JK0-022 Online Practice Questions and Answers

Correct Answer: B

The question states that traffic on port 21, 69, 80, and 137-139 is blocked, while ports 22 and 443 are allowed.

Port 21 is used for FTP by default.

Port 69 is used for TFTP.

Port 80 is used for HTTP.

Ports 137-139 are used for NetBIOS.

VMM uses SFTP over default port 22.

Port 22 is used for SSH by default.

SCP runs over TCP port 22 by default.

Port 443 is used for HTTPS.

Incorrect Answers:

A: FTP uses port 21, which is blocked.

C: SFTP uses port 22, which is allowed.

D: HTTPS uses port 443, which is allowed. NetBIOS uses ports 137-139, which is blocked.

References:

https://technet.microsoft.com/en-us/library/dd548299.aspx https://technet.microsoft.com/en-us/library/hh545212(v=sc.20).aspx https://technet.microsoft.com/en-us/ library/dd425238(v=office.13).aspx https://technet.microsoft.com/en-us/library/

hh427328.aspx

Correct Answer: D

Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections.

Incorrect Answers:

A: NAT serves as a basic firewall by only allowing incoming traffic that is in response to an internal system's request.

B: Virtualization allows a single set of hardware to host multiple virtual machines.

C: The goals of NAC are to prevent/reduce zero-day attacks, enforce security policy throughout the network, and use identities to perform access control.

References:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 39,

Correct Answer: D

Correct Answer: A

PAP transmits the username and password to the authentication server in plain text. MSCHAPv2 is utilized as an authentication option for RADIUS servers that are used for Wi-Fi security using the WPA-Enterprise protocol.

Incorrect Answers:

B, C: The scenario mentions that passwords between the RADIUS server and the authenticator are transmitted in clear text. Then the first part of the question asks what is configured for the RADIUS server. The first part of these two options

is CHAP and MSCHAPv2, which do not transmit in clear text.

D: NTLM is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 139.

http://en.wikipedia.org/wiki/MS-CHAP

http://en.wikipedia.org/wiki/NT_LAN_Manager

Correct Answer: C

Multi-factor authentication (MFA) is a method of computer access control which a user can pass by successfully presenting authentication factors from at least two of the three categories:

knowledge factors ("things only the user knows"), such as passwords possession factors ("things only the user has"), such as ATM cards inherence factors ("things only the user is"), such as biometrics

In this question, a USB token is a possession factor (something the user has) and a PIN is a knowledge factor (something the user knows).

Incorrect Answers:

A: A username and password are both knowledge factors (something the user knows). Therefore, this answer only provides single-factor authentication.

B: A retina scan and fingerprint scan are both inherence factors (something only that user has). Therefore, this answer only provides single-factor authentication.

D: A proximity badge and token are both possession factors (something the user has). Therefore, this answer only provides single-factor authentication.

References: http://en.wikipedia.org/wiki/Multi-factor_authentication

Correct Answer: A

Since distinguishing between the actions of one person and another isn't possible if they both use a shared account, shared accounts should not be allowed. If shared accounts are being used, the administrator will find the account, but have more than one suspect. To nullify this occurrence, Shared accounts should be prohibited.

Incorrect Answers:

B: When a user repeatedly enters an incorrect password at logon, Account lockout automatically disables their account someone attempts. Repeated incorrect logon attempts are not the issue in this instance.

C: Group-based privileges assign all members of a group a privilege or access to a resource as a collective. Assigning privileges to groups won't help the administrator find the suspect.

D: Time of day restrictions limits when a specific user account can log on to the network according to the time of day. Time of day restrictions won't help the administrator find the suspect.

References:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 280, 293, 294.

Correct Answer: B

A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload.

A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.

Incorrect Answers:

A: A rogue access point would not cause a spike in network traffic from many sources unless many computers had connected to the rogue access point and started sending lots of traffic. Therefore, this answer is incorrect.

C: The question states that an administrator notices an unusual spike in network traffic from many sources. You would typically notice this on a firewall or an IDS system. It's unlikely the IDS has been compromised. A DDoS attack is far more common. Therefore, this answer is incorrect.

D: DNS poisoning is the process of inserting incorrect information into DNS records. This may cause a slight increase in broadcast traffic on the network (as computers try to locate each other) but it would not cause a serious spike in network traffic. Therefore, this answer is incorrect.

References: http://en.wikipedia.org/wiki/Denial-of-service_attack

Correct Answer: A

Scarcity, in the area of social psychology, works much like scarcity in the area of economics. Simply put, humans place a higher value on an object that is scarce, and a lower value on those that are abundant. The thought that we, as humans, want something we cannot have drives us to desire the object even more. This idea is deeply embedded in the intensely popular, "Black Friday" shopping extravaganza that U.S. consumers participate in every year on the day after Thanksgiving. More than getting a bargain on a hot gift idea, shoppers thrive on the competition itself, in obtaining the scarce product.

In this question, people want the brand new latest version of a smartphone. The temptation of being one of the first to get the new phone will tempt people into clicking the link in the email.

Incorrect Answers:

B: Familiarity is a generic feeling in which a situation, event, place, person or object directly provokes a subjective feeling of recognition which we then believe to be a memory. As a result, we recognize "it".

In this question, the temptation is a new smartphone. Familiarity with the older model of the smartphone might make the new model desirable. However, the scarcity of the new phone makes it more desirable and so more tempting to click the

link. Therefore, this answer is incorrect.

C: If the users were being threatened to force them to click the link that would be intimidation. However, the users are being tempted to click the link due to the scarcity of the new smartphone.

Therefore, this answer is incorrect.

D: This is not an example of trust. The users may trust the source of the email but it's the scarcity of the new smartphone that makes it more desirable and so more tempting for the users to click the link. Therefore, this answer is incorrect.

References: http://en.wikipedia.org/wiki/Scarcity_%28social_psychology%29

Correct Answer: A

Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications.

Incorrect Answers:

B: Merely disabling removable storage will not prevent sensitive information from being accessed by unauthorized people when the phone is left unattended.

C: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

D: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the internet connection and helps ensure that sensitive data is not accessed by unauthorized people.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,

Correct Answer: C

Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates.

Incorrect Answers:

A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

B: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. Moving it to removable media would not improve its security as the removable media would need to be attacked to the web proxy if the SSL/TLS private keys are to be used effectively.

D: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. However, simply installing it on the file system does not improve it's security.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,