CompTIA Security Plus Mock Test Q1720

A security administrator is creating a subnet on one of the corporate firewall interfaces to use as a DMZ which is expected to accommodate at most 14 physical hosts. Which of the following subnets would BEST meet the requirements?

A. 192.168.0.16 255.25.255.248
B. 192.168.0.16/28
C. 192.168.1.50 255.255.25.240
D. 192.168.2.32/27


Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1645

Joe a website administrator believes he owns the intellectual property for a company invention and has been replacing image files on the company’s public facing website in the DMZ. Joe is using steganography to hide stolen data. Which of the following controls can be implemented to mitigate this type of inside threat?

A. Digital signatures
B. File integrity monitoring
C. Access controls
D. Change management
E. Stateful inspection firewall


Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1559

A security technician is concerned there is not enough security staff available the web servers and database server located in the DMZ around the clock. Which of the following technologies, when deployed, would provide the BEST round the clock automated protection?

A. HIPS & SIEM
B. NIPS & HIDS
C. HIDS& SIEM
D. NIPS&HIPS


Correct Answer: B
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1509

Given the following set of firewall rules:
From the inside to outside allow source any destination any port any
From inside to dmz allow source any destination any port tcp-80
From inside to dmz allow source any destination any port tcp-443
Which of the following would prevent FTP traffic from reaching a server in the DMZ from the inside network?

A. Implicit deny
B. Policy routing
C. Port forwarding
D. Forwarding proxy

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1335

The network manager has obtained a public IP address for use with a new system to be available via the internet. This system will be placed in the DMZ and will communicate with a database server on the LAN. Which of the following should be used to allow fir proper communication between internet users and the internal systems?

A. VLAN
B. DNS
C. NAT
D. HTTP
E. SSL

Correct Answer: E
Section: Mixed Questions

CompTIA Security Plus Mock Test Q844

Which of the following are examples of network segmentation? (Select TWO).

A. IDS
B. IaaS
C. DMZ
D. Subnet
E. IPS


Correct Answer: C,D
Section: Application, Data and Host Security

Explanation:
C: A demilitarized zone (DMZ) is a part of the network that is separated of segmented from the rest of the network by means of firewalls and acts as a buffer between the untrusted
public Internet and the trusted local area network (LAN).
D. IP subnets can be used to separate or segment networks while allowing communication between the network segments via routers.

Incorrect Answers:
A: An intrusion detection system (IDS) is an automated system that detects intrusions or security policy violations on networks or host systems. It does not feature or offer network
segmentation.
B: The Infrastructure as a Service (IaaS) model is a cloud computing business model uses virtualization, with the clients paying for resources used.
E: An intrusion prevention system (IPS) is an automated system that attempts to prevent intrusions or security policy violations on networks or host systems. It does not feature or offer
network segmentation.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 21, 26, 27-28
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 65, 110-111

Comptia Security Plus Mock Test Q120

Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?

A.
TCP port 443 and IP protocol 46
B. TCP port 80 and TCP port 443
C. TCP port 80 and ICMP
D. TCP port 443 and SNMP

Correct Answer: B
Section: Network Security

Explanation:
HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall.

Incorrect Answers:
A: IP protocol 46 was designed to reserve resources across a network for an integrated services Internet.

C: Internet Control Message Protocol (ICMP) is a network health and link-testing protocol that is
commonly used by tools such as ping, traceroute, and pathping.

D: SNMP can be used to interact with various network devices to obtain status information, performance data, statistics, and configuration details.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 42, 46, 47, 52

Comptia Security Plus Mock Test Q61

When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator’s request?

A. DMZ
B. Cloud services
C. Virtualization
D. Sandboxing

Correct Answer: A
Section: Network Security

Explanation:
A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Incorrect Answers:
B: A private cloud is a cloud service within a corporate network and isolated from the Internet. The private cloud is for internal use only.

C: Virtualization offers several benefits, such as being able to launch individual instances of servers or services as needed, real-time scalability, and the ability to run the exact OS
version required for a certain application.

D: Sandboxing is a means of quarantine or isolation. It’s implemented to restrict new or otherwise suspicious software from being able to cause harm to production systems. It can be
used against applications or entire OSs.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 37, 38, 39, 250