JK0-022 Online Practice Questions and Answers

Correct Answer: A

Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it

Incorrect Answers:

B: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It's reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host.

C: Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host.

D: A network-based IDS (NIDS) watches network traffic in real time. It's reliable for detecting network-focused attacks, such as bandwidth-based DoS attacks.

References:

http://en.wikipedia.org/wiki/Intrusion_prevention_system Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 21.

Correct Answer: B

Regarding the performance of ECC applications on various mobile devices, ECC is the most suitable PKC (Public-key cryptography) scheme for use in a constrained environment. Note: Elliptic curve cryptography (ECC) is an approach to

public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys

of smaller size. Using smaller key size would be faster.

Incorrect Answers:

A, D: Block cipher and stream cipher are cryptography subtypes.'=

C: Diffie-Hellman would require longer keys which would increase overhead.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 245-246, 253 http://www.studymode.com/essays/Elliptic-Curve-Cryptography-And-Its-Applications- 1560318.html http://

en.wikipedia.org/wiki/Elliptic_curve_cryptography

Correct Answer: A

A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates.

Incorrect Answers:

B: Key escrow is not related to issuing certificates.

Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages)

and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee's private messages have been called into question.

C: A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key. A CRL is not used to issue certificates.

D: A registration authority (RA) offloads some of the work from a CA. An RA system operates as a middleman in the process: It can distribute keys, accept registrations for the CA, and validate identities. However, the RA doesn't issue

certificates; that responsibility remains with the CA.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 278-290

Correct Answer: D

The Remote Authentication Dial In User Service (RADIUS) networking protocol offers centralized Authentication, Authorization, and Accounting (AAA) management for users who make use of a network service. It is for this reason that A, B, and C: are incorrect.

References: http://en.wikipedia.org/wiki/RADIUS

Correct Answer: A

Password History defines the number of unique new passwords a user must use before an old password can be reused.

Incorrect Answers:

B: Password history is not defined in time, but the number of unique new passwords.

C: Password History tracks previous passwords so as to prevent password reuse, not for the re- entering of a password.

D: Password History tracks previous passwords so as to prevent password reuse, it does not deal with password storage.

References:

https://technet.microsoft.com/en-us/library/cc956938.aspx Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 293.

Correct Answer: B

This is an incident that has to be responded to by the person who discovered it- in this case the user. An incident is any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. It's important that an incident response policy establish at least the following items: Outside agencies that should be contacted or notified in case of an incident Resources used to deal with an incident Procedures to gather and secure evidence List of information that should be collected about an incident Outside experts who can be used to address issues if needed Policies and guidelines regarding how to handle an incident

Since the spec sheet has been marked Internal Proprietary Information the user should refer the incident to the incident response team.

Incorrect Answers:

A: The manager may or may not be part of the incident response team.

C: The information has been marked Internal Proprietary Information and providing the information to the requestor would be in violation to the company.

D: You should have the incident response team handle the situation rather than addressing the issue yourself.

References:

Du Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 444-447

Correct Answer: B

Encryption is used to protect data/contents/documents. Access control refers to controlling who accesses any data/contents/documents and to exercise authorized control to the accessing of that data.

Incorrect Answers:

A: Contingency planning is part of a disaster-recovery plan.

C: Hashing refers to the hash algorithms used in cryptography. Nonrepudiation prevents one party from denying actions they carried out.

D: Redundancy and fault tolerance refers to the ability to sustain operation in the event of system and component failure.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 155, 262, 291

Correct Answer: D

Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

Incorrect Answers:

A: Brute force is a type of attack that consists of systematically checking all possible keys or passwords until a match is found.

B: HTML encoding applies to web applications only. When user input is not properly escaped and encoded it could be exploited for cross-site scripting. User input that encodes special characters without proper escaping can lead to malicious code execution in the DOM.

C: Web Crawling applies to web application and describes the action taken by a program as it browses from page to page on a web application.

References: http://en.wikipedia.org/wiki/Fuzz_testing http://en.wikipedia.org/wiki/Brute-force_attack

https://blog.whitehatsec.com/tag/html-encoding/

http://projects.webappsec.org/w/page/13246986/Web%20Application%20Security%20Scanner %20Evaluation%20Criteria Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp

218, 257 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 229,

Correct Answer: B

A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet.

Incorrect Answers:

A: A host-based IPS (HIPS) is an intrusion detection and prevention system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application activity for signs of intrusion. A HIPS is not used to block ports.

C: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources.

D: A network-based IDS (NIDS) is an intrusion detection system that scans network traffic in real time and is useful for detecting network-based attacks originating from outside the organization. However, a NIDS is not used to block ports.

References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 111-112, 116-117, 161-162 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 1316, 246

Correct Answer: A

A computer hard disk is divided into small segments called clusters. A file usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted.

Incorrect Answers:

B: File encryption encrypts the content of a specified file to protect it from access by unauthorised users. It does not sanitise the reclaimed space on a hard drive.

C:

Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. It does not sanitise the reclaimed space on a hard drive.

D.

Storage retention, or data retention, is a policy for handling data, particularly sensitive data, within an organization. It is not related to sanitizing the reclaimed space on a hard drive.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236, 237, 252 https://

uwnthesis.wordpress.com/2013/07/10/ccleaner-how-to-configure-ccleaner-to-wipe- cluster-tips-on-drive/