resourceone.info Biography Sybex Security+ Sy0-401 Pdf

SYBEX SECURITY+ SY0-401 PDF

Friday, March 13, 2020


Objectives: SY INTRODUCTION. The CompTIA Security+ Certification is a vendor neutral credential. The CompTIA Security+ exam is an internationally. Entire Book in PDF. Exam SY SERIOUS SKILLS. CompTIA. ™ CompTIA nor Sybex warrants that use of this publication will ensure passing the relevant. This book is part of a family of premium-quality Sybex books, all of which are .. Exam SY Exam Objectives CompTIA goes to great lengths to ensure that.


Sybex Security+ Sy0-401 Pdf

Author:PATTIE KOESTER
Language:English, Spanish, Arabic
Country:Jordan
Genre:Environment
Pages:793
Published (Last):28.07.2016
ISBN:197-9-51457-185-8
ePub File Size:27.71 MB
PDF File Size:10.37 MB
Distribution:Free* [*Regsitration Required]
Downloads:50084
Uploaded by: RUTHA

Michael, CompTIA Security+ Review Guide, Sybex, CompTIA® Security+ SY0- Authorized Cert Guide, Deluxe Edition. Pages·· MB·3, CompTIA SY CompTIA Security+ Certification. Pages·· MB· 2, Downloads. Michael, CompTIA Security+ Review Guide, Sybex. Welcome to the CompTIA Security+ SY Cert Guide, Deluxe Edition. The Comp- .. full practice exam as well as an eBook (in both PDF and ePub format).

Network-based intrusion prevention system NIPS monitors the entire network for suspicious traffic by analyzing protocol activity.

SY0-401 PDF Dumps

A load balancer is used to distribute network traffic load across several network links or network devices. The log is not in UTC. The external party uses a firewall. D Explanation: The log information shows the IP address, not the port number, making it impossible to pin point the exact source. Incorrect Answers:. This will not have any bearing on the security administrator at ABC Company finding the root of the attack.

UTC is the abbreviation for Coordinated Universal Time, which is the primary time standard by which the world regulates clocks and time. The time in the log is not the issue in this case. Whether the external party uses a firewall or not will not have any bearing on the security administrator at ABC Company finding the root of the attack.

Sniffer B. Router C. Firewall D. Switch Answer: C Explanation: Ip tables are a user-space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. A sniffer is a tool used in the process of monitoring the data that is transmitted across a network. A router is connected to two or more data lines from different networks, whereas a network switch is connected to data lines from one single network.

These may include a firewall, but not by default. Packet Filter Firewall B. Stateful Firewall C. Proxy Firewall D. Application Firewall Answer: Stateful inspections occur at all levels of the network. The proxy function can occur at either the application level or the circuit level. Sniffers B. NIDS C. Firewalls D. Web proxies E.

Layer 2 switches Answer: The basic purpose of a firewall is to isolate one network from another. The terms protocol analyzer and packet sniffer are interchangeable.

They refer to the tools used in the process of monitoring the data that is transmitted across a network. Web proxies are used to forward HTTP requests. Layer 2 switching uses the media access control address MAC address from the host's network interface cards NICs to decide where to forward frames. Layer 2 switching is hardware based, which means switches use application-specific integrated circuit ASICs to build and maintain filter tables also known as MAC address tables or CAM tables.

Which of the following network design elements allows for many internal devices to share one public IP address? DNAT B. PAT C. DNS D. DMZ Answer: B Explanation: DNS does not allow for many internal devices to share one public IP address.

A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network LAN ; an external network node only has direct access to equipment in the DMZ, rather than any other part of the network.

Disable unnecessary accounts B. Print baseline configuration C. Enable access lists. Disable unused ports Answer: Disabling unused switch ports a simple method many network administrators use to help secure their network from unauthorized access. All ports not in use should be disabled.

Otherwise, they present an open door for an attacker to enter. Disabling unnecessary accounts would only block those specific accounts. A security baseline is a standardized minimal level of security that all systems in an organization must comply with.

Printing it would not secure the switch from physical access. The purpose of an access list is to identify specifically who can enter a facility. Protocol analyzer B. Load balancer C. VPN concentrator D. Web security gateway Answer: Load balancing refers to shifting a load from one device to another. A load balancer can be implemented as a software or hardware solution, and it is usually associated with a device—a router, a firewall, NAT appliance, and so on. In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available.

The terms protocol analyzing and packet sniffing are interchangeable. They refer to the process of monitoring the data that is transmitted across a network.

The concentrator creates encrypted tunnel sessions between hosts, and many use two-factor authentication for additional security. One of the newest buzzwords is web security gateway, which can be thought of as a proxy server performing proxy and caching functions with web protection software built in.

Which of the following would BEST address this? Block all traffic on port Implement NIDS. Use server load balancers. Install a proxy server. A proxy is a device that acts on behalf of other s.

CompTIA Security+ Study Guide: SY0-401, 6th Edition

In the interest of security, all internal user interaction with the Internet should be controlled through a proxy server. The proxy server should automatically block known malicious sites.

The proxy server should cache often-accessed sites to improve performance.

This would block all web traffic, as port 80 is used for World Wide Web. Which of the following would be BEST suited for this task? HIDS B. Firewall C. NIPS D.

The Last Black Unicorn by Tiffany Haddish

Spam filter Answer: Firewalls provide protection by controlling traffic entering and leaving a network. HIPS on each virtual machine B. NIPS on the network C. NIDS on the network D. HIDS on each virtual machine Answer: Host-based intrusion prevention system HIPS is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

Which of the following is designed to stop an intrusion on the network? NIPS B. HIDS C. HIPS D. Which of the following is being described here? NIDS B. HIDS Answer: Supervisor B. Administrator C. Root D. Director Answer: The administrator is the person responsible for setting the security policy for an organization and is responsible for making decisions about the deployment and configuration of the IDS.

Almost every operating system in use today employs the concept of differentiation between users and groups at varying levels. As an example, there is always a system administrator SA account that has godlike control over everything: A director is a person from a group of managers who leads or supervises a particular area of a company, program, or project.

Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described?

Network based B. IDS C. Signature based D.

Host based Answer: A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and accurately detect any event from its database of signatures. An intrusion detection system IDS is an automated system that either watches activity in real time or reviews the contents of audit logs in order to detect intrusions or security policy violations.

Which of the following types of IDS has been deployed? Heuristic IDS C. A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats.

An IDS which is anomaly based will monitor network traffic and compare it against an established baseline. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network.

Which of the following types of technologies will BEST address this scenario?

Application Firewall B. Anomaly Based IDS. Signature IDS Answer: Incorrect Answers: A: Destination network address translation DNAT is a technique for transparently changing the destination IP address of an end route packet and performing the inverse function for any replies.

DNS does not allow for many internal devices to share one public IP address. D: A DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network LAN ; an external network node only has direct access to equipment in the DMZ, rather than any other part of the network.

Disable unnecessary accounts B. Print baseline configuration C. Enable access lists D. Disable unused ports Answer: D Explanation: Disabling unused switch ports a simple method many network administrators use to help secure their network from unauthorized access. All ports not in use should be disabled.

Otherwise, they present an open door for an attacker to enter. Incorrect Answers: A: Disabling unnecessary accounts would only block those specific accounts. B: A security baseline is a standardized minimal level of security that all systems in an organization must comply with.

Printing it would not secure the switch from physical access. C: The purpose of an access list is to identify specifically who can enter a facility. Protocol analyzer B. Load balancer C. VPN concentrator D. Web security gateway Answer: B Explanation: Load balancing refers to shifting a load from one device to another. A load balancer can be implemented as a software or hardware solution, and it is usually associated with a device—a router, a firewall, NAT appliance, and so on.

In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available. Incorrect Answers: A: The terms protocol analyzing and packet sniffing are interchangeable. They refer to the process of monitoring the data that is transmitted across a network.

CompTIA® Security+ SY0-501 Cert Guide

The concentrator creates encrypted tunnel sessions between hosts, and many use two-factor authentication for additional security. D: One of the newest buzzwords is web security gateway, which can be thought of as a proxy server performing proxy and caching functions with web protection software built in. Which of the following would BEST address this? Block all traffic on port Implement NIDS. Use server load balancers. Install a proxy server. Answer: D Explanation: A proxy is a device that acts on behalf of other s.

In the interest of security, all internal user interaction with the Internet should be controlled through a proxy server. The proxy server should automatically block known malicious sites. The proxy server should cache often-accessed sites to improve performance.

B: This would block all web traffic, as port 80 is used for World Wide Web. C: In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available. Which of the following would be BEST suited for this task? HIDS B. Firewall C.

NIPS D. Spam filter Answer: C Explanation: Network-based intrusion prevention system NIPS monitors the entire network for suspicious traffic by analyzing protocol activity. B: Firewalls provide protection by controlling traffic entering and leaving a network.

HIPS on each virtual machine B. NIPS on the network C. NIDS on the network D. HIDS on each virtual machine Answer: A Explanation: Host-based intrusion prevention system HIPS is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

Which of the following is designed to stop an intrusion on the network? NIPS B. HIDS C. HIPS D. C: Host-based intrusion prevention system HIPS is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

Which of the following is being described here? NIDS B. Supervisor B. Administrator C. Root D.

Director Answer: B Explanation: The administrator is the person responsible for setting the security policy for an organization and is responsible for making decisions about the deployment and configuration of the IDS. Incorrect Answers: A, C: Almost every operating system in use today employs the concept of differentiation between users and groups at varying levels. D: A director is a person from a group of managers who leads or supervises a particular area of a company, program, or project.

Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described? Network based B. IDS C. Signature based D. Host based Answer: C Explanation: A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity.

The strength of a signature-based system is that it can quickly and accurately detect any event from its database of signatures. B: An intrusion detection system IDS is an automated system that either watches activity in real time or reviews the contents of audit logs in order to detect intrusions or security policy violations.

Which of the following types of IDS has been deployed? Heuristic IDS C. D: An IDS which is anomaly based will monitor network traffic and compare it against an established baseline. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of technologies will BEST address this scenario? Application Firewall B. Signature IDS Answer: B Explanation: Anomaly-based detection watches the ongoing activity in the environment and looks for abnormal occurrences.

An anomaly-based monitoring or detection method relies on definitions of all valid forms of activity. This database of known valid activity allows the tool to detect any and all anomalies. Anomaly-based detection is commonly used for protocols. Because all the valid and legal forms of a protocol are known and can be defined, any variations from those known valid constructions are seen as anomalies.

Incorrect Answers: A: An application aware firewall provides filtering services for specific applications. C: Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data and makes rule-based decisions about whether the request should be forwarded or refused.

The proxy intercepts all of the packets and reprocesses them for use internally. D: A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. Which of the following utilities was he MOST likely using to view this issue? Spam filter B. Protocol analyzer C.

Web application firewall D. Load balancer Answer: B Explanation: A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a typical host system.

In either case, a protocol analyzer is first a packet capturing tool that can collect network traffic and store it in memory or onto a storage device.

Once a packet is captured, it can be analyzed either with complex automated tools and scripts or manually. Because spam consumes about 89 percent of all email traffic see the Intelligence Reports at www. C: A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. D: A load balancer is used to spread or distribute network traffic load across several network links or network devices.

Select TWO. PSH B. ACK C. SYN D. URG E. The client sets the segment's sequence number to a random value A. The acknowledgment number is set to one more than the received sequence number i. The sequence number is set to the received acknowledgement value i. D: URG indicates that the urgent pointer field has a valid pointer to data that should be treated urgently and be transmitted before non-urgent data. E: FIN is used to indicate that the client will send no more data.It, therefore, operates at Layer 2 of the OSI model.

PAT C. You access a website by browsing to a URL using a Web browser or peer-to-peer file sharing client software. Firewall D. Incorrect Answers: B: Network-based intrusion prevention system NIPS monitors the entire network for suspicious traffic by analyzing protocol activity. This use of DNAT is also called port forwarding. Be the first to like this.

Ti establish a TCP ciooectio, the three-way ir 3-step haodshake iccurs: These devices deal with controlling how devices in a network gain access to data and permission to transmit it, as well as controlling error checking and packet synchronization. Published in: