This page was exported from Braindump2go Free Exam Dumps with PDF and VCE Collection
[
https://www.mcitpdump.com
]
Export date: Fri Mar 29 1:25:25 2024 / +0000 GMT
COMPTIA NEWS: SY0-401 Exam Questions has been Updated Today! Get Latest SY0-401 VCE and SY0-401 PDF Instantly! Welcome to Download the Newest Braindump2go SY0-401 VCE&SY0-401 PDF Dumps: http://www.braindump2go.com/sy0-401.html (1220 Q&As) Important News: CompTIA SY0-401 Exam Questions are been updated recently! The CompTIA SY0-401 Practice Exam is a very hard exam to successfully pass your exam.Here you will find Free Braindump2go CompTIA Practice Sample Exam Test Questions that will help you prepare in passing the SY0-401 exam.Braindump2go Guarantees you 100% PASS exam SY0-401! Exam Code: SY0-401 SY0-401 Dump,SY0-401 PDF,SY0-401 VCE,SY0-401 Braindump,SY0-401 Study Guide,SY0-401 Study Guide PDF,SY0-401 Objectives,SY0-401 Practice Test,SY0-401 Practice Exam,SY0-401 Performance Based Questions,SY0-401 Exam Questions,SY0-401 Exam Dumps,SY0-401 Exam PDF,SY0-401 Dumps Free,SY0-401 Dumps PDF QUESTION 31 A. Remove the staff group from the payroll folder Answer: B QUESTION 32 A. NAT and DMZ Answer: D QUESTION 33 A. Create a VLAN without a default gateway. Answer: C QUESTION 34 A. SaaS Answer: B QUESTION 35 A. Failed authentication attempts Answer: D QUESTION 36 A. Unified Threat Management Answer: A QUESTION 37 A. Unified Threat Management Answer: A QUESTION 38 A. VLAN Answer: D QUESTION 39 A. Firewall Answer: A QUESTION 40 A. DMZ Answer: A
Exam Name: CompTIA Security+
Certification Provider: CompTIA
Corresponding Certification: CompTIA Security+
The Human Resources department has a parent shared folder setup on the server.
There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission.
Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?
B. Implicit deny on the payroll folder for the staff group
C. Implicit deny on the payroll folder for the managers group
D. Remove inheritance from the payroll folder
Explanation:
Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default.
A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?
B. VPN and IPSec
C. Switches and a firewall
D. 802.1x and VLANs
Explanation:
802.1x is a port-based authentication mechanism. It's based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it's often used as a component in more complex authentication and connection-management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System's Terminal Access Controller Access-Control System Plus (TACACS+), and Network Access Control (NAC).
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. By default, all ports on a switch are part of VLAN 1. But as the switch administrator changes the VLAN assignment on a port-by-port basis, various ports can be grouped together and be distinct from other VLAN port designations. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.
Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?
B. Remove the network from the routing table.
C. Create a virtual switch.
D. Commission a stand-alone switch.
Explanation:
A Hyper-V Virtual Switch implements policy enforcement for security, isolation, and service levels.
A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?
B. MaaS
C. IaaS
D. PaaS
Explanation:
Monitoring-as-a-service (MaaS) is a cloud delivery model that falls under anything as a service (XaaS). MaaS allows for the deployment of monitoring functionalities for several other services and applications within the cloud.
Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files?
B. Network ping sweeps
C. Host port scans
D. Connections to port 22
Explanation:
Log analysis is the art and science of reviewing audit trails, log files, or other forms of computer- generated records for evidence of policy violations, malicious events, downtimes, bottlenecks, or other issues of concern.
SSH uses TCP port 22. All protocols encrypted by SSH also use TCP port 22, such as SFTP, SHTTP, SCP, SExec, and slogin.
An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?
B. Virtual Private Network
C. Single sign on
D. Role-based management
Explanation:
When you combine a firewall with other abilities (intrusion prevention, antivirus, content filtering, etc.), what used to be called an all-in-one appliance is now known as a unified threat management (UTM) system. The advantages of combining everything into one include a reduced learning curve (you only have one product to learn), a single vendor to deal with, and--typically--reduced complexity.
An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to integrate the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?
B. Virtual Private Network
C. Single sign on
D. Role-based management
Explanation:
Unified Threat Management (UTM) is, basically, the combination of a firewall with other abilities. These abilities include intrusion prevention, antivirus, content filtering, etc. Advantages of combining everything into one:
You only have one product to learn.
You only have to deal with a single vendor.
IT provides reduced complexity.
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?
B. Subnet
C. VPN
D. DMZ
Explanation:
A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military operation is not permitted.
Which of the following devices would MOST likely have a DMZ interface?
B. Switch
C. Load balancer
D. Proxy
Explanation:
The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
A security analyst needs to ensure all external traffic is able to access the company's front-end servers but protect all access to internal resources.
Which of the following network design elements would MOST likely be recommended?
B. Cloud computing
C. VLAN
D. Virtualization
Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
Braindump2go Guarantee:
Pass-Certification SY0-401 offers absolute risk free investment opportunity, values your timr and money! Braindump2go latest SY0-401 Real Exam Dumps - Your success in SY0-401 Exam is certain! Your belief in our SY0-401 Exam Dumps is further strengthened with 100% Money Back Promise from Braindump2go!
FREE DOWNLOAD: NEW UPDATED SY0-401 PDF Dumps & SY0-401 VCE Dumps from Braindump2go: http://www.braindump2go.com/sy0-401.html (1220 Q&A)
Post date: 2015-11-10 08:57:05
Post date GMT: 2015-11-10 08:57:05
Post modified date: 2015-11-10 08:57:05
Post modified date GMT: 2015-11-10 08:57:05
Powered by [ Universal Post Manager ] plugin. MS Word saving format developed by gVectors Team www.gVectors.com