Latest CompTIA JK0-018 Real Exam Download 461-480

Ensurepass

QUESTION 461

Mike, a security analyst, has captured a packet with the following payload.

GET ../../../../system32/cmd.exe

Which of the following is this an example of?

A. SQL injection

B. Directory traversal

C. XML injection

D. Buffer overflow

Correct Answer: B


QUESTION 462

A security administrator needs to open ports on the firewall to allow for secure data transfer. Which of the following TCP ports would allow for secure transfer of files by default?

A. 21

B. 22

C. 23

D. 25

Correct Answer: B


QUESTION 463

Which of the following technologies would allow for a secure tunneled connection from one site to another? (Select TWO).

A. SFTP

B. IPSec

C. SSH

D. HTTPS

E. ICMP

Correct Answer: BC


QUESTION 464

Which of the following sets numerous flag fields in a TCP packet?

A. XMAS

B. DNS poisoning

C. SYN flood

D. ARP poisoning

Correct Answer: A


QUESTION 465

Which of the following network design elements provides for a one-to-one relationship between an internal network address and an external network address?

A. NAT

B. NAC

C. VLAN

D. PAT

Correct Answer: A


QUESTION 466

Using proximity card readers instead of the traditional key punch doors would help to mitigate:

A. Impersonation

B. Tailgating

C. Dumpster diving

D. Shoulder surfing

Correct Answer: D


QUESTION 467

In planning for a firewall implementation, Pete, a security administrator, needs a tool to help him understand what traffic patterns are normal on his network. Which of the following tools would help Pete determine traffic patterns?

A. Syslog

B. Protocol analyzer

C. Proxy server

D. Firewall

Correct Answer: B


QUESTION 468

TKIP uses which of the following encryption ciphers?

A. RC5

B. AES

C. RC4

D. 3DES

Correct Answer: C


QUESTION 469

Jane, an administrator, needs to transfer DNS zone files from outside of the corporate network. Which of the following protocols must be used?

A. TCP

B. ICMP

C. UDP

D. IP

Correct Answer: A


QUESTION 470

Common access cards use which of the following authentication models?

A. PKI

B. XTACACS

C. RADIUS

D. TACACS

Correct Answer: A


QUESTION 471

Which of the following application attacks is used to gain access to SEH?

A. Cookie stealing

B. Buffer overflow

C. Directory traversal

D. XML injection

Correct Answer: B


QUESTION 472

Which of the following does a second authentication requirement mitigate when accessing privileged areas of a website, such as password changes or user profile changes?

A. Cross-site scripting

B. Cookie stealing

C. Packet sniffing

D. Transitive access

Correct Answer: B


QUESTION 473

Jane, a security technician, has been tasked with preventing contractor staff from logging into the company network after business hours. Which of the following BEST allows her to accomplish this?

A. Time of day restrictions

B. Access control list

C. Personal identity verification

D. Mandatory vacations

Correct Answer: A


QUESTION 474

Which of the following ports does DNS operate on, by default?

A. 23

B. 53

C. 137

D. 443

Correct Answer: B


QUESTION 475

Sara from IT Governance wants to provide a mathematical probability of an earthquake using facts and figures. Which of the following concepts would achieve this?

A. Qualitative Analysis

B. Impact Analysis

C. Quantitative Analysis

D. SLE divided by the ARO

Correct Answer: C


QUESTION 476

A buffer overflow can result in which of the following attack types?

A. DNS poisoning

B. Zero-day

C. Privilege escalation

D. ARP poisoning

Correct Answer: C


QUESTION 477

Which of the following is true concerning WEP security?

A. WEP keys are transmitted in plain text.

B. The WEP key initialization process is flawed.

C. The pre-shared WEP keys can be cracked with rainbow tables.

D. WEP uses the weak RC4 cipher.

Correct Answer: B


QUESTION 478

Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO).

A. Tethering

B. Screen lock PIN

C. Remote wipe

D. Email password

E. GPS tracking

F. Device encryption

Correct Answer: CF


QUESTION 479

Which of the following can be implemented on a lost mobile device to help recover it?

A. Remote sanitization

B. GPS tracking

C. Voice encryption

D. Patch management

Correct Answer: B


QUESTION 480

Sara, a security administrator, needs to implement the equivalent of a DMZ at the datacenter entrance. Which of the following must she implement?

A. Video surveillance

B. Mantrap

C. Access list

D. Alarm

Correct Answer: B

Download Latest JK0-018 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.