CompTIA Academic/E2C Security+ Certification Exam Voucher Only v10.0

Page:    1 / 67   
Total 993 questions Expand All

A company has recently implemented a high density wireless system by having a junior
technician install two new access points for every access point already deployed. Users are
now reporting random wireless disconnections and slow network connectivity. Which of the
following is the MOST likely cause?

  • A. The old APs use 802.11a
  • B. Users did not enter the MAC of the new APs
  • C. The new APs use MIMO
  • D. A site survey was not conducted


Answer : D

Explanation: To test the wireless AP placement, a site survey should be performed.

Question discussion

Pete, a security administrator, is informed that people from the HR department should not
have access to the accounting departments server, and the accounting department should
not have access to the HR departments server. The network is separated by switches.
Which of the following is designed to keep the HR department users from accessing the
accounting departments server and vice-versa?

  • A. ACLs
  • B. VLANs
  • C. DMZs
  • D. NATS


Answer : B

Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Question discussion

An administrator needs to segment internal traffic between layer 2 devices within the LAN.
Which of the following types of network design elements would MOST likely be used?

  • A. Routing
  • B. DMZ
  • C. VLAN
  • D. NAT


Answer : C

Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Question discussion

An administrator wishes to hide the network addresses of an internal network when
connecting to the Internet. The MOST effective way to mask the network address of the
users would be by passing the traffic through a:

  • A. stateful firewall
  • B. packet-filtering firewall
  • C. NIPS
  • D. NAT


Answer : D

Explanation: NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal systems request.

Question discussion

Which of the following IP addresses would be hosts on the same subnet given the subnet
mask 255.255.255.224? (Select TWO).

  • A. 10.4.4.125
  • B. 10.4.4.158
  • C. 10.4.4.165
  • D. 10.4.4.189
  • E. 10.4.4.199


Answer : C,D

Explanation: With the given subnet mask, a maximum number of 30 hosts between IP addresses 10.4.4.161 and 10.4.4.190 are allowed. Therefore, option C and D would be hosts on the same subnet, and the other options would not. References: http://www.subnetonline.com/pages/subnet-calculators/ip-subnet-calculator.php

Question discussion

A technician is unable to manage a remote server. Which of the following ports should be
opened on the firewall for remote server management? (Select TWO).

  • A. 22
  • B. 135
  • C. 137
  • D. 143
  • E. 443
  • F. 3389


Answer : A,F

Explanation: A secure remote administration solution and Remote Desktop protocol is required. Secure Shell (SSH) is a secure remote administration solution and makes use of TCP port 22. Remote Desktop Protocol (RDP) uses TCP port 3389.

Question discussion

Which of the following would allow the organization to divide a Class C IP address range
into several ranges?

  • A. DMZ
  • B. Virtual LANs
  • C. NAT
  • D. Subnetting


Answer : D

Explanation: Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.

Question discussion

Which of the following is a programming interface that allows a remote computer to run
programs on a local machine?

  • A. RPC
  • B. RSH
  • C. SSH
  • D. SSL


Answer : A

Explanation: Remote Procedure Call (RPC) is a programming interface that allows a remote computer to run programs on a local machine.

Question discussion

A corporation is looking to expand their data center but has run out of physical space in
which to store hardware. Which of the following would offer the ability to expand while
keeping their current data center operated by internal staff?

  • A. Virtualization
  • B. Subnetting
  • C. IaaS
  • D. SaaS


Answer : A

Explanation: Virtualization allows a single set of hardware to host multiple virtual machines.

Question discussion

Which of the following should be deployed to prevent the transmission of malicious traffic
between virtual machines hosted on a singular physical device on a network?

  • A. HIPS on each virtual machine
  • B. NIPS on the network
  • C. NIDS on the network
  • D. HIDS on each virtual machine


Answer : A

Explanation: Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

Question discussion

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

  • A. Install a token on the authentication server
  • B. Install a DHCP server on the authentication server
  • C. Install an encryption key on the authentication server
  • D. Install a digital certificate on the authentication server


Answer : D

Explanation: When setting up a wireless network, youll find two very different modes of Wi-Fi Protected Access (WPA) security, which apply to both the WPA and WPA2 versions. The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK) mode. It doesnt require anything beyond the wireless router or access points (APs) and uses a single passphrase or password for all users/devices. The other is the Enterprise mode which should be used by businesses and organizationsand is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides better security and key management, and supports other enterprise-type functionality, such as VLANs and NAP. However, it requires an external authentication server, called a Remote Authentication Dial In User Service (RADIUS) server to handle the 802.1X authentication of users. To help you better understand the process of setting up WPA/WPA2-Enterprise and 802.1X, heres the basic overall steps: Choose, install, and configure a RADIUS server, or use a hosted service. Create a certificate authority (CA), so you can issue and install a digital certificate onto the RADIUS server, which may be done as a part of the RADIUS server installation and configuration. Alternatively, you could purchase a digital certificate from a public CA, such as GoDaddy or Verisign, so you dont have to install the server certificate on all the clients. If using EAP-TLS, youd also create digital certificates for each end-user. On the server, populate the RADIUS client database with the IP address and shared secret for each AP. On the server, populate user data with usernames and passwords for each end-user. On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server IP address and the shared secret you created for that particular AP. On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and set the 802.1X authentication settings.

Question discussion

Which of the following ports should be used by a system administrator to securely manage
a remote server?

  • A. 22
  • B. 69
  • C. 137
  • D. 445


Answer : A

Explanation: Secure Shell (SSH) is a more secure replacement for Telnet, rlogon, rsh, and rcp. SSH can be called a remote access or remote terminal solution. SSH offers a means by which a command-line, text-only interface connection with a server, router, switch, or similar device can be established over any distance. SSH makes use of TCP port 22.

Question discussion

An administrator connects VoIP phones to the same switch as the network PCs and
printers. Which of the following would provide the BEST logical separation of these three
device types while still allowing traffic between them via ACL?

  • A. Create three VLANs on the switch connected to a router
  • B. Define three subnets, configure each device to use their own dedicated IP address range, and then connect the network to a router
  • C. Install a firewall and connect it to the switch
  • D. Install a firewall and connect it to a dedicated switch for each device type


Answer : A

Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Question discussion

When performing the daily review of the system vulnerability scans of the network Joe, the
administrator, noticed several security related vulnerabilities with an assigned vulnerability
identification number. Joe researches the assigned vulnerability identification number from
the vendor website. Joe proceeds with applying the recommended solution for identified
vulnerability.
Which of the following is the type of vulnerability described?

  • A. Network based
  • B. IDS
  • C. Signature based
  • D. Host based


Answer : C

Explanation: A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and accurately detect any event from its database of signatures.

Question discussion

Which of the following ports is used to securely transfer files between remote UNIX
systems?

  • A. 21
  • B. 22
  • C. 69
  • D. 445


Answer : B

Explanation: SCP copies files securely between hosts on a network. It uses SSH for data transfer, and uses the same authentication and provides the same security as SSH. Unlike RCP, SCP will ask for passwords or passphrases if they are needed for authentication. SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Question discussion

Page:    1 / 67   
Total 993 questions Expand All

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us