Practice Test 5 – Solution

1. Because there is no allow rule for FTP or TCP port 21, explicit deny will be applied, preventing the download.

2. Port security disables the ports and reduces the functionality of the switch, however, 802.1x authenticates the device, so the ports remain open with rogue devices being prevented access.

3. Using IPSec between servers uses transport mode, but when IPSec is used over the internet, it uses tunnel mode.

4. A stateful firewall inspects incoming traffic down to the commands used and packet sizes and would realize that the three-way handshake is not being established and would prevent the SYN flood attack.

5. The role of the VPN concentrator is to set up the secure session for the VPN connection.

6. We ...

Get CompTIA Security+ Practice Tests SY0-501 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.