CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 1131:

  A network consists of various remote sites that connect back to two main locations. Pete, the security administrator, needs to block TELNET access into the network. Which of the following, by default, would be the BEST choice to accomplish this goal?

  A. Block port 23 on the L2 switch at each remote site

  B. Block port 23 on the network firewall

  C. Block port 25 on the L2 switch at each remote site

  D. Block port 25 on the network firewall

  Correct Answer: B

  Telnet is a terminal-emulation network application that supports remote connectivity for executing commands and running applications but doesn't support transfer of fi les. Telnet uses TCP port 23. Because it's a clear text protocol and

  service, it should be avoided and replaced with SSH.

  Incorrect Answers:

  A, C: L2 switches may interconnect a small number of devices in a home or the office. They are normally used for LANs.

  D: Port 25 is used by Simple Mail Transfer Protocol (SMTP) for e-mail routing between mail servers.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 51.

  http://en.wikipedia.org/wiki/Network_switch#Layer_2

  http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 1132:

  Which of the following is the default port for TFTP?

  A. 20

  B. 69

  C. 21

  D. 68

  Correct Answer: B

  TFTP makes use of UDP port 69.

  Incorrect Answers:

  A, C: FTP (File Transfer Protocol) uses ports 20 and 21

  D: Port 68 TCP/UDP is used by Bootstrap Protocol (BOOTP) Client; as well Dynamic Host Configuration Protocol (DHCP).

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 51. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 1133:

  Which of the following is a difference between TFTP and FTP?

  A. TFTP is slower than FTP.

  B. TFTP is more secure than FTP.

  C. TFTP utilizes TCP and FTP uses UDP.

  D. TFTP utilizes UDP and FTP uses TCP.

  Correct Answer: D

  FTP employs TCP ports 20 and 21 to establish and maintain client-to-server communications, whereas TFTP makes use of UDP port 69.

  Incorrect Answers:

  A: UDP is faster than TCP is because there is no form of flow control or error correction.

  B: TFTP requires no authentication, whereas FTP allows authenticated connections.

  C: As stated above, FTP employs TCP ports 20 and 21 and TFTP makes use of UDP port 69.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 49, 50.

  http://www.skullbox.net/tcpudp.php

• Question 1134:

  A network administrator is asked to send a large file containing PII to a business associate.

  Which of the following protocols is the BEST choice to use?

  A. SSH

  B. SFTP

  C. SMTP

  D. FTP

  Correct Answer: B

  SFTP encrypts authentication and data traffic between the client and server by making use of SSH to provide secure FTP communications. As a result, SFTP offers protection for both the authentication traffic and the data transfer taking place between a client and server.

  Incorrect Answers:

  A: SSH is employed by SFTP.

  C: SMTP is the email-forwarding protocol used on the Internet and intranets.

  D: Standard FTP does not provide any confidentiality protection because it sends all data in the clear.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 49, 50.

• Question 1135:

  Which of the following ports and protocol types must be opened on a host with a host-based firewall to allow incoming SFTP connections?

  A. 21/UDP

  B. 21/TCP

  C. 22/UDP

  D. 22/TCP

  Correct Answer: D

  SSH uses TCP port 22. All protocols encrypted by SSH, including SFTP, SHTTP, SCP, SExec, and slogin, also use TCP port 22.

  Incorrect Answers:

  A, C: FTP ,and SSH do not make use of UDP ports.

  B: FTP uses TCP port 21.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 51.

• Question 1136:

  

  Correct Answer:

  

  Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule's criteria:

  Block the connection

  Allow the connection

  Allow the connection only if it is secured

  TCP is responsible for providing a reliable, one-to-one, connection-oriented session. TCP establishes a connection and ensures that the other end receives any packets sent. Two hosts communicate packet results with each other. TCP also

  ensures that packets are decoded and sequenced properly. This connection is persistent during the session. When the session ends, the connection is torn down.

  UDP provides an unreliable connectionless communication method between hosts. UDP is considered a best-effort protocol, but it's considerably faster than TCP.

  The sessions don't establish a synchronized session like the kind used in TCP, and UDP doesn't guarantee error-free communications. The primary purpose of UDP is to send small packets of information. The application is responsible for

  acknowledging the correct reception of the data.

  Port 22 is used by both SSH and SCP with UDP.

  Port 443 is used for secure web connections HTTPS and is a TCP port. Thus to make sure only the Accounting computer has HTTPS access to the Administrative server you should use TCP port 443 and set the rule to allow communication

  between 10.4.255.10/24 (Accounting) and 10.4.255.101

  (Administrative server1)

  Thus to make sure that only the HR computer has access to Server2 over SCP you need use of TCP port 22 and set the rule to allow communication between 10.4.255.10/23 (HR) and 10.4.255.2 (server2)

  Thus to make sure that the IT computer can access both the Administrative servers you need to use a port and accompanying port number and set the rule to allow communication between:

  10.4.255.10.25 (IT computer) and 10.4.255.101 (Administrative server1) 10.4.255.10.25 (IT computer) and 10.4.255.102 (Administrative server2)

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 77, 83, 96, 157.

• Question 1137:

  HOTSPOT

  The security administrator has installed a new firewall which implements an implicit DENY policy by default. Click on the firewall and configure it to allow ONLY the following communication.

  1.

  The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.

  2.

  The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port

  3.

  The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

  Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can

  be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

  

  Hot Area:

  

  Correct Answer:

  

  Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default. Rule #1 allows the Accounting workstation to ONLY access the web server on the public

  network over the default HTTPS port, which is TCP port 443. Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22

  Rule #3 and Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 26, 44.

  http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

• Question 1138:

  Simulation

  A security administrator discovers that an attack has been completed against a node on the corporate network. All available logs were collected and stored.

  You must review all network logs to discover the scope of the attack, check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. The environment is

  a critical production environment; perform the LEAST disruptive actions on the network, while still performing the appropriate incid3nt responses.

  Instructions: The web server, database server, IDS, and User PC are clickable. Check the box of the node(s) that have been compromised and drag and drop the appropriate actions to complete the incident response on the network. Not all

  actions may be used, and order is not important. If at anytime you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit.

  

  Once the simulation is submitted, please select the Next button to continue.

  Correct Answer:

  Database server was attacked, actions should be to capture network traffic and Chain of Custody.

  

  IDS Server Log:

  Web Server Log: Database Server Log:

  

  

  

  Users PC Log:

  

• Question 1139:

  HOTSPOT

  The security administrator has installed a new firewall which implements an implicit DENY policy by default Click on the firewall and configure it to allow ONLY the following communication.

  1.

  The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.

  2.

  The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port

  3.

  The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

  Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can

  be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

  

  Hot Area:

  

  Correct Answer:

  

• Question 1140:

  DRAG DROP A security administrator is given the security and availability profiles for servers that are being deployed. 1) Match each RAID type with the correct configuration and MINIMUM number of drives. 2) Review the server profiles and match them with the appropriate RAID type based on integrity, availability, I/O, storage requirements. Instructions: All drive definitions can be dragged as many times as necessary Not all placeholders may be filled in the RAID configuration boxes If parity is required, please select the appropriate number of parity checkboxes Server profiles may be dragged only once If at any time you would like to bring back the initial state of the simulation, please select the Reset button. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

  Select and Place:

  

  Select and Place:

  

  Correct Answer: