Latest Certified Success Dumps Download

JK0-022 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 101-110

September 18, 2017

2017 Sep CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 101 – (Topic 1)

An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network?

  1. Configure each port on the switches to use the same VLAN other than the default one

  2. Enable VTP on both switches and set to the same domain

  3. Configure only one of the routers to run DHCP services

  4. Implement port security on the switches

Answer: D Explanation:

Port security in IT can mean several things:

The physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port.

The management of TCP and User Datagram Protocol (UDP) ports. If a service is active and assigned to a port, then that port is open. All the other 65,535 ports (of TCP or UDP) are closed if a service isn’t actively using them.

Port knocking is a security system in which all ports on a system appear closed. However, if the client sends packets to a specific set of ports in a certain order, a bit like a secret knock, then the desired service port becomes open and allows the client software to connect to the service.

Question No: 102 – (Topic 1)

Which of the following means of wireless authentication is easily vulnerable to spoofing?

  1. MAC Filtering

  2. WPA – LEAP

  3. WPA – PEAP

  4. Enabled SSID

Answer: A Explanation:

Each network interface on your computer or any other networked device has a unique MAC address. These MAC addresses are assigned in the factory, but you can easily change, or “spoof,” MAC addresses in software.

Networks can use MAC address filtering, only allowing devices with specific MAC addresses to connect to a network. This isn’t a great security tool because people can spoof their MAC addresses.

Question No: 103 – (Topic 1)

A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up.

Which of the following BEST allows the analyst to restrict user access to approved devices?

  1. Antenna placement

  2. Power level adjustment

  3. Disable SSID broadcasting

  4. MAC filtering

Answer: D Explanation:

A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

Question No: 104 – (Topic 1)

A technician has just installed a new firewall onto the network. Users are reporting that they cannot reach any website. Upon further investigation, the technician determines that websites can be reached by entering their IP addresses. Which of the following ports may have been closed to cause this issue?

  1. HTTP

  2. DHCP

  3. DNS

  4. NetBIOS

Answer: C Explanation:

DNS links IP addresses and human-friendly fully qualified domain names (FQDNs), which are made up of the Top-level domain (TLD), the registered domain name, and the Subdomain or hostname.

Therefore, if the DNS ports are blocked websites will not be reachable.

Question No: 105 – (Topic 1)

Which of the following is the default port for TFTP?

  1. 20

  2. 69

  3. 21

  4. 68

Answer: B Explanation:

TFTP makes use of UDP port 69.

Question No: 106 – (Topic 1)

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?

  1. VLAN

  2. Subnet

  3. VPN

  4. DMZ

Answer: D Explanation:

A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization#39;s external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization#39;s local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term quot;demilitarized zonequot;, an area between nation states in which military operation is not permitted.

Question No: 107 – (Topic 1)

FTP/S uses which of the following TCP ports by default?

A. 20 and 21

B. 139 and 445

C. 443 and 22

D. 989 and 990

Answer: D

Explanation: FTPS uses ports 989 and 990.

Question No: 108 – (Topic 1)

Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?

  1. NIPS

  2. HIDS

  3. HIPS

  4. NIDS

Answer: A Explanation:

Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention

systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it

Question No: 109 – (Topic 1)

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?

  1. Create a VLAN without a default gateway.

  2. Remove the network from the routing table.

  3. Create a virtual switch.

  4. Commission a stand-alone switch.

Answer: C Explanation:

A Hyper-V Virtual Switch implements policy enforcement for security, isolation, and service levels.

Question No: 110 – (Topic 1)

Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements?

  1. EAP-TLS




Answer: D Explanation:

PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards. Only servers running Network Policy Server

(NPS) or PEAP-MS-CHAP v2 are required to have a certificate.

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass JK0-022 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE