CompTIA SY0-401 - CompTIA Security+ Certification Exam

Page:    1 / 356   
Total 1776 questions

A security architect wishes to implement a wireless network with connectivity to the companys internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?

  • A. Disabling SSID broadcasting
  • B. Implementing WPA2 - TKIP
  • C. Implementing WPA2 - CCMP
  • D. Filtering test workstations by MAC address


Answer : A

Explanation:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so its a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isnt for public use.

Ann, a technician, is attempting to establish a remote terminal session to an end users computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open?

  • A. 22
  • B. 139
  • C. 443
  • D. 3389


Answer : D

Explanation:
Remote Desktop Protocol (RDP) uses TCP port 3389.

Configuring the mode, encryption methods, and security associations are part of which of the following?

  • A. IPSec
  • B. Full disk encryption
  • C. 802.1x
  • D. PKI


Answer : A

Explanation:
IPSec can operate in tunnel mode or transport mode. It uses symmetric cryptography to provide encryption security. Furthermore, it makes use of Internet Security Association and
Key Management Protocol (ISAKMP).

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices.
Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees devices are connected?

  • A. VPN
  • B. VLAN
  • C. WPA2
  • D. MAC filtering


Answer : B

Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports?

  • A. 25
  • B. 53
  • C. 143
  • D. 443


Answer : D

Explanation:
HTTPS authenticates the website and corresponding web server with which one is communicating. HTTPS makes use of port 443.
Incorrect Options:
A: Port 25 is used by Simple Mail Transfer Protocol (SMTP) for routing e-mail between mail servers.
B: Port 53 is used by Domain Name System (DNS).
C: Port 143 is used by Internet Message Access Protocol (IMAP) for the management of email messages.
Reference:
https://en.wikipedia.org/wiki/HTTPS
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Page:    1 / 356   
Total 1776 questions