SY0-401 (v.4) 4

A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue?
HTTP
DHCP
DNS
NetBIOS
Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?
21
25
80
3389
A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO).
22
135
137
143
443
3389
Ann, a technician, is attempting to establish a remote terminal session to an end user’s computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open?
22
139
443
3389
Which of the following protocols operates at the HIGHEST level of the OSI model?
ICMP
IPSec
SCP
TCP
Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?
Implement WPA
Disable SSID
Adjust antenna placement
Implement WEP
A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?
IV attack
WEP cracking
WPA cracking
Rogue AP
Which of the following is a step in deploying a WPA2-Enterprise wireless network?
Install a token on the authentication server
Install a DHCP server on the authentication server
Install an encryption key on the authentication server
Install a digital certificate on the authentication server
A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption. Which of the following should be implemented?
WPA2-CCMP with 802.1X
WPA2-PSK
WPA2-CCMP
WPA2-Enterprise
Configuring key/value pairs on a RADIUS server is associated with deploying which of the following?
WPA2-Enterprise wireless network
DNS secondary zones
Digital certificates
Intrusion detection system
A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network. Which of the following should the administrator implement?
WPA2 over EAP-TTLS
WPA-PSK
WPA2 with WPS
WEP over EAP-PEAP
Which of the following BEST describes the weakness in WEP encryption?
The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.
The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.
The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.
The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.
Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?
EAP-MD5
WEP
PEAP-MSCHAPv2
EAP-TLS
Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements?
EAP-TLS
EAP-FAST
PEAP-CHAP
PEAP-MSCHAPv2
Which of the following wireless security technologies continuously supplies new keys for WEP?
TKIP
Mac filtering
WPA2
WPA
A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?
WPA2 CCMP
WPA
WPA with MAC filtering
WPA2 TKIP
An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?
WEP
CCMP
TKIP
RC4
A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?
Change the encryption from TKIP-based to CCMP-based.
Set all nearby access points to operate on the same channel.
Configure the access point to use WEP instead of WPA2.
Enable all access points to broadcast their SSIDs.
The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?
WEP
WPA2 CCMP
Disable SSID broadcast and increase power levels
MAC filtering
A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used?
RC4
DES
3DES
AES
Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point?
Placement of antenna
Disabling the SSID
Implementing WPA2
Enabling the MAC filtering
A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).
Antenna placement
Interference
Use WEP
Single Sign on
Power levels
Disable the SSID
Which of the following would Pete, a security administrator, do to limit a wireless signal from penetrating the exterior walls?
Implement TKIP encryption
Consider antenna placement
Disable the SSID broadcast
Disable WPA
Ann, a security administrator, has concerns regarding her company’s wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be. Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current functionality for clients?
Enable MAC filtering on the wireless access point.
Configure WPA2 encryption on the wireless access point.
Lower the antenna’s broadcasting power.
Disable SSID broadcasting.
After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?
Reduce the power level of the AP on the network segment
Implement MAC filtering on the AP of the affected segment
Perform a site survey to see what has changed on the segment
Change the WPA2 encryption key of the AP in the affected segment
An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation?
Dipole
Yagi
Sector
Omni
A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?
The old APs use 802.11a
Users did not enter the MAC of the new APs
The new APs use MIMO
A site survey was not conducted
A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner?
Kill all system processes
Enable the firewall
Boot from CD/USB
Disable the network connection
company administrator has a firewall with an outside interface connected to the Internet and an inside interface connected to the corporate network. Which of the following should the administrator configure to redirect traffic destined for the default HTTP port on the outside interface to an internal server listening on port 8080?
Create a dynamic PAT from port 80 on the outside interface to the internal interface on port 8080
Create a dynamic NAT from port 8080 on the outside interface to the server IP address on port 80
Create a static PAT from port 80 on the outside interface to the internal interface on port 8080
Create a static PAT from port 8080 on the outside interface to the server IP address on port 80
An overseas branch office within a company has many more technical and non-technical security incidents than other parts of the company. Which of the following management controls should be introduced to the branch office to improve their state of security?
Initial baseline configuration snapshots
Firewall, IPS and network segmentation
Event log analysis and incident response
Continuous security monitoring processes
Which of the following is a directional antenna that can be used in point-to-point or point-to-multipoint WiFi communication systems? (Select TWO).
Backfire
Dipole
Omni
PTZ
Dish
Which of the following would be MOST appropriate to secure an existing SCADA system by preventing connections from unauthorized networks?
Preventing connections from unauthorized networks?
Implement a Layer 2 switch to access the SCADA system
Implement a firewall to protect the SCADA system
Implement a NIDS to protect the SCADA system
The common method of breaking larger network address space into smaller networks is known as:
Subnetting.
Phishing.
Virtualization.
Packet filtering.
While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).
20
21
22
68
69
An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?
Use a stateful firewall
Enable MAC filtering
Upgrade to WPA2 encryption
Force the WAP to use channel 1
{"name":"SY0-401 (v.4) 4", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue?, Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?, A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO).","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
Powered by: Quiz Maker