[Free] 2018(Jan) EnsurePass Passguide CompTIA SY0-401 Dumps with VCE and PDF 101-110

2018 Jan CompTIA Official New Released SY0-401
100% Free Download! 100% Pass Guaranteed!

CompTIA Security Certification

Question No: 101 – (Topic 1)

The loss prevention department has purchased a new application that allows the employees to monitor the alarm systems at remote locations. However, the application fails to connect to the vendor#39;s server and the users are unable to log in. Which of the following are the MOST likely causes of this issue? (Select TWO).

  1. URL filtering

  2. Role-based access controls

  3. MAC filtering

  4. Port Security

  5. Firewall rules

Answer: A,E Explanation:

A URL filter is used to block URLs (websites) to prevent users accessing the website. Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule’s criteria:

Block the connection Allow the connection

Allow the connection only if it is secured

Incorrect Options:

B: Role-based Access Control is basically based on a user’s job description. When a user is assigned a specific role in an environment, that user’s access to objects is granted based on the required tasks of that role. Since the sales team needs to save and print reports, they would not be restricted if restrictions were role-based.

C: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

D: Port security works at level 2 of the OSI model and allows an administrator to configure switch ports so that only certain MAC addresses can use the port.


Stewart, James Michael, CompTIA Security Review Guide, Sybex, Indianapolis, 2014, pp. 19, 61, 276

Dulaney, Emmett and Chuck Eastton, CompTIA Security Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 157

Question No: 102 – (Topic 1)

Multi-tenancy is a concept found in which of the following?

  1. Full disk encryption

  2. Removable media

  3. Cloud computing

  4. Data loss prevention

Answer: C Explanation:

One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security.

Question No: 103 – (Topic 1)

Ann, the network administrator, is receiving reports regarding a particular wireless network in the building. The network was implemented for specific machines issued to the developer department, but the developers are stating that they are having connection issues as well as slow bandwidth. Reviewing the wireless router#39;s logs, she sees that devices not belonging to the developers are connecting to the access point. Which of the following would BEST alleviate the developer#39;s reports?

  1. Configure the router so that wireless access is based upon the connecting device#39;s hardware address.

  2. Modify the connection#39;s encryption method so that it is using WEP instead of WPA2.

  3. Implement connections via secure tunnel with additional software on the developer#39;s computers.

  4. Configure the router so that its name is not visible to devices scanning for wireless networks.

Answer: A Explanation:

MAC addresses are also known as an Ethernet hardware address (EHA), hardware address or physical address. Enabling MAC filtering would allow for a WAP to restrict or allow access based on the hardware address of the device.

Question No: 104 – (Topic 1)

An active directory setting restricts querying to only secure connections. Which of the

following ports should be selected to establish a successful connection?

A. 389

B. 440

C. 636

D. 3286

Answer: C Explanation:

Port 636 is used for secure LDAP (LDAPS).

Incorrect Options:

A: Port 389 is used for LDAP.

B: Port 440 is not used for secure Active Directory connections. D: Port 3286 is not used for secure Active Directory connections.


Dulaney, Emmett and Chuck Eastton, CompTIA Security Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 147


Question No: 105 – (Topic 1)

Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

  1. VLAN

  2. Subnetting

  3. DMZ

  4. NAT

Answer: C Explanation:

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Question No: 106 – (Topic 1)

Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device?

  1. SMTP

  2. SNMPv3

  3. IPSec

  4. SNMP

Answer: B

Explanation: Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.

Question No: 107 – (Topic 1)

A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO).

A. 22 B. 135 C. 137 D. 143 E. 443 F. 3389

Answer: A,F Explanation:

A secure remote administration solution and Remote Desktop protocol is required.

Secure Shell (SSH) is a secure remote administration solution and makes use of TCP port

22. Remote Desktop Protocol (RDP) uses TCP port 3389.

Question No: 108 – (Topic 1)

Which of the following wireless security technologies continuously supplies new keys for WEP?

  1. TKIP

  2. Mac filtering

  3. WPA2

  4. WPA

Answer: A Explanation:

TKIP is a suite of algorithms that works as a quot;wrapperquot; to WEP, which allows users of legacy WLAN equipment to upgrade to TKIP without replacing hardware. TKIP uses the original WEP programming but quot;wrapsquot; additional code at the beginning and end to encapsulate and modify it.

Question No: 109 – (Topic 1)

Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?

  1. NIPS

  2. HIDS

  3. HIPS

  4. NIDS

Answer: A Explanation:

Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it

Question No: 110 – (Topic 1)

Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks?

  1. Protocol filter

  2. Load balancer

  3. NIDS

  4. Layer 7 firewall

Answer: D Explanation:

An application-level gateway firewall filters traffic based on user access, group membership, the application or service used, or even the type of resources being transmitted. This type of firewall operates at the Application layer (Layer 7) of the OSI model.

100% Free Download!
Download Free Demo:SY0-401 Demo PDF
100% Pass Guaranteed!
Download 2018 EnsurePass SY0-401 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2018 EnsurePass IT Certification PDF and VCE

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com