CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 581:

  A security administrator wants to check user password complexity. Which of the following is the BEST tool to use?

  A. Password history

  B. Password logging

  C. Password cracker

  D. Password hashing

  Correct Answer: C

  The most important countermeasure against password crackers is to use long, complex passwords, which are changed regularly. Password-cracking tools compare hashes from potential passwords with the hashes stored in the accounts

  database. Each potential password is hashed, and that hash value is compared with the accounts database. If a match is found, the password- cracker tool has discovered a password for a user account.

  Incorrect Answers:

  A: Password History tracks previous passwords so as to prevent password reuse. It does not check password complexity.

  B: Password logging will not check password complexity.

  D: Passwords are usually stored in a hashed format. It does not check password complexity.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292, 318.

• Question 582:

  Which of the following passwords is the LEAST complex?

  A. MyTrain!45

  B. Mytr@in!!

  C. MyTr@in12

  D. MyTr@in#8

  Correct Answer: B

  Password policies often enforce a minimum of three out of four standard character types, which includes uppercase and lowercase letters, numbers, and symbols. Although this option includes three of the four character types, it does not

  include numbers, which makes it less complex than the other options.

  Incorrect Answers:

  A, C, D: These three options are more complex as they include all four of the standard password character types.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292.

• Question 583:

  An auditing team has found that passwords do not meet best business practices. Which of the following will MOST increase the security of the passwords? (Select TWO).

  A. Password Complexity

  B. Password Expiration

  C. Password Age

  D. Password Length

  E. Password History

  Correct Answer: AD

  Passwords should have the strength to avoid discovery through attack, but it should also be easy enough for the user to remember. The length and complexity of a password combined are vital factors in defining a password's strength.

  Incorrect Answers:

  B, C: It is common practice for passwords to automatically expire after a specified period so as to compel users to change passwords. However, if it is a strong password, it can remain static.

  E: Password History tracks previous passwords so as to prevent password reuse.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292, 293.

• Question 584:

  A group policy requires users in an organization to use strong passwords that must be changed every 15 days. Joe and Ann were hired 16 days ago. When Joe logs into the network, he is prompted to change his password; when Ann logs into the network, she is not prompted to change her password. Which of the following BEST explains why Ann is not required to change her password?

  A. Ann's user account has administrator privileges.

  B. Joe's user account was not added to the group policy.

  C. Ann's user account was not added to the group policy.

  D. Joe's user account was inadvertently disabled and must be re-created.

  Correct Answer: C

  Group policy is used to manage Windows systems in a Windows network domain environment by means of a Group Policy Object (GPO). GPO's include a number of settings related to credentials, which includes password expiration. Because Anne was not prompted to change her password, it could only mean that her user account was not added to the group policy.

  Incorrect Answers:

  A: Even if Ann's user account has administrator privileges, if it was added to the group policy it would meet the requirements of the group policy.

  B: If Joe's user account was not added to the group policy, his account would not be required to meet the requirements of the group policy.

  D: If Joe's user account was inadvertently disabled and must be re-created, he would not be prompted to change his password at logon.

  References: https://technet.microsoft.com/en-us/library/dn579255.aspx

• Question 585:

  A network inventory discovery application requires non-privileged access to all hosts on a network for inventory of installed applications. A service account is created by the network inventory discovery application for accessing all hosts. Which of the following is the MOST efficient method for granting the account non- privileged access to the hosts?

  A. Implement Group Policy to add the account to the users group on the hosts

  B. Add the account to the Domain Administrator group

  C. Add the account to the Users group on the hosts

  D. Implement Group Policy to add the account to the Power Users group on the hosts.

  Correct Answer: A

  Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following Active Directory directory

  service containers: sites, domains, or organizational units (OUs). This means that if the GPO is linked to the domain, all Users groups in the domain will include the service account.

  Incorrect Answers:

  B: Adding the account to the Domain Administrator group will give the account full control of the domain. The account should have non-privileged access.

  C: This is a valid course of action, but would require accessing the Users group on each individual host. The question asks for the most efficient method. Group policy is more efficient that this option.

  D: In previous versions of Windows, the Power Users group gave users specific administrator rights and permissions to perform common system tasks.The account should have non-privileged access.

  References:

  https://technet.microsoft.com/en-us/windowsserver/bb310732.aspx https://technet.microsoft.com/en-us/library/cc756898(v=ws.10).aspx https:// technet.microsoft.com/en-us/library/cc771990.aspx

• Question 586:

  The system administrator is tasked with changing the administrator password across all 2000 computers in the organization. Which of the following should the system administrator implement to accomplish this task?

  A. A security group

  B. A group policy

  C. Key escrow

  D. Certificate revocation

  Correct Answer: B

  Group policy is used to manage Windows systems in a Windows network domain environment by means of a Group Policy Object (GPO). GPO's include a number of settings related to credentials, such as password complexity requirements, password history, password length, account lockout settings.

  Incorrect Answers:

  A: Active Drectory security groups are used to assign permissions to shared resources. It will not assist the system administrator in changing the administrator password across all 2000 computers in the organization.

  C: Key escrow allows for copies of private keys and/or secret keys are retained securely by a centralized management system as a means of insurance or recovery in the event of a lost or corrupted key. It will not assist the system administrator in changing the administrator password across all 2000 computers in the organization.

  D: Revoking a certificate will not assist the system administrator in changing the administrator password across all 2000 computers in the organization.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 291, 319.

  https://technet.microsoft.com/en-us/library/dn579255.aspx

• Question 587:

  Use of group accounts should be minimized to ensure which of the following?

  A. Password security

  B. Regular auditing

  C. Baseline management

  D. Individual accountability

  Correct Answer: D

  Holding users accountable for their actions is part of security, and can only be achieved by users having their own user accounts. To adequately provide accountability, the use of shared or group accounts should be discouraged.

  Incorrect Answers:

  A: Password length and password complexity combined increases ensures password security.

  B: Regular auditing will help determine whether users have been doing their work properly or if they have successfully or unsuccessfully attempted to contravene company policies or the law.

  C: A baseline is a distinct starting point from where implementation begins, improvement is judged, or comparison is made. Baseline management is the administration of this starting point.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 293, 294.

  http://www.businessdictionary.com/definition/baseline-management.html

• Question 588:

  Which of the following is a measure of biometrics performance which rates the ability of a system to correctly authenticate an authorized user?

  A. Failure to capture

  B. Type II

  C. Mean time to register

  D. Template capacity

  Correct Answer: B

  Type II, or false acceptance rate (FAR), is the measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. Incorrect Answers:

  A: Failure to capture refers to the probability that an automatic system fails to detect a biometric input when presented properly.

  C: Mean time to register is not a valid option.

  D: Template capacity refers to the maximum number of sets of data which can be stored in the system.

  References: http://en.wikipedia.org/wiki/Biometrics

• Question 589:

  The security department has implemented a new laptop encryption product in the environment. The product requires one user name and password at the time of boot up and also another password after the operating system has finished loading. This setup is using which of the following authentication types?

  A. Two-factor authentication

  B. Single sign-on

  C. Multifactor authentication

  D. Single factor authentication

  Correct Answer: D

  Single-factor authentication is when only one authentication factor is used. In this case, Something you know is being used as an authentication factor. Username, password, and PIN form part of Something you know.

  Incorrect Answers:

  A: Two-factor authentication is when two different authentication factors are provided for authentication purposes.

  B: Single sign-on means that once a user (or other subject) is authenticated into a realm, re- authentication is not required for access to resources on any realm entity.

  C: Multifactor authentication requires a user to provide two or more different authentication factors for authentication purposes.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 280, 282, 284.

• Question 590:

  In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using?

  A. Three factor

  B. Single factor

  C. Two factor

  D. Four factor

  Correct Answer: B

  Single-factor authentication is when only one authentication factor is used. In this case, Something you know is being used as an authentication factor. Username, password, and PIN form part of Something you know. Incorrect Answers:

  A: Three factor authentication is when three different authentication factors are provided for authentication purposes.

  C: Two-factor authentication is when two different authentication factors are provided for authentication purposes.

  D: Four factor authentication is when four different authentication factors are provided for authentication purposes.

  References:

  Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 280.