[PDF]Braindump2go CompTIA SY0-401 Exam VCE and PDF 1867Q&As(2016 Aug.)New Download[NQ71-NQ80]

2016/08 SY0-401: CompTIA Security+ Certification Exam Questions New Updated Today!

Free Instant Download SY0-401 Exam Dumps(PDF & VCE) 1867Q&As from Braindump2go.com!
100% Real Exam Questions!     100% Exam Pass Guaranteed!

NEW QUESTION 71 – NEW QUESTION 80:

1.|2016/08 SY0-401 Exam Dumps(PDF & VCE) 1867Q&As Download:http://www.braindump2go.com/sy0-401.html

2.|2016/08 SY0-401 Exam Questions & Answers:https://drive.google.com/folderview?id=0B75b5xYLjSSNTldvc1ZkQlNUc0k&usp=sharing

QUESTION 71
A network consists of various remote sites that connect back to two main locations. Pete, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?

A.    Block port 23 on the L2 switch at each remote site
B.    Block port 23 on the network firewall
C.    Block port 25 on the L2 switch at each remote site
D.    Block port 25 on the network firewall

Answer: B
Explanation:
Telnet is a terminal-emulation network application that supports remote connectivity for executing commands and running applications but doesn’t support transfer of fi les. Telnet uses TCP port 23. Because it’s a clear text protocol and service, it should be avoided and replaced with SSH.

QUESTION 72
A security analyst noticed a colleague typing the following command:
`Telnet some-host 443′
Which of the following was the colleague performing?

A.    A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack.
B.    A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.
C.    Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead.
D.    A mistaken port being entered because telnet servers typically do not listen on port 443.

Answer: B
Explanation:
B: The Telnet program parameters are: telnet <hostname> <port> <hostname> is the name or IP address of the remote server to connect to. <port> is the port number of the service to use for the connection. TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL port. By running the Telnet some-host 443 command, the security analyst is checking that routing is done properly and not blocked by a firewall.

QUESTION 73
Which of the following secure file transfer methods uses port 22 by default?

A.    FTPS
B.    SFTP
C.    SSL
D.    S/MIME

Answer: B
Explanation:
SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

QUESTION 74
Which of the following BEST describes the weakness in WEP encryption?

A.    The initialization vector of WEP uses a crack-able RC4 encryption algorithm.
Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.
B.    The WEP key is stored in plain text and split in portions across 224 packets of random data.
Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.
C.    The WEP key has a weak MD4 hashing algorithm used.
A simple rainbow table can be used to generate key possibilities due to MD4 collisions.
D.    The WEP key is stored with a very small pool of random numbers to make the cipher text.
As the random numbers are often reused it becomes easy to derive the remaining WEP key.

Answer: D
Explanation:
WEP is based on RC4, but due to errors in design and implementation, WEP is weak in a number of areas, two of which are the use of a static common key and poor implementation of initiation vectors (IVs). When the WEP key is discovered, the attacker can join the network and then listen in on all other wireless client communications.

QUESTION 75
Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?

A.    EAP-MD5
B.    WEP
C.    PEAP-MSCHAPv2
D.    EAP-TLS

Answer: C
Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards.

QUESTION 76
Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements?

A.    EAP-TLS
B.    EAP-FAST
C.    PEAP-CHAP
D.    PEAP-MSCHAPv2

Answer: D
Explanation:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards. Only servers running Network Policy Server (NPS) or PEAP-MS-CHAP v2 are required to have a certificate.

QUESTION 77
Which of the following means of wireless authentication is easily vulnerable to spoofing?

A.    MAC Filtering
B.    WPA – LEAP
C.    WPA – PEAP
D.    Enabled SSID

Answer: A
Explanation:
Each network interface on your computer or any other networked device has a unique MAC address. These MAC addresses are assigned in the factory, but you can easily change, or “spoof,” MAC addresses in software.
Networks can use MAC address filtering, only allowing devices with specific MAC addresses to connect to a network. This isn’t a great security tool because people can spoof their MAC addresses.

QUESTION 78
Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect.
Which of the following is MOST likely the reason?

A.    The company wireless is using a MAC filter.
B.    The company wireless has SSID broadcast disabled.
C.    The company wireless is using WEP.
D.    The company wireless is using WPA2.

Answer: A
Explanation:
MAC filtering allows you to include or exclude computers and devices based on their MAC address.

QUESTION 79
After entering the following information into a SOHO wireless router, a mobile device’s user reports being unable to connect to the network:
PERMIT 0A: D1: FA. B1: 03: 37
DENY 01: 33: 7F: AB: 10: AB
Which of the following is preventing the device from connecting?

A.    WPA2-PSK requires a supplicant on the mobile device.
B.    Hardware address filtering is blocking the device.
C.    TCP/IP Port filtering has been implemented on the SOHO router.
D.    IP address filtering has disabled the device from connecting.

Answer: B
Explanation:
MAC filtering allows you to include or exclude computers and devices based on their MAC address.

QUESTION 80
A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up.
Which of the following BEST allows the analyst to restrict user access to approved devices?

A.    Antenna placement
B.    Power level adjustment
C.    Disable SSID broadcasting
D.    MAC filtering

Answer: D
Explanation:
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.


!!!RECOMMEND!!!

1.|2016/08 SY0-401 PDF Dumps & VCE Dumps 1867Q&As Download:

http://www.braindump2go.com/sy0-401.html

 

2.|2016/08 SY0-401 Questions & Answers:

 https://drive.google.com/folderview?id=0B75b5xYLjSSNTldvc1ZkQlNUc0k&usp=sharing

         

Categories CompTIA Exam/SY0-401 Dumps/SY0-401 Exam Questions/SY0-401 PDF/SY0-401 VCE

Post Author: mavis

Categories

Archives

Cisco Exam Dumps Download

200-301 PDF and VCE Dumps

200-901 PDF and VCE Dumps

350-901 PDF and VCE Dumps

300-910 PDF and VCE Dumps

300-915 PDF and VCE Dumps

300-920 PDF and VCE Dumps

350-401 PDF and VCE Dumps

300-410 PDF and VCE Dumps

300-415 PDF and VCE Dumps

300-420 PDF and VCE Dumps

300-425 PDF and VCE Dumps

300-430 PDF and VCE Dumps

300-435 PDF and VCE Dumps

350-401 PDF and VCE Dumps

350-401 PDF and VCE Dumps

350-801 PDF and VCE Dumps

300-810 PDF and VCE Dumps

300-815 PDF and VCE Dumps

300-820 PDF and VCE Dumps

300-835 PDF and VCE Dumps

350-801 PDF and VCE Dumps

200-201 PDF and VCE Dumps

350-601 PDF and VCE Dumps

300-610 PDF and VCE Dumps

300-615 PDF and VCE Dumps

300-620 PDF and VCE Dumps

300-625 PDF and VCE Dumps

300-635 PDF and VCE Dumps

600-660 PDF and VCE Dumps

350-601 PDF and VCE Dumps

352-001 PDF and VCE Dumps

350-701 PDF and VCE Dumps

300-710 PDF and VCE Dumps

300-715 PDF and VCE Dumps

300-720 PDF and VCE Dumps

300-725 PDF and VCE Dumps

300-730 PDF and VCE Dumps

300-735 PDF and VCE Dumps

350-701 PDF and VCE Dumps

350-501 PDF and VCE Dumps

300-510 PDF and VCE Dumps

300-515 PDF and VCE Dumps

300-535 PDF and VCE Dumps

350-501 PDF and VCE Dumps

010-151 PDF and VCE Dumps

100-490 PDF and VCE Dumps

810-440 PDF and VCE Dumps

820-445 PDF and VCE Dumps

840-450 PDF and VCE Dumps

820-605 PDF and VCE Dumps

700-805 PDF and VCE Dumps

700-070 PDF and VCE Dumps

600-455 PDF and VCE Dumps

600-460 PDF and VCE Dumps

500-173 PDF and VCE Dumps

500-174 PDF and VCE Dumps

200-401 PDF and VCE Dumps

644-906 PDF and VCE Dumps

600-211 PDF and VCE Dumps

600-212 PDF and VCE Dumps

600-210 PDF and VCE Dumps

600-212 PDF and VCE Dumps

700-680 PDF and VCE Dumps

500-275 PDF and VCE Dumps

500-285 PDF and VCE Dumps

600-455 PDF and VCE Dumps

600-460 PDF and VCE Dumps

Microsoft Exams Will Be Retired

AZ-103(retiring August 31, 2020)

AZ-203(retiring August 31, 2020)

AZ-300(retiring August 31, 2020)

AZ-301(retiring August 31, 2020)

77-419(retiring June 30, 2020)

70-333(retiring January 31, 2021)

70-334(retiring January 31, 2021)

70-339(retiring January 31, 2021)

70-345(retiring January 31, 2021)

70-357(retiring January 31, 2021)

70-410(retiring January 31, 2021)

70-411(retiring January 31, 2021)

70-412(retiring January 31, 2021)

70-413(retiring January 31, 2021)

70-414(retiring January 31, 2021)

70-417(retiring January 31, 2021)

70-461(retiring January 31, 2021)

70-462(retiring January 31, 2021)

70-463(retiring January 31, 2021)

70-464(retiring January 31, 2021)

70-465(retiring January 31, 2021)

70-466(retiring January 31, 2021)

70-467(retiring January 31, 2021)

70-480(retiring January 31, 2021)

70-483(retiring January 31, 2021)

70-486(retiring January 31, 2021)

70-487(retiring January 31, 2021)

70-537(retiring January 31, 2021)

70-705(retiring January 31, 2021)

70-740(retiring January 31, 2021)

70-741(retiring January 31, 2021)

70-742(retiring January 31, 2021)

70-743(retiring January 31, 2021)

70-744(retiring January 31, 2021)

70-745(retiring January 31, 2021)

70-761(retiring January 31, 2021)

70-762(retiring January 31, 2021)

70-764(retiring January 31, 2021)

70-765(retiring January 31, 2021)

70-767(retiring January 31, 2021)

70-768(retiring January 31, 2021)

70-777(retiring January 31, 2021)

70-778(retiring January 31, 2021)

70-779(retiring January 31, 2021)

MB2-716(retiring January 31, 2021)

MB6-894(retiring January 31, 2021)

MB6-897(retiring January 31, 2021)

MB6-898(retiring January 31, 2021)