Ensurepass

QUESTION 1

Which of the following inspects traffic entering or leaving a network to look for anomalies against expected baselines?

A. IPS

B. Sniffers

C. Stateful firewall

D. Stateless firewall

Correct Answer: A


QUESTION 2

Which of the following BEST describes a software vulnerability that is actively being used by Sara and Jane, attackers, before the vendor releases a protective patch or update?

A. Buffer overflow

B. IV attack

C. Zero day attack

D. LDAP injection

Correct Answer: C


QUESTION 3

Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?

A. Switches

B. Protocol analyzers

C. Routers

D. Web security gateways

Correct Answer: B


QUESTION 4

Sara, an attacker, is recording a person typing in their ID number into a keypad to gain access to the building. Sara then calls the helpdesk and informs them that their PIN no longer works and would like to change it. Which of the following attacks occurred LAST?

A. Phishing

B. Shoulder surfing

C. Impersonation

D. Tailgating

Correct Answer: C


QUESTION 5

Sara, a security administrator, is noticing a slow down in the wireless network response. Sara launches a wireless sniffer and sees a large number of ARP packets being sent to the AP. Which of the following type of attacks is underway?

A. IV attack

B. Interference

C. Blue jacking

D. Packet sniffing

Correct Answer: A


QUESTION 6

Which of the following would Pete, a security administrator, change to limit how far a wireless signal will travel?

A. SSID

B. Encryption methods

C. Power levels

D. Antenna placement

Correct Answer: C


QUESTION 7

Which of the following ports should be open in order for Sara and Pete, users, to identify websites by domain name?

A. TCP 21

B. UDP22

C. TCP 23

D. UDP 53

Correct Answer: D


QUESTION 8

Sara, an administrator, suspects a denial of service attack on the network, but does not know where the network traffic is coming from or what type of traffic it is. Which of the following would help Sara further assess the situation?

A. Protocol analyzer

B. Penetration testing

C. HTTP interceptor

D. Port scanner

Correct Answer: A


QUESTION 9

Sara, a security administrator, has configured a trusted OS implementation on her servers. Which of the following controls are enacted by the trusted OS implementation?

A. Mandatory Access Controls

B. Time-based Access Controls

C. Discretionary Access Controls

D. Role Based Access Controls

Correct Answer: A


QUESTION 10

Which of the following ports would be blocked if Pete, a security administrator, wants to deny access to websites?

A. 21

B. 25

C. 80

D. 3389

Correct Answer: C


QUESTION 11

Pete, the security administrator, is implementing a web content fitter. Which of the following is the MOST important design consideration in regards to availability?

A. The number of filter categories

B. Other companies who are using the system

C. Fail state of the system

D. The algorithm of the filtering engine

Correct Answer: C


QUESTION 12

Which of the following is where an unauthorized device is found allowing access to a network?

A. Bluesnarfing

B. Rogue access point

C. Honeypot

D. IV attack

Correct Answer: B


QUESTION 13

When used alone, which of the following controls mitigates the risk of Sara, an attacker, launching an online brute force password attack?

A. Account expiration

B. Account lockout

C. Password complexity

D. Password length

Correct Answer: B


QUESTION 14

Pete, a security engineer, is trying to inventory all servers in a rack. The engineer launches RDP sessions to five different PCs and notices that the hardware properties are similar. Additionally, the MAC addresses of all five servers appear on the same switch port. Which of the following is MOST likely the cause?

A. The system is running 802.1 x

B. The system is using NAC

C. The system is in active-standby mode

D. The system is virtualized

Correct Answer: D


QUESTION 15

Which of the following security concepts establishes procedures where creation and approval are performed through distinct functions?

A. Discretionary access control

B. Job rotation

C. Separation of duties

D. Principle of least privilege

Correct Answer: C


QUESTION 16

While traveling Matt, an employee, decides he would like to download some new movies onto his corporate laptop. While installing software designed to download movies from multiple computers across the Internet. Matt agrees to share portions of his hard drive. This scenario describes one of the threats

involved in which of the following technologies?

A. Social networking

B. ALE

C. Cloud computing

D. P2P

Correct Answer: D


QUESTION 17

Which of the following is an attack where Pete spreads USB thumb drives throughout a bank’s parking lot in order to have malware installed on the banking systems?

A. Tailgating

B. Replay attack

C. Virus

D. Social engineering

Correct Answer: D


QUESTION 18

Pete, a security administrator, has configured and implemented an additional public intermediate CA. Which of the following must Pete submit to the major web browser vendors in order for the certificates, signed by this intermediate, to be trusted?

A. Die root CA’s private key

B. The root CA’s public key

C. The intermediate CA’s public key

D. The intermediate CA’s private key

Correct Answer: C


QUESTION 19

Which of the following is BEST described by a scenario where organizational management chooses to implement an internal Incident Response Structure for the business?

A. Deterrence

B. Separation of duties

C. Transference

D. Mitigation

Correct Answer: D


QUESTION 20

A data loss prevention strategy would MOST likely incorporate which of the following to reduce the risk associated with data loss?

A. Enforced privacy policy, encryption of VPN connections, and monitoring of communications entering the organization.

B. Enforced acceptable usage policy, encryption of confidential emails, and monitoring of communications leaving the organization.

C. Enforced privacy policy, encryption of VPN connections, and monitoring of communications leaving the organization.

D. Enforced acceptable usage policy, encryption of confidential emails, and monitoring of communications entering the organization.

Correct Answer: B

Download Latest JK0-018 Real Free Tests , help you to pass exam 100%.

Comments are closed.