JK0-022 Online Practice Questions and Answers

Correct Answer: CE

DNS uses TCP and UDP port 53. TCP port 53 is used for zone transfers, whereas UDP port 53 is used for queries.

Incorrect Answers:

A:

FTP uses TCP port 21.

B.

D: Telnet uses port 23.

References:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 51. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Correct Answer: D

Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default. Implicit deny is the default response when an explicit allow or deny isn't present.

Incorrect Answers:

A: Stateful packet filtering automatically creates a response rule for the replay on the fly. But that rule exists only as long as the conversation is taking place.

B: Bottom-up processing is a type of information processing based on incoming data from the environment to form a perception.

C: This option is a reaction to a failure, which has nothing to do with ACL's

References:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 6, 26. http://en.wikipedia.org/wiki/Top-down_and_bottom-up_design

Correct Answer: A

Virtualization allows a single set of hardware to host multiple virtual machines.

Incorrect Answers:

B: Subnetting is how networks are divided. C, D: These are models of Cloud Computing.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 17, 19, 89.

Correct Answer: B

Role-based Access Control is basically based on a user's job description. When a user is assigned a specific role in an environment, that user's access to objects is granted based on the required tasks of that role. The IT administrator should,

therefore, create an account with role- based access control for accounting for Joe.

Incorrect Answers:

A: Assigning Joe's user account to the accounting group will not necessarily allow Joe the required access, as different users require different access.

C: Creating a user account with password reset will not allow Joe the required access, as permissions still have to be granted.

D: Doing this will give Joe more rights than is required.

References:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 82, 280.

Correct Answer: B

Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day.

Incorrect Answers:

A: An account review would conclude if users have been suitably completing their work tasks or whether there have been failed and/or successful attempts at violating company policies or the law. It would not prevent contractors from having access to systems in the event a contractor has left.

C: Account lockout automatically disables an account due to repeated failed log on attempts. It would not prevent contractors from having access to systems in the event a contractor has left.

D: The question states: "The provisioning team does not always get notified that a contractor has left the company". Therefore, disabling an account needs to happen automatically. The account expiration policy meets the requirements.

References:

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292- 294.

Correct Answer: A

Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.

Incorrect Answers:

B: Disaster recovery refers to the actions taken after an event resulting in a loss/disaster occurred.

C: Separation of duties are used to reduce the risk of fraud and to prevent other types of losses. It is also designed to prevent accidents from occurring; e.g. someone other than the user responsible for writing code to check and run tests on the code.

D: Single loss expectance refers to asset value times the exposure factor and is used to calculate risk.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 23, 454

Correct Answer: D

Wrapping sensitive systems with a specific control is required when protecting data in transit. TCP wrappers are also security controls. TCP Wrapper is a host- based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or inetd query replies, to be used as tokens on which to filter for access control purposes. TCP Wrapper should not be considered a replacement for a properly configured firewall. Instead, TCP Wrapper should be used in conjunction with a firewall and other security enhancements in order to provide another layer of protection in the implementation of a security policy.

Incorrect Answers:

A: Application firewalls are usually better protection for database servers or web servers than are other types of firewalls. Application firewalls, in addition to packet filtering, filter specific application related content.

B: Manual updates will not be practical considering that data is in transit when it gets stolen.

C: Firmware version control is closely related to updating the firmware. You should always be sure that each device is using the correct version of firmware since viruses may specifically target the firmware in routers and switches if you do not update these.

References: https://www.freebsd.org/doc/handbook/tcpwrappers.html Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 421

Correct Answer: A

Encryption is used to ensure the confidentiality of information and in this case the outbound email that contains the confidential information should be encrypted.

Incorrect Answers:

B: DLP system should be set to monitor the outbound emails not the inbound email since the company will be sending out confidential email.

C: Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables.

D: Encrypting inbound email would be futile if the data protection should be carried out on outbound email.

References:

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 236, 255, 291

Correct Answer: C

MAC filtering is commonly used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network.

Incorrect Answers:

A: Disabling SSID broadcasting for the wireless network would make the network invisible to users' computers. The user would need to know the name (SSID) of the network and enter it manually in order to connect to the network. However,

it does not prevent access to the network by anyone that knows the SSID of the wireless network. Therefore, this answer is incorrect.

B: A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access. It is used by wireless networks that require WPA-Enterprise security. It can

restrict which users can log on to the wireless network. However, it does not restrict which devices can connect to the wireless network. Therefore, this answer is incorrect.

D: Lowering the power levels on the access point would reduce the range of the wireless network. However, it does not restrict which devices (within range) can connect to the wireless network. Therefore, this answer is incorrect.

References:

http://en.wikipedia.org/wiki/MAC_filtering

Correct Answer: C

We have an update to apply to fix the vulnerability. The update should be tested first in a lab environment, not on the production server to ensure it doesn't cause any other problems with the server. After testing the update, we should backup the server to enable us to roll back any changes in the event of any unforeseen problems with the update. The question states that the server will require a reboot. This will result in downtime so you should schedule the downtime before installing the patch. After installing the update, you should monitor the server to ensure it is functioning correctly.

Incorrect Answers:

A: This answer is almost complete but is omits the step of backing up the server. We should backup the server to enable us to roll back any changes in the event of any unforeseen problems with the update. Therefore, this answer is incorrect.

B: This answer is almost complete but is omits the step of rebooting the server. The question states that the update requires a reboot of the server. Therefore, this answer is incorrect.

D: This answer omits the important step of testing the update. Updates should always be testing in a lab environment before being deployed to productions servers. Therefore, this answer is incorrect.