CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 1:
Which of the following could cause a browser to display the message below?
"The security certificate presented by this website was issued for a different website's address."
A. The website certificate was issued by a different CA than what the browser recognizes in its trusted CAs. B. The website is using a wildcard certificate issued for the company's domain. C. HTTPS://127.0.01 was used instead of HTTPS://localhost. D. The website is using an expired self signed certificate.
C. HTTPS://127.0.01 was used instead of HTTPS://localhost. PKI is a two-key, asymmetric system with four main components: certificate authority (CA), registration authority (RA), RSA (the encryption algorithm), and digital certificates. In typical public key infrastructure (PKI) arrangements, a digital signature from a certificate authority (CA) attests that a particular public key certificate is valid (i.e., contains correct information). Users, or their software on their behalf, check that the private key used to sign some certificate matches the public key in the CA's certificate. Since CA certificates are often signed by other, "higher- ranking," CAs, there must necessarily be a highest CA, which provides the ultimate in attestation authority in that particular PKI scheme. Localhost is a hostname that means this computer and may be used to access the computer's own network services via its loopback network interface. Using the loopback interface bypasses local network interface hardware. In this case the HTTPS://127.0.01 was used and not HTTPS//localhost Incorrect Answers: A: This is not a case where the certificate was issued by a different CA. B: A wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. This option will not yield an error message D: A self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 280-281
Question 2:
A technician is investigating intermittent switch degradation. The issue only seems to occur when the building's roof air conditioning system runs. Which of the following would reduce the connectivity issues?
A. Adding a heat deflector B. Redundant HVAC systems C. Shielding D. Add a wireless network
C. Shielding EMI can cause circuit overload, spikes, or even electrical component failure. In the question it is mentioned that switch degradation occurs when the building's roof air-conditioning system is also running. All electromechanical systems emanate EMI. Thus you could alleviate the problem using EMI shielding. Incorrect Answers: A: A heat deflector will add to more EMI emanation since it is also an electromechanical system. B: Redundant HVAC systems will not reduce the connectivity issues. D: Adding a wireless network means more work for the switch and not really addressing the issue of the switch that requires EMI shielding. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 380
Question 3:
Which of the following types of data encryption would Matt, a security administrator, use to encrypt a specific table?
A. Full disk B. Individual files C. Database D. Removable media
C. Database A table is stored in a database. Database encryption makes use of cryptography functions that are built into the database software to encrypt the data stored in the database. This often offers granular encryption options which allows for the encryptions of the entire database, specific database tables, or specific database fields, such as a credit card number field. Incorrect Answers: A, D: Full-disk encryption encrypts the data on the hard drive of the device. It can also be applied to removable media. This feature ensures that the data cannot be accessed in a useable form should the device or removable media be stolen or misplaced. B: File-level encryption would involve encrypting the entire database file rather than a table in the database. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 251
Question 4:
A security administrator is segregating all web-facing server traffic from the internal network and restricting it to a single interface on a firewall. Which of the following BEST describes this new network?
A. VLAN B. Subnet C. VPN D. DMZ
D. DMZ A DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military operation is not permitted. Incorrect Answers: A: In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN. This is usually achieved on switch or router devices. Simpler devices only support partitioning on a port level (if at all), so sharing VLANs across devices requires running dedicated cabling for each VLAN. More sophisticated devices can mark packets through tagging, so that a single interconnect (trunk) may be used to transport data for multiple VLANs. Grouping hosts with a common set of requirements regardless of their physical location by VLAN can greatly simplify network design. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together more easily even if they are not on the same network switch. The network described in this question is a DMZ, not a VLAN. B: A subnet is a logical IP network. A DMZ will contain a subnet but it could also contain multiple subnets. Computers on a subnet can communicate with computers on a different subnet through a router. C: A VPN (Virtual Private Network) is a secure network connection over an insecure network such as the Internet. For example, two geographically separate sites could be connected by a VPN using the Internet for the physical network connection. The network described in this question is a DMZ, not a VPN. References: http://en.wikipedia.org/wiki/DMZ_%28computing%29 http://en.wikipedia.org/wiki/Virtual_LAN
Question 5:
Ann an employee is visiting Joe, an employee in the Human Resources Department. While talking to Joe, Ann notices a spreadsheet open on Joe's computer that lists the salaries of all employees in her department. Which of the following forms of social engineering would BEST describe this situation?
A. Impersonation B. Dumpster diving C. Tailgating D. Shoulder surfing
D. Shoulder surfing Ann was able to see the Spreadsheet on Joe's computer. This direct observation is known as shoulder surfing. Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. Incorrect Answers: A: Impersonation is where a person, computer, software application or service pretends to be someone it's not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat. This is not what is described in this question. Therefore, this answer is incorrect. B: Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. This is not what is described in this question. Therefore, this answer is incorrect. C: Tailgating in IT security would be an unauthorized person following and authorized person into a building or room such as a datacenter. If a building has a card reader where an authorized person can hold up a card to the reader to unlock the door, someone tailgating could follow the authorized person into the building by walking through the door before it closes and locks. This is not what is described in this question. Therefore, this answer is incorrect. References: http://searchsecurity.techtarget.com/definition/shoulder-surfing http://searchsecurity.techtarget.com/definition/dumpster-diving
Question 6:
A network analyst received a number of reports that impersonation was taking place on the network. Session tokens were deployed to mitigate this issue and defend against which of the following attacks?
A. Replay B. DDoS C. Smurf D. Ping of Death
A. Replay A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). For example: Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve. Countermeasures: A way to avoid replay attacks is by using session tokens: Bob sends a one- time token to Alice, which Alice uses to transform the password and send the result to Bob (e.g. computing a hash function of the session token appended to the password). On his side Bob performs the same computation; if and only if both values match, the login is successful. Now suppose Eve has captured this value and tries to use it on another session; Bob sends a different session token, and when Eve replies with the captured value it will be different from Bob's computation. Session tokens should be chosen by a (pseudo-) random process. Otherwise Eve may be able to pose as Bob, presenting some predicted future token, and convince Alice to use that token in her transformation. Eve can then replay her reply at a later time (when the previously predicted token is actually presented by Bob), and Bob will accept the authentication. Onetime passwords are similar to session tokens in that the password expires after it has been used or after a very short amount of time. They can be used to authenticate individual transactions in addition to sessions. The technique has been widely implemented in personal online banking systems. Bob can also send nonces but should then include a message authentication code (MAC), which Alice should check. Timestamping is another way of preventing a replay attack. Synchronization should be achieved using a secure protocol. For example Bob periodically broadcasts the time on his clock together with a MAC. When Alice wants to send Bob a message, she includes her best estimate of the time on his clock in her message, which is also authenticated. Bob only accepts messages for which the timestamp is within a reasonable tolerance. The advantage of this scheme is that Bob does not need to generate (pseudo-) random numbers, with the trade-off being that replay attacks, if they are performed quickly enough i.e. within that 'reasonable' limit, could succeed. Incorrect Answers: B: A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. Session tokens are not used to defend against this type of attack. Therefore, this answer is incorrect. C: A smurf attack is a type of network security breach in which a network connected to the Internet is swamped with replies to ICMP echo (PING) requests. A smurf attacker sends PING requests to an Internet broadcast address. These are special addresses that broadcast all received messages to the hosts connected to the subnet. Each broadcast address can support up to 255 hosts, so a single PING request can be multiplied 255 times. The return address of the request itself is spoofed to be the address of the attacker's victim. All the hosts receiving the PING request reply to this victim's address instead of the real sender's address. A single attacker sending hundreds or thousands of these PING messages per second can fill the victim's T-1 (or even T-3) line with ping replies, bring the entire Internet service to its knees. Smurfing falls under the general category of Denial of Service attacks -- security attacks that don't try to steal information, but instead attempt to disable a computer or network. Session tokens are not used to defend against this type of attack. Therefore, this answer is incorrect. D: A ping of death is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A correctly formed ping message is typically 56 bytes in size, or 84 bytes when the Internet Protocol [IP] header is considered. Historically, many computer systems could not properly handle a ping packet larger than the maximum IPv4 packet size of 65535bytes. Larger packets could crash the target computer. In early implementations of TCP/IP, this bug was easy to exploit. This exploit affected a wide variety of systems, including Unix, Linux, Mac, Windows, printers, and routers. Generally, sending a 65,536-byte ping packet violates the Internet Protocol as documented in RFC 791, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash. Later a different kind of ping attack became widespread--ping flooding simply floods the victim with so much ping traffic that normal traffic fails to reach the system, a basic denial-of-service attack. Session tokens are not used to defend against this type of attack. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Replay_attack http://www.webopedia.com/TERM/S/smurf.html http://en.wikipedia.org/wiki/Ping_of_death
Question 7:
Ann, an employee, is cleaning out her desk and disposes of paperwork containing confidential customer information in a recycle bin without shredding it first. This is MOST likely to increase the risk of loss from which of the following attacks?
A. Shoulder surfing B. Dumpster diving C. Tailgating D. Spoofing
B. Dumpster diving Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross- cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash. Incorrect Answers: A: Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. This is not what is described in this question. Therefore, this answer is incorrect. C: Tailgating in IT security would be an unauthorized person following and authorized person into a building or room such as a datacenter. If a building has a card reader where an authorized person can hold up a card to the reader to unlock the door, someone tailgating could follow the authorized person into the building by walking through the door before it closes and locks. This is not what is described in this question. Therefore, this answer is incorrect. D: There are several kinds of spoofing including email, caller ID, MAC address, and uniform resource locator (URL) spoof attacks. All types of spoofing are designed to imitate something or someone. Email spoofing (or phishing), used by dishonest advertisers and outright thieves, occurs when email is sent with falsified "From:" entry to try and trick victims that the message is from a friend, their bank, or some other legitimate source. Any email that claims it requires your password or any personal information could be a trick. In a caller ID attack, the spoofer will falsify the phone number he/she is calling from. This is not what is described in this question. Therefore, this answer is incorrect. References: http://searchsecurity.techtarget.com/definition/dumpster-diving http://searchsecurity.techtarget.com/definition/shoulder-surfing
Question 8:
Jane, an administrator, needs to make sure the wireless network is not accessible from the parking area of their office. Which of the following would BEST help Jane when deploying a new access point?
A. Placement of antenna B. Disabling the SSID C. Implementing WPA2 D. Enabling the MAC filtering
A. Placement of antenna You should try to avoid placing access points near metal (which includes appliances) or near the ground. Placing them in the center of the area to be served and high enough to get around most obstacles is recommended. On the chance that the signal is actually traveling too far, some access points include power level controls, which allow you to reduce the amount of output provided. Incorrect Answers: B: This option would "cloak" the network, not limit its signal strength. C: This deals with authentication and would not make sure that the network is inaccessible from the parking area. D: This would require clients to furnish the security administrator with their device's MAC address. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 172, 177, 178, 183.
Question 9:
Which of the following offers the LEAST amount of protection against data theft by USB drives?
A. DLP B. Database encryption C. TPM D. Cloud computing
D. Cloud computing Cloud computing refers to performing data processing and storage elsewhere, over a network connection, rather than locally. Because users have access to the data, it can easily be copied to a USB device. Incorrect Answers: A: Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. B: Database encryption converts database data from plain text format into a meaningless cipher text by means of a suitable algorithm. C: TPM is an international standard for a dedicated microprocessor created to secure hardware by incorporating cryptographic keys into devices. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 37. http://en.wikipedia.org/wiki/Database_encryption http://en.wikipedia.org/wiki/Trusted_Platform_Module
Question 10:
A malicious program modified entries in the LMHOSTS file of an infected system. Which of the following protocols would have been affected by this?
A. ICMP B. BGP C. NetBIOS D. DNS
C. NetBIOS The LMHOSTS file provides a NetBIOS name resolution method that can be used for small networks that do not use a WINS server. NetBIOS has been adapted to run on top of TCP/IP, and is still extensively used for name resolution and registration in Windows-based environments. Incorrect Answers: A: Internet Control Message Protocol (ICMP) is a network health and link-testing protocol that is commonly used by tools such as ping, traceroute, and pathping. It is not include in the LMHOSTS file. B: Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems (AS) on the Internet. It is not include in the LMHOSTS file. C: Domain Name System (DNS) distributes the responsibility of assigning domain names and mapping those names to IP addresses by designating authoritative name servers for each domain. It is not include in the LMHOSTS file. References: https://technet.microsoft.com/library/Cc977602 http://en.wikipedia.org/wiki/Border_Gateway_Protocol http://en.wikipedia.org/wiki/Domain_Name_System
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.