Latest Certified Success Dumps Download

JK0-022 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 131-140

September 18, 2017

2017 Sep CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 131 – (Topic 1)

Which of the following network architecture concepts is used to securely isolate at the boundary between networks?

  1. VLAN

  2. Subnetting

  3. DMZ

  4. NAT

Answer: C Explanation:

A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

Question No: 132 – (Topic 1)

Which of the following would Pete, a security administrator, MOST likely implement in order to allow employees to have secure remote access to certain internal network services such as file servers?

  1. Packet filtering firewall

  2. VPN gateway

  3. Switch

  4. Router

Answer: B Explanation:

VPNs are usually employed to allow remote access users to connect to and access the network, and offer connectivity between two or more private networks or LANs. A VPN gateway (VPN router) is a connection point that connects two LANs via a nonsecure network such as the Internet.

Question No: 133 – (Topic 1)

Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device?

  1. SMTP

  2. SNMPv3

  3. IPSec

  4. SNMP

Answer: B

Explanation: Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities.

Question No: 134 – (Topic 1)

Matt, an administrator, notices a flood fragmented packet and retransmits from an email server.

After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue?

  1. Spam filter

  2. Protocol analyzer

  3. Web application firewall

  4. Load balancer

Answer: B Explanation:

A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a typical host system. In either case, a protocol analyzer is first a packet capturing tool that can collect network traffic and store it in memory or onto a storage device. Once a packet is captured, it can be analyzed either with complex automated tools and scripts or manually.

Question No: 135 – (Topic 1)

A security architect wishes to implement a wireless network with connectivity to the company’s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?

  1. Disabling SSID broadcasting

  2. Implementing WPA2 – TKIP

  3. Implementing WPA2 – CCMP

  4. Filtering test workstations by MAC address

Answer: A Explanation:

Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.

Question No: 136 – (Topic 1)

Users are unable to connect to the web server at IP Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?


  1. It implements stateful packet filtering.

  2. It implements bottom-up processing.

  3. It failed closed.

  4. It implements an implicit deny.

Answer: D Explanation:

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.

Question No: 137 – (Topic 1)

The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO’s direction but has mandated that key authentication systems be run within the

organization’s network. Which of the following would BEST meet the CIO and CRO’s requirements?

  1. Software as a Service

  2. Infrastructure as a Service

  3. Platform as a Service

  4. Hosted virtualization service

Answer: A Explanation:

Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet.

Question No: 138 – (Topic 1)

Which of the following devices would be MOST useful to ensure availability when there are a large number of requests to a certain website?

  1. Protocol analyzer

  2. Load balancer

  3. VPN concentrator

  4. Web security gateway

Answer: B Explanation:

Load balancing refers to shifting a load from one device to another. A load balancer can be implemented as a software or hardware solution, and it is usually associated with a device-a router, a firewall, NAT appliance, and so on. In its most common implementation, a load balancer splits the traffic intended for a website into individual requests that are then rotated to redundant servers as they become available.

Question No: 139 – (Topic 1)

Which of the following is BEST used to break a group of IP addresses into smaller network segments or blocks?

  1. NAT

  2. Virtualization

  3. NAC

  4. Subnetting

Answer: D Explanation:

Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.

Question No: 140 – (Topic 1)

Which of the following devices would MOST likely have a DMZ interface?

  1. Firewall

  2. Switch

  3. Load balancer

  4. Proxy

Answer: A

Explanation: The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass JK0-022 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE