Skip to Content

CompTIA Security+ SY0-601 Exam Questions and Answers – Page 6 Part 2

The latest CompTIA Security+ (SY0-601) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the CompTIA Security+ (SY0-601) exam and earn CompTIA Security+ (SY0-601) certification.

CompTIA Security+ (SY0-601) Exam Questions and Answers

Question 591

Exam Question

Which of the following statements describe the function of a forward proxy? (Select 2 answers)

A. Acts on behalf of a client
B. Hides the identity of a client
C. Acts on behalf of a server
D. Hides the identity of a server

Correct Answer

A. Acts on behalf of a client
B. Hides the identity of a client

Question 592

Exam Question

Which of the following servers would be best suited to act as an intermediary between an intranet and a screened subnet?

A. UC server
B. Proxy server
C. C2 server
D. Jump server

Correct Answer

D. Jump server

Question 593

Exam Question

What is the name of a network security access control method in which a 48-bit physical address assigned to each network card is used to determine access to the network?

A. MAC filtering
B. Network Address Translation (NAT)
C. Static IP addressing
D. Network Access Control (NAC)

Correct Answer

A. MAC filtering

Question 594

Exam Question

Which of the following answers refers to an STP frame?

A. MTU
B. Jumbo frame
C. BPDU
D. Magic packet

Correct Answer

C. BPDU

Question 595

Exam Question

In the context of implementing secure network designs, the term “Port security” may apply to:

A. Disabling physical ports on a device (e.g. RJ-45 device ports on a router, switch, or patch panel)
B. Implementing MAC filtering
C. Disabling unused logical ports (TCP/UDP)
D. Implementing Port-based Network Access Control (defined in the IEEE 802.1X standard)
E. All of the above

Correct Answer

E. All of the above

Question 596

Exam Question

Network Access Control (NAC) defines a set of rules enforced in a network that the clients attempting to access the network must comply with. With NAC, policies can be enforced before (pre-admission NAC) and/or after end-stations gain access to the network (post-admission NAC). NAC can be implemented with the use of agent software which can be installed on the client machine permanently (this type of software is referred to as permanent agent) or used only temporarily during checks (this type of software is known as dissolvable agent). Another implementation option is agentless NAC, where checks are performed remotely without the need for any client software agents. In agentless NAC, the client machine is checked by external security device with the use of either passive or active network discovery methods.

A. True
B. False

Correct Answer

A. True

Question 597

Exam Question

Which of the following answers refers to a deprecated method for implementing Virtual Private Networks (VPNs)?

A. GRE
B. PPTP
C. OpenVPN
D. SSTP

Correct Answer

B. PPTP

Question 598

Exam Question

Which type of VPN enables connectivity between two networks?

A. Site-to-site
B. Host-to-network
C. Remote access
D. Client-to-site

Correct Answer

A. Site-to-site

Question 599

Exam Question

Which of the terms listed below describes a type of VPN that alleviates bottlenecks and conserves bandwidth by enabling utilization of both the VPN and public network links?

A. Tethering
B. Split tunnel
C. Load balancing
D. Full tunnel

Correct Answer

B. Split tunnel

Question 600

Exam Question

Which of the answers listed below refers to a dedicated device for managing encrypted connections established over an untrusted network, such as the Internet?

A. VPN concentrator
B. Load balancer
C. Managed switch
D. Multilayer switch

Correct Answer

A. VPN concentrator