Skip to content (Press Enter)

Microsoft Azure MCSD MCSE MCSA MCTS Exams Questions Online

  • Home
  • Online Microsoft Exams PDF Files
  • Online Cisco Exams PDF Files
  • Online CompTIA Exams PDF Files
  • Online VMware Exams PDF Files

[Free] 2018(Apr) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 631-640

by adminupdated on April 27, 2018April 27, 2018

Ensurepass.com : Ensure you pass the IT Exams
2018 Apr CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 631 – (Topic 3)

The Chief Technology Officer (CTO) wants to improve security surrounding storage of customer passwords.

The company currently stores passwords as SHA hashes. Which of the following can the CTO implement requiring the LEAST change to existing systems?

  1. Smart cards

  2. TOTP

  3. Key stretching

  4. Asymmetric keys

Answer: A Explanation:

Smart cards usually come in two forms. The most common takes the form of a rectangular piece of plastic with an embedded microchip. The second is as a USB token. It contains a built in processor and has the ability to securely store and process information. A quot;contactquot; smart card communicates with a PC using a smart card reader whereas a quot;contactlessquot; card sends encrypted information via radio waves to the PC.

Typical scenarios in which smart cards are used include interactive logon, e-mail signing, e-mail decryption and remote access authentication. However, smart cards are programmable and can contain programs and data for many different applications. For example smart cards may be used to store medical histories for use in emergencies, to make electronic cash payments or to verify the identity of a customer to an e-retailer.

Microsoft provides two device independent APIs to insulate application developers from differences between current and future implementations: CryptoAPI and Microsoft Win32庐 SCard APIs.

The Cryptography API contains functions that allow applications to encrypt or digitally sign data in a flexible manner, while providing protection for the user#39;s sensitive private key data. All cryptographic operations are performed by independent modules known as cryptographic service providers (CSPs).

There are many different cryptographic algorithms and even when implementing the same algorithm there are many choices to make about key sizes and padding for example. For this reason, CSPs are grouped into types, in which each supported CryptoAPI function, by default, performs in a way particular to that type. For example, CSPs in the PROV_DSS provider type support DSS Signatures and MD5 and SHA hashing.

Question No: 632 – (Topic 3)

Joe, an employee is taking a taxi through a busy city and starts to receive unsolicited files sent to his Smartphone. Which of the following is this an example of?

  1. Vishing

  2. Bluejacking

  3. War Driving

  4. SPIM

  5. Bluesnarfing

Answer: B Explanation:

Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol.

Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters.

Bluejacking is usually harmless, but because bluejacked people generally don#39;t know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it#39;s possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames.

Question No: 633 – (Topic 3)

Which of the following protocols is vulnerable to man-in-the-middle attacks by NOT using end to end TLS encryption?

  1. HTTPS

  2. WEP

  3. WPA

  4. WPA 2

Answer: B Explanation:

WEP offers no end-to-end TLS encryption.

The WEP process consists of a series of steps as follows: The wireless client sends an authentication request.

The Access Point (AP) sends an authentication response containing clear-text (uh-oh!) challenge text.

The client takes the challenge text received and encrypts it using a static WEP key. The client sends the encrypted authentication packet to the AP.

The AP encrypts the challenge text using its own static WEP key and compares the result to the authentication packet sent by the client. If the results match, the AP begins the association process for the wireless client.

The big issue with WEP is the fact that it is very susceptible to a Man in the Middle attack. The attacker captures the clear-text challenge and then the authentication packet reply.

The attacker then reverses the RC4 encryption in order to derive the static WEP key. Yikes!

As you might guess, the designers attempted to strengthen WEP using the approach of key lengths. The native Windows client supported a 104-bit key as opposed to the initial 40-bit key. The fundamental weaknesses in the WEP process still remained however.

Question No: 634 – (Topic 3)

Which of the following assessment techniques would a security administrator implement to ensure that systems and software are developed properly?

  1. Baseline reporting

  2. Input validation

  3. Determine attack surface

  4. Design reviews

Answer: D Explanation:

When implementing systems and software, an important step is the design of the systems and software. The systems and software should be designed to ensure that the system works as intended and is secure.

The design review assessment examines the ports and protocols used, the rules, segmentation, and access control in the system or application. A design review is basically a check to ensure that the design of the system meets the security requirements.

Question No: 635 – (Topic 3)

What is a system that is intended or designed to be broken into by an attacker?

  1. Honeypot

  2. Honeybucket

  3. Decoy

  4. Spoofing system

Answer: A Explanation:

A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies.

According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:

The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.

The hacker can be caught and stopped while trying to obtain root access to the system.

By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.

There are two main types of honeypots:

Production – A production honeypot is one used within an organization#39;s environment to

help mitigate risk.

Research – A research honeypot add value to research in computer security by providing a platform to study the threat.

Question No: 636 – (Topic 3)

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?

  1. Privilege escalation

  2. Advanced persistent threat

  3. Malicious insider threat

  4. Spear phishing

Answer: B Explanation:

Definitions of precisely what an APT is can vary widely, but can best be summarized by their named requirements:

Advanced – Criminal operators behind the threat utilize the full spectrum of computer intrusion technologies and techniques. While individual components of the attack may not be classed as particularly “advanced” (e.g. malware components generated from commonly available DIY construction kits, or the use of easily procured exploit materials), their operators can typically access and develop more advanced tools as required. They combine multiple attack methodologies and tools in order to reach and compromise their target.

Persistent – Criminal operators give priority to a specific task, rather than opportunistically seeking immediate financial gain. This distinction implies that the attackers are guided by external entities. The attack is conducted through continuous monitoring and interaction in order to achieve the defined objectives. It does not mean a barrage of constant attacks and malware updates. In fact, a “low-and-slow” approach is usually more successful.

Threat – means that there is a level of coordinated human involvement in the attack, rather than a mindless and automated piece of code. The criminal operators have a specific objective and are skilled, motivated, organized and well funded.

Question No: 637 – (Topic 3)

Which of the following is an example of a false positive?

  1. Anti-virus identifies a benign application as malware.

  2. A biometric iris scanner rejects an authorized user wearing a new contact lens.

  3. A user account is locked out after the user mistypes the password too many times.

  4. The IDS does not identify a buffer overflow.

Answer: A Explanation:

A false positive is an error in some evaluation process in which a condition tested for is mistakenly found to have been detected.

In spam filters, for example, a false positive is a legitimate message mistakenly marked as UBE -unsolicited bulk email, as junk email is more formally known. Messages that are determined to be spam – whether correctly or incorrectly – may be rejected by a server or client-side spam filter and returned to the sender as bounce e-mail.

One problem with many spam filtering tools is that if they are configured stringently enough to be effective, there is a fairly high chance of getting false positives. The risk of accidentally blocking an important message has been enough to deter many companies from implementing any anti-spam measures at all.

False positives are also common in security systems. A host intrusion prevention system (HIPS), for example, looks for anomalies, such as deviations in bandwidth, protocols and ports. When activity varies outside of an acceptable range – for example, a remote application attempting to open a normally closed port – an intrusion may be in progress. However, an anomaly, such as a sudden spike in bandwidth use, does not guarantee an actual attack, so this approach amounts to an educated guess and the chance for false positives can be high.

False positives contrast with false negatives, which are results indicating mistakenly that some condition tested for is absent.

Topic 4, Application, Data and Host Security

Question No: 638 – (Topic 4)

Which of the following provides dedicated hardware-based cryptographic functions to an operating system and its applications running on laptops and desktops?

  1. TPM

  2. HSM

  3. CPU

  4. FPU

Answer: A Explanation:

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

Question No: 639 – (Topic 4)

A company wants to ensure that all aspects if data are protected when sending to other sites within the enterprise. Which of the following would ensure some type of encryption is performed while data is in transit?

  1. SSH

  2. SHA1

  3. TPM

  4. MD5

Answer: C Explanation:

Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

Question No: 640 – (Topic 4)

A periodic update that corrects problems in one version of a product is called a

  1. Hotfix

  2. Overhaul

  3. Service pack

  4. Security update

Answer: C Explanation:

A service pack is a collection of updates and hotfixes that address a number of software issues, as well as new software features. It is released periodically by the vendor.

100% Ensurepass Free Download!
–Download Free Demo:JK0-022 Demo PDF
100% Ensurepass Free Guaranteed!
–JK0-022 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

HOT CATEGORY!

Pass CISCO EXAM with EnsurePass
Pass CCNA EXAM with EnsurePass
Pass CCNP EXAM with EnsurePass
Pass Security Exam with EnsurePass
Pass MCSE EXAM with EnsurePass
Pass MSCA EXAM with EnsurePass

HOT EXAM!

Microsoft Dumps VCE PDF
Cisco Dumps VCE PDF
VMware Dumps VCE PDF
CompTIA Dumps VCE PDF

JK0-022 Latest Exam (Apr 2018)
CompTIA JK0-022 PDF CompTIA JK0-022 Practice Test CompTIA JK0-022 Testing software CompTIA JK0-022 VCE Latest CompTIA JK0-022 Dumps Latest CompTIA JK0-022 Real Exam Latest CompTIA JK0-022 Real Test New Updated JK0-022 Actual Tests
0

admin

Post Navigation

Previous Article
Next Article

Latest Microsoft Certifications Exams Dumps

Microsoft Azure Exams Dumps
Azure AI Engineer Associate Exams Dumps
Azure Data Engineer Associate Exams Dumps
Azure Security Engineer Associate Exams Dumps
Microsoft Azure Fundamentals Exams Dumps
MCSA Exams Dumps
MCSD Exams Dumps
MCSE Exams Dumps
MCTS Exams Dumps
MOS Exams Dumps
MTA Exams Dumps

Categories

Tags

CompTIA JK0-018 PDF CompTIA JK0-018 Practice Test CompTIA JK0-018 Testing software CompTIA JK0-018 VCE CompTIA JK0-022 PDF CompTIA JK0-022 Practice Test CompTIA JK0-022 Testing software CompTIA JK0-022 VCE CompTIA JK0-023 PDF CompTIA JK0-023 Practice Test CompTIA JK0-023 Testing software CompTIA JK0-023 VCE CompTIA SY0-401 PDF CompTIA SY0-401 Practice Test CompTIA SY0-401 Testing software CompTIA SY0-401 VCE Latest CompTIA JK0-018 Dumps Latest CompTIA JK0-018 Real Exam Latest CompTIA JK0-018 Real Test Latest CompTIA JK0-022 Dumps Latest CompTIA JK0-022 Real Exam Latest CompTIA JK0-022 Real Test Latest CompTIA JK0-023 Dumps Latest CompTIA JK0-023 Real Exam Latest CompTIA JK0-023 Real Test Latest CompTIA SY0-401 Dumps Latest CompTIA SY0-401 Real Exam Latest CompTIA SY0-401 Real Test Latest Oracle 1z0-053 Dumps Latest Oracle 1z0-053 Real Exam Latest Oracle 1z0-053 Real Test Latest VMware VCP-310 Dumps Latest VMware VCP-310 Real Exam New Updated 1z0-053 Actual Tests New Updated JK0-018 Actual Tests New Updated JK0-022 Actual Tests New Updated JK0-023 Actual Tests New Updated SY0-401 Actual Tests Oracle 1z0-053 PDF Oracle 1z0-053 Practice Test Oracle 1z0-053 Testing software Oracle 1z0-053 VCE VMware VCP-310 PDF VMware VCP-310 Testing software VMware VCP-310 VCE

Top Microsoft Exams

70-345 Dumps
70-410 Dumps
70-411 Dumps
70-412 Dumps
70-461 Dumps
70-462 Dumps
70-480 Dumps
70-483 Dumps
70-486 Dumps
70-487 Dumps
70-537 Dumps
70-703 Dumps
70-740 Dumps
70-741 Dumps
70-742 Dumps
70-743 Dumps
70-744 Dumps
70-762 Dumps
70-764 Dumps
70-767 Dumps
70-778 Dumps
77-725 Dumps
77-727 Dumps
98-365 Dumps
98-367 Dumps
98-381 Dumps
AI-100 Dumps
AZ-103 Dumps
AZ-203 Dumps
AZ-300 Dumps
AZ-301 Dumps
AZ-400 Dumps
AZ-500 Dumps
AZ-900 Dumps
DP-201 Dumps
MB-200 Dumps
MB-210 Dumps
MB-220 Dumps
MB-240 Dumps
MB-300 Dumps
MB-310 Dumps
MB-320 Dumps
MB-330 Dumps
MB-900 Dumps
MB6-894 Dumps
MD-100 Dumps
MD-101 Dumps
MS-100 Dumps
MS-101 Dumps
MS-200 Dumps
MS-201 Dumps
MS-202 Dumps
MS-300 Dumps
MS-302 Dumps
MS-500 Dumps
MS-900 Dumps

Full Microsoft Exams

70-333 Dumps
70-334 Dumps
70-339 Dumps
70-348 Dumps
70-357 Dumps
70-413 Dumps
70-414 Dumps
70-417 Dumps
70-463 Dumps
70-464 Dumps
70-465 Dumps
70-466 Dumps
70-467 Dumps
70-705 Dumps
70-713 Dumps
70-735 Dumps
70-745 Dumps
70-761 Dumps
70-765 Dumps
70-768 Dumps
70-777 Dumps
70-779 Dumps
77-418 Dumps
77-419 Dumps
77-420 Dumps
77-421 Dumps
77-422 Dumps
77-423 Dumps
77-424 Dumps
77-425 Dumps
77-426 Dumps
77-427 Dumps
77-428 Dumps
77-726 Dumps
77-728 Dumps
77-729 Dumps
77-730 Dumps
77-731 Dumps
77-881 Dumps
77-882 Dumps
77-883 Dumps
77-884 Dumps
77-885 Dumps
77-887 Dumps
77-888 Dumps
98-349 Dumps
98-361 Dumps
98-364 Dumps
98-366 Dumps
98-368 Dumps
98-369 Dumps
98-375 Dumps
98-382 Dumps
98-383 Dumps
98-388 Dumps
DP-100 Dumps
DP-200 Dumps
MB-230 Dumps
MB2-706 Dumps
MB2-707 Dumps
MB2-708 Dumps
MB2-710 Dumps
MB2-711 Dumps
MB2-712 Dumps
MB2-713 Dumps
MB2-714 Dumps
MB2-716 Dumps
MB6-897 Dumps
MB6-898 Dumps
MO-100 Dumps
MO-200 Dumps
MO-300 Dumps
MS-301 Dumps

Microsoft Certifications Exams

Microsoft Cisco VMware CompTIA Dumps VCE and PDF
Microsoft Exams Dumps
Microsoft MCITP Exams Practice Questions and Answers

[Free] 2018(Apr) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 501-510
Recommended for you...

[Free] 2018(Apr) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 501-510

by admin
[Free] 2018(Apr) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 221-230
Recommended for you...

[Free] 2018(Apr) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 221-230

by admin
[Free] 2018(Apr) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 131-140
Recommended for you...

[Free] 2018(Apr) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 131-140

by admin

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

© Copyright 2019 Microsoft Azure MCSD MCSE MCSA MCTS Exams Questions Online. All Rights Reserved. The Ultralight | Developed By Rara Theme. Powered by WordPress.