JK0-022 Online Practice Questions and Answers

Correct Answer: C

Layered security is the practice of combining multiple mitigating security controls to protect resources and data.

Incorrect Answers:

A: Redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the form of a backup or fail-safe.

B: Separation of duties is the division of administrator or privileged tasks into distinct groupings, which are individually assigned to unique administrators. The application of separation of duties prevents a single user having complete access or power over an entire network, server, or system.

D: Application control is a device-management solution that limits which applications can be installed onto a device.

References:

http://en.wikipedia.org/wiki/Layered_security

http://en.wikipedia.org/wiki/Redundancy_(engineering)

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 82, 272.

Correct Answer: C

Correct Answer: D

Wi-Fi Protected Access 2 (WPA2) was intended to provide security that's equivalent to that on a wired network, and it implements elements of the 802.11i standard. In April 2010, the Wi-Fi Alliance announced the inclusion of additional Extensible Authentication Protocol (EAP) types to its certification programs for WPA- and WPA2- Enterprise certification programs. EAP-TLS is included in this certification program. Note: Although WPA mandates the use of TKIP, WPA2 requires Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). CCMP uses 128-bit AES encryption with a 48-bit initialization vector. With the larger initialization vector, it increases the difficulty in cracking and minimizes the risk of a replay attack.

Incorrect Answers:

A: The difference between WPA and WPA2 is that the former implements most, but not all, of 802.11i in order to be able to communicate with older wireless devices that might still need an update through their firmware in order to be compliant.

B: HTTPS is not a protocol for wireless communication. HTTPS is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet.

C: In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA). WEP does include support for TLS.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 75, 171, 172-173, 274

Correct Answer: A

Correct Answer: C

Correct Answer: A

Once a user authenticates to a remote server, malicious code on the user's workstation could then infect the server.

Incorrect Answers:

B: Shoulder surfing is when a malicious user can watch your keyboard or view your display to figure out your password. This would not work as you are using a smart card.

C: Brute force attacks are designed to try every possible valid combination of characters to construct possible passwords in the attempt to discover the specific passwords used by user accounts. This would not work as you are using a smart card.

D: Dictionary attacks create hashes to compare via prebuilt lists of potential passwords. This would not work as you are using a smart card.

References:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 278- 282.

Correct Answer: A

An implicit deny clause is implied at the end of each ACL. This implies that if you aren't specifically granted access or privileges for a resource, you're denied access by default. The implicit deny clause is set by the system.

Incorrect Answers:

B: Time of day restrictions limit when users can access specific systems based on the time of day or week. They do not appear at the end of an ACL.

C: Implicit allow does not appear at the end of an ACL.

D: An SNMP string is similar to a user id or password that permits access to a router's or other device's statistics. They do not appear at the end of an ACL.

References:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 26, 280.

http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

Correct Answer: D

There are often multiple rows of servers located in racks in server rooms. The rows of servers are known as aisles, and they can be cooled as hot aisles and cold aisles. With a hot aisle, hot air outlets are used to cool the equipment, whereas with cold aisles, cold air intake is used to cool the equipment. Combining the two, you have cold air intake from below the aisle and hot air outtake above it, providing constant circulation. This is a more effective way of controlling temperature to safeguard your equipment in a data center.

Incorrect Answers:

A: Fire suppression, as part of computer center design, refers to the act of extinguishing fire vs preventing a fire.

B: Raised floor implementation is done as part of a hot and cold aisle implementation where the cold air used by the air handles is obtained from beneath the raised floor.

C: EMI shielding means that a computer system does not emit any significant amounts of EMI or RFI, or be susceptible to fall victim to EMI or RFI attacks.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 382

Correct Answer: D

Not having a dedicated site means that the mobile site can fill the role of either being a hot, warm or cold site as a disaster recovery measure.

Incorrect Answers:

A: A hot site is a location that can provide operations within hours of a failure. This type of site would have servers, networks, and telecommunications equipment in place to reestablish service in a short time. Hot sites provide network connectivity, systems, and preconfi gured software to meet the needs of an organization. Databases can be kept up-to-date using network connections. These types of facilities are expensive, and they're primarily suitable for short-term situations.

B: A warm site provides some of the capabilities of a hot site, but it requires the customer to do more work to become operational. Warm sites provide computer systems and compatible media capabilities.

C: A cold site is a facility that isn't immediately ready to use. The organization using it must bring along its equipment and network. A cold site may provide network capability, but this isn't usually the case; the site provides a place for operations to resume, but it doesn't provide the infrastructure to support those operations.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 443-444

Correct Answer: B

War chalking is the act of making chalk marks on outdoor surfaces (walls, sidewalks, buildings, sign posts, trees) to indicate the existence of an open wireless network connection, usually offering an Internet connection so that others can benefit from the free wireless access. The open connections typically come from the access points of wireless networks located within buildings to serve enterprises. The chalk symbols indicate the type of access point that is available at that specific spot.

Incorrect Answers:

A: War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines. Hackers use the resulting

lists for various purposes: hobbyists for exploration, and crackers - malicious hackers who specialize in computer security - for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point

into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company's telephone network. War dialing does not involve marking external

surfaces to indicate open Wifi networks. Therefore, this answer is incorrect.

C: War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks while driving around a city or elsewhere. To do war driving, you need a vehicle, a computer (which can

be a laptop), a wireless Ethernet card set to work in promiscuous mode, and some kind of an antenna which can be mounted on top of or positioned inside the car. Because a wireless LAN may have a range that extends beyond an office

building, an outside user may be able to intrude into the network, obtain a free Internet connection, and possibly gain access to company records and other resources. War driving does not involve marking external surfaces to indicate open

Wifi networks. War driving detects the networks, war chalking marks them. Therefore, this answer is incorrect.

D: An evil twin, in the context of network security, is a rogue or fake wireless access point (WAP) that appears as a genuine hotspot offered by a legitimate provider. In an evil twin attack, an eavesdropper or hacker fraudulently creates this

rogue hotspot to collect the personal data of unsuspecting users. Sensitive data can be stolen by spying on a connection or using a phishing technique.

For example, a hacker using an evil twin exploit may be positioned near an authentic Wi-Fi access point and discover the service set identifier (SSID) and frequency. The hacker may then send a radio signal using the exact same frequency

and SSID. To end users, the rogue evil twin appears as their legitimate hotspot with the same name. Evil twin does not involve marking external surfaces to indicate open Wifi networks. Therefore, this answer is incorrect.

References: http://www.webopedia.com/TERM/W/warchalking.html http://en.wikipedia.org/wiki/War_dialing http://searchmobilecomputing.techtarget.com/definition/war-driving http://www.techopedia.com/definition/5057/evil-twin