CompTIA CompTIA Mobility+ N10-005 Questions & Answers

• Question 141:

  A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied?

  A. TCP

  B. SMTP

  C. ICMP

  D. ARP

  Correct Answer: C

  The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is assigned protocol number 1.

• Question 142:

  A small office has created an annex in an adjacent office space just 20 feet (6 meters) away. A network administrator is assigned to provide connectivity between the existing office and the new office. Which of the following solutions provides the MOST security from third party tampering?

  A. CAT5e connection between offices via the patch panel located in building's communication closet.

  B. CAT5e cable run through ceiling in the public space between offices.

  C. VPN between routers located in each office space.

  D. A WEP encrypted wireless bridge with directional antennae between offices.

  Correct Answer: C

  A VPN connection across the Internet is similar to a wide area network (WAN) link between the sites. From a user perspective, the extended network resources are accessed in the same way as resources available from the private network.

• Question 143:

  A strong network firewall would likely support which of the following security features for controlling access? (Select TWO).

  A. War driving

  B. War chalking

  C. MAC filtering

  D. FTP bouncing

  E. Port filtering

  Correct Answer: CE

  MAC filtering set the security level at layer 2 and port filtering will set the security level on layer 4 so by filtering the traffic on both layers our network will get secure.

• Question 144:

  A network administrator is looking to implement a solution allowing users to utilize a common password to access most network resources for an organization. Which of the following would BEST provide this functionality?

  A. RADIUS

  B. Single sign on

  C. Multifactor authentication

  D. Two-factor authentication

  Correct Answer: B

  Single sign-on (SSO)is a session/user authentication process that permits a user to enter one name and password in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.

• Question 145:

  A network administrator is responding to a statement of direction made by senior management to implement network protection that will inspect packets as they enter the network. Which of the following technologies would be used?

  A. Packet sniffer

  B. Stateless firewall

  C. Packet filter

  D. Stateful firewall

  Correct Answer: D

  Stateful firewall keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected.

• Question 146:

  Which of the following network access security methods ensures communication occurs over a secured, encrypted channel, even if the data uses the Internet?

  A. MAC filtering

  B. RAS

  C. SSL VPN

  D. L2TP

  Correct Answer: C

  SSL VPN consists of one or more VPN devices to which the user connects by using his Web browser. The traffic between the Web browser and the SSL VPN device is encrypted with the SSL protocol or its successor, the Transport Layer Security (TLS) protocol.

• Question 147:

  Which of the following appliances creates and manages a large number of secure remote-access sessions, and also provides a high availability solution?

  A. Media converter

  B. Proxy server

  C. VPN concentrator

  D. Load balancer

  Correct Answer: C

  The VPN Concentrator is used for Remote Access VPN's that allows users to use an encrypted tunnel to securely access a corporate or other network via the Internet.

• Question 148:

  The security measure used to reduce vulnerabilities for MOST network devices that require regular application and monitoring is:

  A. patch management

  B. security limitations

  C. documentation

  D. social engineering

  Correct Answer: A

  A patch is a piece of software designed to fix security vulnerabilities and other bugs, and improving the usability or performance.

• Question 149:

  A customer wants to increase firewall security.

  Which of the following are common reasons for implementing port security on the firewall? (Select TWO).

  A. Preventing dictionary attacks on user passwords

  B. Reducing spam from outside email sources

  C. Shielding servers from attacks on internal services

  D. Blocking external probes for vulnerabilities

  E. Directing DNS queries to the primary server

  Correct Answer: CD

  Port security is required because if we keep the ports unsecure then hackers can do port scanning and can compromise the internal secured network so we will have to shield servers to avoid attacks from outside and we need to block incoming scanning request coming from outside.

• Question 150:

  A company wants to secure its WAPs from unauthorized access.

  Which of the following is the MOST secure wireless encryption method?

  A. SSID disable

  B. SNMPv3

  C. WEP

  D. WPA2

  Correct Answer: D

  WPA2 improves security of Wi-Fi connections by not allowing use of an algorithm called TKIP (Temporal Key Integrity Protocol) that has known security holes (limitations) in the original WPA implementation.