QUESTION 37
Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks?
A. Implement a HIDS to protect the SCADA system
B. Implement a Layer 2 switch to access the SCADA system
C. Implement a firewall to protect the SCADA system
D. Implement a NIDS to protect the SCADA system
Correct Answer: C Explanation
QUESTION 38
The common method of breaking larger network address space into smaller networks is known as:
A. subnetting.
B. phishing.
C. virtualization.
D. packet filtering.
Correct Answer: A Explanation
QUESTION 39
While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).
A. 20
B. 21
C. 22
D. 68
E. 69
Correct Answer: AB Explanation
QUESTION 40
An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?
A. Use a stateful firewall
B. Enable MAC filtering
C. Upgrade to WPA2 encryption
D. Force the WAP to use channel 1
Correct Answer: B Explanation
QUESTION 41
Which of the following helps to establish an accurate timeline for a network intrusion?
A. Hashing images of compromised systems
B. Reviewing the date of the antivirus definition files
C. Analyzing network traffic and device logs
D. Enforcing DLP controls at the perimeter
Correct Answer: C Explanation
QUESTION 42
A security administrator must implement a firewall rule to allow remote employees to VPN onto the company network. The VPN concentrator implements SSL VPN over the standard HTTPS port. Which of the following is the MOST secure ACL to implement at the company’s gateway firewall?
A. PERMIT TCP FROM ANY 443 TO 199.70.5.25 443
B. PERMIT TCP FROM ANY ANY TO 199.70.5.23 ANY
C. PERMIT TCP FROM 199.70.5.23 ANY TO ANY ANY
D. PERMIT TCP FROM ANY 1024-65535 TO 199.70.5.23 443
Correct Answer: D Explanation
QUESTION 43
A user has plugged in a wireless router from home with default configurations into a network jack at the office. This is known as:
A. an evil twin.
B. an IV attack.
C. a rogue access point.
D. an unauthorized entry point.
Correct Answer: C Explanation
QUESTION 44
When confidentiality is the primary concern, and a secure channel for key exchange is not available, which of the following should be used for transmitting company documents?
A. Digital Signature
B. Symmetric
C. Asymmetric
D. Hashing
Correct Answer: C Explanation
QUESTION 45
It is MOST important to make sure that the firewall is configured to do which of the following?
A. Alert management of a possible intrusion.
B. Deny all traffic and only permit by exception.
C. Deny all traffic based on known signatures.
D. Alert the administrator of a possible intrusion.
Correct Answer: B Explanation
CompTIA SY0-401 Exam Certification Guide is part of a recommended study program from CompTIA SY0-401 Exam that includes simulation and hands-on training from authorized CompTIA SY0-401 Exam Learning Partners and self-study products from CompTIA SY0-401 Exam. Find out more about instructor-led, e-learning, and hands-on instruction offered by authorized CompTIA SY0-401 Exam Learning Partners worldwide.
Read More : http://www.itcertlab.com/pass-cisco-200-120-ccna-pdf-quick-and-easy.html