SY0-401 (v.4) 50-100

A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?

A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?

Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files?

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

Which of the following devices would MOST likely have a DMZ interface?

A security analyst needs to ensure all external traffic is able to access the company’s front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?

Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator’s request?

Which of the following BEST describes a demilitarized zone?

Which of the following would allow the organization to divide a Class C IP address range into several ranges?

Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO).

Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains? Server 1: 192.168.100.6 Server 2: 192.168.100.9 Server 3: 192.169.100.20

Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected?

Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?

An administrator connects VoIP phones to the same switch as the network PCs and printers. Which of the following would provide the BEST logical separation of these three device types while still allowing traffic between them via ACL?

An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used?

Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department’s server, and the accounting department should not have access to the HR department’s server. The network is separated by switches. Which of the following is designed to keep the HR department users from accessing the accounting department’s server and vice-versa?

According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?

Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10. DIAGRAM PC1 PC2 [192.168.1.30]——–[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]———[10.2.2.10] LOGS 10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN 10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK 10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK Given the above information, which of the following can be inferred about the above environment?

An IT director is looking to reduce the footprint of their company’s server environment. They have decided to move several internally developed software applications to an alternate environment, supported by an external company. Which of the following BEST describes this arrangement?

Which of the following offerings typically allows the customer to apply operating system patches?

Which of the following technologies can store multi-tenant data with different security requirements?

Multi-tenancy is a concept found in which of the following?

Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks?

Configuring the mode, encryption methods, and security associations are part of which of the following?