CompTIA SY0-401 Exam Practice Questions (P. 3)
- Full Access (1780 questions)
- Six months of Premium Access
- Access to one million comments
- Seamless ChatGPT Integration
- Ability to download PDF files
- Anki Flashcard files for revision
- No Captcha & No AdSense
- Advanced Exam Configuration
Question #21
Which of the following components of an all-in-one security appliance would MOST likely be configured in order to restrict access to peer-to-peer file sharing websites?
- ASpam filter
- BURL filter
- CContent inspection
- DMalware inspection
Correct Answer:
Incorrect Answer:
The question asks how to prevent access to peer-to-peer file sharing websites. You access a website by browsing to a URL using a Web browser or peer-to-peer file sharing client software. A URL filter is used to block URLs (websites) to prevent users accessing the website.
A: A spam filter is used for email. All inbound (and sometimes outbound) email is passed through the spam filter to detect spam emails. The spam emails are then discarded or tagged as potential spam according to the spam filter configuration. Spam filters do not prevent users accessing peer-to-peer file sharing websites.
C: Content inspection is the process of inspecting the content of a web page as it is downloaded. The content can then be blocked if it doesnt comply with the companys web policy. Content-control software determines what content will be available or perhaps more often what content will be blocked. Content inspection does not prevent users accessing peer-to-peer file sharing websites (although it could block the content of the sites as it is downloaded).
D: Malware inspection is the process of scanning a computer system for malware. Malware inspection does not prevent users accessing peer-to-peer file sharing websites.
References:
http://www.provision.ro/threat-management/web-application-security/url-filtering#pagei-1|pagep-1|
, Sybex, Indianapolis, 2014, pp. 18, 19
Incorrect Answer:
The question asks how to prevent access to peer-to-peer file sharing websites. You access a website by browsing to a URL using a Web browser or peer-to-peer file sharing client software. A URL filter is used to block URLs (websites) to prevent users accessing the website.
A: A spam filter is used for email. All inbound (and sometimes outbound) email is passed through the spam filter to detect spam emails. The spam emails are then discarded or tagged as potential spam according to the spam filter configuration. Spam filters do not prevent users accessing peer-to-peer file sharing websites.
C: Content inspection is the process of inspecting the content of a web page as it is downloaded. The content can then be blocked if it doesnt comply with the companys web policy. Content-control software determines what content will be available or perhaps more often what content will be blocked. Content inspection does not prevent users accessing peer-to-peer file sharing websites (although it could block the content of the sites as it is downloaded).
D: Malware inspection is the process of scanning a computer system for malware. Malware inspection does not prevent users accessing peer-to-peer file sharing websites.
References:
http://www.provision.ro/threat-management/web-application-security/url-filtering#pagei-1|pagep-1|
, Sybex, Indianapolis, 2014, pp. 18, 19
send
light_mode
delete
Question #22
Pete, the system administrator, wants to restrict access to advertisements, games, and gambling websites.
Which of the following devices would BEST achieve this goal?
Which of the following devices would BEST achieve this goal?
- AFirewall
- BSwitch
- CURL content filter
- DSpam filter
Correct Answer:
C
URL filtering, also known as web filtering, is the act of blocking access to a site based on all or part of the URL used to request access. URL filtering can focus on all or part of a fully qualified domain name (FQDN), specific path names, specific filenames, specific file extensions, or entire specific URLs. Many URL-filtering tools can obtain updated master URL block lists from vendors as well as allow administrators to add or remove URLs from a custom list.
Incorrect Answers:
A: The basic purpose of a firewall is to isolate one network from another. Firewalls are available as appliances, meaning theyre installed as the primary device separating two networks.
B: Switches are multiport devices that improve network efficiency.
D: A spam filter is a software or hardware tool whose primary purpose is to identify and block/filter/remove unwanted messages (that is, spam).
References:
, Sybex, Indianapolis, 2014, pp. 18, 19
, 6th Edition, Sybex, Indianapolis, 2014, pp. 96, 102
C
URL filtering, also known as web filtering, is the act of blocking access to a site based on all or part of the URL used to request access. URL filtering can focus on all or part of a fully qualified domain name (FQDN), specific path names, specific filenames, specific file extensions, or entire specific URLs. Many URL-filtering tools can obtain updated master URL block lists from vendors as well as allow administrators to add or remove URLs from a custom list.
Incorrect Answers:
A: The basic purpose of a firewall is to isolate one network from another. Firewalls are available as appliances, meaning theyre installed as the primary device separating two networks.
B: Switches are multiport devices that improve network efficiency.
D: A spam filter is a software or hardware tool whose primary purpose is to identify and block/filter/remove unwanted messages (that is, spam).
References:
, Sybex, Indianapolis, 2014, pp. 18, 19
, 6th Edition, Sybex, Indianapolis, 2014, pp. 96, 102
send
light_mode
delete
Question #23
The administrator receives a call from an employee named Joe. Joe says the Internet is down and he is receiving a blank page when typing to connect to a popular sports website. The administrator asks Joe to try visiting a popular search engine site, which Joe reports as successful. Joe then says that he can get to the sports site on this phone. Which of the following might the administrator need to configure?
- AThe access rules on the IDS
- BThe pop up blocker in the employee’s browser
- CThe sensitivity level of the spam filter
- DThe default block page on the URL filter
Correct Answer:
D
A URL filter is used to block access to a site based on all or part of a URL. There are a number of URL-filtering tools that can acquire updated master URL block lists from vendors, as well as allow administrators to add or remove URLs from a custom list.
Incorrect Answers:
A: An intrusion detection system (IDS) is an automated system that either watches activity in real time or reviews the contents of audit logs in order to detect intrusions or security policy violations.
B: Pop-up blockers prevent websites from opening further web browser windows without your approval.
C: A spam filter deals with identifying and blocking/filtering/removing unsolicited messages.
References:
, Sybex, Indianapolis, 2014, pp. 18, 19, 21, 246
D
A URL filter is used to block access to a site based on all or part of a URL. There are a number of URL-filtering tools that can acquire updated master URL block lists from vendors, as well as allow administrators to add or remove URLs from a custom list.
Incorrect Answers:
A: An intrusion detection system (IDS) is an automated system that either watches activity in real time or reviews the contents of audit logs in order to detect intrusions or security policy violations.
B: Pop-up blockers prevent websites from opening further web browser windows without your approval.
C: A spam filter deals with identifying and blocking/filtering/removing unsolicited messages.
References:
, Sybex, Indianapolis, 2014, pp. 18, 19, 21, 246
send
light_mode
delete
Question #24
Layer 7 devices used to prevent specific types of html tags are called:
- AFirewalls
- BContent filters
- CRouters
- DNIDS
Correct Answer:
B
A content filter is a type of software designed to restrict or control the content a reader is authorized to access, particularly when used to limit material delivered over the Internet via the Web, e-mail, or other means. Because the user and the OSI layer interact directly with the content filter, it operates at Layer 7 of the OSI model.
References:
http://en.wikipedia.org/wiki/Content-control_software#Types_of_filtering http://en.wikipedia.org/wiki/OSI_model
B
A content filter is a type of software designed to restrict or control the content a reader is authorized to access, particularly when used to limit material delivered over the Internet via the Web, e-mail, or other means. Because the user and the OSI layer interact directly with the content filter, it operates at Layer 7 of the OSI model.
References:
http://en.wikipedia.org/wiki/Content-control_software#Types_of_filtering http://en.wikipedia.org/wiki/OSI_model
send
light_mode
delete
Question #25
Pete, an employee, attempts to visit a popular social networking site but it is blocked. Instead, a page is displayed notifying him that this site cannot be visited.
Which of the following is MOST likely blocking Petes access to this site?
Which of the following is MOST likely blocking Petes access to this site?
- AInternet content filter
- BFirewall
- CProxy server
- DProtocol analyzer
Correct Answer:
A
Web filtering software is designed to restrict or control the content a reader is authorized to access, especially when utilized to restrict material delivered over the
Internet via the Web, e-mail, or other means.
Incorrect Answers:
B: The basic purpose of a firewall is to isolate one network from another.
C: A proxy server is a variation of an application firewall or circuit-level firewall, and used as a middleman between clients and servers. Often a proxy serves as a barrier against external threats to internal clients.
D: The terms protocol analyzer and packet sniffer are interchangeable. They refer to the tools used in the process of monitoring the data that is transmitted across a network.
References:
http://en.wikipedia.org/wiki/Content-control_software
, 6th Edition, Sybex, Indianapolis, 2014, pp. 11, 96, 342
A
Web filtering software is designed to restrict or control the content a reader is authorized to access, especially when utilized to restrict material delivered over the
Internet via the Web, e-mail, or other means.
Incorrect Answers:
B: The basic purpose of a firewall is to isolate one network from another.
C: A proxy server is a variation of an application firewall or circuit-level firewall, and used as a middleman between clients and servers. Often a proxy serves as a barrier against external threats to internal clients.
D: The terms protocol analyzer and packet sniffer are interchangeable. They refer to the tools used in the process of monitoring the data that is transmitted across a network.
References:
http://en.wikipedia.org/wiki/Content-control_software
, 6th Edition, Sybex, Indianapolis, 2014, pp. 11, 96, 342
send
light_mode
delete
Question #26
A review of the companys network traffic shows that most of the malware infections are caused by users visiting gambling and gaming websites. The security manager wants to implement a solution that will block these websites, scan all web traffic for signs of malware, and block the malware before it enters the company network. Which of the following is suited for this purpose?
- AACL
- BIDS
- CUTM
- DFirewall
Correct Answer:
C
An all-in-one appliance, also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW), is one that provides a good foundation for security. A variety is available; those that you should be familiar with for the exam fall under the categories of providing URL filtering, content inspection, or malware inspection.
Malware inspection is the use of a malware scanner to detect unwanted software content in network traffic. If malware is detected, it can be blocked or logged and/ or trigger an alert.
Incorrect Answers:
A: Access control lists (ACLs) are used to define who is allowed to or denied permission to perform a specified activity or action.
B: An intrusion detection system (IDS) is an automated system that either watches activity in real time or reviews the contents of audit logs in order to detect intrusions or security policy violations.
D: The basic purpose of a firewall is to isolate one network from another.
References:
, Sybex, Indianapolis, 2014, pp. 96, 119
, Sybex, Indianapolis, 2014, pp. 19, 21, 24
C
An all-in-one appliance, also known as Unified Threat Management (UTM) and Next Generation Firewall (NGFW), is one that provides a good foundation for security. A variety is available; those that you should be familiar with for the exam fall under the categories of providing URL filtering, content inspection, or malware inspection.
Malware inspection is the use of a malware scanner to detect unwanted software content in network traffic. If malware is detected, it can be blocked or logged and/ or trigger an alert.
Incorrect Answers:
A: Access control lists (ACLs) are used to define who is allowed to or denied permission to perform a specified activity or action.
B: An intrusion detection system (IDS) is an automated system that either watches activity in real time or reviews the contents of audit logs in order to detect intrusions or security policy violations.
D: The basic purpose of a firewall is to isolate one network from another.
References:
, Sybex, Indianapolis, 2014, pp. 96, 119
, Sybex, Indianapolis, 2014, pp. 19, 21, 24
send
light_mode
delete
Question #27
Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?
- AWAF
- BNIDS
- CRouters
- DSwitches
Correct Answer:
A
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the OSI model, then web application firewall (WAF) is the correct answer.
Incorrect Answers:
B: A NIDS (Network Intrusion Detection System) operates in layer 2 of the OSI model, not layer 7.
C: Routers operate in layer 3 of the OSI model, not layer 7.
D: Switches operate in layer 2 of the OSI model, not layer 7.
References:
https://owasp.org/index.php/Web_Application_Firewall
http://en.wikipedia.org/wiki/OSI_model
A
A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the OSI model, then web application firewall (WAF) is the correct answer.
Incorrect Answers:
B: A NIDS (Network Intrusion Detection System) operates in layer 2 of the OSI model, not layer 7.
C: Routers operate in layer 3 of the OSI model, not layer 7.
D: Switches operate in layer 2 of the OSI model, not layer 7.
References:
https://owasp.org/index.php/Web_Application_Firewall
http://en.wikipedia.org/wiki/OSI_model
send
light_mode
delete
Question #28
Which of the following should the security administrator implement to limit web traffic based on country of origin? (Choose three.)
- ASpam filter
- BLoad balancer
- CAntivirus
- DProxies
- EFirewall
- FNIDS
- GURL filtering
Correct Answer:
DEG
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.
Firewalls manage traffic using a rule or a set of rules.
A URL is a reference to a resource that specifies the location of the resource. A URL filter is used to block access to a site based on all or part of a URL.
Incorrect Answers:
A: A spam filter deals with identifying and blocking/filtering/removing unsolicited messages.
B: A load balancer is used to acquire more optimal infrastructure utilization, reduce response time, maximize throughput, decrease overloading, and remove bottlenecks.
C: An antivirus monitors the local system for the presence of malware in memory, in active processes, and in storage.
F: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
References:
, Sybex, Indianapolis, 2014, pp. 10, 18-21
DEG
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers.
Firewalls manage traffic using a rule or a set of rules.
A URL is a reference to a resource that specifies the location of the resource. A URL filter is used to block access to a site based on all or part of a URL.
Incorrect Answers:
A: A spam filter deals with identifying and blocking/filtering/removing unsolicited messages.
B: A load balancer is used to acquire more optimal infrastructure utilization, reduce response time, maximize throughput, decrease overloading, and remove bottlenecks.
C: An antivirus monitors the local system for the presence of malware in memory, in active processes, and in storage.
F: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
References:
, Sybex, Indianapolis, 2014, pp. 10, 18-21
send
light_mode
delete
Question #29
A security engineer is reviewing log data and sees the output below:
POST: /payload.php HTTP/1.1 -
HOST: localhost -
Accept: */*
Referrer: http://localhost/
*******
HTTP/1.1 403 Forbidden -
Connection: close -
Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log?
POST: /payload.php HTTP/1.1 -
HOST: localhost -
Accept: */*
Referrer: http://localhost/
*******
HTTP/1.1 403 Forbidden -
Connection: close -
Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log?
- AHost-based Intrusion Detection System
- BWeb application firewall
- CNetwork-based Intrusion Detection System
- DStateful Inspection Firewall
- EURL Content Filter
Correct Answer:
B
A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. Its intended to be an application-specific firewall to prevent cross-site scripting, SQL injection, and other web application attacks.
Incorrect Answers:
A: A host-based IDS (HIDS) watches the audit trails and log files of a host system. Its reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
C: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
D: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding response or reply from the external entity.
E: URL filtering involves blocking websites (or sections of websites) based solely on the URL, restricting access to specified websites and certain web-based applications.
References:
, Sybex, Indianapolis, 2014, pp. 6, 19, 20, 21
B
A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. Its intended to be an application-specific firewall to prevent cross-site scripting, SQL injection, and other web application attacks.
Incorrect Answers:
A: A host-based IDS (HIDS) watches the audit trails and log files of a host system. Its reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
C: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
D: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding response or reply from the external entity.
E: URL filtering involves blocking websites (or sections of websites) based solely on the URL, restricting access to specified websites and certain web-based applications.
References:
, Sybex, Indianapolis, 2014, pp. 6, 19, 20, 21
send
light_mode
delete
Question #30
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?
- AReview past security incidents and their resolution
- BRewrite the existing security policy
- CImplement an intrusion prevention system
- DInstall honey pot systems
Correct Answer:
C
The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
Incorrect Answers:
A: A host-based IDS (HIDS) watches the audit trails and log files of a host system. Its reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
C: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
D: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding response or reply from the external entity.
E: URL filtering involves blocking websites (or sections of websites) based solely on the URL, restricting access to specified websites and certain web-based applications.
References:
, Sybex, Indianapolis, 2014, pp. 6, 19, 20, 21
C
The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
Incorrect Answers:
A: A host-based IDS (HIDS) watches the audit trails and log files of a host system. Its reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
C: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.
D: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding response or reply from the external entity.
E: URL filtering involves blocking websites (or sections of websites) based solely on the URL, restricting access to specified websites and certain web-based applications.
References:
, Sybex, Indianapolis, 2014, pp. 6, 19, 20, 21
send
light_mode
delete
All Pages