JK0-022 Online Practice Questions and Answers

Correct Answer: D

Least privilege (privilege reviews) and job rotation is done when mandatory vacations are implemented. Then it will uncover areas where the system administrators neglected to check all users' privileges since the other users must fill in their positions when they are on their mandatory vacation.

Incorrect Answers:

A: Help desk technicians are not the main concern for having mandatory vacations.

B: Collusion implies two unlikely users fulfilling very different functions committing fraud, not two users performing the same business function.

C: Incompetency of the systems engineer regarding the architecture is not the focus of companies implementing mandatory vacations.

References:

D Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 25

Correct Answer: C

Correct Answer: D

Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

Incorrect Answers:

A: The message is encrypted with a public key, not with a private key.

B: The message is decrypted with a private key, not with a shared key.

C: The message is encrypted with a public key, not with a shared key.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 251-254

Correct Answer: DE

Elliptic curve DiffieHellman (ECDH) is an anonymous key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or better yet, to derive another key which can then be used to encrypt subsequent communications using a symmetric key cipher. It is a variant of the DiffieHellman protocol using elliptic curve cryptography. Note: Adding an ephemeral key to Diffie-Hellman turns it into DHE (which, despite the order of the acronym, stands for Ephemeral Diffie-Hellman). Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE (again, overlook the order of the acronym letters, it is called Ephemeral Elliptic Curve Diffie-Hellman). It is the ephemeral component of each of these that provides the perfect forward secrecy.

Incorrect Answers:

A: PBKDF2 is to strengthen keys, but it would resolve the problem with the key exchange on an unsecure channel. PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5 v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.

B: Symmetric encryption would not in itself help on an unsecure channel.

C: Steganography is the process of hiding one message in another. Steganography is not used for secure key negotiation.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 248, 249-251, 254, 256

QUESTIO5N NO: 53

An administrator has two servers and wants them to communicate with each other using a secure algorithm.

Which of the following choose to provide both CRC integrity checks and RCA encryption?

A. NTLM

B. RSA

C. CHAP

D. ECDHE

Answer: D

ECDHE provides both CRC integrity checks and RCA encryption. Adding an ephemeral key to Elliptic Curve Diffie-Hellman turns it into ECDHE. It is the ephemeral component of each of these that provides the perfect forward secrecy.

Forward secrecy is a property of any key exchange system, which ensures that if one key is compromised, subsequent keys will not also be compromised. Perfect forward secrecy occurs when this process is unbreakable.

Incorrect Answers:

A: NTLM does not use RCA encryption.

Microsoft replaced the LANMAN protocol with NTLM (NT LAN Manager) with the release of Windows NT. NTLM uses MD4/MD5 hashing algorithms. Several versions of this protocol exist (NTLMv1, NTLMv2), and it is still in widespread use

despite the fact that Microsoft has pointed to Kerberos as being its preferred authentication protocol.

B: RSA is one of the first practical public-key cryptosystems and is widely used for secure data transmission. However, RSA does not use RCA encryption.

C: CHAP does use RCA encryption.

CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. CHAP requires that both the client and server know the plaintext of the secret, although it

is never sent over the network

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 139, 143, 252, 254, 256

Correct Answer: B

Correct Answer: C

Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity.

Incorrect Answers:

A: An Intrusion Detection System (IDS) is used to detect attempts to access a system. It cannot be used to detect cross-site scripting attacks where a malicious user is injecting malicious content into content being downloaded by a user.

B: Flood Guard Protection is used to prevent a network being flooded by data such as DoS, SYN floods, ping floods etc. The flood of data saturates the network and prevents the successful transmission of valid data across the network. Flood Guard Protection is not used to prevent cross-site scripting attacks. D. A URL Content Filter is used to permit access to allowed URLs (Websites) only or to block access to URLs that are not allowed according to company policy. For example, a company might use a URL Content Filter to block access to social networking sites. A URL Content Filter is not used to prevent cross-site scripting attacks.

References: http://en.wikipedia.org/wiki/Cross-site_scripting https://www.owasp.org/index.php/Web_Application_Firewall

Correct Answer: C

Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. The Software as a Service (SaaS) applications are remotely run over the Web and as such requires DLP monitoring.

Incorrect Answers:

A: HPM is an acronym for home protection methods.

B: Full Disk encryption is hardware-based not software based as is the case with the SaaS cloud provider.

D: TPM is hardware technology not software-based as is the case with the SaaS cloud provider.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 17

Correct Answer: D

To stop someone from entering a facility, barricades or gauntlets can be used. These are often used in conjunction with guards, fencing, and other physical security measures. Bollards are physical barriers that are strong enough to withstand impact with a vehicle.

Incorrect Answers:

A: Fencing, although also a physical barrier is not as strong as bollards and will not keep a vehicle out on impact.

B: Proximity readers are not designed to withstand impact from vehicles.

C: Video surveillance will not stop a vehicle impact.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 372, 375

Correct Answer: CE

The disadvantages of combining everything into one include a potential single point of failure, and the dependence on the one vendor. The all in-one device represents a single point of failure risk being taken on.

Incorrect Answers:

A: Cloud computing refers to 3 service models defined as Software as a Service, Platform as a Service and Infrastructure as a Service (SaaS, PaaS, and IaaS), and four delivery models (private, public, community, and hybrid). It also offers ways of cost savings to its tenants being hosted by the cloud. It offers the ability to decrease costs, increase efficiency, and make the world a better place.

B: Virtualization is the foundation for cloud computing. You cannot have cloud computing without virtualization. It makes it possible by abstracting the hardware and making it available to the virtual machines. The abstraction is done through the use of a hypervisor, which can be either Type I (bare metal) or Type II (hosted).

D: Load balancing is a way of providing high availability by splitting the workload across multiple computers.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 119, 196-202, 235

Correct Answer: A

Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables one of its characteristics is that it must be one-way it is not reversible.

Incorrect Answers:

B: A stream cipher is similar to a block cipher in that they are both symmetric methods of cryptography. The difference is that with a stream cipher the data is encrypted one bit, or byte, at a time whereas with a block cipher the algorithm works on chunks of data.

C: Steganography is the process of hiding a message in a medium such as a digital image, audio fi le, or other file. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another fi le or message and use that fi le to hide your message.

D: A block cipher is a symmetric method in cryptography that encrypts data in chunks; very similar to stream ciphers.

References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 248, 255, 291 http://en.wikipedia.org/wiki/Hash_function http://www.webopedia.com/TERM/H/hashing.html

Correct Answer: B

Fault tolerance is the ability of a system to sustain operations in the event of a component failure. Fault-tolerant systems can continue operation even though a critical component, such as a disk drive, has failed. This capability involves overengineering systems by adding redundant components and subsystems. RAID can achieve fault tolerance using software which can be done using the existing hardware and software.

Incorrect Answers:

A: Balancing the load between multiple servers instead of relying on only one reduces the response time, maximizes throughput, and allows better allocation of resources. It does not mean withstanding hardware failure, it just means high

availability. It also adds costs and there is no budget.

C: A cold site is a facility that isn't immediately ready to use. The organization using it must bring along its equipment and network. A cold site may provide network capability, but this isn't usually the case; the site provides a place for

operations to resume, but it doesn't provide the infrastructure to support those operations.

Thus no servers fault tolerance as is required.

D: A Host standby assumes that you need to purchase additional servers to act as a standby.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 33, 103, 444

Correct Answer: A

You should always disable an employee's account as soon as they leave. The employee knows the username and password of the account and could continue to log in for potentially malicious purposes. Disabling the account will ensure that no one can log in using that account.

Incorrect Answers:

B: You should always disable an employee's account as soon as they leave regardless of why they are leaving. A terminated employee might be more likely to log in for malicious purposes but should you also disable the accounts of

employees leaving through their own choice. Disabling any unused account is always best practice. Therefore, this answer is incorrect.

C: There is no need to delete the account. The employee may come back to the company or a new employee may join the company to replace the leaving employee. In this case, you could just rename the disabled account, change the

password and re-enable the account. The new employee would then have the same access to resources as the ex-employee. Therefore, this answer is incorrect.

D: There is no need to delete the account. A new employee may join the company to replace the leaving employee. In this case, you could just rename the disabled account, change the password and re-enable the account. The new

employee would then have the same access to resources as the ex-employee.

Therefore, this answer is incorrect.

Correct Answer: A

Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has limited knowledge of the internal details of the program. A gray box is a device, program or system whose workings are partially understood. Gray box testing can be contrasted with black box testing, a scenario in which the tester has no knowledge or access to the internal workings of a program, or white box testing, a scenario in which the internal particulars are fully known. Gray box testing is commonly used in penetration tests. Gray box testing is considered to be non-intrusive and unbiased because it does not require that the tester have access to the source code. With respect to internal processes, gray box testing treats a program as a black box that must be analyzed from the outside. During a gray box test, the person may know how the system components interact but not have detailed knowledge about internal program functions and operation. A clear distinction exists between the developer and the tester, thereby minimizing the risk of personnel conflicts.

Incorrect Answers:

B: Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit,

integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is

not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software

produces the output in the first place. In this question, the tester has some knowledge of the application. Therefore, this answer is incorrect.

C: A Business Impact Analysis is the analysis of the impact an event will have on the business. As an example in terms of IT, a Business Impact Analysis could describe the effect of a server failure. A Business Impact Analysis is not used to

describe the testing of an application.

Therefore, this answer is incorrect.

D: White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality

(i.e. black-box testing). In white-box testing an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate

outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT). White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-

box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a systemlevel test. In this

Correct Answer: A

Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

Incorrect Answers:

B: Permissions on the file system define the level of access logged on users have to files and folders. However, should an unauthorized user gain access to an authorized user's user account, they would gain access to the files and folders.

C: Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

D: Access Control Lists (ACLs) define the level of access logged on users have to resources. However, should an unauthorized user gain access to an authorized user's user account, they would gain access to the data.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 156, 237, 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,

Correct Answer: D

Mobile devices can be plugged into computers where they appear as an additional disk in the same way as a USB drive. This is known as removable media. This would enable users to copy company data onto the mobile devices. By disabling removable media use, the users will not be able to copy data onto the mobile devices.

Incorrect Answers:

A: A mobile application that tracks read and write functions on the device (if such an application exists) would only monitor the activity. It wouldn't stop data being written to the device.

B: Policies provide guidelines. A policy prohibiting the use of mobile devices for personal use would not stop data being written to the device as the policy would still need to be enforced.

C: Global Positioning System (GPS) tracking can be used to identify its location of a stolen device and can allow authorities to recover the device. However, for GPS tracking to work, the device must have an Internet connection or a wireless phone service over which to send its location information. This would not prevent data being written to the device.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,