CompTIA JK0-022 Vce &PDF, Best CompTIA JK0-022 Exam Are The Best Materials

Dumpsoon is a website to improve the pass rate of CompTIA JK0-022 exam. Senior IT experts in the Dumpsoon constantly developed a variety of successful programs of passing CompTIA JK0-022 exam, so the results of their research can 100% guarantee you CompTIA https://www.pass4itsure.com/jk0-022.html exam for one time. Dumpsoon CompTIA JK0-022 are very effective and many people who have passed a number of IT certification exams used the CompTIA JK0-022 dumps provided by Dumpsoon. Some of them who have passed the CompTIA JK0-022 also use Dumpsoon products. Selecting Dumpsoon means choosing a success.

QUESTION 31
Configuring key/value pairs on a RADIUS server is associated with deploying which of the following?
A. WPA2-Enterprise wireless network
B. DNS secondary zones
C. Digital certificates
D. Intrusion detection system

Correct Answer: A Explanation
Explanation/Reference:
WPA2-Enterprise is designed for enterprise networks and requires a RADIUS authentication server.
Incorrect Answers:
B: A secondary zone is merely a copy of a primary zone that is hosted on another server.
C: Digital certificates are used for proving the identity of a user or the source of an object.
D: An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
References:
QUESTION 32
A security administrator must implement a network authentication solution which will ensure encryption of user credentials when users enter their username and password to authenticate to the network.
Which of the following should the administrator implement?
A. WPA2 over EAP-TTLS
B. WPA-PSK
C. WPA2 with WPS
D. WEP over EAP-PEAP
Correct Answer: D Explanation Explanation/Reference:
D: Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has vulnerabilities and isn’t considered highly secure. Extensible Authentication Protocol (EAP) provides a framework for authentication that is often used with wireless networks. Among the five EAP types adopted by the WPA/ WPA2 standard are EAP-TLS, EAP- PSK, EAP-MD5, as well as LEAP and PEAP. PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server- side public key certificates to authenticate the server. It then creates an encrypted TLS tunnel between the client and the authentication server. In most configurations, the keys for this encryption are transported using the server’s public key. The ensuing exchange of authentication information inside the tunnel to authenticate the client is then encrypted and user credentials are safe from eavesdropping.
Incorrect Answers:
A: WPA2 is a more recent version of WEP. Although many consider PEAP and EAP-TTLS to be similar options, PEAP is more secure because it establishes an encrypted channel between the server and the client. EAP-Tunneled Transport Layer Security (EAP-TTLS) is an EAP protocol that extends TLS. With EAP TTLS the client can, but does not have to be authenticated via a CA-signed PKI certificate to the server.
B: WPA is basically a version of WEP. EAP-PSK, defined in RFC 4764, is an EAP method for mutual authentication and session key derivation using a Pre-Shared Key (PSK). EAP-PSK is documented in an experimental RFC that provides a lightweight and extensible EAP method that does not require any public-key cryptography. The EAP method protocol exchange is done in a minimum of four messages.
C: WPA2 is a more recent version of WEP but does not ensure encryption of user credentials when they enter their usernames and passwords to authenticate to the network.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 171, 181.

QUESTION 33
Which of the following BEST describes the weakness in WEP encryption?
A. The initialization vector of WEP uses a crack-able RC4 encryption algorithm. Once enough packets are captured an XOR operation can be performed and the asymmetric keys can be derived.
B. The WEP key is stored in plain text and split in portions across 224 packets of random data. Once enough packets are sniffed the IV portion of the packets can be removed leaving the plain text key.
C. The WEP key has a weak MD4 hashing algorithm used. A simple rainbow table can be used to generate key possibilities due to MD4 collisions.
D. The WEP key is stored with a very small pool of random numbers to make the cipher text. As the random numbers are often reused it becomes easy to derive the remaining WEP key.

Correct Answer: D Explanation
Explanation/Reference:
WEP is based on RC4, but due to errors in design and implementation, WEP is weak in a number of areas, two of which are the use of a static common key and poor implementation of initiation vectors (IVs). When the WEP key is discovered, the attacker can join the network and then listen in on all other wireless client communications.
Incorrect Answers:
A: RC4 itself is not crack-able, but the IV that is crack-able.
B: The initialization vector (IV) that WEP uses for encryption is 24-bit and IVs are reused with the same key. By examining the repeating result, it is easy for intruders to crack the WEP secret key, known as an IV attack.
C: WEP does not use the MD4 hashing algorithm, but RC4.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 189.

QUESTION 34
Which of the following would satisfy wireless network implementation requirements to use mutual authentication and usernames and passwords?
A. EAP-MD5
B. WEP
C. PEAP-MSCHAPv2

D. EAP-TLS
Correct Answer: C Explanation
Explanation/Reference:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards.
Incorrect Answers:
A: MD5 has been employed in a wide selection of cryptographic applications, and is also commonly used to verify data integrity.
B: Usernames and passwords are not required for WEP authentication.
D: Authenticated wireless access design based on Extensible Authentication Protocol Transport Level Security (EAP-TLS) can use either smart cards or user and computer certificates to authenticate wireless access clients. EAP-TLS does not use usernames and passwords for authentication.
References:
QUESTION 35
Matt, a systems security engineer, is determining which credential-type authentication to use within a planned 802.1x deployment. He is looking for a method that does not require a client certificate, has a server side certificate, and uses TLS tunnels for encryption. Which credential type authentication method BEST fits these requirements?
A. EAP-TLS
B. EAP-FAST
C. PEAP-CHAP
D. PEAP-MSCHAPv2
Correct Answer: D Explanation
Explanation/Reference:
PEAP-MS-CHAP v2 is easier to deploy than EAP-TLS or PEAP-TLS because user authentication is accomplished via password-base credentials (user name and password) rather than digital certificates or smart cards. Only servers running Network Policy Server (NPS) or PEAP-MS-CHAP v2 are required to have a certificate.
Incorrect Answers:
A: Authenticated wireless access design based on Extensible Authentication Protocol Transport Level Security (EAP-TLS) can use either smart cards or user and computer certificates to authenticate wireless access clients. EAP-TLS does not use usernames and passwords for authentication.
B: EAP-FAST does not make use of TLS, but PAC (Protected Access Credentials).
C: CHAP intermittently authenticates the identity of the client via a three-way handshake.
References:
QUESTION 36
Which of the following means of wireless authentication is easily vulnerable to spoofing?
A. MAC Filtering
B. WPA – LEAP
C. WPA – PEAP
D. Enabled SSID
Correct Answer: A Explanation
Explanation/Reference:
Each network interface on your computer or any other networked device has a unique MAC address. These MAC addresses are assigned in the factory, but you
can easily change, or “spoof,” MAC addresses in software.

Networks can use MAC address filtering, only allowing devices with specific MAC addresses to connect to a network. This isn’t a great security tool because
people can spoof their MAC addresses.
Incorrect Answers:

B: WPA LEAP (Wifi Protected Access Lightweight Extensible Authentication Protocol) combine to ensure a secure wireless authentication method. WPA LEAP is not easily vulnerable to spoofing.
C: WPA PEAP (Wifi Protected Access Protected Extensible Authentication Protocol) combine to ensure a secure wireless authentication method. WPA PEAP is not easily vulnerable to spoofing.
D: Enabling SSID broadcasting makes the wireless network visible to clients. It is not a means of wireless authentication.

QUESTION 37
Ann, a sales manager, successfully connected her company-issued smartphone to the wireless network in her office without supplying a username/password
combination. Upon disconnecting from the wireless network, she attempted to connect her personal tablet computer to the same wireless network and could not
connect.
Which of the following is MOST likely the reason?

A. The company wireless is using a MAC filter.
B. The company wireless has SSID broadcast disabled.
C. The company wireless is using WEP.
D. The company wireless is using WPA2.

Correct Answer: A Explanation
Explanation/Reference:
MAC filtering allows you to include or exclude computers and devices based on their MAC address.
Incorrect Answers:
B: because she could connect to the wireless with the first device, the SSID must be broadcasting. C, D: Both WEP and WPA2 require a password or phrase.
References:
QUESTION 38
After entering the following information into a SOHO wireless router, a mobile device’s user reports being unable to connect to the network: PERMIT 0A: D1: FA. B1: 03: 37 DENY 01: 33: 7F: AB: 10: AB
Which of the following is preventing the device from connecting?
A. WPA2-PSK requires a supplicant on the mobile device.
B. Hardware address filtering is blocking the device.
C. TCP/IP Port filtering has been implemented on the SOHO router.
D. IP address filtering has disabled the device from connecting.
Correct Answer: B Explanation

Explanation/Reference:
MAC filtering allows you to include or exclude computers and devices based on their MAC address.
Incorrect Answers:
A: WPA2-PSK is used to encrypt a network using a plain-English passphrase between 8 and 63 characters long. C, D: The information entered into the SOHO wireless router are MAC addresses, therefore these options are not valid.
References:
QUESTION 39
A security analyst has been tasked with securing a guest wireless network. They recommend the company use an authentication server but are told the funds are not available to set this up. Which of the following BEST allows the analyst to restrict user access to approved devices?
A. Antenna placement
B. Power level adjustment
C. Disable SSID broadcasting
D. MAC filtering

Correct Answer: D Explanation
Explanation/Reference:
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

Incorrect Answers:
A, B: This will increase or decrease signal strength and availability, but will not restrict user access.

C: Numerous networks broadcast their name (known as an SSID broadcast) to reveal their presence. Removing the presence will affect both authorized and unauthorized devices.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.

QUESTION 40
If you don’t know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?
A. macconfig
B. ifconfig
C. ipconfig
D. config

Correct Answer: B Explanation
Explanation/Reference:
To find MAC address of a Unix/Linux workstation, use ifconfig or ip a.
Incorrect Answers:
A: macconfig is not a valid command-line utility.

C: To find MAC address of a Windows-based workstation, use ipconfig.

D: config on its own will not solve the problem.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 60.

QUESTION 41
An organization does not want the wireless network name to be easily discovered. Which of the following software features should be configured on the access points?
A. SSID broadcast
B. MAC filter
C. WPA2
D. Antenna placement
Correct Answer: A Explanation
Explanation/Reference:
Numerous networks broadcast their name (known as an SSID broadcast) to reveal their presence.
Incorrect Answers:
B: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. It does not, however, make finding the wireless network name any easier.
C: WPA2 deals with encryption, not the wireless network name.
D: This will increase or decrease signal strength and availability, but has nothing to do with the wireless network name being discovered.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 183. Stewart, James Michael, CompTIA
Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.

QUESTION 42
A security architect wishes to implement a wireless network with connectivity to the company’s internal network. Before they inform all employees that this network is being put in place, the architect wants to roll it out to a small test segment. Which of the following allows for greater secrecy about this network during this initial phase of implementation?
A. Disabling SSID broadcasting
B. Implementing WPA2 – TKIP
C. Implementing WPA2 – CCMP
D. Filtering test workstations by MAC address

Correct Answer: A Explanation
Explanation/Reference:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public use.
Incorrect Answers:
B: WPA2 makes use of CCMP, not TKIP.
C: WPA2 is an encryption scheme, but it will not make discovering the network difficult.
D: This will block devices not included in the MAC address list from accessing the network, but it will not make discovering the network difficult.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 60, 61.

QUESTION 43
While previously recommended as a security measure, disabling SSID broadcast is not effective against most attackers because network SSIDs are:
A. no longer used to authenticate to most wireless networks.
B. contained in certain wireless packets in plaintext.
C. contained in all wireless broadcast packets by default.
D. no longer supported in 802.11 protocols.

Correct Answer: B Explanation
Explanation/Reference:
The SSID is still required for directing packets to and from the base station, so it can be discovered using a wireless packet sniffer.

Incorrect Answers:
A, D: The SSID is still used as a unique identifier for a wireless LAN. It is therefore still valid for authentication, and also still supported in 802.11 protocols.

C: Devices which are configured to connect to a network which does not broadcast its SSID may try to connect to the network by broadcasting for the network. This results in the SSID being revealed to wireless snoopers in the vicinity of the device. It is not included by default.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.

QUESTION 44
A company provides secure wireless Internet access for visitors and vendors working onsite. Some of the vendors using older technology report that they are unable to access the wireless network after entering the correct network information. Which of the following is the MOST likely reason for this issue?
A. The SSID broadcast is disabled.
B. The company is using the wrong antenna type.
C. The MAC filtering is disabled on the access point.
D. The company is not using strong enough encryption.

Correct Answer: A Explanation
Explanation/Reference:
When the SSID is broadcast, any device with an automatic detect and connect feature is able to see the network and can initiate a connection with it. The fact that they cannot access the network means that they are unable to see it.
Incorrect Answers:
B: The antenna type deals with signal strength and direction. It will not have a bearing on whether technology is older.
C: The network information is being given to the vendors, therefore MAC filtering is not the issue.
D: The network information is being given to the vendors, therefore encryption is not the issue.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.

QUESTION 45
Which of the following best practices makes a wireless network more difficult to find?
A. Implement MAC filtering
B. UseWPA2-PSK
C. Disable SSID broadcast
D. Power down unused WAPs

Correct Answer: C Explanation
Explanation/Reference:
Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct
packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public
use.
Incorrect Answers:

A: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. It does not, however, increase the difficulty of finding a wireless network.
B: WPA-Personal, also referred to as WPA-PSK (Pre-shared key) mode, is designed for home and small office networks and doesn’t require an authentication server. Each wireless network device authenticates with the access point using the same 256-bit key generated from a password or passphrase. Using this option will not decrease the chances of discovering the wireless network.
D: Using this option will not decrease the chances of discovering the wireless network in use.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.
QUESTION 46
Jane, the security administrator, sets up a new AP but realizes too many outsiders are able to connect to that AP and gain unauthorized access. Which of the following would be the BEST way to mitigate this issue and still provide coverage where needed? (Select TWO).
A. Disable the wired ports
B. Use channels 1, 4 and 7 only
C. Enable MAC filtering
D. Disable SSID broadcast
E. Switch from 802.11a to 802.11b
Correct Answer: CD Explanation Explanation/Reference:

Network administrators may choose to disable SSID broadcast to hide their network from unauthorized personnel. However, the SSID is still needed to direct
packets to and from the base station, so it’s a discoverable value using a wireless packet sniffer. Thus, the SSID should be disabled if the network isn’t for public
use.
A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices.

Incorrect Answers:

A: Disabling the wired ports will not prevent outsiders from connecting to the AP and gaining unauthorized access.

B: Selecting the correct channels will prevent interference, not unauthorized access.

E: Doing this will decrease the bandwidth and increase the risk of interference.
References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 61.

As with every FLYDUMPS guaranteed CompTIA https://www.pass4itsure.com/jk0-022.html exam sample questions, you will have the knowledge of Microsoft 70-346 exam personal trainers at your hands. CompTIA JK0-022 exam preparation offers you a comprehensive CompTIA JK0-022 exam sample questions to help you become CompTIA JK0-022 certified professional. FLYDUMPS provide you with every one of the means you actually required to increase the achievement of your CompTIA JK0-022 exam, Motorola Solutions CompTIA JK0-022 practice exam, created to install it by the industry experts.