VLAN#39;s.

Incorrect Options:

A: 802.11x provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

B: VLAN Q-in-Q allows multiple VLAN tags to be inserted into a single frame. C: The purpose an untagged port is to accept traffic for a single VLAN only.

Reference: https://en.wikipedia.org/wiki/IEEE_802.1Q

https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Fu ndamentals_of_802.1Q_VLAN_Tagging



Question No: 135 – (Topic 1)

Which of the following ports should be used by a system administrator to securely manage a remote server?

  1. 22

  2. 69 C. 137 D. 445

Answer: A Explanation:

Secure Shell (SSH) is a more secure replacement for Telnet, rlogon, rsh, and rcp. SSH can be called a remote access or remote terminal solution. SSH offers a means by which a command-line, text-only interface connection with a server, router, switch, or similar device can be established over any distance. SSH makes use of TCP port 22.

Question No: 136 – (Topic 1)

Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks?

  1. Implement a HIDS to protect the SCADA system

  2. Implement a Layer 2 switch to access the SCADA system

  3. Implement a firewall to protect the SCADA system

  4. Implement a NIDS to protect the SCADA system

Answer: C Explanation:

Firewalls manage traffic using filters, which is just a rule or set of rules. A recommended guideline for firewall rules is, “deny by default; allow by exception”. This means that if a network connection is not specifically allowed, it will be denied.

Question No: 137 – (Topic 1)

A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface.


Which of the following rules would accomplish this task? (Select TWO).

  1. Change the firewall default settings so that it implements an implicit deny

  2. Apply the current ACL to all interfaces of the firewall

  3. Remove the current ACL

  4. Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53

  5. Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53

  6. Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53

Answer: A,F Explanation:

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.

DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. These are zone file exchanges between DNS servers, special manual queries, or used when a response exceeds 512 bytes. UDP port 53 is used for most typical DNS queries.

Question No: 138 – (Topic 1)

A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?

  1. ICMP

  2. BGP

  3. NetBIOS

  4. DNS

Answer: C Explanation:

The LMHOSTS file provides a NetBIOS name resolution method that can be used for small networks that do not use a WINS server. NetBIOS has been adapted to run on top of TCP/IP, and is still extensively used for name resolution and registration in Windows-based environments.

Question No: 139 – (Topic 1)

An auditor is given access to a conference room to conduct an analysis. When they connect their laptop’s Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue?

  1. Ethernet cable is damaged

  2. The host firewall is set to disallow outbound connections

  3. Network Access Control

  4. The switch port is administratively shutdown

Answer: C Explanation:

Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.

Question No: 140 – (Topic 1)

A security analyst needs to logon to the console to perform maintenance on a remote server. Which of the following protocols would provide secure access?

  1. SCP

  2. SSH

  3. SFTP

  4. HTTPS

Answer: B Explanation:

Secure Shell (SSH) is a tunneling protocol originally used on Unix systems. It’s now available for both Unix and Windows environments. SSH is primarily intended for interactive terminal sessions.

SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance.

100% Ensurepass Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Ensurepass Free Guaranteed!
SY0-401 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.