CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 1121:

  Pete needs to open ports on the firewall to allow for secure transmission of files. Which of the following ports should be opened on the firewall?

  A. TCP 23

  B. UDP 69

  C. TCP 22

  D. TCP 21

  Correct Answer: C

  SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22. Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). Secure FTP (SFTP) is a secured alternative to standard File Transfer Protocol (FTP).

  Incorrect Answers:

  A: Telnet uses port 23.

  B: Port 69 is used by TFTP.

  D: Port 21 is used by FTP.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 42, 51.

  http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 1122:

  By default, which of the following uses TCP port 22? (Select THREE).

  A. FTPS

  B. STELNET

  C. TLS

  D. SCP

  E. SSL

  F. HTTPS

  G. SSH

  H. SFTP

  Correct Answer: DGH

  G: Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network in a client- server architecture, connecting an SSH client application with an SSH server. Common applications include remote command- line login, remote command execution, but any network service can be secured with SSH. SSH uses port 22.

  D: SCP stands for Secure Copy. SCP is used to securely copy files over a network. SCP uses SSH to secure the connection and therefore uses port 22.

  H: SFTP stands for stands for Secure File Transfer Protocol and is used for transferring files using FTP over a secure network connection. SFTP uses SSH to secure the connection and therefore uses port 22.

  Incorrect Answers:

  A: FTPS stands for File Transfer Protocol Secure. FTPS is similar to SFTP in that it is used to securely transfer files. The difference between the two is the encryption protocol used. FTPS uses the SSL or TLS cryptographic protocols and therefore uses port 443.

  B: STelnet stands for secure telnet. STelnet uses SSL by default and therefore uses port 443.

  C: TLS (Transport Layer Security) is a successor to SSL and uses port 443.

  E: SSL (Secure Sockets Layer) uses port 443.

  F: HTTPS (Hypertext transfer protocol secure) is used by web sites to encrypt and security transmit data. HTTPS uses the SSL or TLS cryptographic protocols and therefore uses port 443.

  References: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 1123:

  Which of the following ports is used for SSH, by default?

  A. 23

  B. 32

  C. 12

  D. 22

  Correct Answer: D

  Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network in a client- server architecture, connecting an SSH client application with an SSH server. Common applications include remote command- line login, remote command execution, but any network service can be secured with SSH. SSH uses port 22.

  Incorrect Answers:

  A: Port 23 is used by the Telnet protocol, not by SSH.

  B: Port 32 is an unassigned port.

  C: Port 12 is an unassigned port.

  References:

  http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers http://en.wikipedia.org/wiki/Secure_Shell http://www.planetlinks.com/tec236/notes-terms/4-10-06/default-tcp-ports-list.html

• Question 1124:

  A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?

  A. 20

  B. 21

  C. 22

  D. 23

  Correct Answer: B

  When establishing an FTP session, clients start a connection to an FTP server that listens on TCP port 21 by default.

  Incorrect Answers:

  A: FTP uses port 20, but it is not the default port.

  C: SSH uses TCP port 22.

  D: Telnet uses port 23.

  References:

  http://compnetworking.about.com/od/tcpip/p/port-numbers-21-ftp.htm http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 1125:

  After a new firewall has been installed, devices cannot obtain a new IP address. Which of the following ports should Matt, the security administrator, open on the firewall?

  A. 25

  B. 68

  C. 80

  D. 443

  Correct Answer: B

  The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for distributing IP addresses for interfaces and services. DHCP makes use of port 68.

  Incorrect Answers:

  A: SMTP makes use of port 25.

  C: HTTP makes use of port 80.

  D: HTTPS makes use of port 443

  References:

  http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 1126:

  A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened on the firewall in order for this VPN to function properly? (Select TWO).

  A. UDP 1723

  B. TCP 500

  C. TCP 1723

  D. UDP 47

  E. TCP 47

  Correct Answer: CD

  A PPTP tunnel is instantiated by communication to the peer on TCP port 1723. This TCP connection is then used to initiate and manage a second GRE tunnel to the same peer. The PPTP GRE packet format is non-standard, including an

  additional acknowledgement field replacing the typical routing field in the GRE header. However, as in a normal GRE connection, those modified GRE packets are directly encapsulated into IP packets, and seen as IP protocol number 47.

  Incorrect Answers:

  A, E: PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.

  B: TCP port 500 is used by the Internet Security Association and Key Management Protocol (ISAKMP) References: http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 1127:

  A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?

  A. Blocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP

  B. Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS

  C. Blocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS

  D. Blocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS

  Correct Answer: B

  The question states that traffic on port 21, 69, 80, and 137-139 is blocked, while ports 22 and 443 are allowed.

  Port 21 is used for FTP by default.

  Port 69 is used for TFTP.

  Port 80 is used for HTTP.

  Ports 137-139 are used for NetBIOS.

  VMM uses SFTP over default port 22.

  Port 22 is used for SSH by default.

  SCP runs over TCP port 22 by default.

  Port 443 is used for HTTPS.

  Incorrect Answers:

  A: FTP uses port 21, which is blocked.

  C: SFTP uses port 22, which is allowed.

  D: HTTPS uses port 443, which is allowed. NetBIOS uses ports 137-139, which is blocked.

  References:

  https://technet.microsoft.com/en-us/library/dd548299.aspx https://technet.microsoft.com/en-us/library/hh545212(v=sc.20).aspx https://technet.microsoft.com/en-us/ library/dd425238(v=office.13).aspx https://technet.microsoft.com/en-us/library/

  hh427328.aspx

• Question 1128:

  An information bank has been established to store contacts, phone numbers and other records. A UNIX application needs to connect to the index server using port 389. Which of the following authentication services should be used on this port by default?

  A. RADIUS

  B. Kerberos

  C. TACACS+

  D. LDAP

  Correct Answer: D

  LDAP makes use of port 389.

  Incorrect Answers:

  A: RADIUS makes use of various UDP ports.

  B: Kerberos makes use of port 88.

  C: TACACS makes use of TCP port 49 by default.

  References: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 1129:

  A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?

  A. ICMP

  B. BGP

  C. NetBIOS

  D. DNS

  Correct Answer: C

  The LMHOSTS file provides a NetBIOS name resolution method that can be used for small networks that do not use a WINS server. NetBIOS has been adapted to run on top of TCP/IP, and is still extensively used for name resolution and registration in Windows-based environments.

  Incorrect Answers:

  A: Internet Control Message Protocol (ICMP) is a network health and link-testing protocol that is commonly used by tools such as ping, traceroute, and pathping. It is not include in the LMHOSTS file.

  B: Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. It is not include in the LMHOSTS file.

  C: Domain Name System (DNS) distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. It is not include in the LMHOSTS file.

  References: https://technet.microsoft.com/library/Cc977602 http://en.wikipedia.org/wiki/Border_Gateway_Protocol http://en.wikipedia.org/wiki/Domain_Name_System

• Question 1130:

  A security analyst noticed a colleague typing the following command:

  `Telnet some-host 443'

  Which of the following was the colleague performing?

  A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack.

  B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall.

  C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead.

  D. A mistaken port being entered because telnet servers typically do not listen on port 443.

  Correct Answer: B

  B: The Telnet program parameters are: telnet is the name or IP address of the remote server to connect to. is the port number of the service to use for the connection. TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL port. By running the Telnet some-host 443 command, the security analyst is checking that routing is done properly and not blocked by a firewall.

  Incorrect Answers:

  A: The telnet command parameter used by the colleague is done to check what service is running, i.e. HTTPS, not an attempt to get a denial of service attack.

  C: TCP port 443 will not allow an insecure remote session because is the default SSL port.

  D: TCP port 443 is the default SSL port and SSH makes use of TCP port 22.

  References:

  https://support.microsoft.com/en-us/kb/290051

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 83.