SY0-401 (v.4) 1

At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?

On Monday, all company employees report being unable to connect to the corporate wireless network, which uses 802.1x with PEAP. A technician verifies that no configuration changes were made to the wireless network and its supporting infrastructure, and that there are no outages. Which of the following is the MOST likely cause for this issue?

A company determines a need for additional protection from rogue devices plugging into physical ports around the building. Which of the following provides the highest degree of protection from unauthorized wired network access?

While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?

A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface. PERMIT TCP ANY ANY 80 PERMIT TCP ANY ANY 443 Which of the following rules would accomplish this task? (Select TWO).

Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL? PERMIT TCP ANY HOST 192.168.0.10 EQ 80 PERMIT TCP ANY HOST 192.168.0.10 EQ 443

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?

A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?

A Chief Information Security Officer (CISO) is tasked with outsourcing the analysis of security logs. These will need to still be reviewed on a regular basis to ensure the security of the company has not been breached. Which of the following cloud service options would support this requirement?

Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files?

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to integrate the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

Which of the following devices would MOST likely have a DMZ interface?

A security analyst needs to ensure all external traffic is able to access the company’s front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?

Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator’s request?

Which of the following BEST describes a demilitarized zone?

Which of the following would allow the organization to divide a Class C IP address range into several ranges?

Which of the following IP addresses would be hosts on the same subnet given the subnet mask 255.255.255.224? (Select TWO)

Which of the following would the security engineer set as the subnet mask for the servers below to utilize host addresses on separate broadcast domains? Server 1: 192.168.100.6 Server 2: 192.168.100.9 Server 3: 192.169.100.20

Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).

A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices. Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees’ devices are connected?

Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?

An administrator connects VoIP phones to the same switch as the network PCs and printers. Which of the following would provide the BEST logical separation of these three device types while still allowing traffic between them via ACL?

An administrator needs to segment internal traffic between layer 2 devices within the LAN. Which of the following types of network design elements would MOST likely be used?

Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department’s server, and the accounting department should not have access to the HR department’s server. The network is separated by switches. Which of the access to the HR department’s server. The network is separated by switches. Which of the department’s server and vice-versa?

According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?

Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10. DIAGRAM PC1 PC2 [192.168.1.30]——–[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]———[10.2.2.10] LOGS 10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN 10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK 10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK Given the above information, which of the following can be inferred about the above environment?

An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:

A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 22, 25, 445, 1433, 3128, 3389, 6667 Which of the following protocols was used to access the server remotely?