CompTIA JK0-022 Security Cryptography Certification Exam Set 7

In PKI, a key pair consists of: (Select TWO).


Options are :

  • Key escrow
  • Akey ring
  • A passphrase
  • A private key (Correct)
  • A public key (Correct)

Answer : A private key A public key

Which of the following types of trust models is used by a PKI?


Options are :

  • Transitive
  • Open source
  • Centralized (Correct)
  • Decentralized

Answer : Centralized

On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge. Which of the following does this describe?


Options are :

  • Shoulder surfing (Correct)
  • Illegal downloading
  • Interference
  • Tailgating

Answer : Shoulder surfing

Which of the following is true about the CRL?


Options are :

  • It must be encrypted
  • It signs other keys
  • It should be kept public (Correct)
  • It must be kept secret

Answer : It should be kept public

Which of the following devices would be the MOST efficient way to filter external websites for staff on an internal network?


Options are :

  • Switch
  • Proxy (Correct)
  • Protocol analyzer
  • Router

Answer : Proxy

Which of the following allows lower level domains to access resources in a separate Public Key Infrastructure?


Options are :

  • Public Key
  • Private Key
  • Recovery Agent
  • Trust Model (Correct)

Answer : Trust Model

An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?


Options are :

  • Generate a new public key based on AES.
  • Generate a new private key based on AES.
  • Generate a new private key based on RSA. (Correct)
  • Generate a new public key based on RSA.

Answer : Generate a new private key based on RSA.

The recovery agent is used to recover the:


Options are :

  • Root certificate
  • Private key (Correct)
  • Key in escrow
  • Public key

Answer : Private key

Which of the following must be kept secret for a public key infrastructure to remain secure?


Options are :

  • Certificate revocation list
  • Public key ring
  • Private key (Correct)
  • Certificate Authority

Answer : Private key

Which of the following should a security technician implement to identify untrusted certificates?


Options are :

  • Recovery agent
  • PKI
  • CRL (Correct)
  • CA

Answer : CRL

Which of the following is the MOST likely cause of users being unable to verify a single userís email signature and that user being unable to decrypt sent messages?


Options are :

  • Unmatched key pairs (Correct)
  • Corrupt key escrow
  • Weak public key
  • Weak private key

Answer : Unmatched key pairs

Which of the following, if properly implemented, would prevent users from accessing files that are unrelated to their job duties? (Select TWO).


Options are :

  • Separation of duties (Correct)
  • Mandatory vacation
  • Least privilege (Correct)
  • Time of day restrictions
  • Job rotation

Answer : Separation of duties Least privilege

The common method of breaking larger network address space into smaller networks is known as:


Options are :

  • phishing.
  • virtualization.
  • packet filtering.
  • subnetting. (Correct)

Answer : subnetting.

The Chief Security Officer (CSO) is contacted by a first responder. The CSO assigns a handler. Which of the following is occurring?


Options are :

  • Incident response process (Correct)
  • Business continuity planning
  • Unified threat management
  • Disaster recovery process
  • Unannounced audit response

Answer : Incident response process

Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit a file. Currently, the file has the following permissions: Ann: read/write Sales Group: read IT Group: no access If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Joe?


Options are :

  • Give Joe the appropriate access to the file directly. (Correct)
  • Add Joe to the Sales group.
  • Remove Joe from the IT group and add him to the Sales group.
  • Have the system administrator give Joe full access to the file.

Answer : Give Joe the appropriate access to the file directly.

Which of the following would be MOST appropriate if an organization's requirements mandate complete control over the data and applications stored in the cloud?


Options are :

  • Public cloud
  • Hybrid cloud
  • Private cloud (Correct)
  • Community cloud

Answer : Private cloud

Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?


Options are :

  • RADIUS (Correct)
  • Kerberos
  • SAML
  • LDAP

Answer : RADIUS

An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?


Options are :

  • Force the WAP to use channel 1
  • Enable MAC filtering (Correct)
  • Upgrade to WPA2 encryption
  • Use a stateful firewall

Answer : Enable MAC filtering

An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system?


Options are :

  • Data encryption (Correct)
  • File hashing
  • Patching the system
  • Digital signatures

Answer : Data encryption

A network administrator, Joe, arrives at his new job to find that none of the users have changed their network passwords since they were initially hired. Joe wants to have everyone change their passwords immediately. Which of the following policies should be enforced to initiate a password change?


Options are :

  • Password reuse
  • Password disablement
  • Password expiration (Correct)
  • Password recovery

Answer : Password expiration

When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described?


Options are :

  • Host based
  • Network based
  • Signature based (Correct)
  • IDS

Answer : Signature based

While securing a network it is decided to allow active FTP connections into the network. Which of the following ports MUST be configured to allow active FTP connections? (Select TWO).


Options are :

  • 68
  • 69
  • 21 (Correct)
  • 20 (Correct)
  • 22

Answer : 21 20

A security administrator must implement a network that is immune to ARP spoofing attacks. Which of the following should be implemented to ensure that a malicious insider will not be able to successfully use ARP spoofing techniques?


Options are :

  • IPSec
  • IPv6 (Correct)
  • VPN
  • UDP

Answer : IPv6

It is MOST important to make sure that the firewall is configured to do which of the following?


Options are :

  • Alert management of a possible intrusion.
  • Alert the administrator of a possible intrusion.
  • Deny all traffic and only permit by exception. (Correct)
  • Deny all traffic based on known signatures.

Answer : Deny all traffic and only permit by exception.

A small company wants to employ PKI. The company wants a cost effective solution that must be simple and trusted. They are considering two options: X.509 and PGP. Which of the following would be the BEST option?


Options are :

  • X.509, because it uses a hierarchical design that is the most trusted form of PKI.
  • X.509, because it is simple to incorporate into a small environment.
  • PGP, because it employs a web-of-trust that is the most trusted form of PKI.
  • PGP, because it is simple to incorporate into a small environment. (Correct)

Answer : PGP, because it is simple to incorporate into a small environment.

A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is up-to-date on the workstation. Which of the following is the MOST likely reason for the incident?


Options are :

  • MAC Spoofing
  • Zero-day (Correct)
  • Impersonation
  • Session Hijacking

Answer : Zero-day

A computer security officer has investigated a possible data breach and has found it credible. The officer notifies the data center manager and the Chief Information Security Officer (CISO). This is an example of:


Options are :

  • first responder.
  • escalation and notification (Correct)
  • incident identification.
  • incident mitigation.

Answer : escalation and notification

Joe analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?


Options are :

  • IDS
  • Monitor system logs
  • Hardening (Correct)
  • Reporting

Answer : Hardening

Which of the following password attacks is MOST likely to crack the largest number of randomly generated passwords?


Options are :

  • Dictionary
  • Rainbow tables (Correct)
  • Hybrid
  • Birthday attack

Answer : Rainbow tables

An organization recently switched from a cloud-based email solution to an in-house email server. The firewall needs to be modified to allow for sending and receiving email. Which of the following ports should be open on the firewall to allow for email traffic? (Select THREE).


Options are :

  • TCP 25 (Correct)
  • TCP 53
  • TCP 143 (Correct)
  • TCP 110 (Correct)
  • TCP 23
  • TCP 22

Answer : TCP 25 TCP 143 TCP 110

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions