A computer is put into a restricted VLAN until the computer's virus definitions are up-to-date. Which of the following BEST describes this system type?
A. NAT
B. NIPS
C. NAC
D. DMZ
Correct Answer: C
Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.
Incorrect Answers:
A: NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system's request.
B: Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity.
D: A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access.
An auditor is given access to a conference room to conduct an analysis. When they connect their laptop's Ethernet cable into the wall jack, they are not able to get a connection to the Internet but have a link light. Which of the following is MOST likely causing this issue?
A. Ethernet cable is damaged
B. The host firewall is set to disallow outbound connections
C. Network Access Control
D. The switch port is administratively shutdown
Correct Answer: C
Network Access Control (NAC) means controlling access to an environment through strict adherence to and implementation of security policies. The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the
network, and use identities to perform access control.
Incorrect Answers:
A, B, D: In all three cases, a link light would not be showing.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 40.
Question 973:
Which of the following should be performed to increase the availability of IP telephony by prioritizing traffic?
A. Subnetting
B. NAT
C. Quality of service
D. NAC
Correct Answer: C
Quality of Service (QoS) facilitates the deployment of media-rich applications, such as video conferencing and Internet Protocol (IP) telephony, without adversely affecting network throughput.
Incorrect Answers:
A: Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.
B: NAT converts the IP addresses of internal systems found in the header of network packets into public IP addresses.
D: The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.
Which of the following would Pete, a security administrator, MOST likely implement in order to allow employees to have secure remote access to certain internal network services such as file servers?
A. Packet filtering firewall
B. VPN gateway
C. Switch
D. Router
Correct Answer: B
VPNs are usually employed to allow remote access users to connect to and access the network, and offer connectivity between two or more private networks or LANs. A VPN gateway (VPN router) is a connection point that connects two LANs via a nonsecure network such as the Internet.
Incorrect Answers:
A: A packet filter firewall filters traffic based on basic identification items found in a network packet's header. These items include source and destination address, port numbers, and protocols used.
C: Switches are often used to create virtual LANs (VLANs), which are used to logically segment a network without altering its physical topology.
D: Routers allow traffic from one network segment to cross into another network segment.
Which of the following is a programming interface that allows a remote computer to run programs on a local machine?
A. RPC
B. RSH
C. SSH
D. SSL
Correct Answer: A
Remote Procedure Call (RPC) is a programming interface that allows a remote computer to run programs on a local machine.
Incorrect Answers:
B: The remote shell (RSH) is a command line computer program that can execute shell commands as another user and on another computer across a computer network.
C: Secure Shell (SSH) is a cryptographic network protocol for securing data communication. The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it can also be used in a similar fashion on Windows.
D: SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client.
References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 53. http://en.wikipedia.org/wiki/Remote_Shell http://en.wikipedia.org/wiki/Secure_Shell https://www.digicert.com/ssl.htm
Question 976:
A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log: 22, 25, 445, 1433, 3128, 3389, 6667
Which of the following protocols was used to access the server remotely?
A. LDAP
B. HTTP
C. RDP
D. HTTPS
Correct Answer: C
RDP uses TCP port 3389.
Incorrect Answers:
A: LDAP operates over TCP ports 636 and 389.
B: HTTP uses TCP port 80 or TCP port 8080.
D: HTTPS uses TCP port 443 (or TCP port 80 in some configurations of TLS).
An administrator wishes to hide the network addresses of an internal network when connecting to the Internet. The MOST effective way to mask the network address of the users would be by passing the traffic through a:
A. stateful firewall
B. packet-filtering firewall
C. NIPS
D. NAT
Correct Answer: D
NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system's request.
Incorrect Answers:
A: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding response or reply from the external entity.
B: A packet filter firewall filters traffic based on basic identification items found in a network packet's header. These items include source and destination address, port numbers, and protocols used.
C: Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity.
Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10.
Given the above information, which of the following can be inferred about the above environment?
A. 192.168.1.30 is a web server.
B. The web server listens on a non-standard port.
C. The router filters port 80 traffic.
D. The router implements NAT.
Correct Answer: D
Network address translation (NAT) allows you to share a connection to the public Internet via a single interface with a single public IP address. NAT maps the private addresses to the public address. In a typical configuration, a local network uses one of the designated "private" IP address subnets. A router on that network has a private address (192.168.1.1) in that address space, and is also connected to the Internet with a "public" address (10.2.2.1) assigned by an Internet service provider.
Incorrect Answers:
A: If that were true, then the routers IP address would not be the source. B, C: The diagram shows that a TCP connection has been established. If these were happening, there wouldn't be a connection established.
According to company policy an administrator must logically keep the Human Resources department separated from the Accounting department. Which of the following would be the simplest way to accomplish this?
A. NIDS
B. DMZ
C. NAT
D. VLAN
Correct Answer: D
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches.
Incorrect Answers:
A: A network-based IDS (NIDS) watches network traffic in real time. It's reliable for detecting network-focused attacks, not separating networks.
B: A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. It does not separate networks.
C: NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system's request. It does not separate networks.
Pete, a security administrator, is informed that people from the HR department should not have access to the accounting department's server, and the accounting department should not have access to the HR department's server. The network is separated by switches. Which of the following is designed to keep the HR department users from accessing the accounting department's server and vice-versa?
A. ACLs
B. VLANs
C. DMZs
D. NATS
Correct Answer: B
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function.
Incorrect Answers:
A: Access control lists (ACLs) are used to define who is allowed to or denied permission to perform a specified activity or action.
C: A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall.
D: NAT converts the IP addresses of internal systems found in the header of network packets into public IP addresses.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JK0-022 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.