180 likes | 198 Vues
ExamsLead.com is the best site for CompTIA certification exams. They provide authentic CompTIA Security SY0-401 exam dumps questions in PDF format. We have best SY0-401 training material for preparation of CompTIA Security exam questions and answers. ExamsLead provide updated and latest CompTIA SY0-401 practice exam questions. Download SY0-401 Dumps PDF with new questions answers and prepare your CompTIA SY0-401 test easily. https://examslead.com/SY0-401-practice-exam-dumps/
E N D
CompTIA SY0-401 Exam CompTIA Security+ Questions & Answers (Demo Version) https://examslead.com/SY0-401-practice-exam-dumps/ Buy Full Product Here:
Version: 39.0 Question 1 Sara, the security administrator, must confiure the corporate freeaaa to aaaoe aaa pubaic IP addresses on the internaa interface of the freeaaa to be transaated to one pubaic IP address on the externaa interface of the same freeaaal Which of the foaaoeini shouad Sara confiuree Al PAT Bl NAP Cl DNAT Dl NAC Aoswern A Expaanatonn Port Address Transaaton (PAT), is an extension to neteork address transaaton (NAT) that permits muatpae devices on a aocaa area neteork (LAN) to be mapped to a siniae pubaic IP addressl The ioaa of PAT is to conserve IP addressesl Most home neteorks use PATl In such a scenario, the Internet Service Provider (ISP) assiins a siniae IP address to the home neteork's routerl When Computer X aois on the Internet, the router assiins the caient a port number, ehich is appended to the internaa IP addressl This, in efect, iives Computer X a unique addressl If Computer Z aois on the Internet at the same tme, the router assiins it the same aocaa IP address eith a diferent port numberl Aathouih both computers are sharini the same pubaic IP address and accessini the Internet at the same tme, the router knoes exactay ehich computer to send specifc packets to because each computer has a unique internaa addressl Incorrect Anseersn Bn NAP is a Microsof technoaoiy for controaaini neteork access of a computer host based on system heaath of the hostl Cn Destnaton neteork address transaaton (DNAT) is a technique for transparentay chaniini the destnaton IP address of an end route packet and performini the inverse functon for any repaiesl Any router situated beteeen teo endpoints can perform this transformaton of the packetl DNAT is commonay used to pubaish a service aocated in a private neteork on a pubaicay accessibae IP addressl This use of DNAT is aaso caaaed port foreardinil DNAT does not aaaoe for many internaa devices to share one pubaic IP addressl Dn NAC is an approach to computer neteork security that atempts to unify endpoint security technoaoiy (such as antvirus, host intrusion preventon, and vuanerabiaity assessment), user or system authentcaton and neteork security enforcementl Referencesn htpn::searchneteorkiniltechtarietlcom:defniton:Port-Address-Transaaton-PAT htpn::enleikipedialori:eiki:Neteork_Access_Protecton htpn::enleikipedialori:eiki:Neteork_address_transaatonoDNAT htpn::enleikipedialori:eiki:Neteork_Access_Controa Question 2 Which of the foaaoeini devices is MOST aikeay beini used ehen processini the foaaoeinie
1 PERMIT IP ANY ANY EQ 80 2 DENY IP ANY ANY Al Fireeaaa Bl NIPS Cl Load baaancer Dl URL fater Aoswern A Expaanatonn Fireeaaas, routers, and even seitches can use ACLs as a method of security manaiementl An access controa aist has a deny ip any any impaicitay at the end of any access controa aistl ACLs deny by defauat and aaaoe by exceptonl Incorrect Anseersn Bn Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc by anaayzini protocoa actvityl Cn A aoad baaancer is used to distribute neteork trafc aoad across severaa neteork ainks or neteork devicesl Dn A URL fater is used to baock URLs (eebsites) to prevent users accessini the eebsitel Referencesn Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 10, 24 htpn::eeelciscolcom:c:en:us:support:docs:security:ios-freeaaa:22302-confaccessaistslhtma htpn::enleikipedialori:eiki:Intrusion_preventon_system htpn::eeelprovisionlro:threat-manaiement:eeb-appaicaton-security:ura-fateriniopaiei-1|paiep-1| Question 3 The security administrator at ABC company received the foaaoeini aoi informaton from an externaa partyn 10n45n01 EST, SRC 10l4l2l7n2053, DST 8l4l2l1n80, ALERT, Directory traversaa 10n45n02 EST, SRC 10l4l2l7n2057, DST 8l4l2l1n80, ALERT, Account brute force 10n45n02 EST, SRC 10l4l2l7n2058, DST 8l4l2l1n80, ALERT, Port scan The externaa party is reportni atacks comini from abc-companylcoml Which of the foaaoeini is the reason the ABC company’s security administrator is unabae to determine the oriiin of the atacke Al A NIDS eas used in paace of a NIPSl Bl The aoi is not in UTCl Cl The externaa party uses a freeaaal Dl ABC company uses PATl Aoswern D Expaanatonn PAT eouad ensure that computers on ABC’s LAN transaate to the same IP address, but eith a diferent port number assiinmentl The aoi informaton shoes the IP address, not the port number, makini it impossibae to pin point the exact sourcel
Incorrect Anseersn An A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteork- focused atacks, such as bandeidth-based DoS atacksl This eiaa not have any bearini on the security administrator at ABC Company fndini the root of the atackl Bn UTC is the abbreviaton for Coordinated Universaa Time, ehich is the primary tme standard by ehich the eorad reiuaates caocks and tmel The tme in the aoi is not the issue in this casel Cn Whether the externaa party uses a freeaaa or not eiaa not have any bearini on the security administrator at ABC Company fndini the root of the atackl Referencesn htpn::eeeleebopedialcom:TERM:P:PATlhtma htpn::enleikipedialori:eiki:Intrusion_preventon_system htpn::enleikipedialori:eiki:Coordinated_Universaa_Time Question 4 Which of the foaaoeini security devices can be repaicated on a Linux based computer usini IP tabaes to inspect and properay handae neteork based trafce Al Snifer Bl Router Cl Fireeaaa Dl Seitch Aoswern C Expaanatonn Ip tabaes are a user-space appaicaton proiram that aaaoes a system administrator to confiure the tabaes provided by the Linux kernea freeaaa and the chains and ruaes it storesl Incorrect Anseersn An A snifer is a tooa used in the process of monitorini the data that is transmited across a neteorkl B, Dn A router is connected to teo or more data aines from diferent neteorks, ehereas a neteork seitch is connected to data aines from one siniae neteorkl These may incaude a freeaaa, but not by defauatl Referencesn htpn::enleikipedialori:eiki:Iptabaes Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, pl 242 htpn::enleikipedialori:eiki:Router_(computni) Question 5 Which of the foaaoeini freeaaa types inspects Ethernet trafc at the MOST aeveas of the OSI modeae Al Packet Fiater Fireeaaa Bl Statefua Fireeaaa Cl Proxy Fireeaaa Dl Appaicaton Fireeaaa
Aoswern B Expaanatonn Statefua inspectons occur at aaa aeveas of the neteorkl Incorrect Anseersn An Packet-faterini freeaaas operate at the Neteork aayer (Layer 2) and the Transport aayer (Layer 4) of the Open Systems Interconnect (OSI) modeal Cn The proxy functon can occur at either the appaicaton aevea or the circuit aeveal Dn Appaicaton Fireeaaas operates at the Appaicaton aayer (Layer7) of the OSI modeal Referencesn Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, ppl 98-100 Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 3 Question 6 The Chief Informaton Security Ofcer (CISO) has mandated that aaa IT systems eith credit card data be seireiated from the main corporate neteork to prevent unauthorized access and that access to the IT systems shouad be aoiiedl Which of the foaaoeini eouad BEST meet the CISO’s requirementse Al Snifers Bl NIDS Cl Fireeaaas Dl Web proxies El Layer 2 seitches Aoswern C Expaanatonn The basic purpose of a freeaaa is to isoaate one neteork from anotherl Incorrect Anseersn An The terms protocoa anaayzer and packet snifer are interchanieabael They refer to the tooas used in the process of monitorini the data that is transmited across a neteorkl Bn A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteork- focused atacks, such as bandeidth-based DoS atacksl Dn Web proxies are used to foreard HTTP requestsl En Layer 2 seitchini uses the media access controa address (MAC address) from the host's neteork interface cards (NICs) to decide ehere to foreard framesl Layer 2 seitchini is hardeare based, ehich means seitches use appaicaton-specifc inteirated circuit (ASICs) to buiad and maintain fater tabaes (aaso knoen as MAC address tabaes or CAM tabaes)l Referencesn Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, pl 242 htpn::enleikipedialori:eiki:Intrusion_preventon_system htpn::enleikipedialori:eiki:LAN_seitchini htpn::enleikipedialori:eiki:Proxy_serveroWeb_proxy_servers
Question 7 Which of the foaaoeini neteork desiin eaements aaaoes for many internaa devices to share one pubaic IP addresse Al DNAT Bl PAT Cl DNS Dl DMZ Aoswern B Expaanatonn Port Address Transaaton (PAT), is an extension to neteork address transaaton (NAT) that permits muatpae devices on a aocaa area neteork (LAN) to be mapped to a siniae pubaic IP addressl The ioaa of PAT is to conserve IP addressesl Most home neteorks use PATl In such a scenario, the Internet Service Provider (ISP) assiins a siniae IP address to the home neteork's routerl When Computer X aois on the Internet, the router assiins the caient a port number, ehich is appended to the internaa IP addressl This, in efect, iives Computer X a unique addressl If Computer Z aois on the Internet at the same tme, the router assiins it the same aocaa IP address eith a diferent port numberl Aathouih both computers are sharini the same pubaic IP address and accessini the Internet at the same tme, the router knoes exactay ehich computer to send specifc packets to because each computer has a unique internaa addressl Incorrect Anseersn An Destnaton neteork address transaaton (DNAT) is a technique for transparentay chaniini the destnaton IP address of an end route packet and performini the inverse functon for any repaiesl Any router situated beteeen teo endpoints can perform this transformaton of the packetl DNAT is commonay used to pubaish a service aocated in a private neteork on a pubaicay accessibae IP addressl This use of DNAT is aaso caaaed port foreardinil DNAT does not aaaoe for many internaa devices to share one pubaic IP addressl Cn DNS (Domain Name System) is a service used to transaate hostnames or URLs to IP addressesl DNS does not aaaoe for many internaa devices to share one pubaic IP addressl Dn A DMZ or demiaitarized zone is a physicaa or aoiicaa subneteork that contains and exposes an orianizaton's externaa-facini services to a aarier and untrusted neteork, usuaaay the Internetl The purpose of a DMZ is to add an additonaa aayer of security to an orianizaton's aocaa area neteork (LAN); an externaa neteork node onay has direct access to equipment in the DMZ, rather than any other part of the neteorkl A DMZ does not aaaoe for many internaa devices to share one pubaic IP addressl Referencesn htpn::searchneteorkiniltechtarietlcom:defniton:Port-Address-Transaaton-PAT htpn::enleikipedialori:eiki:Neteork_address_transaatonoDNAT htpn::enleikipedialori:eiki:Domain_Name_System htpn::enleikipedialori:eiki:DMZ_(computni) Question 8 Which of the foaaoeini is a best practce ehen securini a seitch from physicaa accesse
Al Disabae unnecessary accounts Bl Print baseaine confiuraton Cl Enabae access aists Dl Disabae unused ports Aoswern D Expaanatonn Disabaini unused seitch ports a simpae method many neteork administrators use to heap secure their neteork from unauthorized accessl Aaa ports not in use shouad be disabaedl Othereise, they present an open door for an atacker to enterl Incorrect Anseersn An Disabaini unnecessary accounts eouad onay baock those specifc accountsl Bn A security baseaine is a standardized minimaa aevea of security that aaa systems in an orianizaton must compay eithl Printni it eouad not secure the seitch from physicaa accessl Cn The purpose of an access aist is to identfy specifcaaay eho can enter a faciaityl Referencesn htpn::orbit-computer-soautonslcom:Hoe-To-Confiure-Seitch-Securitylphp Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, pl 30 Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 207 Question 9 Which of the foaaoeini devices eouad be MOST usefua to ensure avaiaabiaity ehen there are a aarie number of requests to a certain eebsitee Al Protocoa anaayzer Bl Load baaancer Cl VPN concentrator Dl Web security iateeay Aoswern B Expaanatonn Load baaancini refers to shifini a aoad from one device to anotherl A aoad baaancer can be impaemented as a sofeare or hardeare soauton, and it is usuaaay associated eith a device—a router, a freeaaa, NAT appaiance, and so onl In its most common impaementaton, a aoad baaancer spaits the trafc intended for a eebsite into individuaa requests that are then rotated to redundant servers as they become avaiaabael Incorrect Anseersn An The terms protocoa anaayzini and packet snifni are interchanieabael They refer to the process of monitorini the data that is transmited across a neteorkl Cn A VPN concentrator is a hardeare device used to create remote access VPNsl The concentrator creates encrypted tunnea sessions beteeen hosts, and many use teo-factor authentcaton for additonaa securityl Dn One of the neeest buzzeords is eeb security iateeay, ehich can be thouiht of as a proxy server (performini proxy and cachini functons) eith eeb protecton sofeare buiat inl Dependini on the
vendor, the “eeb protectonn can ranie from a standard virus scanner on incomini packets to monitorini outioini user trafc for red fais as eeaal Referencesn Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, ppl 102, 104, 118 Question 10 Pete, the system administrator, eishes to monitor and aimit users’ access to externaa eebsitesl Which of the foaaoeini eouad BEST address thise Al Baock aaa trafc on port 80l Bl Impaement NIDSl Cl Use server aoad baaancersl Dl Instaaa a proxy serverl Aoswern D Expaanatonn A proxy is a device that acts on behaaf of other(s)l In the interest of security, aaa internaa user interacton eith the Internet shouad be controaaed throuih a proxy serverl The proxy server shouad automatcaaay baock knoen maaicious sitesl The proxy server shouad cache ofen-accessed sites to improve performancel Incorrect Anseersn An A neteork-based IDS (NIDS) approach to IDS ataches the system to a point in the neteork ehere it can monitor and report on aaa neteork trafcl Bn This eouad baock aaa eeb trafc, as port 80 is used for Worad Wide Webl Cn In its most common impaementaton, a aoad baaancer spaits the trafc intended for a eebsite into individuaa requests that are then rotated to redundant servers as they become avaiaabael Referencesn Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, ppl 98, 102, 111 Question 11 Mike, a neteork administrator, has been asked to passiveay monitor neteork trafc to the company’s saaes eebsitesl Which of the foaaoeini eouad be BEST suited for this taske Al HIDS Bl Fireeaaa Cl NIPS Dl Spam fater Aoswern C Expaanatonn
Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc by anaayzini protocoa actvityl Incorrect Anseersn An A host-based IDS (HIDS) eatches the audit traias and aoi f aes of a host systeml It’s reaiabae for detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini perpetrated by a user aocaaay aoiied in to the hostl Bn Fireeaaas provide protecton by controaaini trafc enterini and aeavini a neteorkl Dn A spam fater is a sofeare or hardeare tooa ehose primary purpose is to identfy and baock:fater:remove uneanted messaies (that is, spam)l Spam is most commonay associated eith emaia, but spam aaso exists in instant messaiini (IM), short messaie service (SMS), Usenet, and eeb discussions:forums:comments:baoisl Referencesn htpn::enleikipedialori:eiki:Intrusion_preventon_system Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 42, 47 Question 12 Which of the foaaoeini shouad be depaoyed to prevent the transmission of maaicious trafc beteeen virtuaa machines hosted on a siniuaar physicaa device on a neteorke Al HIPS on each virtuaa machine Bl NIPS on the neteork Cl NIDS on the neteork Dl HIDS on each virtuaa machine Aoswern A Expaanatonn Host-based intrusion preventon system (HIPS) is an instaaaed sofeare packaie ehich monitors a siniae host for suspicious actvity by anaayzini events occurrini eithin that hostl Incorrect Anseersn Bn Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc by anaayzini protocoa actvityl Cn A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteork- focused atacks, such as bandeidth-based DoS atacksl Dn A host-based IDS (HIDS) eatches the audit traias and aoi faes of a host systeml It’s reaiabae for detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini perpetrated by a user aocaaay aoiied in to the hostl Referencesn htpn::enleikipedialori:eiki:Intrusion_preventon_system Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 21 Question 13 Pete, a security administrator, has observed repeated atempts to break into the neteorkl Which of the foaaoeini is desiined to stop an intrusion on the neteorke
Al NIPS Bl HIDS Cl HIPS Dl NIDS Aoswern A Expaanatonn Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc by anaayzini protocoa actvityl The main functons of intrusion preventon systems are to identfy maaicious actvity, aoi informaton about this actvity, atempt to baock:stop it, and report it Incorrect Anseersn Bn A host-based IDS (HIDS) eatches the audit traias and aoi faes of a host systeml It’s reaiabae for detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini perpetrated by a user aocaaay aoiied in to the hostl Cn Host-based intrusion preventon system (HIPS) is an instaaaed sofeare packaie ehich monitors a siniae host for suspicious actvity by anaayzini events occurrini eithin that hostl Dn A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteork- focused atacks, such as bandeidth-based DoS atacksl Referencesn htpn::enleikipedialori:eiki:Intrusion_preventon_system Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 21 Question 14 An administrator is aookini to impaement a security device ehich eiaa be abae to not onay detect neteork intrusions at the orianizaton aevea, but heap defend aiainst them as eeaal Which of the foaaoeini is beini described heree Al NIDS Bl NIPS Cl HIPS Dl HIDS Aoswern B Expaanatonn Neteork-based intrusion preventon system (NIPS) monitors the entre neteork for suspicious trafc by anaayzini protocoa actvityl The main functons of intrusion preventon systems are to identfy maaicious actvity, aoi informaton about this actvity, atempt to baock:stop it, and report it Incorrect Anseersn An A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteork- focused atacks, such as bandeidth-based DoS atacksl Cn Host-based intrusion preventon system (HIPS) is an instaaaed sofeare packaie ehich monitors a siniae host for suspicious actvity by anaayzini events occurrini eithin that hostl Dn A host-based IDS (HIDS) eatches the audit traias and aoi faes of a host systeml It’s reaiabae for detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini
perpetrated by a user aocaaay aoiied in to the hostl Referencesn htpn::enleikipedialori:eiki:Intrusion_preventon_system Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 21 Question 15 In intrusion detecton system vernacuaar, ehich account is responsibae for setni the security poaicy for an orianizatone Al Supervisor Bl Administrator Cl Root Dl Director Aoswern B Expaanatonn The administrator is the person responsibae for setni the security poaicy for an orianizaton and is responsibae for makini decisions about the depaoyment and confiuraton of the IDSl Incorrect Anseersn A, Cn Aamost every operatni system in use today empaoys the concept of diferentaton beteeen users and iroups at varyini aeveasl As an exampae, there is aaeays a system administrator (SA) account that has iodaike controa over everythinin root in Unix:Linux, admin (or a deviaton of it) in Windoes, administrator in Appae OS X, supervisor in Noveaa NetWare, and so onl Dn A director is a person from a iroup of manaiers eho aeads or supervises a partcuaar area of a company, proiram, or projectl Referencesn Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, ppl 107, 152 htpn::enleikipedialori:eiki:Director_(business) Question 16 When performini the daiay reviee of the system vuanerabiaity scans of the neteork Joe, the administrator, notced severaa security reaated vuanerabiaites eith an assiined vuanerabiaity identfcaton numberl Joe researches the assiined vuanerabiaity identfcaton number from the vendor eebsitel Joe proceeds eith appayini the recommended soauton for identfed vuanerabiaityl Which of the foaaoeini is the type of vuanerabiaity describede Al Neteork based Bl IDS Cl Siinature based Dl Host based Aoswern C
Expaanatonn A siinature-based monitorini or detecton method reaies on a database of siinatures or paterns of knoen maaicious or uneanted actvityl The strenith of a siinature-based system is that it can quickay and accurateay detect any event from its database of siinaturesl Incorrect Anseersn An A neteork-based IDS (NIDS) eatches neteork trafc in reaa tmel It’s reaiabae for detectni neteork- focused atacks, such as bandeidth-based DoS atacksl Bn An intrusion detecton system (IDS) is an automated system that either eatches actvity in reaa tme or reviees the contents of audit aois in order to detect intrusions or security poaicy vioaatonsl Cn A host-based IDS (HIDS) eatches the audit traias and aoi f aes of a host systeml It’s reaiabae for detectni atacks directed aiainst a host, ehether they oriiinate from an externaa source or are beini perpetrated by a user aocaaay aoiied in to the hostl Referencesn Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, pl 21 Question 17 The neteork security eniineer just depaoyed an IDS on the neteork, but the Chief Technicaa Ofcer (CTO) has concerns that the device is onay abae to detect knoen anomaaiesl Which of the foaaoeini types of IDS has been depaoyede Al Siinature Based IDS Bl Heuristc IDS Cl Behavior Based IDS Dl Anomaay Based IDS Aoswern A Expaanatonn A siinature based IDS eiaa monitor packets on the neteork and compare them aiainst a database of siinatures or atributes from knoen maaicious threatsl Incorrect Anseersn B, Cn The technique used by anomaay-based IDS:IPS systems is aaso referred as neteork behavior anaaysis or heuristcs anaaysisl Dn An IDS ehich is anomaay based eiaa monitor neteork trafc and compare it aiainst an estabaished baseainel The baseaine eiaa identfy ehat is “normaan for that neteork- ehat sort of bandeidth is ieneraaay used, ehat protocoas are used, ehat ports and devices ieneraaay connect to each other- and aaert the administrator or user ehen trafc is detected ehich is anomaaous, or siinifcantay diferent, than the baseainel Referencesn htpsn::technetlmicrosoflcom:en-us:aibrary:dd277252laspx htpn::enleikipedialori:eiki:Intrusion_detecton_systemoSiinature-based_IDS htpn::enleikipedialori:eiki:Intrusion_detecton_systemoStatstcaa_anomaay-based_IDS Question 18
Joe, the Chief Technicaa Ofcer (CTO), is concerned about nee maaeare beini introduced into the corporate neteorkl He has tasked the security eniineers to impaement a technoaoiy that is capabae of aaertni the team ehen unusuaa trafc is on the neteorkl Which of the foaaoeini types of technoaoiies eiaa BEST address this scenarioe Al Appaicaton Fireeaaa Bl Anomaay Based IDS Cl Proxy Fireeaaa Dl Siinature IDS Aoswern B Expaanatonn Anomaay-based detecton eatches the onioini actvity in the environment and aooks for abnormaa occurrencesl An anomaay-based monitorini or detecton method reaies on defnitons of aaa vaaid forms of actvityl This database of knoen vaaid actvity aaaoes the tooa to detect any and aaa anomaaiesl Anomaay- based detecton is commonay used for protocoasl Because aaa the vaaid and aeiaa forms of a protocoa are knoen and can be defned, any variatons from those knoen vaaid constructons are seen as anomaaiesl Incorrect Anseersn An An appaicaton aeare freeaaa provides faterini services for specifc appaicatonsl Cn Proxy freeaaas are used to process requests from an outside neteork; the proxy freeaaa examines the data and makes ruae-based decisions about ehether the request shouad be forearded or refusedl The proxy intercepts aaa of the packets and reprocesses them for use internaaayl Dn A siinature-based monitorini or detecton method reaies on a database of siinatures or paterns of knoen maaicious or uneanted actvityl Referencesn Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 13, 20 Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, pl 98 Question 19 Mat, an administrator, notces a food fraimented packet and retransmits from an emaia serverl Afer disabaini the TCP ofoad setni on the NIC, Mat sees normaa trafc eith packets foeini in sequence aiainl Which of the foaaoeini utaites eas he MOST aikeay usini to viee this issuee Al Spam fater Bl Protocoa anaayzer Cl Web appaicaton freeaaa Dl Load baaancer Aoswern B Expaanatonn A protocoa anaayzer is a tooa used to examine the contents of neteork trafcl Commonay knoen as a snifer, a protocoa anaayzer can be a dedicated hardeare device or sofeare instaaaed onto a typicaa host systeml In either case, a protocoa anaayzer is frst a packet capturini tooa that can coaaect neteork trafc
and store it in memory or onto a storaie devicel Once a packet is captured, it can be anaayzed either eith compaex automated tooas and scripts or manuaaayl Incorrect Anseersn An A spam fater is a sofeare or hardeare tooa ehose primary purpose is to identfy and baock:fater:remove uneanted messaies (that is, spam)l Spam is most commonay associated eith emaia, but spam aaso exists in instant messaiini (IM), short messaie service (SMS), Usenet, and eeb discussions:forums:comments:baoisl Because spam consumes about 89 percent of aaa emaia trafc (see the Inteaaiience Reports at eeelmessaieaabslcom), it’s essentaa to fater and baock spam at every opportunityl Cn A eeb appaicaton freeaaa is a device, server add-on, virtuaa service, or system fater that defnes a strict set of communicaton ruaes for a eebsite and aaa visitorsl It’s intended to be an appaicaton-specifc freeaaa to prevent cross-site scriptni, SQL injecton, and other eeb appaicaton atacksl Dn A aoad baaancer is used to spread or distribute neteork trafc aoad across severaa neteork ainks or neteork devicesl Referencesn Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 10, 18, 19 Question 20 Which the foaaoeini fais are used to estabaish a TCP connectone (Seaect TWO)l Al PSH Bl ACK Cl SYN Dl URG El FIN Aoswern B, C Expaanatonn To estabaish a TCP connecton, the three-eay (or 2-step) handshake occursn SYNn The actve open is performed by the caient sendini a SYN to the serverl The caient sets the seiment's sequence number to a random vaaue Al SYN-ACKn In response, the server repaies eith a SYN-ACKl The acknoeaediment number is set to one more than the received sequence number ilel A+1, and the sequence number that the server chooses for the packet is another random number, Bl ACKn Finaaay, the caient sends an ACK back to the serverl The sequence number is set to the received acknoeaediement vaaue ilel A+1, and the acknoeaediement number is set to one more than the received sequence number ilel B+1l Incorrect Anseersn An The PSH fai teaas the TCP stack to fush aaa bufers and send any outstandini data up to and incaudini the data that had the PSH fai setl Dn URG indicates that the urient pointer fead has a vaaid pointer to data that shouad be treated urientay and be transmited before non-urient datal En FIN is used to indicate that the caient eiaa send no more datal Referencesn htpn::ainuxpoisonlbaoispotlcom:2007:11:ehat-are-tcp-controa-bitslhtma
Question 21 Which of the foaaoeini components of an aaa-in-one security appaiance eouad MOST aikeay be confiured in order to restrict access to peer-to-peer fae sharini eebsitese Al Spam fater Bl URL fater Cl Content inspecton Dl Maaeare inspecton Aoswern B Expaanatonn The queston asks hoe to prevent access to peer-to-peer fae sharini eebsitesl You access a eebsite by broesini to a URL usini a Web broeser or peer-to-peer fae sharini caient sofearel A URL fater is used to baock URLs (eebsites) to prevent users accessini the eebsitel Incorrect Anseern An A spam fater is used for emaial Aaa inbound (and sometmes outbound) emaia is passed throuih the spam fater to detect spam emaiasl The spam emaias are then discarded or taiied as potentaa spam accordini to the spam fater confiuratonl Spam faters do not prevent users accessini peer-to-peer fae sharini eebsitesl Cn Content inspecton is the process of inspectni the content of a eeb paie as it is doenaoadedl The content can then be baocked if it doesn’t compay eith the company’s eeb poaicyl Content-controa sofeare determines ehat content eiaa be avaiaabae or perhaps more ofen ehat content eiaa be baockedl Content inspecton does not prevent users accessini peer-to-peer fae sharini eebsites (aathouih it couad baock the content of the sites as it is doenaoaded)l Dn Maaeare inspecton is the process of scannini a computer system for maaearel Maaeare inspecton does not prevent users accessini peer-to-peer fae sharini eebsitesl Referencesn htpn::eeelprovisionlro:threat-manaiement:eeb-appaicaton-security:ura-fateriniopaiei-1|paiep-1| Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 18, 19 Question 22 Pete, the system administrator, eants to restrict access to advertsements, iames, and iambaini eeb sitesl Which of the foaaoeini devices eouad BEST achieve this ioaae Al Fireeaaa Bl Seitch Cl URL content fater Dl Spam fater Aoswern C Expaanatonn
URL faterini, aaso knoen as eeb faterini, is the act of baockini access to a site based on aaa or part of the URL used to request accessl URL faterini can focus on aaa or part of a fuaay quaaifed domain name (FQDN), specifc path names, specifc faenames, specifc f ae extensions, or entre specifc URLsl Many URL-faterini tooas can obtain updated master URL baock aists from vendors as eeaa as aaaoe administrators to add or remove URLs from a custom aistl Incorrect Anseersn An The basic purpose of a freeaaa is to isoaate one neteork from anotherl Fireeaaas are avaiaabae as appaiances, meanini they’re instaaaed as the primary device separatni teo neteorksl Bn Seitches are muatport devices that improve neteork efciencyl Dn A spam fater is a sofeare or hardeare tooa ehose primary purpose is to identfy and baock:fater:remove uneanted messaies (that is, spam)l Referencesn Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 18, 19 Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, ppl 93, 102 Question 23 The administrator receives a caaa from an empaoyee named Joel Joe says the Internet is doen and he is receivini a baank paie ehen typini to connect to a popuaar sports eebsitel The administrator asks Joe to try visitni a popuaar search eniine site, ehich Joe reports as successfual Joe then says that he can iet to the sports site on this phonel Which of the foaaoeini miiht the administrator need to confiuree Al The access ruaes on the IDS Bl The pop up baocker in the empaoyee’s broeser Cl The sensitvity aevea of the spam fater Dl The defauat baock paie on the URL fater Aoswern D Expaanatonn A URL fater is used to baock access to a site based on aaa or part of a URLl There are a number of URL- faterini tooas that can acquire updated master URL baock aists from vendors, as eeaa as aaaoe administrators to add or remove URLs from a custom aistl Incorrect Anseersn An An intrusion detecton system (IDS) is an automated system that either eatches actvity in reaa tme or reviees the contents of audit aois in order to detect intrusions or security poaicy vioaatonsl Bn Pop-up baockers prevent eebsites from openini further eeb broeser eindoes eithout your approvaal Cn A spam fater deaas eith identfyini and baockini:faterini:removini unsoaicited messaiesl Referencesn Steeart, James Michaea, CompTIA Security+ Reviee Guide, Sybex, Indianapoais, 2014, ppl 18, 19, 21, 243 Question 24 Layer 7 devices used to prevent specifc types of htma tais are caaaedn Al Fireeaaas
Bl Content faters Cl Routers Dl NIDS Aoswern B Expaanatonn A content fater is a is a type of sofeare desiined to restrict or controa the content a reader is authorised to access, partcuaaray ehen used to aimit materiaa deaivered over the Internet via the Web, e-maia, or other meansl Because the user and the OSI aayer interact directay eith the content fater, it operates at Layer 7 of the OSI modeal Incorrect Anseersn A, C, Dn These devices deaa eith controaaini hoe devices in a neteork iain access to data and permission to transmit it, as eeaa as controaaini error checkini and packet synchronizatonl It, therefore, operates at Layer 2 of the OSI modeal Referencesn htpn::enleikipedialori:eiki:Content-controa_sofeareoTypes_of_faterini htpn::enleikipedialori:eiki:OSI_modea Question 25 Pete, an empaoyee, atempts to visit a popuaar sociaa neteorkini site but is baockedl Instead, a paie is dispaayed notfyini him that this site cannot be visitedl Which of the foaaoeini is MOST aikeay baockini Pete’s access to this sitee Al Internet content fater Bl Fireeaaa Cl Proxy server Dl Protocoa anaayzer Aoswern A Expaanatonn Web faterini sofeare is desiined to restrict or controa the content a reader is authorised to access, especiaaay ehen utaised to restrict materiaa deaivered over the Internet via the Web, e-maia, or other meansl Incorrect Anseersn Bn The basic purpose of a freeaaa is to isoaate one neteork from anotherl Cn A proxy server is a variaton of an appaicaton freeaaa or circuit-aevea freeaaa, and used as a middaeman beteeen caients and serversl Ofen a proxy serves as a barrier aiainst externaa threats to internaa caientsl Dn The terms protocoa anaayzer and packet snifer are interchanieabael They refer to the tooas used in the process of monitorini the data that is transmited across a neteorkl Referencesn htpn::enleikipedialori:eiki:Content-controa_sofeare Duaaney, Emmet and Chuck Easton, CompTIA Security+ Study Guide, 3th Editon, Sybex, Indianapoais, 2014, ppl 11, 93, 242