Latest Certified Success Dumps Download

JK0-022 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 581-590

September 18, 2017

2017 Sep CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 581 – (Topic 3)

A financial company requires a new private network link with a business partner to cater for realtime and batched data flows.

Which of the following activities should be performed by the IT security staff member prior to establishing the link?

  1. Baseline reporting

  2. Design review

  3. Code review

  4. SLA reporting

Answer: B Explanation:

This question is asking about a new private network link (a VPN) with a business partner. This will provide access to the local network from the business partner.

When implementing a VPN, an important step is the design of the VPN. The VPN should be designed to ensure that the security of the network and local systems is not compromised.

The design review assessment examines the ports and protocols used, the rules, segmentation, and access control in the systems or applications. A design review is basically a check to ensure that the design of the system meets the security requirements.

Question No: 582 – (Topic 3)

Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?

  1. Logic bomb

  2. Worm

  3. Trojan

  4. Adware

Answer: C Explanation:

In computers, a Trojan is a program in which malicious or harmful code is contained inside

apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.

Question No: 583 – (Topic 3)

Ann, the network administrator, has learned from the helpdesk that employees are accessing the wireless network without entering their domain credentials upon connection. Once the connection is made, they cannot reach any internal resources, while wired network connections operate smoothly. Which of the following is MOST likely occurring?

  1. A user has plugged in a personal access point at their desk to connect to the network wirelessly.

  2. The company is currently experiencing an attack on their internal DNS servers.

  3. The company’s WEP encryption has been compromised and WPA2 needs to be implemented instead.

  4. An attacker has installed an access point nearby in an attempt to capture company information.

Answer: D Explanation:

The question implies that users should be required to enter their domain credentials upon connection to the wireless network. The fact that they are connecting to a wireless network without being prompted for their domain credentials and they are unable to access network resources suggests they are connecting to a rogue wireless network.

A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-the-middle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non- maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server-client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network.

To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points.

Question No: 584 – (Topic 3)

Ann an employee is visiting Joe, an employee in the Human Resources Department. While talking to Joe, Ann notices a spreadsheet open on Joe’s computer that lists the salaries of all employees in her department. Which of the following forms of social engineering would BEST describe this situation?

  1. Impersonation

  2. Dumpster diving

  3. Tailgating

  4. Shoulder surfing

Answer: D Explanation:

Ann was able to see the Spreadsheet on Joe’s computer. This direct observation is known as shoulder surfing.

Shoulder surfing is using direct observation techniques, such as looking over someone#39;s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it#39;s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.

Question No: 585 – (Topic 3)

A trojan was recently discovered on a server. There are now concerns that there has been a security breach that allows unauthorized people to access data. The administrator should be looking for the presence of a/an:

  1. Logic bomb.

  2. Backdoor.

  3. Adware application.

  4. Rootkit.

Answer: B Explanation:

There has been a security breach on a computer system. The security administrator should now check for the existence of a backdoor.

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.

A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system.

Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission.

Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures-and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.

Question No: 586 – (Topic 3)

A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user’s host:

Old `hosts’ file: localhost New `hosts’ file: localhost

Which of the following attacks has taken place?

  1. Spear phishing

  2. Pharming

  3. Phishing

  4. Vishing

Answer: B Explanation:

We can see in this question that a fraudulent entry has been added to the user’s hosts file. This will point the URL: to instead of the correct IP address.

Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming #39;poisons#39; a DNS server (or hosts file) by infusing false information into the DNS server, resulting in a user#39;s request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing.

Question No: 587 – (Topic 3)

Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?

  1. Product baseline report

  2. Input validation

  3. Patch regression testing

  4. Code review

Answer: D Explanation:

The problems listed in this question can be caused by problems with the application code. Reviewing the code will help to prevent the problems.

The purpose of code review is to look at all custom written code for holes that may exist. The review needs also to examine changes that the code-most likely in the form of a

finished application-may make: configuration files, libraries, and the like. During this examination, look for threats such as opportunities for injection to occur (SQL, LDAP, code, and so on), cross-site request forgery, and authentication. Code review is often conducted as a part of gray box testing. Looking at source code can often be one of the easiest ways to find weaknesses within the application. Simply reading the code is known as manual assessment, whereas using tools to scan the code is known as automated assessment.

Question No: 588 – (Topic 3)

Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test?

  1. The security company is provided with all network ranges, security devices in place, and logical maps of the network.

  2. The security company is provided with no information about the corporate network or physical locations.

  3. The security company is provided with limited information on the network, including all network diagrams.

  4. The security company is provided with limited information on the network, including some subnet ranges and logical network diagrams.

Answer: B Explanation:

The term black box testing is generally associated with application testing. However, in this question the term is used for network testing. Black box testing means testing something when you have no knowledge of the inner workings.

Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well.

Specific knowledge of the application#39;s code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the

output in the first place.

Question No: 589 – (Topic 3)

Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?

  1. HIPS

  2. Antivirus

  3. NIDS

  4. ACL

Answer: A Explanation:

Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.

Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options.

Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. A Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. As a zero-day attack is an unknown vulnerability (a vulnerability that does not have a fix or a patch to prevent it), the best defence would be an intrusion prevention system.

Question No: 590 – (Topic 3)

Which of the following can only be mitigated through the use of technical controls rather that user security training?

  1. Shoulder surfing

  2. Zero-day

  3. Vishing

  4. Trojans

Answer: B Explanation:

A zero day vulnerability is an unknown vulnerability in a software application. This cannot be prevented by user security training.

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it-this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass JK0-022 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE