[Free] 2017(Nov) Dumps4cert Testinsides CompTIA JK0-022 Dumps with VCE and PDF Download 161-170

Dumps4cert 2017 Nov CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/JK0-022.html

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 161 – (Topic 1)

Which of the following is a best practice when securing a switch from physical access?

  1. Disable unnecessary accounts

  2. Print baseline configuration

  3. Enable access lists

  4. Disable unused ports

Answer: D Explanation:

Disabling unused switch ports a simple method many network administrators use to help secure their network from unauthorized access.

All ports not in use should be disabled. Otherwise, they present an open door for an attacker to enter.

Question No: 162 – (Topic 1)

Pete, a network administrator, is capturing packets on the network and notices that a large amount of the traffic on the LAN is SIP and RTP protocols. Which of the following should he do to segment that traffic from the other traffic?

  1. Connect the WAP to a different switch.

  2. Create a voice VLAN.

  3. Create a DMZ.

  4. Set the switch ports to 802.1q mode.

Answer: B Explanation:

It is a common and recommended practice to separate voice and data traffic by using VLANs. Separating voice and data traffic using VLANs provides a solid security boundary, preventing data applications from reaching the voice traffic. It also gives you a simpler method to deploy QoS, prioritizing the voice traffic over the data.

Question No: 163 – (Topic 1)

During the analysis of a PCAP file, a security analyst noticed several communications with a remote server on port 53. Which of the following protocol types is observed in this traffic?

  1. FTP

  2. DNS

  3. Email

  4. NetBIOS

Answer: B Explanation:

DNS (Domain Name System) uses port 53.

Question No: 164 – (Topic 1)

While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network SSIDs are:

  1. no longer used to authenticate to most wireless networks.

  2. contained in certain wireless packets in plaintext.

  3. contained in all wireless broadcast packets by default.

  4. no longer supported in 802.11 protocols.

Answer: B Explanation:

The SSID is still required for directing packets to and from the base station, so it can be discovered using a wireless packet sniffer.

Question No: 165 – (Topic 1)

A small company can only afford to buy an all-in-one wireless router/switch. The company has 3 wireless BYOD users and 2 web servers without wireless access. Which of the following should the company configure to protect the servers from the user devices? (Select TWO).

  1. Deny incoming connections to the outside router interface.

  2. Change the default HTTP port

  3. Implement EAP-TLS to establish mutual authentication

  4. Disable the physical switch ports

  5. Create a server VLAN

  6. Create an ACL to access the server

Answer: E,F Explanation:

We can protect the servers from the user devices by separating them into separate VLANs (virtual local area networks).

The network device in the question is a router/switch. We can use the router to allow access from devices in one VLAN to the servers in the other VLAN. We can configure an ACL (Access Control List) on the router to determine who is able to access the server.

In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN.

This is usually achieved on switch or router devices. Simpler devices only support partitioning on a port level (if at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs.

Grouping hosts with a common set of requirements regardless of their physical location by VLAN can greatly simplify network design. A VLAN has the same attributes as a physical

local area network (LAN), but it allows for end stations to be grouped together more easily even if they are not on the same network switch. The network described in this question is a DMZ, not a VLAN.

Question No: 166 – (Topic 1)

While configuring a new access layer switch, the administrator, Joe, was advised that he needed to make sure that only devices authorized to access the network would be permitted to login and utilize resources. Which of the following should the administrator implement to ensure this happens?

  1. Log Analysis

  2. VLAN Management

  3. Network separation

D. 802.1x

Answer: D Explanation:

802.1x is a port-based authentication mechanism. It’s based on Extensible Authentication Protocol (EAP) and is commonly used in closed-environment wireless networks. 802.1x was initially used to compensate for the weaknesses of Wired Equivalent Privacy (WEP), but today it’s often used as a component in more complex authentication and connection- management systems, including Remote Authentication Dial-In User Service (RADIUS), Diameter, Cisco System’s Terminal Access Controller Access-Control System Plus (TACACS ), and Network Access Control (NAC).

Question No: 167 – (Topic 1)

Which of the following allows Pete, a security technician, to provide the MOST secure wireless implementation?

  1. Implement WPA

  2. Disable SSID

  3. Adjust antenna placement

  4. Implement WEP

Answer: A

Explanation: Of the options supplied, WiFi Protected Access (WPA) is the most secure and is the replacement for WEP.

Question No: 168 – (Topic 1)

Ann, a security administrator, has concerns regarding her company’s wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be.

Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current functionality for clients?

  1. Enable MAC filtering on the wireless access point.

  2. Configure WPA2 encryption on the wireless access point.

  3. Lower the antenna’s broadcasting power.

  4. Disable SSID broadcasting.

Answer: C Explanation:

Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far.

Question No: 169 – (Topic 1)

A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?

  1. ICMP

  2. BGP

  3. NetBIOS

  4. DNS

Answer: C Explanation:

The LMHOSTS file provides a NetBIOS name resolution method that can be used for small

networks that do not use a WINS server. NetBIOS has been adapted to run on top of TCP/IP, and is still extensively used for name resolution and registration in Windows-based environments.

Question No: 170 – (Topic 1)

Which of the following firewall types inspects Ethernet traffic at the MOST levels of the OSI model?

  1. Packet Filter Firewall

  2. Stateful Firewall

  3. Proxy Firewall

  4. Application Firewall

Answer: B Explanation:

Stateful inspections occur at all levels of the network.

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert JK0-022 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *