CompTIA CompTIA Security+ JK0-022 Questions & Answers

• Question 311:

  Sara, a user, downloads a keygen to install pirated software. After running the keygen, system performance is extremely slow and numerous antivirus alerts are displayed. Which of the following BEST describes this type of malware?

  A. Logic bomb

  B. Worm

  C. Trojan

  D. Adware

  Correct Answer: C

  In computers, a Trojan is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. In one celebrated case, a Trojan was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus.

  Incorrect Answers:

  A: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company.

  B: A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. A computer worm is not what is described in this question. Therefore, this answer is incorrect.

  D: Adware is free software that is supported by advertisements. Common adware programs are toolbars that sit on your desktop or work in conjunction with your Web browser. They include features like advanced searching of the Web or your hard drive and better organization of your bookmarks and shortcuts. Adware can also be more advanced programs such as games or utilities. They are free to use, but require you to watch advertisements as long as the programs are open. Since the ads often allow you to click to a Web site, adware typically requires an active Internet connection to run. Most adware is safe to use, but some can serve as spyware, gathering information about you from your hard drive, the Web sites you visit, or your keystrokes. Spyware programs can then send the information over the Internet to another computer. So be careful what adware you install on your computer. Make sure it is from a reputable company and read the privacy agreement that comes with it. Adware is not what is described in this question. Therefore, this answer is incorrect.

  References: http://searchsecurity.techtarget.com/definition/Trojan-horse http://en.wikipedia.org/wiki/Logic_bomb http://techterms.com/definition/adware http://en.wikipedia.org/wiki/Computer_worm

• Question 312:

  Which of the following malware types typically allows an attacker to monitor a user's computer, is characterized by a drive-by download, and requires no user interaction?

  A. Virus

  B. Logic bomb

  C. Spyware

  D. Adware

  Correct Answer: C

  Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity.

  Incorrect Answers:

  A: A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs. A virus is not what is described in this question. Therefore, this answer is incorrect.

  B: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. A logic bomb is not what is described in this question. Therefore, this answer is incorrect.

  D: Adware is free software that is supported by advertisements. Common adware programs are toolbars that sit on your desktop or work in conjunction with your Web browser. They include features like advanced searching of the Web or your hard drive and better organization of your bookmarks and shortcuts. Adware can also be more advanced programs such as games or utilities. They are free to use, but require you to watch advertisements as long as the programs are open. Since the ads often allow you to click to a Web site, adware typically requires an active Internet connection to run. Most adware is safe to use, but some can serve as spyware, gathering information about you from your hard drive, the Web sites you visit, or your keystrokes. Spyware programs can then send the information over the Internet to another computer. So be careful what adware you install on your computer. Make sure it is from a reputable company and read the privacy agreement that comes with it. Adware is not what is described in this question. Therefore, this answer is incorrect.

  References: http://en.wikipedia.org/wiki/Spyware http://www.webopedia.com/TERM/V/virus.html http://techterms.com/definition/adware

• Question 313:

  A user casually browsing the Internet is redirected to a warez site where a number of pop-ups appear. After clicking on a pop-up to complete a survey, a drive-by download occurs. Which of the following is MOST likely to be contained in the download?

  A. Backdoor

  B. Spyware

  C. Logic bomb

  D. DDoS

  E. Smurf

  Correct Answer: B

  Spyware is software that is used to gather information about a person or organization without their knowledge and sends that information to another entity. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users.

  Incorrect Answers:

  A: A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain

  undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor is not what is described in this question. Therefore, this answer is incorrect.

  C: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they

  ever be terminated from the company. A logic bomb is not what is described in this question. Therefore, this answer is incorrect.

  D: A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS

  mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack.

  ADDoS attack is not what is described in this question.

  E: A smurf attack is a type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are

  special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request

  itself is spoofed to be the address of the attacker's victim. All the hosts receiving the PING request reply to this victim's address instead of the real sender's address. A single attacker sending hundreds or thousands of these PING messages

  per second can fill the victim's T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees. Smurfing falls under the general category of Denial of Service attacks -- security attacks that don't try to steal information, but

  instead attempt to disable a computer or network. A smurf attack is not what is described in this question. Therefore, this answer is incorrect.

  References:

  http://en.wikipedia.org/wiki/Spyware

  http://en.wikipedia.org/wiki/Logic_bomb

  http://en.wikipedia.org/wiki/Denial-of-service_attack

  http://www.webopedia.com/TERM/S/smurf.html

• Question 314:

  A program has been discovered that infects a critical Windows system executable and stays dormant in memory. When a Windows mobile phone is connected to the host, the program infects the phone's boot loader and continues to target additional Windows PCs or phones. Which of the following malware categories BEST describes this program?

  A. Zero-day

  B. Trojan

  C. Virus

  D. Rootkit

  Correct Answer: C

  A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. Some people distinguish between general viruses and worms. A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs.

  Incorrect Answers:

  A: A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it --this exploit is called a zero day attack. Uses of zero

  day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term "zero day" refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the

  vulnerability becomes known, a race begins for the developer, who must protect users. A zero-day vulnerability is not described in this question. Therefore, this answer is incorrect.

  B: In computers, a Trojan is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation

  table on your hard disk. In one celebrated case, a Trojan was a program that was supposed to find and destroy computer viruses. A Trojan horse may be widely redistributed as part of a computer virus. A Trojan is not what is being described

  in this question.

  A Trojan is not what is described in this question. Therefore, this answer is incorrect.

  D: A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. A rootkit is not what is

  described in this question. Therefore, this answer is incorrect.

  References:

  http://www.webopedia.com/TERM/V/virus.html

  http://www.pctools.com/security-news/zero-day-vulnerability/

• Question 315:

  Which of the following malware types may require user interaction, does not hide itself, and is commonly identified by marketing pop-ups based on browsing habits?

  A. Botnet

  B. Rootkit

  C. Adware

  D. Virus

  Correct Answer: C

  Adware is free software that is supported by advertisements. Common adware programs are toolbars, games and utilities. They are free to use, but require you to watch advertisements as long as the programs are open. Adware typically requires an active Internet connection to run.

  Incorrect Answers:

  A: A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send

  spam email or participate in distributed denial-of-service attacks. A botnet does hide itself, but is not commonly identified by marketing popups. Therefore, this answer is incorrect.

  B: A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. A rootkit does hide itself,

  but is not commonly identified by marketing popups. Therefore, this answer is incorrect.

  D: A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. A simple virus that can

  make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one

  capable of transmitting itself across networks and bypassing security systems. A virus does hide itself, but is not commonly identified by marketing popups.

  Therefore, this answer is incorrect.

  References: http://techterms.com/definition/adware http://en.wikipedia.org/wiki/Botnet http://www.webopedia.com/TERM/V/virus.html

• Question 316:

  A cafe provides laptops for Internet access to their customers. The cafe is located in the center corridor of a busy shopping mall. The company has experienced several laptop thefts from the cafe during peak shopping hours of the day.

  Corporate has asked that the IT department provide a solution to eliminate laptop theft.

  Which of the following would provide the IT department with the BEST solution?

  A. Attach cable locks to each laptop

  B. Require each customer to sign an AUP

  C. Install a GPS tracking device onto each laptop

  D. Install security cameras within the perimeter of the caf

  Correct Answer: A

  All laptop cases include a built-in security slot in which a cable lock can be inserted to prevent it from easily being removed from the premises.

  Incorrect Answers:

  B: Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. This policy should also outline the consequences for misuse. However it does not

  prevent hardware loss as it does only address issues regarding the use of company resources.

  C: GPS-Tracking is used for tracking the laptop in the event of it being stolen which means it does not prevent loss.

  D: All a security camera can do is record what occurs, it cannot react to any incident such as theft.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 24, 113, 369, 419

• Question 317:

  A security manager requires fencing around the perimeter, and cipher locks on all entrances. The manager is concerned with which of the following security controls?

  A. Integrity

  B. Availability

  C. Confidentiality

  D. Safety

  Correct Answer: D

  Fencing is used to increase physical security and safety. Locks are used to keep those who are unauthorized out.

  Incorrect Answers:

  A: Integrity means making sure that data has not been altered.

  B: Availability is the act of making sure that data and systems are available to authorized users.

  C: Confidentiality means preventing unauthorized users from accessing data.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 401, 414

• Question 318:

  After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?

  A. Host based firewall

  B. Initial baseline configurations

  C. Discretionary access control

  D. Patch management system

  Correct Answer: D

  A patch is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. Patch Management can thus be used to fix security problems discovered within the OS thus negating a known OS vulnerability.

  Incorrect Answers:

  A: A host-based firewall can be used to guard against attacks and malware, and in the question you are required to mitigate a server-vulnerability after the OS has been standardized on all servers.

  B: Initial baseline configurations are concerned with security posturing which means the representation of a secure state.

  C: Discretionary Access Control is as a flexible access method regarding access to information.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 57, 151, 221, 222 http://www.computerweekly.com/feature/Microsoft-patch-management-tools

• Question 319:

  Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?

  A. Hardware load balancing

  B. RAID

  C. A cold site

  D. A host standby

  Correct Answer: B

  Fault tolerance is the ability of a system to sustain operations in the event of a component failure. Fault-tolerant systems can continue operation even though a critical component, such as a disk drive, has failed. This capability involves overengineering systems by adding redundant components and subsystems. RAID can achieve fault tolerance using software which can be done using the existing hardware and software.

  Incorrect Answers:

  A: Balancing the load between multiple servers instead of relying on only one reduces the response time, maximizes throughput, and allows better allocation of resources. It does not mean withstanding hardware failure, it just means high

  availability. It also adds costs and there is no budget.

  C: A cold site is a facility that isn't immediately ready to use. The organization using it must bring along its equipment and network. A cold site may provide network capability, but this isn't usually the case; the site provides a place for

  operations to resume, but it doesn't provide the infrastructure to support those operations.

  Thus no servers fault tolerance as is required.

  D: A Host standby assumes that you need to purchase additional servers to act as a standby.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 33, 103, 444

• Question 320:

  A company recently experienced data loss when a server crashed due to a midday power outage. Which of the following should be used to prevent this from occurring again?

  A. Recovery procedures

  B. EMI shielding

  C. Environmental monitoring

  D. Redundancy

  Correct Answer: D

  Redundancy refers to systems that either are duplicated or fail over to other systems in the event of a malfunction (in this case a power outage). Failover refers to the process of reconstructing a system or switching over to other systems when a failure is detected. In the case of a server, the server switches to a redundant server when a fault is detected. This strategy allows service to continue uninterrupted until the primary server can be restored.

  Incorrect Answers:

  A: A recovery procedure is done after the damage has occurred, it does not prevent the damage.

  B: EMI Shielding refers to the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities.

  C: Environmental concerns include considerations about water and flood damage as well as fire suppression.

  References:

  Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 32, 380, 383