web analytics

100% Pass IT Exam By Training Lead2pass New VCE And PDF Dumps

100% Pass Lead2pass Practice Test Free Version

100% New Updated SY0-501 New Questions Lead2pass Helps Pass SY0-501 Exam Successfully:

https://www.lead2pass.com/sy0-501.html

QUESTION 31
Which of the following characteristics differentiate a rainbow table attack from a brute force attack? (Select TWO).

A.    Rainbow table attacks greatly reduce compute cycles at attack time.
B.    Rainbow tables must include precompiled hashes.
C.    Rainbow table attacks do not require access to hashed passwords.
D.    Rainbow table attacks must be performed on the network.
E.    Rainbow table attacks bypass maximum failed login restrictions.

Answer: BE

QUESTION 32
Which of the following BEST describes a routine in which semicolons, dashes, quotes, and commas are removed from a string?

A.    Error handling to protect against program exploitation
B.    Exception handling to protect against XSRF attacks
C.    Input validation to protect against SQL injection
D.    Padding to protect against string buffer overflows

Answer: C

QUESTION 33
Which of the following is an important step to take BEFORE moving any installation packages from a test environment to production?

A.    Roll back changes in the test environment
B.    Verify the hashes of files
C.    Archive and compress the files
D.     Update the secure baseline

Answer: A

QUESTION 34
Which of the following cryptographic attacks would salting of passwords render ineffective?

A.    Brute force
B.    Dictionary
C.    Rainbow tables
D.     Birthday

Answer: B

QUESTION 35
A network administrator wants to implement a method of securing internal routing.
Which of the following should the administrator implement?

A.    DMZ
B.    NAT
C.    VPN
D.    PAT

Answer: C

QUESTION 36
Which of the following types of keys is found in a key escrow?

A.    Public
B.    Private
C.    Shared
D.    Session

Answer: D

QUESTION 37
A senior incident response manager receives a call about some external IPs communicating with internal computers during off hours. Which of the following types of malware is MOST likely causing this issue?

A.    Botnet
B.    Ransomware
C.    Polymorphic malware
D.    Armored virus

Answer: A

QUESTION 38
A company is currently using the following configuration:

* IAS server with certificate-based EAP-PEAP and MSCHAP
* Unencrypted authentication via PAP

A security administrator needs to configure a new wireless setup with the following configurations:

* PAP authentication method
* PEAP and EAP provide two-factor authentication

Which of the following forms of authentication are being used? (Select TWO).

A.    PAP
B.    PEAP
C.    MSCHAP
D.    PEAP-MSCHAP
E.    EAP
F.    EAP-PEAP

Answer: AF

QUESTION 39
A security administrator is trying to encrypt communication. For which of the following reasons should administrator take advantage of the Subject Alternative Name (SAM) attribute of a certificate?

A.    It can protect multiple domains
B.    It provides extended site validation
C.    It does not require a trusted certificate authority
D.    It protects unlimited subdomains

Answer: B

QUESTION 40
After a merger between two companies a security analyst has been asked to ensure that the organization’s systems are secured against infiltration by any former employees that were terminated during the transition.
Which of the following actions are MOST appropriate to harden applications against infiltration by former employees? (Select TWO)

A.    Monitor VPN client access
B.    Reduce failed login out settings
C.    Develop and implement updated access control policies
D.    Review and address invalid login attempts
E.    Increase password complexity requirements
F.    Assess and eliminate inactive accounts

Answer: CF

SY0-501 dumps full version (PDF&VCE): https://www.lead2pass.com/sy0-501.html

Large amount of free SY0-501 exam questions on Google Drive: https://drive.google.com/open?id=1Hm6GQHDVOsEnyhNf3EHqIGEtor5IUsfu

You may also need:

SY0-401 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDLXZsWm9MWmh0a0E

April 18th, 2018

Posted In: CompTIA, SY0-501 Dumps, SY0-501 Exam Questions, SY0-501 New Questions, SY0-501 PDF, SY0-501 VCE

Tags: , , , , , , ,

New Released Exam SY0-401 PDF Free From the Lead2pass:

https://www.lead2pass.com/sy0-401.html

QUESTION 21
The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?

A.    Implicit deny
B.    VLAN management
C.    Port security
D.    Access control lists (more…)

April 18th, 2018

Posted In: CompTIA, SY0-401 Dumps, SY0-401 Exam Questions, SY0-401 New Questions, SY0-401 PDF, SY0-401 VCE

Tags: , , , , , , ,

Lead2pass PK0-004 Exam Dumps New Updated By CompTIA Official Exam Center:

https://www.lead2pass.com/pk0-004.html

QUESTION 21
Which of the following is a definition of an RFP?

A.    A document sent to potential vendors to solicit a bid for a project
B.    A document sent to potential vendors to request information for skills and experience for a project
C.    A document sent to potential vendors to request a commitment for a project
D.    A document sent to potential vendors to solicit information that excludes pricing information for a project (more…)

April 18th, 2018

Posted In: CompTIA, PK0-004 Dumps, PK0-004 Exam Questions, PK0-004 New Questions, PK0-004 PDF, PK0-004 VCE

Tags: , , , , , , ,

Lead2pass N10-006 Exam Dumps New Updated By CompTIA Official Exam Center:

https://www.lead2pass.com/n10-006.html

QUESTION 21
A technician wants to separate networks on a switch. Which of the following should be configured to allow this?

A.    VLAN
B.    Trunking
C.    Spanning tree
D.    Traffic filtering

(more…)

April 17th, 2018

Posted In: CompTIA, N10-006 Dumps, N10-006 Exam Questions, N10-006 New Questions, N10-006 PDF, N10-006 VCE

Tags: , , , , , , ,

Lead2pass New Updated CS0-001 Braindump Free Get:

https://www.lead2pass.com/cs0-001.html

QUESTION 21
Review the following results:

211

Which of the following has occurred?

A.    This is normal network traffic.
B.    123.120.110.212 is infected with a Trojan.
C.    172.29.0.109 is infected with a worm.
D.    172.29.0.109 is infected with a Trojan.

Answer: A

QUESTION 22
A security analyst is creating baseline system images to remediate vulnerabilities found in different operating systems. Each image needs to be scanned before it is deployed.
The security analyst must ensure the configurations match industry standard benchmarks and the process can be repeated frequently.
Which of the following vulnerability options would BEST create the process requirements?

A.    Utilizing an operating system SCAP plugin
B.    Utilizing an authorized credential scan
C.    Utilizing a non-credential scan
D.    Utilizing a known malware plugin

Answer: A

QUESTION 23
A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied?

A.    TCP
B.    SMTP
C.    ICMP
D.    ARP

Answer: C

QUESTION 24
An analyst wants to use a command line tool to identify open ports and running services on a host along with the application that is associated with those services and port.
Which of the following should the analyst use?

A.    Wireshark
B.    Qualys
C.    netstat
D.    nmap
E.    ping

Answer: C

QUESTION 25
In order to meet regulatory compliance objectives for the storage of PHI, vulnerability scans must be conducted on a continuous basis.
The last completed scan of the network returned 5,682 possible vulnerabilities.
The Chief Information Officer (CIO) would like to establish a remediation plan to resolve all known issues.
Which of the following is the BEST way to proceed?

A.    Attempt to identify all false positives and exceptions, and then resolve all remaining items.
B.    Hold off on additional scanning until the current list of vulnerabilities have been resolved.
C.    Place assets that handle PHI in a sandbox environment, and then resolve all vulnerabilities.
D.    Reduce the scan to items identified as critical in the asset inventory, and resolve these issues first.

Answer: D

QUESTION 26
An administrator has been investigating the way in which an actor had been exfiltrating confidential data from a web server to a foreign host.
After a thorough forensic review, the administrator determined the server’s BIOS had been modified by rootkit installation.
After removing the rootkit and flashing the BIOS to a known good state, which of the following would BEST protect against future adversary access to the BIOS, in case another rootkit is installed?

A.    Anti-malware application
B.    Host-based IDS
C.    TPM data sealing
D.    File integrity monitoring

Answer: C

QUESTION 27
A security analyst is reviewing the following log after enabling key-based authentication.
271

Given the above information, which of the following steps should be performed NEXT to secure the system?

A.    Disable anonymous SSH logins.
B.    Disable password authentication for SSH.
C.    Disable SSHv1.
D.    Disable remote root SSH logins.

Answer: B

QUESTION 28
A cybersecurity analyst has received a report that multiple systems are experiencing slowness as a result of a DDoS attack.
Which of the following would be the BEST action for the cybersecurity analyst to perform?

A.    Continue monitoring critical systems.
B.    Shut down all server interfaces.
C.    Inform management of the incident.
D.    Inform users regarding the affected systems.

Answer: C

QUESTION 29
A security professional is analyzing the results of a network utilization report. The report includes the following information:

291

Which of the following servers needs further investigation?

A.    hr.dbprod.01
B.    R&D.file.srvr.01
C.    mrktg.file.srvr.02
D.    web.srvr.03

Answer: B

QUESTION 30
A cybersecurity analyst has several SIEM event logs to review for possible APT activity.
The analyst was given several items that include lists of indicators for both IP addresses and domains.
Which of the following actions is the BEST approach for the analyst to perform?

A.    Use the IP addresses to search through the event logs.
B.    Analyze the trends of the events while manually reviewing to see if any of the indicators match.
C.    Create an advanced query that includes all of the indicators, and review any of the matches.
D.    Scan for vulnerabilities with exploits known to have been used by an APT.

Answer: B

CS0-001 dumps full version (PDF&VCE): https://www.lead2pass.com/cs0-001.html

Large amount of free CS0-001 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDSG1XT3dzV0xVbDQ

April 16th, 2018

Posted In: CompTIA, CS0-001 Dumps, CS0-001 Exam Questions, CS0-001 New Questions, CS0-001 PDF, CS0-001 VCE

Tags: , , , , , , ,

Free Download Lead2pass CompTIA CAS-002 VCE And PDF Dumps:

https://www.lead2pass.com/cas-002.html

QUESTION 21
A company is developing a new web application for its Internet users and is following a secure coding methodology.
Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present?

A.    Conduct web server load tests.
B.    Conduct static code analysis.
C.    Conduct fuzzing attacks.
D.    Conduct SQL injection and XSS attacks.

(more…)

April 16th, 2018

Posted In: CAS-002 Dumps, CAS-002 Exam Questions, CAS-002 New Questions, CAS-002 PDF, CAS-002 VCE, CompTIA

Tags: , , , , , , ,

Lead2pass Latest CV0-001 Free Dumps Guarantee CV0-001 Certification Exam 100% Success.v.2018-4-2.730q:

https://www.lead2pass.com/cv0-001.html

QUESTION 409
Engineers are preparing to move guests to new compute and storage infrastructure. Basic network and SAN connectivity have been established. Which of the following options are valid NEXT steps to prepare for guest migration to the new infrastructure? (Select two.)

A.    Tag the live migration VLAN on the trunk to the new servers
B.    Correctly size and provision NFS LUNs on the new storage
C.    Zone HBAs
D.    Prep mirror VMs on new hosts for data migration
E.    Tag the SAN trunks with the correct guest network VLANs

(more…)

April 3rd, 2018

Posted In: CompTIA, CV0-001 Dumps, CV0-001 Exam Questions, CV0-001 New Questions, CV0-001 PDF, CV0-001 VCE

Tags: , , , , , , ,

100% Free Lead2pass 220-902 New Questions Download:

https://www.lead2pass.com/220-902.html

QUESTION 21
Which of the following features allows for easier navigation of long lists on a tablet device?

A.    Pinch-zoom
B.    Multitouch
C.    Scrollbars
D.    Touch flow

Answer: D
Explanation:
http://gigaom.com/2010/03/08/touchscreen-tablets/

QUESTION 22
Which of the following file system types is used primarily for optical media?

A.    FAT32
B.    NTFS
C.    HPFS
D.    CDFS

Answer: D
Explanation:
http://www.computerhope.com/jargon/c/cdfs.htm

QUESTION 23
When moving files from a Microsoft gaming console, which of the following command line utilities is recommended to transfer files?

A.    IMAP
B.    XCOPY
C.    DISKPART
D.    FDISK

Answer: B
Explanation:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/xcopy.mspx?mfr=true

QUESTION 24
Which of the following should a technician implement to prevent external contractors from physically plugging devices into the company’s network jacks unless such jacks are designated for guest use?

A.    Disable DHCP and assign a static IP address to each network device physically connected to the network.
B.    Enable MAC address filtering across all network jacks and record the MAC address of guest devices.
C.    Disable all switch ports when they are not utilized and enable them on an as needed basis.
D.    Place guest network jacks in public areas and all other jacks in secure areas as needed.

Answer: C
Explanation:
The best way is to disable all switch ports when they are not utilized. Switch them on when you need them. This way, you can prevent external contractors from physically plugging devices in to company’s network jacks.

QUESTION 25
After installing a new printer the organization determines that there are problems printing images and very large files. Which of the following will MOST likely resolve the issue?

A.    Update the drivers using WHQL drivers
B.    Install additional memory to each computer
C.    Install additional memory to the printer
D.    Apply the latest OS service pack

Answer: C
Explanation:
http://www.ehow.com/how_6875286_install-printer-memory.html

QUESTION 26
Which of the following command line tools will terminate a non-system process without restarting the computer?

A.    Shutdown
B.    Kill
C.    Erase
D.    Break

Answer: B
Explanation:
http://www.tech-recipes.com/rx/446/xp_kill_windows_process_command_line_taskkill/

QUESTION 27
After accidentally removing a hard drive from a server with three drives in a RAID 5 configuration, a technician notices the server locks up and shuts down. Which of the following can the technician do to quickly fix the problem?

A.    Replace the RAID controller and boot.
B.    Reinsert the drive and boot.
C.    Plug the drive back in, the system will resume automatically.
D.    Remove all drives and rebuild the array.

Answer: B
Explanation:
Just reinsert the drive and boot the computer. The computer will start since it is a RAID 5 configuration.

QUESTION 28
A customer calls an IT consultant to explain an issue they are having with their Windows 7 Professional PC. Windows Update attempts to install patches upon each startup but fails on the same single update. The customer has attempted to re-run Windows Update from Control Panel but the issue remains. Which of the following courses of action would BEST resolve the problem?

A.    Running a full DEFRAG on the system
B.    Clearing the AppData temp folder entirely
C.    Clearing the Windows Update download cache entirely
D.    Uninstalling the Windows Update feature in Windows 7 and reinstalling it directly from the Microsoft website

Answer: C
Explanation:
http://larsjoergensen.net/windows/windows-7/how-to-clear-the-windows-update-download-cache-in-windows-7

QUESTION 29
A user reports that their wireless connectivity is being spotty. The issue seems to interrupt their wireless signal connection when the laptop screen is tilted forward or backward during operation. When this happens, the entire wireless signal drops out until the screen is left in position for a
good minute or so. Which of the following MOST likely explains what is happening?

A.    The hinges on the laptop screen are not strong enough to support the wireless signal cables.
B.    The wireless card is losing contact to its socket when the screen is opening/closing.
C.    The laptop is designed to work optimally with wireless when the screen is at a perfect 90 degree angle.
D.    The wireless signal cables are being crimped when the screen is opening/closing.

Answer: D
Explanation:
http://compnetworking.about.com/od/wirelessfaqs/f/wifilaptoprange.htm

QUESTION 30
A user states that they cannot connect to the network or the Internet. The technician determines the issue is that the computer has a static IP address and needs to use DHCP to work correctly. The technician sets the NIC to automatically assign an IP address. Which of the following should the technician perform NEXT?

A.    Identify the type of network card and what Operating System the computer is running
B.    Confirm the computer is back on the network and has Internet connectivity
C.    They need to annotate what the static IP address was and inform the employee’s manager
D.    They need to determine why the NIC was assigned a static IP address

Answer: B
Explanation:
http://technet.microsoft.com/en-us/library/dd183692(v=ws.10).aspx

220-902 dumps full version (PDF&VCE): https://www.lead2pass.com/220-902.html

Large amount of free 220-902 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDMU1VNVhHQ08xR1E

You may also need:

220-901 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDb0M0dHJiMS1ZZXM

April 2nd, 2018

Posted In: 220-902 Dumps, 220-902 Exam Questions, 220-902 New Questions, 220-902 PDF, 220-902 VCE, CompTIA

Tags: , , , , , , ,

220-901 Latest Dumps Free Download From Lead2pass:

https://www.lead2pass.com/220-901.html

QUESTION 21
Which of the following memory types has 184 pins?

A.    DDR3
B.    DDR
C.    SDRAM
D.    DDR2 (more…)

April 2nd, 2018

Posted In: 220-901 Dumps, 220-901 Exam Questions, 220-901 New Questions, 220-901 PDF, 220-901 VCE, CompTIA

Tags: , , , , , , ,

Free Share SY0-501 PDF Dumps With Lead2pass Updated Exam Questions.v.2018-3-19.250q:

https://www.lead2pass.com/sy0-501.html

QUESTION 211
A penetration tester finds that a company’s login credentials for the email client were client being sent in clear text. Which of the following should be done to provide encrypted logins to the email server?

A.    Enable IPSec and configure SMTP.
B.    Enable SSH and LDAP credentials.
C.    Enable MIME services and POP3.
D.    Enable an SSL certificate for IMAP services.

(more…)

March 20th, 2018

Posted In: CompTIA, SY0-501 Dumps, SY0-501 Exam Questions, SY0-501 New Questions, SY0-501 PDF, SY0-501 VCE

Tags: , , , , , , ,

Free Share SY0-501 PDF Dumps With Lead2pass Updated Exam Questions.v.2018-3-19.250q:

https://www.lead2pass.com/sy0-501.html

QUESTION 201
Which of the following must be intact for evidence to be admissible in court?

A.    Chain of custody
B.    Order of violation
C.    Legal hold
D.    Preservation

Answer: A

QUESTION 202
A vulnerability scanner that uses its running service’s access level to better assess vulnerabilities across multiple assets within an organization is performing a:

A.    Credentialed scan.
B.    Non-intrusive scan.
C.    Privilege escalation test.
D.    Passive scan.

Answer: A

QUESTION 203
Which of the following cryptography algorithms will produce a fixed-length, irreversible output?

A.    AES
B.    3DES
C.    RSA
D.    MD5

Answer: D

QUESTION 204
A technician suspects that a system has been compromised. The technician reviews the following log entry:

WARNING- hash mismatch: C:\Window\SysWOW64\user32.dll
WARNING- hash mismatch: C:\Window\SysWOW64\kernel32.dll

Based solely ono the above information, which of the following types of malware is MOST likely installed on the system?

A.    Rootkit
B.    Ransomware
C.    Trojan
D.    Backdoor

Answer: A

QUESTION 205
A new firewall has been places into service at an organization. However, a configuration has not been entered on the firewall. Employees on the network segment covered by the new firewall report they are unable to access the network. Which of the following steps should be completed to BEST resolve the issue?

A.    The firewall should be configured to prevent user traffic form matching the implicit deny rule.
B.    The firewall should be configured with access lists to allow inbound and outbound traffic.
C.    The firewall should be configured with port security to allow traffic.
D.    The firewall should be configured to include an explicit deny rule.

Answer: A

QUESTION 206
A security analyst is testing both Windows and Linux systems for unauthorized DNS zone transfers within a LAN on comptia.org from example.org.
Which of the following commands should the security analyst use? (Select two.)

A.    nslookup
comptia.org
set type=ANY
ls-d example.org
B.    nslookup
comptia.org
set type=MX
example.org
C.    dig -axfr comptia.org@example.org
D.    ipconfig/flushDNS
E.    ifconfig eth0 down
ifconfig eth0 up
dhclient renew
F.    dig@example.org comptia.org

Answer: AC

QUESTION 207
Which of the following are the MAIN reasons why a systems administrator would install security patches in a staging environment before the patches are applied to the production server? (Select two.)

A.    To prevent server availability issues
B.    To verify the appropriate patch is being installed
C.    To generate a new baseline hash after patching
D.    To allow users to test functionality
E.    To ensure users are trained on new functionality

Answer: AD

QUESTION 208
A Chief Information Officer (CIO) drafts an agreement between the organization and its employees. The agreement outlines ramifications for releasing information without consent and/for approvals. Which of the following BEST describes this type of agreement?

A.    ISA
B.    NDA
C.    MOU
D.    SLA

Answer: B

QUESTION 209
Which of the following would meet the requirements for multifactor authentication?

A.    Username, PIN, and employee ID number
B.    Fingerprint and password
C.    Smart card and hardware token
D.    Voice recognition and retina scan

Answer: B

QUESTION 210
A manager suspects that an IT employee with elevated database access may be knowingly modifying financial transactions for the benefit of a competitor. Which of the following practices should the manager implement to validate the concern?

A.    Separation of duties
B.    Mandatory vacations
C.    Background checks
D.    Security awareness training

Answer: A

SY0-501 dumps full version (PDF&VCE): https://www.lead2pass.com/sy0-501.html

Large amount of free SY0-501 exam questions on Google Drive: https://drive.google.com/open?id=1Hm6GQHDVOsEnyhNf3EHqIGEtor5IUsfu

You may also need:

SY0-401 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDLXZsWm9MWmh0a0E

March 20th, 2018

Posted In: CompTIA, SY0-501 Dumps, SY0-501 Exam Questions, SY0-501 New Questions, SY0-501 PDF, SY0-501 VCE

Tags: , , , , , , ,

Free Share SY0-501 PDF Dumps With Lead2pass Updated Exam Questions.v.2018-3-19.250q:

https://www.lead2pass.com/sy0-501.html

QUESTION 183
A system administrator wants to provide balance between the security of a wireless network and usability. The administrator is concerned with wireless encryption compatibility of older devices used by some employees. Which of the following would provide strong security and backward compatibility when accessing the wireless network?

A.    Open wireless network and SSL VPN
B.    WPA using a preshared key
C.    WPA2 using a RADIUS back-end for 802.1x authentication
D.    WEP with a 40-bit key (more…)

March 19th, 2018

Posted In: CompTIA, SY0-501 Dumps, SY0-501 Exam Questions, SY0-501 New Questions, SY0-501 PDF, SY0-501 VCE

Tags: , , , , , , ,

Lead2pass Latest CompTIA SY0-501 Exam Questions Free Downloading:

https://www.lead2pass.com/sy0-501.html

QUESTION 31
Which of the following characteristics differentiate a rainbow table attack from a brute force attack? (Select TWO).

A.    Rainbow table attacks greatly reduce compute cycles at attack time.
B.    Rainbow tables must include precompiled hashes.
C.    Rainbow table attacks do not require access to hashed passwords.
D.    Rainbow table attacks must be performed on the network.
E.    Rainbow table attacks bypass maximum failed login restrictions.

(more…)

March 9th, 2018

Posted In: CompTIA, SY0-501 Dumps, SY0-501 Exam Questions, SY0-501 New Questions, SY0-501 PDF, SY0-501 VCE

Tags: , , , , , , ,

Lead2pass 2018 New CompTIA SY0-401 Braindump Free Download:

https://www.lead2pass.com/sy0-401.html

QUESTION 11
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?

A.    Review past security incidents and their resolution
B.    Rewrite the existing security policy
C.    Implement an intrusion prevention system
D.    Install honey pot systems

Answer: C
Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it

QUESTION 12
A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration.
Which of the following should be implemented to secure the devices without risking availability?

A.    Host-based firewall
B.    IDS
C.    IPS
D.    Honeypot

Answer: B
Explanation:
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.
IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack’s content.

QUESTION 13
Lab Sim – Configure the Firewall
Task: Configure the firewall (fill out the table) to allow these four rules:

– Only allow the Accounting computer to have HTTPS access to the Administrative server.
– Only allow the HR computer to be able to communicate with the Server 2 System over SCP.
– Allow the IT computer to have access to both the Administrative Server 1 and Administrative Server 2

131
132

Answer:
Use the following answer for this simulation task.
Below table has all the answers required for this question.

133

Explanation:
Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule’s criteria:

Block the connection
Allow the connection
Allow the connection only if it is secured

TCP is responsible for providing a reliable, one-to-one, connection-oriented session.
TCP establishes a connection and ensures that the other end receives any packets sent.
Two hosts communicate packet results with each other. TCP also ensures that packets are decoded and sequenced properly. This connection is persistent during the session.
When the session ends, the connection is torn down.
UDP provides an unreliable connectionless communication method between hosts.
UDP is considered a best-effort protocol, but it’s considerably faster than TCP.
The sessions don’t establish a synchronized session like the kind used in TCP, and UDP doesn’t guarantee error-free communications.
The primary purpose of UDP is to send small packets of information.
The application is responsible for acknowledging the correct reception of the data.
Port 22 is used by both SSH and SCP with UDP.
Port 443 is used for secure web connections ?HTTPS and is a TCP port.
Thus to make sure only the Accounting computer has HTTPS access to the Administrative server you should use TCP port 443 and set the rule to allow communication between 10.4.255.10/24 (Accounting) and 10.4.255.101 (Administrative server1) Thus to make sure that only the HR computer has access to Server2 over SCP you need use of TCP port 22 and set the rule to allow communication between 10.4.255.10/23 (HR) and 10.4.255.2 (server2)
Thus to make sure that the IT computer can access both the Administrative servers you need to use a port and accompanying port number and set the rule to allow communication between:
10.4.255.10.25 (IT computer) and 10.4.255.101 (Administrative server1)
10.4.255.10.25 (IT computer) and 10.4.255.102 (Administrative server2)

QUESTION 14
Hotspot Question
The security administrator has installed a new firewall which implements an implicit DENY policy by default Click on the firewall and configure it to allow ONLY the following communication.

1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

141

142

Answer:

143

Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.
Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443.
Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22
Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.

QUESTION 15
Which of the following firewall rules only denies DNS zone transfers?

A.    deny udp any any port 53
B.    deny ip any any
C.    deny tcp any any port 53
D.    deny all dns packets

Answer: C
Explanation:
DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers.

QUESTION 16
A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic.
Which of the following would accomplish this task?

A.    Deny TCP port 68
B.    Deny TCP port 69
C.    Deny UDP port 68
D.    Deny UDP port 69

Answer: D
Explanation:
Trivial File Transfer Protocol (TFTP) is a simple file-exchange protocol that doesn’t require authentication. It operates on UDP port 69.

QUESTION 17
Sara, a security technician, has received notice that a vendor coming in for a presentation will require access to a server outside of the network. Currently, users are only able to access remote sites through a VPN connection. How could Sara BEST accommodate the vendor?

A.    Allow incoming IPSec traffic into the vendor’s IP address.
B.    Set up a VPN account for the vendor, allowing access to the remote site.
C.    Turn off the firewall while the vendor is in the office, allowing access to the remote site.
D.    Write a firewall rule to allow the vendor to have access to the remote site.

Answer: D
Explanation:
Firewall rules are used to define what traffic is able pass between the firewall and the internal network. Firewall rules block the connection, allow the connection, or allow the connection only if it is secured. Firewall rules can be applied to inbound traffic or outbound traffic and any type of network.

QUESTION 18
A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?

A.    Implement a virtual firewall
B.    Install HIPS on each VM
C.    Virtual switches with VLANs
D.    Develop a patch management guide

Answer: C
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments.

QUESTION 19
A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks.
Which of the following is MOST likely the reason for the sub-interfaces?

A.    The network uses the subnet of 255.255.255.128.
B.    The switch has several VLANs configured on it.
C.    The sub-interfaces are configured for VoIP traffic.
D.    The sub-interfaces each implement quality of service.

Answer: B
Explanation:
A subinterface is a division of one physical interface into multiple logical interfaces. Routers commonly employ subinterfaces for a variety of purposes, most common of these are for routing traffic between VLANs. Also, IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.

QUESTION 20
Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend?

A.    Create a VLAN for the SCADA
B.    Enable PKI for the MainFrame
C.    Implement patch management
D.    Implement stronger WPA2 Wireless

Answer: A
Explanation:
VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. This can be accomplished by not defining a route between different VLANs or by specifying a deny filter between certain VLANs (or certain members of a VLAN). Any network segment that doesn’t need to communicate with another in order to accomplish a work task/function shouldn’t be able to do so.

SY0-401 dumps full version (PDF&VCE): https://www.lead2pass.com/sy0-401.html

Large amount of free SY0-401 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDLXZsWm9MWmh0a0E

You may also need:

SY0-501 exam dumps: https://drive.google.com/open?id=1Hm6GQHDVOsEnyhNf3EHqIGEtor5IUsfu

March 9th, 2018

Posted In: CompTIA, SY0-401 Dumps, SY0-401 Exam Questions, SY0-401 New Questions, SY0-401 PDF, SY0-401 VCE

Tags: , , , , , , ,

Lead2pass CompTIA New Exam PK0-004 VCE Files Free Instant Download:

https://www.lead2pass.com/pk0-004.html

QUESTION 11
If a project sponsor wants to know the current status and progress of a project, which of the following is the BEST approach to find this information?

A.    The project sponsor should obtain the current status from team members, put it into a presentation, and present it to the project manager for review.
B.    The scheduler should obtain the current status from team members, apply it to the baseline of the schedule, and run a report
C.    The scheduler should obtain the current status from team members, update the project charter, project management plan, dashboard, and SOW; and then create a status report to provide to the project manager.
D.    The scheduler should obtain the current status from team members, update the risk register, and provide the information to the project champion for review

(more…)

March 8th, 2018

Posted In: CompTIA, PK0-004 Dumps, PK0-004 Exam Questions, PK0-004 New Questions, PK0-004 PDF, PK0-004 VCE

Tags: , , , , , , ,

100% Pass N10-006 Exam By Training Lead2pass New VCE And PDF Dumps:

https://www.lead2pass.com/n10-006.html

QUESTION 11
Which of the following properties of DHCP would a technician use to ensure an IP address is not leased out from the active scope?

A.    Reservations
B.    Lease times
C.    Removing IPs from the active leases
D.    Configuring the DNS options

(more…)

March 7th, 2018

Posted In: CompTIA, N10-006 Dumps, N10-006 Exam Questions, N10-006 New Questions, N10-006 PDF, N10-006 VCE

Tags: , , , , , , ,

Pages: 1 2 3 4 5 6 7 ... 9 10
Next Page »