Pass4sure SY0-401 CompTIA Security + Exam Preparation

1
CompTIA Security SY0-401

• Pass4sureusa

2
Welcome TO Pass4sureusa

• Pass4sureusa providing the top quality real
  certified pdf dumps of all IT certification
  exams.
• Now passing any CopmpTIA certification exam is
  not a hard task. Just buy your pdf dump of
  SY0-401 from us to get successful marks in you
  final security exam.

3
SY0-401 Sample Questions 1

• Sara, the security administrator, must configure
  the corporate firewall to allow all public IP
  addresses on the internal interface of the
  firewall to be translated to one
• public IP address on the external interface of
  the same firewall. Which of the following should
  Sara configure?
• A. PAT
• B. NAP
• C. DNAT
• D. NAC
• Correct Answer A

4
SY0-401 Sample Questions 2

• Which of the following devices is MOST likely
  being used when processing the following?
• 1 PERMIT IP ANY ANY EQ 80
• 2 DENY IP ANY ANY
• A. Firewall
• B. NIPS
• C. Load balancer
• D. URL filter
• Correct Answer A
• Explanation
• Firewalls, routers, and even switches can use
  ACLs as a method of security management. An
  access control list has a deny ip any any
  implicitly at the end of any access control list.
  ACLs deny by default and allow by exception.

5
SY0-401 Sample Questions 3

• The security administrator at ABC company
  received the following log information from an
  external party
• 104501 EST, SRC 10.4.3.73056, DST 8.4.2.180,
  ALERT, Directory traversal
• 104502 EST, SRC 10.4.3.73057, DST 8.4.2.180,
  ALERT, Account brute force
• 104503 EST, SRC 10.4.3.73058, DST 8.4.2.180,
  ALERT, Port scan
• The external party is reporting attacks coming
  from abc-company.com. Which of the following is
  the reason the ABC company's security
  administrator is unable to
• determine the origin of the attack?
• A. A NIDS was used in place of a NIPS.
• B. The log is not in UTC.
• C. The external party uses a firewall.
• D. ABC company uses PAT.
• Correct Answer D

6
SY0-401 Sample Questions 4

• Which of the following firewall types inspects
  Ethernet traffic at the MOST levels of the OSI
  model?
• A. Packet Filter Firewall
• B. Stateful Firewall
• C. Proxy Firewall
• D. Application Firewall
• Correct Answer B
• Explanation
• Stateful inspections occur at all levels of the
  network.

7
SY0-401 Sample Questions 5

• unauthorized access and that access to the IT
  systems should be logged. Which of the following
  would BEST meet the CISO's requirements?
• A. Sniffers
• B. NIDS
• C. Firewalls
• D. Web proxies
• E. Layer 2 switches
• Correct Answer C
• Explanation
• The basic purpose of a firewall is to isolate one
  network from another.

8
SY0-401 Sample Questions 6

• Which of the following network design elements
  allows for many internal devices to share one
• public IP address?
• A. DNAT
• B. PAT
• C. DNS
• D. DMZ
• Correct Answer B
• Explanation
• Port Address Translation (PAT), is an extension
  to network address translation (NAT) that permits
  multiple devices on a local area network (LAN) to
  be mapped to a
• single public IP address. The goal of PAT is to
  conserve IP addresses.
• Most home networks use PAT. In such a scenario,
  the Internet Service Provider (ISP) assigns a
  single IP address to the home network's router.
  When Computer X
• logs on the Internet, the router assigns the
  client a port number, which is appended to the
  internal IP address. This, in effect, gives
  Computer X a unique address. If
• Computer Z logs on the Internet at the same time,
  the router assigns it the same local IP address
  with a different port number. Although both
  computers are sharing
• the same public IP address and accessing the
  Internet at the same time, the router knows
  exactly which computer to send specific packets
  to because each
• computer has a unique internal address.

9
SY0-401 Sample Questions 7

• Which of the following is a best practice when
  securing a switch from physical access?
• A. Disable unnecessary accounts
• B. Print baseline configuration
• C. Enable access lists
• D. Disable unused ports
• Correct Answer D
• Explanation
• Disabling unused switch ports a simple method
  many network administrators use to help secure
  their network from unauthorized access.
• All ports not in use should be disabled.
  Otherwise, they present an open door for an
  attacker to enter.

10
SY0-401 Sample Questions 8

• Which of the following devices would be MOST
  useful to ensure availability when there are a
  large number of requests to a certain website?
• A. Protocol analyzer
• B. Load balancer
• C. VPN concentrator
• D. Web security gateway
• Correct Answer B
• Explanation
• Load balancing refers to shifting a load from one
  device to another. A load balancer can be
  implemented as a software or hardware solution,
  and it is usually associated with a device--a
  router, a firewall, NAT appliance, and so on. In
  its most common implementation, a load balancer
  splits the traffic intended for a website into
  individual requests that are then rotated to
  redundant servers as they become available.

11
SY0-401 Sample Questions 9

• Pete, the system administrator, wishes to monitor
  and limit users' access to external websites.
• Which of the following would BEST address this?
• A. Block all traffic on port 80.
• B. Implement NIDS.
• C. Use server load balancers.
• D. Install a proxy server.
• Correct Answer D
• Explanation
• A proxy is a device that acts on behalf of
  other(s). In the interest of security, all
  internal user interaction with the Internet
  should be controlled through a proxy server.
• The proxy server should automatically block known
  malicious sites. The proxy server should cache
  often-accessed sites to improve performance.

12
SY0-401 Sample Questions 10

• Pete, the system administrator, wants to restrict
  access to advertisements, games, and gambling web
  sites. Which of the following devices would BEST
  achieve
• this goal?
• A. Firewall
• B. Switch
• C. URL content filter
• D. Spam filter
• Correct Answer C
• Explanation
• URL filtering, also known as web filtering, is
  the act of blocking access to a site based on all
  or part of the URL used to request access. URL
  filtering can focus on all or part of a fully
  qualified domain name (FQDN), specific path
  names, specific filenames, specific fi le
  extensions, or entire specific URLs. Many
  URL-filtering tools can obtain updated master URL
  block lists from vendors as well as allow
  administrators to add or remove URLs from a
  custom list.

13
SY0-401 Verified Exam Questions
Pass4saureusa
14
www.pass4sureusa.com
15
Full Exam Passing guarantee
16
Pass4sureusa SY0-401 Braindumps
17
Providing valid PDF dumps to students is our
first priority
www.pass4sureusa.com
18
What our customer says