CompTIA Security+

Here you have the best CompTIA SY0-401 practice exam questions

  • You have 1780 total questions across 356 pages (5 per page)
  • These questions were last updated on March 29, 2026
  • This site is not affiliated with or endorsed by CompTIA.
Question 1 of 1780

Sara, the security administrator, MUST configure the corporate firewall to allow all public IP addresses on the internal interface of the firewall to be translated to one public IP address on the external interface of the same firewall. Which of the following should Sara configure?

Answer

Suggested Answer

The suggested answer is A.

Port Address Translation (PAT) is the correct configuration. PAT, also known as NAT Overload, allows multiple devices on a local network to be mapped to a single public IP address using different port numbers. This technique is used to conserve public IP addresses and is ideal for scenarios where many internal devices need to communicate with external networks using a single public IP address.

Question 2 of 1780

Which of the following devices is MOST likely being used when processing the following?

  1. PERMIT IP ANY ANY EQ 80
  2. DENY IP ANY ANY

Answer

Suggested Answer

The suggested answer is A.

Firewalls, routers, and even switches can use ACLs as a method of security management. An access control list has a deny ip any any implicitly at the end of any access control list. ACLs deny by default and allow by exception.
Incorrect Answers:
B: Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity.
C: A load balancer is used to distribute network traffic load across several network links or network devices.
D: A URL filter is used to block URLs (websites) to prevent users accessing the website.
References:
, Sybex, Indianapolis, 2014, pp. 10, 24
http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html http://en.wikipedia.org/wiki/Intrusion_prevention_system http://www.provision.ro/threat-management/web-application-security/url-filtering#pagei-1|pagep-1|
Question 3 of 1780

The security administrator at ABC company received the following log information from an external party:

  • 10:45:01 EST, SRC 10.4.3.7:3056, DST 8.4.2.1:80, ALERT, Directory traversal
  • 10:45:02 EST, SRC 10.4.3.7:3057, DST 8.4.2.1:80, ALERT, Account brute force
  • 10:45:03 EST, SRC 10.4.3.7:3058, DST 8.4.2.1:80, ALERT, Port scan

The external party is reporting attacks coming from abc-company.com. Which of the following is the reason the ABC companys security administrator is unable to determine the origin of the attack?

Answer

Suggested Answer

The suggested answer is D.

ABC company uses Port Address Translation (PAT), which allows multiple devices on a local network to be mapped to a single public IP address but with a different port number for each session. The log entries show the same IP address but different port numbers, implying PAT is in use. This makes it difficult for the security administrator to determine the exact origin of the attacks within the company's internal network, as the external logs only furnish the translated IP address and ports without revealing the specific internal devices involved.

Question 4 of 1780

Which of the following security devices can be replicated on a Linux based computer using IP tables to inspect and properly handle network based traffic?

Answer

Suggested Answer

The suggested answer is C.

IP tables are a user-space utility tool in Linux that enables system administrators to configure the IP packet filter rules of the Linux kernel firewall. Through IP tables, a Linux-based computer can inspect, filter, and modify network traffic, effectively functioning as a firewall. While sniffers and switches have different roles related to packet monitoring and network segment interconnection respectively, and routers manage traffic between separate networks, the primary purpose of IP tables is aligned with firewall functionality.

Question 5 of 1780

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model?

Answer

Suggested Answer

The suggested answer is B.

Stateful inspections occur at all levels of the network.
Incorrect Answers:
A: Packet-filtering firewalls operate at the Network layer (Layer 3) and the Transport layer (Layer 4) of the Open Systems Interconnect (OSI) model.
C: The proxy function can occur at either the application level or the circuit level.
D: Application Firewalls operate at the Application layer (Layer7) of the OSI model.
References:
, Sybex, Indianapolis, 2014, pp. 98-100
, Sybex, Indianapolis, 2014, p. 6

About the CompTIA SY0-401 Certification Exam

About the Exam

The CompTIA SY0-401 (CompTIA Security+) validates your knowledge and skills. Passing demonstrates proficiency and can boost your career prospects in the field.

How to Prepare

Work through all 1780 practice questions across 356 pages. Focus on understanding the reasoning behind each answer rather than memorizing responses to be ready for any variation on the real exam.

Why Practice Exams?

Practice exams help you familiarize yourself with the question format, manage your time, and reduce anxiety on the test day. Our SY0-401 questions are regularly updated to reflect the latest exam objectives.