An administrator has a network subnet dedicated to a group of users. Due to concerns regarding data and network security, the administrator desires to provide network access for this group only. Which of the following would BEST address this desire?
A. Install a proxy server between the users’ computers and the switch to filter inbound network traffic.
B. Block commonly used ports and forward them to higher and unused port numbers.
C. Configure the switch to allow only traffic from computers based upon their physical address.
D. Install host-based intrusion detection software to monitor incoming DHCP Discover requests.
Select the appropriate attack from each drop down list to label the corresponding illustrated attack
Instructions: Attacks may only be used once, and will disappear from drop down list if selected. When you have completed the simulation, please select the Done button to submit.
A technician wants to implement a dual factor authentication system that will enable the organization to authorize access to sensitive systems on a need-to-know basis. Which of the following should be implemented during the authorization stage?
B. Mandatory access control
C. Single sign-on
D. Role-based access control
A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature?
A. TCP/IP socket design review
B. Executable code review
C. OS Baseline comparison
D. Software architecture review
Lab Sim – Configure the Firewall
Task: Configure the firewall (fill out the table) to allow these four rules:
– Only allow the Accounting computer to have HTTPS access to the Administrative server.
– Only allow the HR computer to be able to communicate with the Server 2 System over SCP.
– Allow the IT computer to have access to both the Administrative Server 1 and Administrative Server 2
Use the following answer for this simulation task. Below table has all the answers required for this question.
Drag and Drop Question
You have been tasked with designing a security plan for your company.
Drag and drop the appropriate security controls on the floor plan.
All objects must be used and all place holders must be filled Order does not matter
When you have completed the simulation, please select the Done button to submit.
Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).
A. Virtual switch
C. System partitioning
E. Disable spanning tree
Which of the following BEST describes a demilitarized zone?
A. A buffer zone between protected and unprotected networks.
B. A network where all servers exist and are monitored.
C. A sterile, isolated network segment with access lists.
D. A private network that is protected by a firewall and a VLAN.
XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night. The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?
A. Social media policy
B. Data retention policy
C. CCTV policy
D. Clean desk policy
The administrator would like to implement hardware assisted full disk encryption on laptops. Which of the following would MOST likely be used to meet this goal?
B. USB Drive
C. Key Escrow
A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?
A. Password history
B. Password logging
C. Password cracker
D. Password hashing
Certificates are used for: (Select TWO).
A. Client authentication.
B. WEP encryption.
C. Access control lists.
D. Code signing.
E. Password hashing.
Which of the following is a hardware based encryption device?
Which of the following BEST describes a protective countermeasure for SQL injection?
A. Eliminating cross-site scripting vulnerabilities
B. Installing an IDS to monitor network traffic
C. Validating user input in web applications
D. Placing a firewall between the Internet and database servers
Which of the following MOST interferes with network-based detection techniques?
D. Anonymous email accounts
A UNIX administrator would like to use native commands to provide a secure way of connecting to other devices remotely and to securely transfer files. Which of the following protocols could be utilized? (Select TWO).
Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?
A. Logic bomb
Which of the following would Matt, a security administrator, use to encrypt transmissions from an internal database to an internal server, keeping in mind that the encryption process must add as little latency to the process as possible?
Which of the following describes the process of removing unnecessary accounts and services from an application to reduce risk exposure?
A. Error and exception handling
B. Application hardening
C. Application patch management
D. Cross-site script prevention
Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret?
Passing your CompTIA Security+ SY0-301 Exam by using the latest CompTIA Security+ SY0-301 Exam Demo Full Version: http://www.braindump2go.com/sy0-301.html