CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 801:

  Users need to exchange a shared secret to begin communicating securely. Which of the following is another name for this symmetric key?

  A. Session Key

  B. Public Key

  C. Private Key

  D. Digital Signature

  Correct Answer: C

  Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system.

  Incorrect Answers:

  A: Session keys are encryption keys used for a communications session. Typically, session keys are randomly selected (or generated) and then used only for one session. Session keys are often symmetric keys, but asymmetric session keys

  can be used as well.

  B: The shared secret key is not public.

  D: A digital signature is use to protect transmitted data, not for exchange a secret key.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 251, 261

• Question 802:

  Symmetric encryption utilizes __________, while asymmetric encryption utilizes _________.

  A. Public keys, one time

  B. Shared keys, private keys

  C. Private keys, session keys

  D. Private keys, public keys

  Correct Answer: D

  Symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key. In more detail:

  *

  Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key, sometimes referred to as a secret key or private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system.

  *

  Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

  Incorrect Answers:

  A: Symmetric encryption uses private keys, not public keys.

  B: Symmetric encryption uses private keys, not shared keys.

  C: Asymmetric encryption does not use session keys, it uses a public key to encrypt data.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 251, 262

• Question 803:

  Encryption used by RADIUS is BEST described as:

  A. Quantum

  B. Elliptical curve

  C. Asymmetric

  D. Symmetric

  Correct Answer: D

  The RADIUS server uses a symmetric encryption method.

  Note: Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected.

  Incorrect Answers:

  A: Quantum encryption is a hypothetical encryption method not yet in use.

  B: Elliptical curve cryptography (ECC) is an approach to public-key cryptography, but the RADIUS protocol uses a private(secret) key.

  C: RADIUS uses a symmetric, not an asymmetric, encryption method.

  References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 249-251, 251-254, 257 http://www.studymode.com/essays/Elliptic-Curve-Cryptography-And-Its-Applications- 1560318.html http://en.wikipedia.org/wiki/Elliptic_curve_cryptography

• Question 804:

  Which of the following is true about asymmetric encryption?

  A. A message encrypted with the private key can be decrypted by the same key

  B. A message encrypted with the public key can be decrypted with a shared key.

  C. A message encrypted with a shared key, can be decrypted by the same key.

  D. A message encrypted with the public key can be decrypted with the private key.

  Correct Answer: D

  Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message; what one key does, the other one undoes.

  Incorrect Answers:

  A: The message is encrypted with a public key, not with a private key.

  B: The message is decrypted with a private key, not with a shared key.

  C: The message is encrypted with a public key, not with a shared key.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 251-254

• Question 805:

  A file on a Linux server has default permissions of rw-rw-r--. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file?

  A. User ownership information for the file in question

  B. Directory permissions on the parent directory of the file in question

  C. Group memberships for the group owner of the file in question

  D. The file system access control list (FACL) for the file in question

  Correct Answer: D

• Question 806:

  Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

  A. Trusted OS

  B. Host software baselining

  C. OS hardening

  D. Virtualization

  Correct Answer: D

• Question 807:

  Ann, the Chief Technology Officer (CTO), has agreed to allow users to bring their own device (BYOD) in order to leverage mobile technology without providing every user with a company owned device. She is concerned that users may not

  understand the company's rules, and she wants to limit potential legal concerns.

  Which of the following is the CTO concerned with?

  A. Data ownership

  B. Device access control

  C. Support ownership

  D. Acceptable use

  Correct Answer: A

• Question 808:

  A company's Chief Information Officer realizes the company cannot continue to operate after a disaster. Which of the following describes the disaster?

  A. Risk

  B. Asset

  C. Threat

  D. Vulnerability

  Correct Answer: C

• Question 809:

  A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will have very different job requirements and use unique tools and applications in their job. Which of the following is MOST appropriate to use?

  A. Role-based privileges

  B. Credential management

  C. User assigned privileges

  D. User access

  Correct Answer: A

• Question 810:

  The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the following actions should the administrator take?

  A. Create a firewall rule to block SSH

  B. Delete the root account

  C. Disable remote root logins

  D. Ensure the root account has a strong password

  Correct Answer: C