CompTIA JK0-022 E2C Security+ Network Security Practice Exam Set 4

At an organization, unauthorized users have been accessing network resources via unused network wall jacks. Which of the following would be used to stop unauthorized access?


Options are :

  • Configure an access list.
  • Configure port security. (Correct)
  • Configure loop protection.
  • Configure spanning tree protocol.

Answer : Configure port security.

A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?


Options are :

  • VPN
  • VLAN
  • Subnet
  • DMZ (Correct)

Answer : DMZ

After reviewing the firewall logs of her organizationís wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?


Options are :

  • Change the WPA2 encryption key of the AP in the affected segment
  • Implement MAC filtering on the AP of the affected segment
  • Perform a site survey to see what has changed on the segment
  • Reduce the power level of the AP on the network segment (Correct)

Answer : Reduce the power level of the AP on the network segment

Which of the following firewall rules only denies DNS zone transfers?


Options are :

  • deny ip any any
  • deny tcp any any port 53 (Correct)
  • deny udp any any port 53
  • deny all dns packets

Answer : deny tcp any any port 53

A security analyst needs to ensure all external traffic is able to access the companyís front-end servers but protect all access to internal resources. Which of the following network design elements would MOST likely be recommended?


Options are :

  • Cloud computing
  • DMZ (Correct)
  • Virtualization
  • VLAN

Answer : DMZ

A company has several conference rooms with wired network jacks that are used by both employees and guests. Employees need access to internal resources and guests only need access to the Internet. Which of the following combinations is BEST to meet the requirements?


Options are :

  • Switches and a firewall
  • 802.1x and VLANs (Correct)
  • NAT and DMZ
  • VPN and IPSec

Answer : 802.1x and VLANs

A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?


Options are :

  • The old APs use 802.11a
  • A site survey was not conducted (Correct)
  • The new APs use MIMO
  • Users did not enter the MAC of the new APs

Answer : A site survey was not conducted

An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network?


Options are :

  • Configure each port on the switches to use the same VLAN other than the default one
  • Implement port security on the switches (Correct)
  • Configure only one of the routers to run DHCP services
  • Enable VTP on both switches and set to the same domain

Answer : Implement port security on the switches

Matt, the network engineer, has been tasked with separating network traffic between virtual machines on a single hypervisor. Which of the following would he implement to BEST address this requirement? (Select TWO).


Options are :

  • Disable spanning tree
  • VLAN (Correct)
  • Virtual switch (Correct)
  • Access-list
  • NAT
  • System partitioning

Answer : VLAN Virtual switch

An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation?


Options are :

  • Omni
  • Sector
  • Dipole
  • Yagi (Correct)

Answer : Yagi

Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend?


Options are :

  • Create a VLAN for the SCADA (Correct)
  • Implement stronger WPA2 Wireless
  • Implement patch management
  • Enable PKI for the MainFrame

Answer : Create a VLAN for the SCADA

An organization does not have adequate resources to administer its large infrastructure. A security administrator wishes to combine the security controls of some of the network devices in the organization. Which of the following methods would BEST accomplish this goal?


Options are :

  • Unified Threat Management (Correct)
  • Single sign on
  • Virtual Private Network
  • Role-based management

Answer : Unified Threat Management

Joe, a security administrator, believes that a network breach has occurred in the datacenter as a result of a misconfigured router access list, allowing outside access to an SSH server. Which of the following should Joe search for in the log files?


Options are :

  • Network ping sweeps
  • Connections to port 22 (Correct)
  • Failed authentication attempts
  • Host port scans

Answer : Connections to port 22

A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?


Options are :

  • The sub-interfaces are configured for VoIP traffic.
  • The network uses the subnet of 255.255.255.128.
  • The sub-interfaces each implement quality of service.
  • The switch has several VLANs configured on it. (Correct)

Answer : The switch has several VLANs configured on it.

A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic. Which of the following would accomplish this task?


Options are :

  • Deny TCP port 69
  • Deny TCP port 68
  • Deny UDP port 68
  • Deny UDP port 69 (Correct)

Answer : Deny UDP port 69

A database administrator contacts a security administrator to request firewall changes for a connection to a new internal application. The security administrator notices that the new application uses a port typically monopolized by a virus. The security administrator denies the request and suggests a new port or service be used to complete the applicationís task. Which of the following is the security administrator practicing in this example?


Options are :

  • Explicit deny
  • Port security
  • Access control lists (Correct)
  • Implicit deny

Answer : Access control lists

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?


Options are :

  • Port security
  • Implicit deny
  • VLAN management
  • Access control lists (Correct)

Answer : Access control lists

Matt, the IT Manager, wants to create a new network available to virtual servers on the same hypervisor, and does not want this network to be routable to the firewall. How could this BEST be accomplished?


Options are :

  • Create a VLAN without a default gateway.
  • Remove the network from the routing table.
  • Commission a stand-alone switch.
  • Create a virtual switch. (Correct)

Answer : Create a virtual switch.

Which of the following devices would MOST likely have a DMZ interface?


Options are :

  • Switch
  • Firewall (Correct)
  • Proxy
  • Load balancer

Answer : Firewall

A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability?


Options are :

  • Host-based firewall
  • IDS (Correct)
  • IPS
  • Honeypot

Answer : IDS

The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?


Options are :

  • Remove inheritance from the payroll folder
  • Remove the staff group from the payroll folder
  • Implicit deny on the payroll folder for the managers group
  • Implicit deny on the payroll folder for the staff group (Correct)

Answer : Implicit deny on the payroll folder for the staff group

Sara, a security technician, has received notice that a vendor coming in for a presentation will require access to a server outside of the network. Currently, users are only able to access remote sites through a VPN connection. How could Sara BEST accommodate the vendor?


Options are :

  • Turn off the firewall while the vendor is in the office, allowing access to the remote site.
  • Set up a VPN account for the vendor, allowing access to the remote site.
  • Allow incoming IPSec traffic into the vendorís IP address.
  • Write a firewall rule to allow the vendor to have access to the remote site. (Correct)

Answer : Write a firewall rule to allow the vendor to have access to the remote site.

Users are unable to connect to the web server at IP 192.168.0.20. Which of the following can be inferred of a firewall that is configured ONLY with the following ACL?


Options are :

  • It failed closed
  • It implements stateful packet filtering.
  • It implements bottom-up processing.
  • It implements an implicit deny. (Correct)

Answer : It implements an implicit deny.

A recent vulnerability scan found that Telnet is enabled on all network devices. Which of the following protocols should be used instead of Telnet?


Options are :

  • SCP
  • SFTP
  • SSH (Correct)

Answer : SSH

A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure?


Options are :

  • SFTP
  • BGP
  • PPTP
  • IPsec (Correct)

Answer : IPsec

A system administrator attempts to ping a hostname and the response is 2001:4860:0:2001::68. Which of the following replies has the administrator received?


Options are :

  • IPv6 address (Correct)
  • The local MAC address
  • The loopback address
  • IPv4 address

Answer : IPv6 address

An administrator configures all wireless access points to make use of a new network certificate authority. Which of the following is being used?


Options are :

  • WEP
  • LEAP
  • TKIP
  • EAP-TLS (Correct)

Answer : EAP-TLS

A security engineer, Joe, has been asked to create a secure connection between his mail server and the mail server of a business partner. Which of the following protocol would be MOST appropriate?


Options are :

  • SSH
  • HTTPS
  • TLS (Correct)
  • FTP

Answer : TLS

A network administrator needs to provide daily network usage reports on all layer 3 devices without compromising any data while gathering the information. Which of the following would be configured to provide these reports?


Options are :

  • SNMPv3 (Correct)
  • SNMP
  • ICMP
  • SSH

Answer : SNMPv3

FTP/S uses which of the following TCP ports by default?


Options are :

  • 20 and 21
  • 443 and 22
  • 139 and 445
  • 989 and 990 (Correct)

Answer : 989 and 990

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions