Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
JK0-022 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 41-50

September 18, 2017

EnsurePass
2017 Sep CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JK0-022.html

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 41 – (Topic 1)

Which of the following is a step in deploying a WPA2-Enterprise wireless network?

  1. Install a token on the authentication server

  2. Install a DHCP server on the authentication server

  3. Install an encryption key on the authentication server

  4. Install a digital certificate on the authentication server

Answer: D Explanation:

When setting up a wireless network, you’ll find two very different modes of Wi-Fi Protected Access (WPA) security, which apply to both the WPA and WPA2 versions.

The easiest to setup is the Personal mode, technically called the Pre-Shared Key (PSK) mode. It doesn’t require anything beyond the wireless router or access points (APs) and uses a single passphrase or password for all users/devices.

The other is the Enterprise mode -which should be used by businesses and organizations-and is also known as the RADIUS, 802.1X, 802.11i, or EAP mode. It provides better security and key management, and supports other enterprise-type functionality, such as VLANs and NAP. However, it requires an external authentication server, called a Remote Authentication Dial In User Service (RADIUS) server to handle the 802.1X authentication of users.

To help you better understand the process of setting up WPA/WPA2-Enterprise and

802.1X, here’s the basic overall steps:

Choose, install, and configure a RADIUS server, or use a hosted service.

Create a certificate authority (CA), so you can issue and install a digital certificate onto the RADIUS server, which may be done as a part of the RADIUS server installation and configuration. Alternatively, you could purchase a digital certificate from a public CA, such as GoDaddy or Verisign, so you don’t have to install the server certificate on all the clients. If using EAP-TLS, you’d also create digital certificates for each end-user.

On the server, populate the RADIUS client database with the IP address and shared secret for each AP.

On the server, populate user data with usernames and passwords for each end-user. On each AP, configure the security for WPA/WPA2-Enterprise and input the RADIUS server IP address and the shared secret you created for that particular AP.

On each Wi-Fi computer and device, configure the security for WPA/WPA2-Enterprise and set the 802.1X authentication settings.

Question No: 42 – (Topic 1)

Which of the following ports should be used by a system administrator to securely manage a remote server?

  1. 22

  2. 69 C. 137 D. 445

Answer: A Explanation:

Secure Shell (SSH) is a more secure replacement for Telnet, rlogon, rsh, and rcp. SSH can be called a remote access or remote terminal solution. SSH offers a means by which a command-line, text-only interface connection with a server, router, switch, or similar device can be established over any distance. SSH makes use of TCP port 22.

Question No: 43 – (Topic 1)

An administrator connects VoIP phones to the same switch as the network PCs and printers. Which of the following would provide the BEST logical separation of these three

device types while still allowing traffic between them via ACL?

  1. Create three VLANs on the switch connected to a router

  2. Define three subnets, configure each device to use their own dedicated IP address range, and then connect the network to a router

  3. Install a firewall and connect it to the switch

  4. Install a firewall and connect it to a dedicated switch for each device type

Answer: A Explanation:

A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.

Question No: 44 – (Topic 1)

When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability.

Which of the following is the type of vulnerability described?

  1. Network based

  2. IDS

  3. Signature based

  4. Host based

Answer: C Explanation:

A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. The strength of a signature-based system is that it can quickly and accurately detect any event from its database of signatures.

Question No: 45 – (Topic 1)

Which of the following ports is used to securely transfer files between remote UNIX systems?

  1. 21

  2. 22

  3. 69

D. 445

Answer: B Explanation:

SCP copies files securely between hosts on a network. It uses SSH for data transfer, and uses the same authentication and provides the same security as SSH. Unlike RCP, SCP will ask for passwords or passphrases if they are needed for authentication.

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Question No: 46 – (Topic 1)

Which of the following secure file transfer methods uses port 22 by default?

  1. FTPS

  2. SFTP

  3. SSL

  4. S/MIME

Answer: B Explanation:

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

Question No: 47 – (Topic 1)

Which of the following wireless security technologies continuously supplies new keys for WEP?

  1. TKIP

  2. Mac filtering

  3. WPA2

  4. WPA

Answer: A Explanation:

TKIP is a suite of algorithms that works as a quot;wrapperquot; to WEP, which allows users of legacy WLAN equipment to upgrade to TKIP without replacing hardware. TKIP uses the original WEP programming but quot;wrapsquot; additional code at the beginning and end to encapsulate and modify it.

Question No: 48 – (Topic 1)

Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?

  1. WAF

  2. NIDS

  3. Routers

  4. Switches

Answer: A Explanation:

A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

As the protocols used to access a web server (typically HTTP and HTTPS) run in layer 7 of the OSI model, then web application firewall (WAF) is the correct answer.

Question No: 49 – (Topic 1)

A database administrator contacts a security administrator to request firewall changes for a

connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the application’s task. Which of the following is the security administrator practicing in this example?

  1. Explicit deny

  2. Port security

  3. Access control lists

  4. Implicit deny

Answer: C Explanation:

Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.

Question No: 50 DRAG DROP – (Topic 1)

Drag and drop the correct protocol to its default port.

Ensurepass 2017 PDF and VCE

Answer:

Ensurepass 2017 PDF and VCE

Explanation:

Ensurepass 2017 PDF and VCE

FTP uses TCP port 21. Telnet uses port 23.

SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file- transfer facility based on SSH and Remote Copy Protocol (RCP). Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP).

SMTP uses TCP port 25.

Port 69 is used by TFTP.

SNMP makes use of UDP ports 161 and 162.

References:

Stewart, James Michael, CompTIA Security Review Guide, Sybex, Indianapolis, 2014, pp 42, 45, 51

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass JK0-022 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE