JK0-022 Online Practice Questions and Answers

Correct Answer: A

MAC filtering allows you to include or exclude computers and devices based on their MAC address.

Incorrect Answers:

B: because she could connect to the wireless with the first device, the SSID must be broadcasting. C, D: Both WEP and WPA2 require a password or phrase.

References:

https://technet.microsoft.com/en-us/magazine/ff521761.aspx Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.

Correct Answer: A

Numerous networks broadcast their name (known as an SSID broadcast) to reveal their presence.

Incorrect Answers:

B: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. It does not, however, make finding the wireless network name any easier.

C: WPA2 deals with encryption, not the wireless network name.

D: This will increase or decrease signal strength and availability, but has nothing to do with the wireless network name being discovered.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 183. Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.

Correct Answer: CD

Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it's a discoverable value using a wireless

packet sniffer. Thus, the SSID should be disabled if the network isn't for public use.

A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

Incorrect Answers:

A: Disabling the wired ports will not prevent outsiders from connecting to the AP and gaining unauthorized access.

B: Selecting the correct channels will prevent interference, not unauthorized access.

E: Doing this will decrease the bandwidth and increase the risk of interference.

References:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61. https://technet.microsoft.com/en-us/library/cc783011(v=ws.10).aspx

Correct Answer: A

Layer 2 Tunneling Protocol (L2TP) came about through a partnership between Cisco and Microsoft with the intention of providing a more secure VPN protocol. L2TP is considered to be a more secure option than PPTP, as the IPSec protocol

which holds more secure encryption algorithms, is utilized in conjunction with it. It also requires a pre-shared certificate or key. L2TP's strongest level of encryption makes use of 168 bit keys, 3 DES encryption algorithm and requires two

levels of authentication.

L2TP has a number of advantages in comparison to PPTP in terms of providing data integrity and authentication of origin verification designed to keep hackers from compromising the system. However, the increased overhead required to

manage this elevated security means that it performs at a slower pace than PPTP.

Incorrect Answers:

B: SFTP (Secure FTP) is not a VPN tunneling protocol. It is used for transferring files using the File Transfer Protocol over a secure connection. The connection is secured by using SSH (Secure Shell).

C: BGP (Border Gateway Protocol) is a routing protocol, not a VPN protocol.

D: Point-To-Point-Tunneling Protocol (PPTP) is the most popularly VPN protocol and is supported by the most devices. PPTP stands for point to point protocol, is by far the easiest to configure and has low overhead that makes it faster than other VPN protocols. Firewalls such as ISA Server, Cisco PIX and Sonic Wall recognize the protocol. PPTP encrypts data using a 128- bit key which puts it in the "weakest" category of VPN protocols.

References: http://www.maketecheasier.com/understanding-various-vpn-connections/

Correct Answer: D

MD5 can be used to locate the data which has changed.

The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.

Incorrect Answers:

A: Disk encryption would not help in checking integrity of downloaded files.

B: Secure Shell (SSH) is a tunnelling protocol originally used on Unix systems. It is not used to validate the integrity of files.

C: Telnet cannot be used to protect integrity of program files. Telnet is an interactive terminal emulation protocol. It allows a remote user to conduct an interactive session with a Telnet server. This session can appear to the client as if it were a local session.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 76, 255, 271, 290

Correct Answer: B

A system image would be a snapshot of what exists at the moment. Thus capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. Incorrect Answers:

A: Taking screenshots is akin to video and screenshots would be to capture all relevant screenshots for later analysis.

C: Chain of custody is observed to ensure that each step taken with evidence is documented and accounted for from the point of collection.

D: Order of volatility helps when dealing with multiple issues and volatility refers to the time that you have to collect certain data before that window of opportunity is closed because some data will exist longer than others.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 453

Correct Answer: B

Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross- cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash.

Incorrect Answers:

A: Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. This is not what is described in this question. Therefore, this answer is incorrect.

C: Tailgating in IT security would be an unauthorized person following and authorized person into a building or room such as a datacenter. If a building has a card reader where an authorized person can hold up a card to the reader to unlock

the door, someone tailgating could follow the authorized person into the building by walking through the door before it closes and locks. This is not what is described in this question. Therefore, this answer is incorrect.

D: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource locator (URL) spoof attacks. All types of spoofing are designed to imitate something or someone.

Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is sent with falsified "From:" entry to try and trick victims that the message is from a friend, their bank, or some other legitimate source. Any

email that claims it requires your password or any personal information could be a trick.

In a caller ID attack, the spoofer will falsify the phone number he/she is calling from. This is not what is described in this question. Therefore, this answer is incorrect.

References:

http://searchsecurity.techtarget.com/definition/dumpster-diving http://searchsecurity.techtarget.com/definition/shoulder-surfing

Correct Answer: B

Incinerating documents (or shredding documents) instead of throwing them into a bin will prevent people being able to read the documents to view sensitive information. Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross-cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash.

Incorrect Answers:

A: Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to

someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To

prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. Incinerating documents will not prevent shoulder surfing. Therefore, this answer is incorrect.

C: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website,

however, is bogus and set up only to steal the information the user enters on the page.

Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the "phisher" counts on the email being read by a percentage of people who actually have an account with the legitimate

company being spoofed in the email and corresponding webpage. Phishing, also referred to as brand spoofing or carding, is a variation on "fishing," the idea being that bait is thrown out with the hopes that while most will ignore the bait, some

will be tempted into biting. Incinerating documents will not prevent phishing. Therefore, this answer is incorrect.

D: Impersonation is where a person, computer, software application or service pretends to be someone it's not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat.

While the information gained by viewing documents could be used by an impersonator, incinerating documents alone will not prevent impersonation. Therefore, this answer is incorrect.

References:

http://searchsecurity.techtarget.com/definition/dumpster-diving http://searchsecurity.techtarget.com/definition/shoulder-surfing http://www.webopedia.com/TERM/P/ phishing.html

Correct Answer: B

WEP offers no end-to-end TLS encryption.

The WEP process consists of a series of steps as follows:

The wireless client sends an authentication request.

The Access Point (AP) sends an authentication response containing clear-text (uh-oh!) challenge text. The client takes the challenge text received and encrypts it using a static WEP key. The client sends the encrypted authentication packet

to the AP. The AP encrypts the challenge text using its own static WEP key and compares the result to the authentication packet sent by the client. If the results match, the AP begins the association process for the wireless client.

The big issue with WEP is the fact that it is very susceptible to a Man in the Middle attack. The attacker captures the clear-text challenge and then the authentication packet reply. The attacker then reverses the RC4 encryption in order to

derive the static WEP key. Yikes! As you might guess, the designers attempted to strengthen WEP using the approach of key lengths. The native Windows client supported a 104-bit key as opposed to the initial 40-bit key. The fundamental

weaknesses in the WEP process still remained however.

Incorrect Answers:

A: HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the

pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks.

Therefore, this answer is incorrect.

C: WPA (WiFi Protected Access) is the new security standard adopted by the WiFi Alliance consortium. WiFi compliance ensures interoperability between different manufacturer's wireless equipment. WPA is a much improved encryption

standard that delivers a level of security beyond anything that WEP can offer. It bridges the gap between WEP and 802.11i (WPA2) networks. WPA uses Temporal Key Integrity Protocol (TKIP), which is designed to allow WEP to be upgraded

through corrective measures that address the existing security problems. WPA is able to achieve over 500 trillion possible key combinations and re-keying of global encryption keys is required. The encryption key is changed after every frame

using TKIP. This allows key changes to occur on a frame by frame basis and to be automatically synchronized between the access point and the wireless client. The TKIP encryption algorithm is stronger than the one used by WEP. WPA is

compatible with many older access points and network cards. WPA uses TKIP to provide TLS encryption. Therefore, this answer is incorrect.

D: WPA2 is the latest implementation of WPA and provides stronger data protection and network access control. It provides WiFi users with a higher level of assurance that only authorized users can access their wireless networks. WPA2 is

based on the IEEE 802.11i standard and provides government grade security. 802.11i describes the encrypted transmission of data between systems of 802.11a and 802.11b wireless LANs. It defines new encryption key protocols including

the Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES).

WPA2 uses TKIP or AES to provide TLS encryption. Therefore, this answer is incorrect.

References:

http://blog.ine.com/2010/10/16/wlan-security-wep/

http://searchsoftwarequality.techtarget.com/definition/HTTPS http://www.onlinecomputertips.com/networking/wep_wpa.html

Correct Answer: D

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

Incorrect Answers:

A: Terminal Access Controller Access-Control System (TACACS) is an authentication and authorization system that accepts credentials from multiple methods, including Kerberos. It is used in client/server network environments to control access. It does not provide higher levels of security for encryption key storage.

B: Layer 2 Tunneling Protocol (L2TP) is a used to create a channel for netwrk communication between two systems. However, it does not secure the data transmitted over the channel. It does not provide higher levels of security for encryption key storage.

C: Lightweight Directory Access Protocol (LDAP) is a directory access protocol that allows queries to run against the directory's database. It does not provide higher levels of security for encryption key storage.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 144, 146, 147, 237