A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?
A. 20
B. 21
C. 22
D. 23
CompTIA exam questions
A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?
A. 20
B. 21
C. 22
D. 23
The security team would like to gather intelligence about the types of attacks being launched against the organization. Which of the following would provide them with the MOST information?
A. Implement a honeynet
B. Perform a penetration test
C. Examine firewall logs
D. Deploy an IDS
The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the following actions should the administrator take?
A. Create a firewall rule to block SSH
B. Delete the root account
C. Disable remote root logins
D. Ensure the root account has a strong password
Each server on a subnet is configured to only allow SSH access from the administrator’s workstation. Which of the following BEST describes this implementation?
A. Host-based firewalls
B. Network firewalls
C. Network proxy
D. Host intrusion prevention
Peter, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?
A. TCP port 443 and IP protocol 46
B. TCP port 80 and TCP port 443
C. TCP port 80 and ICMP
D. TCP port 443 and SNMP
A security administrator is aware that a portion of the company’s Internet-facing network tends to be non-secure due to poorly configured and patched systems. The business owner has accepted the risk of those systems being compromised, but the administrator wants to determine the degree to which those systems can be used to gain access to the company intranet. Which of the following should the administrator perform?
A. Patch management assessment
B. Business impact assessment
C. Penetration test
D. Vulnerability assessment
Which of the following is an important step in the initial stages of deploying a host-based firewall?
A. Selecting identification versus authentication
B. Determining the list of exceptions
C. Choosing an encryption algorithm
D. Setting time of day restrictions
When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator’s request?
A. DMZ
B. Cloud services
C. Virtualization
D. Sandboxing
Which of the following devices is MOST likely being used when processing the following?
1 PERMIT IP ANY ANY EQ 80
2 DENY IP ANY ANY
A. Firewall
B. NIPS
C. Load balancer
D. URL filter
Which of the following is the BEST approach to perform risk mitigation of user access control rights?
A. Conduct surveys and rank the results.
B. Perform routine user permission reviews.
C. Implement periodic vulnerability scanning.
D. Disable user accounts that have not been used within the last two weeks.