Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CNX-001

Free CompTIA CNX-001 Exam Questions (page: 5)

Page 4 of 22
PDF with 84 Questions

A network security engineer must secure a web application running on virtual machines in a public cloud. The virtual machines are behind an application load balancer.
Which of the following technologies should the engineer use to secure the virtual machines? (Choose two.)

  1. CDN
  2. DLP
  3. IDS
  4. WAF
  5. SIEM
  6. NSG

Answer(s): D,F

Explanation:

WAF: Protects the web application by inspecting incoming HTTP/HTTPS requests at the load balancer, blocking SQL injection, XSS, and other common web attacks.

NSG: Enforces network-layer controls on the VMs' subnets or interfaces, allowing only approved ports and IP ranges to reach the application servers.



A company is expanding operations and opening a new facility. The executive leadership team decides to purchase an insurance policy that will cover the cost of rebuilding the facility in case of a natural disaster.
Which of the following describes the team's decision?

  1. Business continuity
  2. Disaster recovery
  3. Risk transference
  4. Memorandum of understanding

Answer(s): C

Explanation:

By purchasing an insurance policy, the company shifts the financial burden of rebuilding after a natural disaster to the insurer, which is the essence of risk transference.



A network engineer is establishing a wireless network for handheld inventory scanners in a manufacturing company's warehouse. The engineer needs an authentication mechanism for these scanners that uses the Wi-Fi network and works with the company's Active Directory. The business requires that the solution authenticate the users and authorize the scanners.
Which of the following provides the best solution for authentication and authorization?

  1. TACACS+
  2. RADIUS
  3. LDAP
  4. PKI

Answer(s): B

Explanation:

Using a RADIUS server with 802.1X on the Wi-Fi infrastructure allows the scanners (and their users) to be authenticated against Active Directory and mapped to the correct authorization policies. TACACS+ is geared toward device management, LDAP alone doesn't handle the Wi-Fi 802.1X

handshake, and PKI by itself wouldn't provide the user-to-device authorization flow needed. RADIUS gives you both authentication and authorization tied into AD.



A company is migrating an application to the cloud for modernization. The engineer needs to provide dependencies between application and database tiers in the environment.
Which of the following should the engineer reference in order to best meet this requirement?

  1. Internal knowledge base article
  2. CMDB
  3. WBS
  4. Diagram of physical server locations
  5. SOW

Answer(s): B

Explanation:

A Configuration Management Database (CMDB) explicitly maps and documents the relationships and dependencies among configuration items, such as your application and database tiers, making it the ideal reference when migrating to the cloud.



Viewing page 5 of 22



Post your Comments and Discuss CompTIA CNX-001 exam prep with other Community members:

CNX-001 Exam Discussions & Posts