CompTIA exam questions
A company has implemented the capability to send all log files to a central location by utilizing an encrypted channel. The log files are sent to this location in order to be reviewed. A recent exploit has caused the company’s encryption to become unsecure. Which of the following would be required to resolve the exploit?
A. Utilize a FTP service
B. Install recommended updates
C. Send all log files through SMTP
D. Configure the firewall to block port 22
A technician is configuring a computer lab at a school. The computers need to be able to communicate with each other, but students using the computers should not be able to access the internet. Which of the following rules on the firewall should the technician configure for the lab computers?
A. Block all LAN to LAN traffic
B. Block all LAN to WAN traffic
C. Block all WAN to LAN traffic
D. Block all WLAN to WAN traffic
Users are reporting their network is extremely slow. The technician discovers pings to external host have excessive response times. However, internal pings to printers and other PCs have acceptable response times. Which of the following steps should the technician take NEXT?
A. Determine if any network equipment was replaced recently
B. Verify malware has not disabled the users’ PC firewalls
C. Replace users’ network cables with known-good network cables
D. Power cycle the web server
An outside organization has completed a penetration test for a company. One of the items on the report is reflecting the ability to read SSL traffic from the web server. Which of the following is the MOST likely mitigation for this reported item?
A. Ensure patches are deployed
B. Install an IDS on the network
C. Configure the firewall to block traffic on port 443
D. Implement a VPN for employees
A network technician needs to protect IP based servers in the network DMZ from being discovered by an intruder utilizing a ping sweep. Which of the following should the technician do to protect the network from ping sweeps?
A. Block echo replies inbound to the DMZ
B. Disable UDP on the servers
C. Block ICMP at the firewall
D. Disable TCP/IP on the server
A new threat is hiding traffic by sending TLS-encrypted traffic outbound over random ports. Which of the following technologies would be able to detect and block this traffic?
A. Intrusion detection system
B. Application aware firewall
C. Stateful packet inspection
D. Stateless packet inspection
A network technician is replacing security devices that protect the DMZ for a client. The client has an application that allows external users to access the application remotely. After replacing the devices, the external users are unable to connect remotely to the application. Which of the following is MOST likely misconfigured?
A. Content filter
B. Firewall
C. DNS
D. DHCP
The administrator modifies a rule on the firewall, and now all the FTP users cannot access the server any longer. The manager calls the administrator and asks what caused the extreme downtime for the server. In regards to the manager’s inquiry, which of the following did the administrator forget to do FIRST?
A. Submit a change request
B. Schedule a maintenance window
C. Provide notification of change to users
D. Document the changes
A network engineer is designing a new network for a remote site. The remote site consists of ten desktop computers, ten VoIP phones, and two network printers. In addition, two of the desktop computers at the remote site will be used by managers who should be on a separate network from the other eight computers. Which of the following represents the BEST configuration for the remote site?
A. One router connected to one 24-port switch configured with three VLANS: one for the manager’s computers and printer, one for the other computers and printer, and one for the VoIP phones
B. Two routers with each router connected to a 12-port switch, with a firewall connected to the switch connected to the manager’s desktop computers, VoIP phones, and printer
C. One router connected to one 12-port switch configured for the manager’s computers, phones, and printer, and one 12-port switch configured for the other computers, VoIP phones, and printer
D. One router connected to one 24-port switch configured with two VLANS: one for the manager’s computers, VoIP phones, and printer, and one for the other computers, VoIP phones, and printer
A customer cannot access a company’s secure website. The company’s network security is reviewing the firewall for the server and finds the following output:
Which of the following changes should be made to allow all customers to access the company’s secure website?
A. Allow any any 10.5.0.10 443
B. Allow any any 12.73.15.5 443
C. Allow 10.5.0.10 443 any any
D. Allow 10.5.0.10 any 10.5.0.10 80