With Flydumps CompTIA JK0-022 practice tests, you can pass the exam easily and go further on Microsoft career path. CompTIA JK0-022 Flydumps are authenticated by expert and covering all aspect of CompTIA https://www.pass4itsure.com/jk0-022.html exam. Visit www.Flydumps.com to get the CompTIA JK0-022 100% pass ensure!
QUESTION 45
Which of the following best practices makes a wireless network more difficult to find?
A. Implement MAC filtering
B. UseWPA2-PSK
C. Disable SSID broadcast
D. Power down unused WAPs
Correct Answer: C Explanation
Explanation/Reference:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct
packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public
use.
Incorrect Answers:
A: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. It does not, however, increase the difficulty of finding a wireless network.
B: WPA-Personal, also referred to as WPA-PSK (Pre-shared key) mode, is designed for home and small office networks and doesn’t require an authentication server. Each wireless network device authenticates with the access point using the same 256-bit key generated from a password or passphrase. Using this option will not decrease the chances of discovering the wireless network.
D: Using this option will not decrease the chances of discovering the wireless network in use.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
QUESTION 46
Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).
A. Disable the wired ports
B. Use channels 1, 4 and 7 only
C. Enable MAC filtering
D. Disable SSID broadcast
E. Switch from 802.11a to 802.11b
Correct Answer: CD Explanation Explanation/Reference:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct
packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public
use.
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.
Incorrect Answers:
A: Disabling the wired ports will not prevent outsiders from connecting to the AP and gaining unauthorized access.
B: Selecting the correct channels will prevent interference, not unauthorized access.
E: Doing this will decrease the bandwidth and increase the risk of interference.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61. https://technet.microsoft.com/en-us/library/cc783011(v=ws.10).aspx
QUESTION 47
Which of the following wireless security technologies continuously supplies new keys for WEP?
A. TKIP
B. Mac filtering
C. WPA2
D. WPA
Correct Answer: A Explanation
Explanation/Reference:
TKIP is a suite of algorithms that works as a “wrapper” to WEP, which allows users of legacy WLAN equipment to upgrade to TKIP without replacing hardware. TKIP uses the original WEP programming but “wraps” additional code at the beginning and end to encapsulate and modify it.
Incorrect Answers:
B: Networks can use MAC address filtering, only allowing devices with specific MAC addresses to connect to a network. It does not continuously supply new keys
for WEP.
C: WPA2 makes use of Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and is a more secure standard that WEP or
WPA.
D: WPA replaces WEP, and also uses TKIP.
References:
http://www.howtogeek.com/192173/how-and-why-to-change-your-mac-address-on-windows- linux-and-mac/ Dulaney, Emmett and Chuck Eastton, CompTIA
Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 171, 172, 173.
QUESTION 48
A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?
A. WPA2 CCMP
B. WPA
C. WPA with MAC filtering
D. WPA2 TKIP
Correct Answer: A Explanation
Explanation/Reference:
CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the WEP protocol and TKIP protocol of WPA. CCMP provides the following security services: Data confidentiality; ensures only authorized parties can access the information Authentication; provides proof of genuineness of the user Access control in conjunction with layer management
Because CCMP is a block cipher mode using a 128-bit key, it is secure against attacks to the 264 steps of operation.
Incorrect Answers:
B: The Wi-Fi Alliance intended WPA as an intermediate measure to take the place of WEP pending the availability of the full IEEE 802.11i standard. The WPA protocol implements much of the IEEE 802.11i standard. Specifically, the Temporal Key Integrity Protocol (TKIP) was adopted for WPA. WEP used a 40-bit or 104-bit encryption key that must be manually entered on wireless access points and devices and does not change. TKIP employs a per-packet key, meaning that it dynamically generates a new 128-bit key for each packet and thus prevents the types of attacks that compromised WEP. WPA also includes a message integrity check. This is designed to prevent an attacker from capturing, altering and/or resending data packets. This replaces the cyclic redundancy check (CRC) that was used by the WEP standard. CRC’s main flaw was that it did not provide a sufficiently strong data integrity guarantee for the packets it handled. Well tested message authentication codes existed to solve these problems, but they required too much computation to be used on old network cards. WPA uses a message integrity check algorithm called Michael to verify the integrity of the packets. Michael is much stronger than a CRC, but not as strong as the algorithm used in WPA2.
C: WPA even with the added security of MAC filtering is still inherently less secure than WPA2.
D: CCMP is the standard encryption protocol for use with the WPA2 standard and is much more secure than the TKIP protocol of WPA.
References: http://en.wikipedia.org/wiki/CCMP http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
QUESTION 49
An access point has been configured for AES encryption but a client is unable to connect to it. Which of the following should be configured on the client to fix this issue?
A. WEP
B. CCMP
C. TKIP
D. RC4
Correct Answer: B Explanation
Explanation/Reference:
CCMP is an encryption protocol designed for Wireless LAN products that implement the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard.
Incorrect Answers:
A: WEP is based on RC4, and does not use AES.
C: TKIP is a basis for WPA.
D: RC4 is the basis of WEP.
References:
http://en.wikipedia.org/wiki/CCMP
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 59, 60.
QUESTION 50
A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?
A. Change the encryption from TKIP-based to CCMP-based.
B. Set all nearby access points to operate on the same channel.
C. Configure the access point to use WEP instead of WPA2.
D. Enable all access points to broadcast their SSIDs.
Correct Answer: A Explanation
Explanation/Reference:
CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This initialization vector makes cracking a bit more difficult.
Incorrect Answers:
B: Wireless APs with overlapping signals should use unique channel frequencies to reduce interference between them.
C: WEP is not a secure encryption protocol.
D: This will make the network visible, and open for attacks.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 172, 178.
https://technet.microsoft.com/en-us/library/cc783011(v=ws.10).aspx
QUESTION 51
The security administrator has been tasked to update all the access points to provide a more secure connection. All access points currently use WPA TKIP for encryption. Which of the following would be configured to provide more secure connections?
A. WEP
B. WPA2 CCMP
C. Disable SSID broadcast and increase power levels
D. MAC filtering
Correct Answer: B Explanation
Explanation/Reference:
CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This initialization vector makes cracking a bit more difficult.
Incorrect Answers:
A: WEP is not a secure encryption protocol.
C: This will only cloak the network, and increase the signal strength.
D: MAC filtering is vulnerable to spoof attacks.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 172, 178.
QUESTION 52
A system administrator wants to enable WPA2 CCMP. Which of the following is the only encryption used?
A. RC4
B. DES
C. 3DES
D. AES
Correct Answer: D Explanation
Explanation/Reference:
Cipher Block Chaining Message Authentication Code Protocol (CCMP) makes use of 128-bit AES encryption with a 48-bit initialization vector.
Incorrect Answers:
A, B, C: These are not used by CCMP
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 172, 250.
QUESTION 53
Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point?
A. Placement of antenna
B. Disabling the SSID
C. Implementing WPA2
D. Enabling the MAC filtering
Correct Answer: A Explanation
Explanation/Reference:
You should try to avoid placing access points near metal (which includes appliances) or near the ground. Placing them in the center of the area to be served and high enough to get around most obstacles is recommended. On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided.
Incorrect Answers:
B: This option would “cloak” the network, not limit its signal strength.
C: This deals with authentication and would not make sure that the network is inaccessible from the parking area.
D: This would require clients to furnish the security administrator with their device’s MAC address.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 172, 177, 178, 183.
QUESTION 54
A security team has identified that the wireless signal is broadcasting into the parking lot. To reduce the risk of an attack against the wireless network from the parking lot, which of the following controls should be used? (Select TWO).
A. Antenna placement
B. Interference
C. Use WEP
D. Single Sign on
E. Disable the SSID
F. Power levels
Correct Answer: AF Explanation
Explanation/Reference:
Placing the antenna in the correct position is crucial. You can then adjust the power levels to exclude the parking lot. Incorrect Answers:
B: Interference could disrupt the signal in the building as well.
C: WEP is not a secure encryption protocol.
D: This allows users access to all the applications and systems they need when they log on.
E: This option would “cloak” the network, not limit its signal strength.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 149, 171, 177, 183.
QUESTION 55
Which of the following would Pete, a security administrator, do to limit a wireless signal from penetrating the exterior walls?
A. Implement TKIP encryption
B. Consider antenna placement
C. Disable the SSID broadcast
D. Disable WPA
Correct Answer: B Explanation
Explanation/Reference:
Cinderblock walls, metal cabinets, and other barriers can reduce signal strength significantly. Therefore, antenna placement is critical.
Incorrect Answers:
A: This option deals with encryption, not signal strength.
C: This option would “cloak” the network, not limit its signal strength.
D: This option deals with authentication, not signal strength.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 172, 173, 177, 183.
QUESTION 56
Ann, a security administrator, has concerns regarding her company’s wireless network. The network is open and available for visiting prospective clients in the conference room, but she notices that many more devices are connecting to the network than should be.
Which of the following would BEST alleviate Ann’s concerns with minimum disturbance of current functionality for clients?
A. Enable MAC filtering on the wireless access point.
B. Configure WPA2 encryption on the wireless access point.
C. Lower the antenna’s broadcasting power.
D. Disable SSID broadcasting.
Correct Answer: C Explanation
Explanation/Reference:
Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far.
Incorrect Answers:
A: This would require clients to furnish the security administrator with their device’s MAC address.
B: This would require clients to ask for Wi-Fi access.
D: Clients would not be able to detect the Wi-Fi network.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 172, 177, 178, 183.
QUESTION 57
After reviewing the firewall logs of her organization’s wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?
A. Reduce the power level of the AP on the network segment
B. Implement MAC filtering on the AP of the affected segment
C. Perform a site survey to see what has changed on the segment
D. Change the WPA2 encryption key of the AP in the affected segment
Correct Answer: A Explanation
Explanation/Reference:
Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far.
Incorrect Answers:
B: MAC filtering is an option further down the line. If reducing the amount of output resolves the issue, the administrative effort will be much less that have to compile a list of the MAC addresses associated with users’ computers and then entering those addresses.
C: A site survey is recommended when laying out a network.
D: The fact that Ann has found failed authentication attempts shows that the WPA2 encryption is not the real issue.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 177, 178.
QUESTION 58
An administrator wants to establish a WiFi network using a high gain directional antenna with a narrow radiation pattern to connect two buildings separated by a very long distance. Which of the following antennas would be BEST for this situation?
A. Dipole
B. Yagi
C. Sector
D. Omni
Correct Answer: B Explanation
Explanation/Reference:
A Yagi-Uda antenna, commonly known simply as a Yagi antenna, is a directional antenna consisting of multiple parallel dipole elements in a line, usually made of metal rods. It consists of a single driven element connected to the transmitter or receiver with a transmission line, and additional parasitic elements: a so-called reflector and one or more directors. The reflector element is slightly longer than the driven dipole, whereas the directors are a little shorter. This design achieves a very substantial increase in the antenna’s directionality and gain compared to a simple dipole.
Incorrect Answers:
A: The 15 cm long vertical element you see on most Wi-Fi equipment is actually a dipole antenna. It consists of two elements and is popular because of its omnidirectional radiation pattern.
C: A sector antenna is a type of directional microwave antenna with a sector-shaped radiation pattern. The word “sector” is used in the geometric sense; some portion of the circumference of a circle measured in degrees of arc. 60? 90?and 120?designs are typical, often with a few degrees ‘extra’ to ensure overlap and mounted in multiples when wider or full-circle coverage is required.
D: An omnidirectional antenna is designed to provide a 360-degree pattern and an even signal in all directions
References:
http://en.wikipedia.org/wiki/Yagi-Uda_antenna
http://www.techrepublic.com/blog/data-center/80211-time-to-clear-up-some-antenna- misconceptions/ http://en.wikipedia.org/wiki/Sector_antenna#See_also
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 178.
QUESTION 59
A company has recently implemented a high density wireless system by having a junior technician install two new access points for every access point already deployed. Users are now reporting random wireless disconnections and slow network connectivity. Which of the following is the MOST likely cause?
A. The old APs use 802.11a
B. Users did not enter the MAC of the new APs
C. The new APs use MIMO
D. A site survey was not conducted
Correct Answer: D Explanation
Explanation/Reference:
To test the wireless AP placement, a site survey should be performed.
Incorrect Answers:
A: 802.11a operates in the 5 GHz frequency spectrum, and is therefore less likely to have disconnections and slow network connectivity.
B: Entering the MAC address will not prevent disconnections, or speed up network connectivity.
C: This cannot be the cause because MIMO would increase network availability.
References:
https://technet.microsoft.com/en-us/library/dd348467(v=ws.10).aspx http://en.wikipedia.org/wiki/MIMO http://en.wikipedia.org/wiki/IEEE_802.11a-1999
QUESTION 60
Three of the primary security control types that can be implemented are.
A. Supervisory, subordinate, and peer.
B. Personal, procedural, and legal.
C. Operational, technical, and management.
D. Mandatory, discretionary, and permanent.
Correct Answer: C Explanation
Explanation/Reference:
The National Institute of Standards and Technology (NIST) places controls into various types. The control types fall into three categories: Management, Operational, and Technical.
Incorrect Answers:
A: Supervisory, subordinate and peer are not primary security control types.
B: Personal, procedural and legal controls are subsections of managerial control types.
D: Mandatory, discretionary and permanent control types are methods of access control that can be implemented.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 26-27 http://www.professormesser.com/
security-plus/sy0-401/control-types-2/
QUESTION 61
Which of the following technical controls is BEST used to define which applications a user can install and run on a company issued mobile device?
A. Authentication
B. Blacklisting
C. Whitelisting
D. Acceptable use policy
Correct Answer: C Explanation
Explanation/Reference:
White lists are closely related to ACLs and essentially, a white list is a list of items that are allowed. Incorrect Answers:
A: Authentication is always required when applications are installed and uninstalled and to log in to an application.
B: Black lists are exactly the opposite of white lists in that it is essentially a list of items that are not allowed.
D: Acceptable use policy describe how the employees in an organization can use company systems and resources, both software and hardware.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 24, 221 http://searchsecurity.techtarget.com/
definition/application-whitelisting
QUESTION 62
To help prevent unauthorized access to PCs, a security administrator implements screen savers that lock the PC after five minutes of inactivity. Which of the following controls is being described in this situation?
A. Management
B. Administrative
C. Technical
D. Operational
Correct Answer: C Explanation
Explanation/Reference:
controls such as preventing unauthorized access to PC’s and applying screensavers that lock the PC after five minutes of inactivity is a technical control type, the same as Identification and Authentication, Access Control, Audit and Accountability as well as System and Communication Protection.
Incorrect Answers:
A: Management control types include risk assessment, planning, systems and Services Acquisition as well as Certification, Accreditation and Security
Assessment.
B: Administrative tools are used when applying technical control types.
D: Operational control types include Personnel Security, Physical and Environmental Protection, Contingency planning, Configuration Management, Maintenance,
System and Information Integrity, Media Protection, Incident Response and Awareness and Training.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 27
QUESTION 63
Which of the following is a management control?
A. Logon banners
B. Written security policy
C. SYN attack prevention
D. Access Control List (ACL)
Correct Answer: B Explanation
Explanation/Reference:
Management control types include risk assessment, planning, systems and Services Acquisition as well as Certification, Accreditation and Security Assessment; and written security policy falls in this category.
Incorrect Answers:
A: Logon banners are configuration management which is an operational control type.
C: SYN attack prevention is done by exercising technical control measures.
D: ACLs are technical control measures.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 27
QUESTION 64
Which of the following can result in significant administrative overhead from incorrect reporting?
A. Job rotation
B. Acceptable usage policies
C. False positives
D. Mandatory vacations
Correct Answer: C Explanation
Explanation/Reference:
False positives are essentially events that are mistakenly flagged and are not really events to be concerned about. This causes a significant administrative
We are sure that you will pass your CompTIA https://www.pass4itsure.com/jk0-022.html exam after using CompTIA JK0-022 study materials. With FLYDUMPS CompTIA JK0-022 practice exam, you can be rest assured that you will be fully prepared to take on your CompTIA JK0-022 exam.