Verified CompTIA SY0-401 Real Exam Dumps - Up-to Date Question Answers

Question No : 8

Which of the following is a best practice when securing a switch from physical access?

A. Disable unnecessary accounts
B. Print baseline configuration
C. Enable access lists
D. Disable unused ports

Answer: D

Explanation:

Disabling unused switch ports a simple method many network administrators use to help secure their network from unauthorized access. All ports not in use should be disabled. Otherwise, they present an open door for an attacker to enter. Incorrect Answers:
A: Disabling unnecessary accounts would only block those specific accounts.
B: A security baseline is a standardized minimal level of security that all systems in an organization must comply with. Printing it would not secure the switch from physical access.
C: The purpose of an access list is to identify specifically who can enter a facility.

2019 Free Updated Question & Answers - Dumps4Download PDF Dumps

Question No : 7

Which of the following network design elements allows for many internal devices to share one public IP address?

A. DNAT

B. PAT

C. DNS

D. DMZ

Answer: B

Explanation:

Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses. Most home networks use PAT. In such a scenario, the Internet Service Provider (ISP) assigns a single IP address to the home network's router. When Computer X logs on the Internet, the router assigns the client a port number, which is appended to the internal IP address. This, in effect, gives Computer X a unique address. If Computer Z logs on the Internet at the same time, the router assigns it the same local IP address with a different port number. Although both computers are sharing the same public IP address and accessing the Internet at the same time, the router knows exactly which computer to send specific packets to because each computer has a unique internal address. Incorrect Answers:

A: Destination network address translation (DNAT) is a technique for transparently changing the destination IP address of an end route packet and performing the inverse function for any replies. Any router situated between two endpoints can perform this transformation of the packet. DNAT is commonly used to publish a service located in a private network on a publicly accessible IP address. This use of DNAT is also called port forwarding. DNAT does not allow for many internal devices to share one public IP address.

C: DNS (Domain Name System) is a service used to translate hostnames or URLs to IP addresses. DNS does not allow for many internal devices to share one public IP address.

D: A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network. A DMZ does not allow for many internal devices to share one public IP address.

Valid Exam Questions - Latest CompTIA SY0-401 Real Exam Dumps

Question No : 6

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model?

A. Packet Filter Firewall

B. Stateful Firewall

C. Proxy Firewall

D. Application Firewall

Answer: B

Explanation:

Stateful inspections occur at all levels of the network.

Incorrect Answers:

A: Packet-filtering firewalls operate at the Network layer (Layer 3) and the Transport layer (Layer 4) of the Open Systems Interconnect (OSI) model.

C: The proxy function can occur at either the application level or the circuit level.

D: Application Firewalls operates at the Application layer (Layer7) of the OSI model.

Free Updated Question Answers - 2019 CompTIA SY0-401 Exam PDF Dumps4Download

Question No : 5

Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic?

A. Sniffer

B. Router

C. Firewall

D. Switch

Answer: C

Explanation:

Ip tables are a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores.

Incorrect Answers:

A: A sniffer is a tool used in the process of monitoring the data that is transmitted across a network.

B, D: A router is connected to two or more data lines from different networks, whereas a network switch is connected to data lines from one single network. These may include a firewall, but not by default.

Updated CompTIA SY0-401 Exam Questions | Dumps4Download.com

Question NO : 4

The Chief Information Security Officer (CISO) has mandated that all IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?

A. Sniffers
B. NIDS
C. Firewalls
D. Web proxies
E. Layer 2 switches

Answer: C

Dumps4Download | Free SY0-401 Exam Dumps Dumsp4Download.com

Question NO : 3

Which of the following devices would be MOST useful to ensure availability when there are a large
number of requests to a certain website?

A. Protocol analyzer
B. Load balancer
C. VPN concentrator
D. Web security gateway

Answer: B

Explanation:

Load balancing refers to shifting a load from one device to another. A load balancer can be implemented as a software or hardware solution, and it is usually associated with a device—a router, a firewall, NAT appliance, and so on. In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available. Incorrect Answers:A: The terms protocol analyzing and packet sniffing are interchangeable. They refer to the process of monitoring the data that is transmitted across a network.
C: A VPN concentrator is a hardware device used to create remote access VPNs. The concentrator creates encrypted tunnel sessions between hosts, and many use two-factor authentication for additional security

Where can I download SY0-401 Exam Study Material - Get Updated SY0-401 Examdumps PDF Dumps4download.com

Free Verified CompTIA SY0-401 Questions - CompTIA SY0-401 Braindumps

Question NO : 2

An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution?

A. Require IPSec with AH between the servers
B. Require the message-authenticator attribute for each message
C. Use MSCHAPv2 with MPPE instead of PAP
D. Require a long and complex shared secret for the servers

Answer: A

Explanation:

IPsec is used for a secure point-to-point connection traversing an insecure network such as the Internet. Authentication Header (AH) is a primary IPsec protocol that provides authentication of the sender’s data.