[Free] 2018(June) Ensurepass CompTIA JK0-022 Dumps with VCE and PDF 61-70

Ensurepass.com : Ensure you pass the IT Exams
2018 May CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 61 – (Topic 1)

At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?

  1. Configure an access list.

  2. Configure spanning tree protocol.

  3. Configure port security.

  4. Configure loop protection.

Answer: C Explanation:

Port security in IT can mean several things. It can mean the physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. This can be accomplished by locking down the wiring closet and server vaults and then disconnecting the workstation run from the patch panel (or punch-down block) that leads to a room’s wall jack. Any unneeded or unused wall jacks can (and should) be physically disabled in this manner. Another option is to use a smart patch panel that can monitor the MAC address of any device connected to each and every wall port across a building and detect not just when a new device is connected to an empty port, but also when a valid device is disconnected or replaced by an invalid device.

Question No: 62 – (Topic 1)

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to integrate the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?

  1. Unified Threat Management

  2. Virtual Private Network

  3. Single sign on

  4. Role-based management

Answer: A Explanation:

Unified Threat Management (UTM) is, basically, the combination of a firewall with other abilities. These abilities include intrusion prevention, antivirus, content filtering, etc.

Advantages of combining everything into one:

You only have one product to learn.

You only have to deal with a single vendor. IT provides reduced complexity.

Question No: 63 – (Topic 1)

A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic.

Which of the following would accomplish this task?

  1. Deny TCP port 68

  2. Deny TCP port 69

  3. Deny UDP port 68

  4. Deny UDP port 69

Answer: D Explanation:

Trivial File Transfer Protocol (TFTP) is a simple file-exchange protocol that doesn’t require authentication. It operates on UDP port 69.

Question No: 64 – (Topic 1)

Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not connect.

Which of the following is MOST likely the reason?

  1. The company wireless is using a MAC filter.

  2. The company wireless has SSID broadcast disabled.

  3. The company wireless is using WEP.

  4. The company wireless is using WPA2.

Answer: A Explanation:

MAC filtering allows you to include or exclude computers and devices based on their MAC address.

Question No: 65 – (Topic 1)

A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68.

Which of the following replies has the administrator received?

  1. The loopback address

  2. The local MAC address

  3. IPv4 address

  4. IPv6 address

Answer: D Explanation:

IPv6 addresses are 128-bits in length. An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing 16 bits (two octets). The groups are separated by colons (:). The hexadecimal digits are case-insensitive, but IETF recommendations suggest the use of lower case letters. The full representation of eight 4- digit groups may be simplified by several techniques, eliminating parts of the representation.

Question No: 66 – (Topic 1)

A network administrator wants to block both DNS requests and zone transfers coming from outside IP addresses. The company uses a firewall which implements an implicit allow and is currently configured with the following ACL applied to its external interface.


Which of the following rules would accomplish this task? (Select TWO).

  1. Change the firewall default settings so that it implements an implicit deny

  2. Apply the current ACL to all interfaces of the firewall

  3. Remove the current ACL

  4. Add the following ACL at the top of the current ACL DENY TCP ANY ANY 53

  5. Add the following ACL at the bottom of the current ACL DENY ICMP ANY ANY 53

  6. Add the following ACL at the bottom of the current ACL DENY IP ANY ANY 53

Answer: A,F Explanation:

Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default. Implicit deny is the default response when an explicit allow or deny isn’t present.

DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers. These are zone file exchanges between DNS servers, special manual queries, or used when a

response exceeds 512 bytes. UDP port 53 is used for most typical DNS queries.

Question No: 67 – (Topic 1)

A network technician is on the phone with the system administration team. Power to the server room was lost and servers need to be restarted. The DNS services must be the first to be restarted. Several machines are powered off. Assuming each server only provides one service, which of the following should be powered on FIRST to establish DNS services?

  1. Bind server

  2. Apache server

  3. Exchange server

  4. RADIUS server

Answer: A Explanation:

BIND (Berkeley Internet Name Domain) is the most widely used Domain Name System (DNS) software on the Internet. It includes the DNS server component contracted for name daemon. This is the only option that directly involves DNS.

Question No: 68 – (Topic 1)

Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).

  1. Disable the wired ports

  2. Use channels 1, 4 and 7 only

  3. Enable MAC filtering

  4. Disable SSID broadcast

  5. Switch from 802.11a to 802.11b

Answer: C,D

Explanation: Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer.

Thus, the SSID should be disabled if the network isn’t for public use.

A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

Question No: 69 – (Topic 1)

A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?

  1. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP

  2. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

  3. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS

  4. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS

Answer: B Explanation:

The question states that traffic on port 21, 69, 80, and 137-139 is blocked, while ports 22 and 443 are allowed.

Port 21 is used for FTP by default. Port 69 is used for TFTP.

Port 80 is used for HTTP.

Ports 137-139 are used for NetBIOS. VMM uses SFTP over default port 22. Port 22 is used for SSH by default.

SCP runs over TCP port 22 by default. Port 443 is used for HTTPS.

Question No: 70 – (Topic 1)

An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?

  1. WEP

  2. CCMP

  3. TKIP

  4. RC4

Answer: B Explanation:

CCMP is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard.

100% Ensurepass Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Ensurepass Free Guaranteed!
Download 2018 EnsurePass JK0-022 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.