CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 1001:
Which of the following wireless security measures can an attacker defeat by spoofing certain properties of their network interface card?
A. WEP B. MAC filtering C. Disabled SSID broadcast D. TKIP
B. MAC filtering MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network. While giving a wireless network some additional protection, MAC filtering can be circumvented by scanning a valid MAC (via airodumping) and then spoofing one's own MAC into a validated one. Incorrect Answers: A: WEP short for Wired Equivalent Privacy is a security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP is an encryption method to secure the connection. WEP uses a 40-bit or 104-bit encryption key that must be manually entered on wireless access points and devices. Although WEP is considered to be a weak security protocol, it is not defeated by spoofing. Therefore, this answer is incorrect. C: Disabling SSID broadcast is a security measure that makes the wireless network invisible to computers; it will not show up in the list of available wireless networks. To connect to the wireless network, you need to know the SSID of the network and manually enter it. Spoofing is not used to circumvent this security measure. Therefore, this answer is incorrect. D: TKIP (Temporal Key Integrity Protocol) is an encryption protocol included as part of the IEEE 802.11i standard for wireless LANs (WLANs). It was designed to provide more secure encryption than the notoriously weak Wired Equivalent Privacy (WEP), the original WLAN security protocol. TKIP is the encryption method used in Wi-Fi Protected Access (WPA), which replaced WEP in WLAN products. TKIP is not defeated by spoofing. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/MAC_filtering http://searchmobilecomputing.techtarget.com/definition/TKIP
Question 1002:
One of the most consistently reported software security vulnerabilities that leads to major exploits is:
A. Lack of malware detection. B. Attack surface decrease. C. Inadequate network hardening. D. Poor input validation.
D. Poor input validation. D: With coding there are standards that should be observed. Of these standards the most fundamental is input validation. Attacks such as SQL injection depend on unfiltered input being sent through a web application. This makes for a software vulnerability that can be exploited. There are two primary ways to do input validation: client-side validation and server-side validation. Thus with poor input validation you increase your risk with regard to exposure to major software exploits. Incorrect Answers: A: Malware detection refers to antivirus software which purpose is to identify, prevent and eliminate viruses. This is not software vulnerability. B: The attack surface of an application is the area of that application that is available to users-- those who are authenticated and, more importantly, those who are not. As such, it can include the services, protocols, interfaces, and code. The smaller the attack surface, the less visible the application is to attack. C: Network hardening refers to the process of making sure that your network is as secure as it can be. This is not a software vulnerability that may lead to major exploits. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 219, 345.
Question 1003:
When considering a vendor-specific vulnerability in critical industrial control systems which of the following techniques supports availability?
A. Deploying identical application firewalls at the border B. Incorporating diversity into redundant design C. Enforcing application white lists on the support workstations D. Ensuring the systems' anti-virus definitions are up-to-date
B. Incorporating diversity into redundant design If you know there is a vulnerability that is specific to one vendor, you can improve availability by implementing multiple systems that include at least one system from a different vendor and so is not affected by the vulnerability. Incorrect Answers: A: An application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. We don't know what the vulnerability is but it's unlikely that a firewall will prevent the vulnerability or ensure availability. C: Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list. It does not prevent vendor-specific vulnerability already inherent in the application, nor does it ensure availability. D. Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources. Ensuring the systems' anti-virus definitions are up-to-date is always a good idea. However, a vendor specific vulnerability is usually not caused by a virus. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 161-162, 340
Question 1004:
Ann has taken over as the new head of the IT department. One of her first assignments was to implement AAA in preparation for the company's new telecommuting policy. When she takes inventory of the organizations existing network infrastructure, she makes note that it is a mix of several different vendors. Ann knows she needs a method of secure centralized access to the company's network resources. Which of the following is the BEST service for Ann to implement?
A. RADIUS B. LDAP C. SAML D. TACACS+
A. RADIUS The Remote Authentication Dial In User Service (RADIUS) networking protocol offers centralized Authentication, Authorization, and Accounting (AAA) management for users who make use of a network service. Incorrect Answers: B: The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. C: Security Assertion Markup Language (SAML) is an open-standard data format based on XML. D: TACACS+ makes use of the authentication, authorization, and accounting (AAA) architecture. However, unlike RADIUS, these separate components of the protocol can be segregated and handled on separate servers. References: http://en.wikipedia.org/wiki/RADIUS http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 275. http://en.wikipedia.org/wiki/TACACS
Question 1005:
Which of the following is a vulnerability associated with disabling pop-up blockers?
A. An alert message from the administrator may not be visible B. A form submitted by the user may not open C. The help window may not be displayed D. Another browser instance may execute malicious code
D. Another browser instance may execute malicious code Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious code. Incorrect Answers: A, B, C: Pop-up windows are browser windows that are opened without the consent of the user. They are not alert messages, forms or the help window. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 246 Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 222
Question 1006:
Which of the following protocols uses an asymmetric key to open a session and then establishes a symmetric key for the remainder of the session?
A. SFTP B. HTTPS C. TFTP D. TLS
D. TLS SSL establishes a session using asymmetric encryption and maintains the session using symmetric encryption. Incorrect Answers: A: SFTP, Secure File Transfer Protocol, does not provide authentication and security; it expects the underlying protocol to secure this. B: HTTPS, "HTTP over SSL/TLS", it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL or TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. C: TFTP, Trivial File Transfer Protocol, includes no login or access control mechanisms. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 76, 268-269, 274
Question 1007:
After Matt, a user enters his username and password at the login screen of a web enabled portal, the following appears on his screen:
`Please only use letters and numbers on these fields'
Which of the following is this an example of?
A. Proper error handling B. Proper input validation C. Improper input validation D. Improper error handling
B. Proper input validation Input validation is an aspect of secure coding and is intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain. Incorrect Answers: A, D: Error handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system, and should include error and exception handling. C: Improper input validation would allow user input to be used as an attack vector. In such an event input would not be checked and the use would not receive a message from the system. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 257 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 319,
Question 1008:
One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?
A. File level encryption with alphanumeric passwords B. Biometric authentication and cloud storage C. Whole disk encryption with two-factor authentication D. BIOS passwords and two-factor authentication
C. Whole disk encryption with two-factor authentication Whole-disk encryption only provides reasonable protection when the system is fully powered off. to make the most of the defensive strength of whole-disk encryption, a long, complex passphrase should be used to unlock the system on bootup. Combining whole-disk encryption with two factor authentication would further increase protection. Incorrect Answers: A: configuring file level encryption with alphanumeric passwords would still allow thieves access to the system, and time to crack the password. B: Biometric authentication and cloud storage would work, but the question requires a basic solution. D: BIOS passwords are easily removed by removing the CMOS battery, allowing a thief to power up the laptop. Once powered on, the thief can crack passwords at their leisure. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 252, 282. https://www.technibble.com/how-to-bypass-or-remove-a-bios-password/
Question 1009:
RADIUS provides which of the following?
A. Authentication, Authorization, Availability B. Authentication, Authorization, Auditing C. Authentication, Accounting, Auditing D. Authentication, Authorization, Accounting
D. Authentication, Authorization, Accounting The Remote Authentication Dial In User Service (RADIUS) networking protocol offers centralized Authentication, Authorization, and Accounting (AAA) management for users who make use of a network service. It is for this reason that A, B, and C: are incorrect. References: http://en.wikipedia.org/wiki/RADIUS
Question 1010:
Pete, a security administrator, has observed repeated attempts to break into the network. Which of the following is designed to stop an intrusion on the network?
A. NIPS B. HIDS C. HIPS D. NIDS
A. NIPS Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it Incorrect Answers: B: A host-based IDS (HIDS) watches the audit trails and log files of a host system. It's reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host. C: Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. D: A network-based IDS (NIDS) watches network traffic in real time. It's reliable for detecting network-focused attacks, such as bandwidth-based DoS attacks. References: http://en.wikipedia.org/wiki/Intrusion_prevention_system Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 21.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.