[Free] 2017(Nov) Dumps4cert Testinsides CompTIA JK0-022 Dumps with VCE and PDF Download 51-60

Dumps4cert 2017 Nov CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/JK0-022.html

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 51 – (Topic 1)

ON NO: 50

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?

  1. Remove the staff group from the payroll folder

  2. Implicit deny on the payroll folder for the staff group

  3. Implicit deny on the payroll folder for the managers group

  4. Remove inheritance from the payroll folder

Answer: B

Explanation: Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.

Question No: 52 – (Topic 1)

Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend?

  1. Create a VLAN for the SCADA

  2. Enable PKI for the MainFrame

  3. Implement patch management

  4. Implement stronger WPA2 Wireless

Answer: A Explanation:

VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. This can be accomplished by not defining a route between different VLANs or by specifying a deny filter between certain VLANs (or certain members of a VLAN). Any network segment that doesn’t need to communicate with another in order to accomplish a work task/function shouldn’t be able to do so.

Question No: 53 – (Topic 1)

Pete, a network administrator, is implementing IPv6 in the DMZ. Which of the following protocols must he allow through the firewall to ensure the web servers can be reached via IPv6 from an IPv6 enabled Internet host?

  1. TCP port 443 and IP protocol 46

  2. TCP port 80 and TCP port 443

  3. TCP port 80 and ICMP

  4. TCP port 443 and SNMP

Answer: B Explanation:

HTTP and HTTPS, which uses TCP port 80 and TCP port 443 respectively, is necessary for Communicating with Web servers. It should therefore be allowed through the firewall.

Question No: 54 – (Topic 1)

According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?

  1. NIDS

  2. DMZ

  3. NAT

  4. VLAN

Answer: D

Explanation: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.

Question No: 55 – (Topic 1)

A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption.

Which of the following should be implemented?

  1. WPA2-CCMP with 802.1X

  2. WPA2-PSK

  3. WPA2-CCMP

  4. WPA2-Enterprise

    Answer: D Explanation:

    D: WPA-Enterprise is also referred to as WPA-802.1X mode, and sometimes just WPA (as opposed to WPA-PSK), this is designed for enterprise networks and requires a RADIUS authentication server. This requires a more complicated setup, but provides additional security (e.g. protection against dictionary attacks on short passwords). Various kinds of the Extensible Authentication Protocol (EAP) are used for authentication. RADIUS can be managed centrally, and the servers that allow access to a network can verify with a RADIUS server whether an incoming caller is authorized. Thus the RADIUS server can perform all authentications. This will require users to use their passwords on their user accounts.

    Question No: 56 HOTSPOT – (Topic 1)

    The security administrator has installed a new firewall which implements an implicit DENY policy by default. Click on the firewall and configure it to allow ONLY the following communication.

    1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.

    2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port

    3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

      Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

      Dumps4Cert 2017 PDF and VCE

      Dumps4Cert 2017 PDF and VCE

      Dumps4Cert 2017 PDF and VCE

      Answer:

      Dumps4Cert 2017 PDF and VCE

      Explanation:

      Dumps4Cert 2017 PDF and VCE

      Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.

      Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443.

      Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22

      Rule #3 amp; Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.

      References:

      Stewart, James Michael, CompTIA Security Review Guide, Sybex, Indianapolis, 2014, pp 26, 44.

      http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

      Question No: 57 – (Topic 1)

      A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue?

      1. The SSID broadcast is disabled.

      2. The company is using the wrong antenna type.

      3. The MAC filtering is disabled on the access point.

      4. The company is not using strong enough encryption.

Answer: A Explanation:

When the SSID is broadcast, any device with an automatic detect and connect feature is able to see the network and can initiate a connection with it. The fact that they cannot access the network means that they are unable to see it.

Question No: 58 – (Topic 1)

A computer is put into a restricted VLAN until the computer’s virus definitions are up-to- date.

Which of the following BEST describes this system type?

  1. NAT

  2. NIPS

  3. NAC

  4. DMZ

Answer: C Explanation:

Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.

Question No: 59 – (Topic 1)

ON NO: 161

If you don’t know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?

  1. macconfig

  2. ifconfig

  3. ipconfig

  4. config

Answer: B Explanation:

To find MAC address of a Unix/Linux workstation, use ifconfig or ip a.

Question No: 60 – (Topic 1)

A security analyst noticed a colleague typing the following command:

`Telnet some-host 443′

Which of the following was the colleague performing?

  1. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack.

  2. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

  3. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead.

  4. A mistaken port being entered because telnet servers typically do not listen on port 443.

Answer: B Explanation:

B: The Telnet program parameters are: telnet lt;hostnamegt; lt;portgt;

lt;hostnamegt; is the name or IP address of the remote server to connect to.

lt;portgt; is the port number of the service to use for the connection.

TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL port. By running the Telnet some-host 443 command, the security analyst is checking that routing is done properly and not blocked by a firewall.

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert JK0-022 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *