[Free] 2017(Nov) Dumps4cert Testinsides CompTIA JK0-022 Dumps with VCE and PDF Download 531-540

Dumps4cert 2017 Nov CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/JK0-022.html

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 531 – (Topic 3)

Users have been reporting that their wireless access point is not functioning. They state that it allows slow connections to the internet, but does not provide access to the internal network. The user provides the SSID and the technician logs into the company’s access point and finds no issues. Which of the following should the technician do?

  1. Change the access point from WPA2 to WEP to determine if the encryption is too strong

  2. Clear all access logs from the AP to provide an up-to-date access list of connected users

  3. Check the MAC address of the AP to which the users are connecting to determine if it is an imposter

  4. Reconfigure the access point so that it is blocking all inbound and outbound traffic as a troubleshooting gap

Answer: C Explanation:

The users may be connecting to a rogue access point. The rogue access point could be hosting a wireless network that has the same SSID as the corporate wireless network. The only way to tell for sure if the access point the users are connecting to is the correct one is to check the MAC address. Every network card has a unique 48-bit address assigned.

A media access control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model.

MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card#39;s read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer#39;s registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address. This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address.

A network node may have multiple NICs and each NIC must have a unique MAC address. MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64.

Question No: 532 – (Topic 3)

A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application?

  1. Black box testing

  2. White box testing

  3. Gray box testing

  4. Design review

Answer: C Explanation:

In this question, we know the tester has some knowledge of the application because the tester developed a plug-in module for it. However, the tester does not have detailed information about the entire application. Therefore, this is a grey-box test.

Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has limited knowledge of the internal details of the program. A gray box is a device, program or system whose workings are partially understood.

Gray box testing can be contrasted with black box testing, a scenario in which the tester has no knowledge or access to the internal workings of a program, or white box testing, a scenario in which the internal particulars are fully known. Gray box testing is commonly used in penetration tests.

Gray box testing is considered to be non-intrusive and unbiased because it does not require that the tester have access to the source code. With respect to internal processes, gray box testing treats a program as a black box that must be analyzed from the outside. During a gray box test, the person may know how the system components interact but not have detailed knowledge about internal program functions and operation. A clear distinction exists between the developer and the tester, thereby minimizing the risk of personnel conflicts.

Question No: 533 – (Topic 3)

Which of the following would a security administrator implement in order to identify a problem between two applications that are not communicating properly?

  1. Protocol analyzer

  2. Baseline report

  3. Risk assessment

  4. Vulnerability scan

Answer: A Explanation:

A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing and analyzing the packets sent between applications on systems that are not communicating properly could help determine the cause of the issue.

Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal).

Question No: 534 – (Topic 3)

A security administrator needs to determine which system a particular user is trying to login to at various times of the day. Which of the following log types would the administrator check?

  1. Firewall

  2. Application

  3. IDS

  4. Security

Answer: D Explanation:

The security log records events such as valid and invalid logon attempts, as well as events related to resource use, such as the creating, opening, or deleting of files. For example, when logon auditing is enabled, an event is recorded in the security log each time a user attempts to log on to the computer. You must be logged on as Administrator or as a member of the Administrators group in order to turn on, use, and specify which events are recorded in the security log.

Question No: 535 – (Topic 3)

Several bins are located throughout a building for secure disposal of sensitive information. Which of the following does this prevent?

  1. Dumpster diving

  2. War driving

  3. Tailgating

  4. War chalking

Answer: A Explanation:

The bins in this question will be secure bins designed to prevent someone accessing the ‘rubbish’ to learn sensitive information.

Dumpster diving is looking for treasure in someone else#39;s trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn#39;t limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash.

Question No: 536 – (Topic 3)

Which of the following describes a type of malware which is difficult to reverse engineer in a virtual lab?

  1. Armored virus

  2. Polymorphic malware

  3. Logic bomb

  4. Rootkit

Answer: A Explanation:

An armored virus is a type of virus that has been designed to thwart attempts by analysts from examining its code by using various methods to make tracing, disassembling and reverse engineering more difficult. An Armored Virus may also protect itself from antivirus programs, making it more difficult to trace. To do this, the Armored Virus attempts to trick the antivirus program into believing its location is somewhere other than where it really is on the system.

Question No: 537 – (Topic 3)

Pete’s corporation has outsourced help desk services to a large provider. Management has published a procedure that requires all users, when receiving support, to call a special number.

Users then need to enter the code provided to them by the help desk technician prior to allowing the technician to work on their PC. Which of the following does this procedure prevent?

  1. Collusion

  2. Impersonation

  3. Pharming

  4. Transitive Access

Answer: B Explanation:

Impersonation is where a person, computer, software application or service pretends to be someone or something it’s not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat.

The procedure the users have to go through is to ensure that the technician who will have access to the computer is a genuine technician and not someone impersonating a technician.

Question No: 538 – (Topic 3)

A company hires outside security experts to evaluate the security status of the corporate network. All of the company’s IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?

  1. Penetration testing

  2. WAF testing

  3. Vulnerability scanning

  4. White box testing

Answer: C Explanation:

Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning.

A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability

scan scans for known weaknesses such as missing patches or security updates.

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.

Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network#39;s security.

Question No: 539 – (Topic 3)

A security technician at a small business is worried about the Layer 2 switches in the network suffering from a DoS style attack caused by staff incorrectly cabling network connections between switches.

Which of the following will BEST mitigate the risk if implemented on the switches?

  1. Spanning tree

  2. Flood guards

  3. Access control lists

  4. Syn flood

Answer: A Explanation:

Spanning Tree is designed to eliminate network ‘loops’ from incorrect cabling between switches. Imagine two switches named switch 1 and switch 2 with two network cables connecting the switches. This would cause a network loop. A network loop between two switches can cause a ‘broadcast storm’ where a broadcast packet is sent out of all ports on switch 1 which includes two links to switch 2. The broadcast packet is then sent out of all ports on switch 2 which includes links back to switch 1. The broadcast packet will be sent out of all ports on switch 1 again which includes two links to switch 2 and so on thus flooding the network with broadcast traffic.

The Spanning-Tree Protocol (STP) was created to overcome the problems of transparent bridging in redundant networks. The purpose of STP is to avoid and eliminate loops in the network by negotiating a loop-free path through a root bridge. This is done by determining where there are loops in the network and blocking links that are redundant.

Spanning-Tree Protocol executes an algorithm called the Spanning-Tree Algorithm (STA). In order to find redundant links, STA will choose a reference point called a Root Bridge, and then determines all the available paths to that reference point. If it finds a redundant path, it chooses for the best path to forward and for all other redundant paths to block. This effectively severs the redundant links within the network.

All switches participating in STP gather information on other switches in the network through an exchange of data messages. These messages are referred to as Bridge Protocol Data Units (BPDUs). The exchange of BPDUs in a switched environment will result in the election of a root switch for the stable spanning-tree network topology, election of designated switch for every switched segment, and the removal of loops in the switched network by placing redundant switch ports in a backup state.

Question No: 540 – (Topic 3)

Which of the following BEST represents the goal of a vulnerability assessment?

  1. To test how a system reacts to known threats

  2. To reduce the likelihood of exploitation

  3. To determine the system’s security posture

  4. To analyze risk mitigation strategies

Answer: C Explanation:

A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates.

A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers.

Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network#39;s security.

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert JK0-022 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *