Certification Exam Prep Questions For CompTIA Security+ SY0-401
QuickStartis now offering assessment questions for CompTIA Security+ SY0-401. Whether you are deciding which exam to sign up for, or simply want to practice the materials necessary to complete certification for this course, we have provided a practice assessment to better aid in certification. 100% of the questions are real questions; from a recent version of the test you will take for CompTIA Security+ SY0-401.
The security administrator needs to configure the corporate firewall to let all public IP addresses on the firewall’s internal interface to be translated to 1 public IP-address on the same firewall’s external interface. Which of the following should they configure?
Which of the following security devices can be replicated on a Linux-based computer using IP tables to properly handle and inspect network-based traffic?
Which of the following firewall type inspects Ethernet traffic at the MOST levels of the OSI model?
- A. Packet Filter Firewall
-
Incorrect.
- B. Proxy Firewall
-
Incorrect.
- C. Application Firewall
-
Incorrect.
- D. Stateful Firewall
-
Correct!
The Chief Information Security Officer (CISO) has mandated that al IT systems with credit card data be segregated from the main corporate network to prevent unauthorized access and that access to the IT systems should be logged. Which of the following would BEST meet the CISO’s requirements?
Which of the following network design elements allows for many internal devices to share one public IP address?
Which of the following is a best practice when securing a switch from physical access?
- A. Disable unused ports
-
Correct!
- B. Disable unnecessary accounts
-
Incorrect.
- C. Print baseline configuration
-
Incorrect.
- D. Enable access lists
-
Incorrect.
Which of the following devices would be MOST useful to ensure availability when there is a large number of requests on a certain website?
- A. Protocol analyzer
-
Incorrect.
- B. VPN concentrator
-
Incorrect.
- C. Load balancer
-
Correct!
- D. Web security gateway
-
Incorrect.
Pete, the system administrator, wishes to monitor and limit users’ access to external websites. Which of the following would BEST address this?
- A. Install a proxy server.
-
Correct!
- B. Block all traffic on port 80.
-
Incorrect.
- C. Implement NIDS.
-
Incorrect.
- D. Use server load balancers.
-
Incorrect.
Mike, a network administrator, has been asked to passively monitor network traffic to the company’s sales websites. Which of the following would be BEST suited for this task?
Which of the following should be deployed to prevent the transmission of malicious traffic between virtual machines hosted on a singular physical device on a network?
- A. NIPS on the network
-
Incorrect.
- B. NIDS on the network
-
Incorrect.
- C. HIDS on each virtual machine
-
Incorrect.
- D. HIPS on each virtual machine
-
Correct!
Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?
An administrator is looking to implement a security device which will be able to not only detect network intrusions at the organization level, but help defend against them as well. Which of the following is being described here?
In intrusion detection system vernacular, which account is responsible for setting the security policy for an organization?
Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of technologies will BEST address this scenario?
- A. Application Firewall
-
Incorrect.
- B. Proxy Firewall
-
Incorrect.
- C. Signature IDS
-
Incorrect.
- D. Anomaly Based IDS
-
Correct!
Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue?
- A. Protocol analyzer
-
Correct!
- B. Spam filter
-
Incorrect.
- C. Web application firewall
-
Incorrect.
- D. Load balancer
-
Incorrect.
Which the following flags are used to establish a TCP connection? (Select TWO).
Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?
- A. Spam filter
-
Incorrect.
- B. URL filter
-
Correct!
- C. Content inspection
-
Incorrect.
- D. Malware inspection
-
Incorrect.
Pete, the system administrator, wants to restrict access to advertisements, games, and gambling websites. Which of the following devices would BEST achieve this goal?
- A. Firewall
-
Incorrect.
- B. Switch
-
Incorrect.
- C. URL content filter
-
Correct!
- D. Spam filter
-
Incorrect.
Layer 7 devices used to prevent specific types of html tags are called:
- Home
- Practice Exam - CompTIA Security+
Practice Exam - CompTIA Security+
More Information:
- Learning Style: On Demand
- Learning Style: Practice Exam
- Difficulty: Beginner
- Course Duration: 1 Hour
- Course Info: Download PDF
- Certificate: See Sample
Contact a Learning Consultant
Need Training for 5 or More People?
Customized to your team's need:
- Annual Subscriptions
- Private Training
- Flexible Pricing
- Enterprise LMS
- Dedicated Customer Success Manager
Course Information