COMPTIA NEWS: SY0-401 Exam Questions has been Updated Today! Get Latest SY0-401 VCE and SY0-401 PDF Instantly! Welcome to Download the Newest Braindump2go SY0-401 VCE&SY0-401 PDF Dumps: http://www.braindump2go.com/sy0-401.html (1220 Q&As)
Braindump2go New Released SY0-401 CompTIA Exam Dumps Free Download Today! All 1220q SY0-401 Exam Questions are the new updated from CompTIA Official Exam Center.Braindump2go Offers SY0-401 PDF Dumps and SY0-401 VCE Dumps for free Download Now! 100% pass SY0-401 Certification Exam!
Exam Code: SY0-401
Exam Name: CompTIA Security+
Certification Provider: CompTIA
Corresponding Certification: CompTIA Security+
SY0-401 Dump,SY0-401 PDF,SY0-401 VCE,SY0-401 Braindump,SY0-401 Study Guide,SY0-401 Study Guide PDF,SY0-401 Objectives,SY0-401 Practice Test,SY0-401 Practice Exam,SY0-401 Performance Based Questions,SY0-401 Exam Questions,SY0-401 Exam Dumps,SY0-401 Exam PDF,SY0-401 Dumps Free,SY0-401 Dumps PDF
QUESTION 61
Which of the following technologies can store multi-tenant data with different security requirements?
A. Data loss prevention
B. Trusted platform module
C. Hard drive encryption
D. Cloud computing
Answer: D
Explanation:
One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security.
QUESTION 62
Multi-tenancy is a concept found in which of the following?
A. Full disk encryption
B. Removable media
C. Cloud computing
D. Data loss prevention
Answer: C
Explanation:
One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security.
QUESTION 63
Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks?
A. Protocol filter
B. Load balancer
C. NIDS
D. Layer 7 firewall
Answer: D
Explanation:
An application-level gateway firewall filters traffic based on user access, group membership, the application or service used, or even the type of resources being transmitted.
This type of firewall operates at the Application layer (Layer 7) of the OSI model.
QUESTION 64
Concurrent use of a firewall, content filtering, antivirus software and an IDS system would be considered components of:
A. Redundant systems.
B. Separation of duties.
C. Layered security.
D. Application control.
Answer: C
Explanation:
Layered security is the practice of combining multiple mitigating security controls to protect resources and data.
QUESTION 65
A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure?
A. IPsec
B. SFTP
C. BGP
D. PPTP
Answer: A
Explanation:
Layer 2 Tunneling Protocol (L2TP) came about through a partnership between Cisco and Microsoft with the intention of providing a more secure VPN protocol. L2TP is considered to be a more secure option than PPTP, as the IPSec protocol which holds more secure encryption algorithms, is utilized in conjunction with it. It also requires a pre-shared certificate or key. L2TP’s strongest level of encryption makes use of 168 bit keys, 3 DES encryption algorithm and requires two levels of authentication.
L2TP has a number of advantages in comparison to PPTP in terms of providing data integrity and authentication of origin verification designed to keep hackers from compromising the system. However, the increased overhead required to manage this elevated security means that it performs at a slower pace than PPTP.
QUESTION 66
Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?
A. TCP port 443 and IP protocol 46
B. TCP port 80 and TCP port 443
C. TCP port 80 and ICMP
D. TCP port 443 and SNMP
Answer: B
Explanation:
HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall.
QUESTION 67
Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?
A. 21/UDP
B. 21/TCP
C. 22/UDP
D. 22/TCP
Answer: D
Explanation:
SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.
QUESTION 68
A network administrator is asked to send a large file containing PII to a business associate.
Which of the following protocols is the BEST choice to use?
A. SSH
B. SFTP
C. SMTP
D. FTP
Answer: B
Explanation:
SFTP encrypts authentication and data traffic between the client and server by making use of SSH to provide secure FTP communications. As a result, SFTP offers protection for both the authentication traffic and the data transfer taking place between a client and server.
QUESTION 69
Which of the following is a difference between TFTP and FTP?
A. TFTP is slower than FTP.
B. TFTP is more secure than FTP.
C. TFTP utilizes TCP and FTP uses UDP.
D. TFTP utilizes UDP and FTP uses TCP.
Answer: D
Explanation:
FTP employs TCP ports 20 and 21 to establish and maintain client-to-server communications, whereas TFTP makes use of UDP port 69.
QUESTION 70
Which of the following is the default port for TFTP?
A. 20
B. 69
C. 21
D. 68
Answer: B
Explanation:
TFTP makes use of UDP port 69.
Braindump2go Regular Updates of CompTIA SY0-401 Preparation Materials Exam Dumps, with Accurate Answers, Keeps the Members One Step Ahead in the Real SY0-401 Exam. Field Experts with more than 10 Years Experience in Certification Field work with us.
FREE DOWNLOAD: NEW UPDATED SY0-401 PDF Dumps & SY0-401 VCE Dumps from Braindump2go: http://www.braindump2go.com/sy0-401.html (1220 Q&A)