CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 1011:
A file on a Linux server has default permissions of rw-rw-r--. The system administrator has verified that Ann, a user, is not a member of the group owner of the file. Which of the following should be modified to assure that Ann has read access to the file?
A. User ownership information for the file in question B. Directory permissions on the parent directory of the file in question C. Group memberships for the group owner of the file in question D. The file system access control list (FACL) for the file in question
D. The file system access control list (FACL) for the file in question
Question 1012:
A security administrator wants to get a real time look at what attackers are doing in the wild, hoping to lower the risk of zero-day attacks. Which of the following should be used to accomplish this goal?
A. Penetration testing B. Honeynets C. Vulnerability scanning D. Baseline reporting
B. Honeynets A honeynet is a network set up with intentional vulnerabilities; its purpose is to invite attack, so that an attacker's activities and methods can be studied and that information used to increase network security. A honeynet contains one or more honey pots, which are computer systems on the Internet expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems. Although the primary purpose of a honeynet is to gather information about attackers' methods and motives, the decoy network can benefit its operator in other ways, for example by diverting attackers from a real network and its resources. The Honeynet Project, a non-profit research organization dedicated to computer security and information sharing, actively promotes the deployment of honeynets. In addition to the honey pots, a honeynet usually has real applications and services so that it seems like a normal network and a worthwhile target. However, because the honeynet doesn't actually serve any authorized users, any attempt to contact the network from without is likely an illicit attempt to breach its security, and any outbound activity is likely evidence that a system has been compromised. For this reason, the suspect information is much more apparent than it would be in an actual network, where it would have to be found amidst all the legitimate network data. Applications within a honeynet are often given names such as "Finances" or "Human Services" to make them sound appealing to the attacker. A virtual honeynet is one that, while appearing to be an entire network, resides on a single server. Incorrect Answers: A: Penetration testing evaluates an organization's ability to protect its networks, applications, computers and users from attempts to circumvent its security controls to gain unauthorized or privileged access to protected assets. You perform a penetration test by attempting to gain access to the system. However, to do this, you are trying to exploit weaknesses that you know about. An attacker might use a different method. To view all methods used by attackers, you need to set up a honeynet. Therefore, this answer is incorrect. C: A vulnerability scanner is software designed to assess computers, computer systems, networks or applications for weaknesses. A vulnerability scan will scan for weaknesses (vulnerabilities) in a system but it does not provide information about the methods attackers are using. Therefore, this answer is incorrect. D: Baseline reporting will alert the security manager to any changes in the security posture compared to the original baseline configuration. Baseline reporting does not provide information about the methods attackers are using. Therefore, this answer is incorrect. References: http://searchsecurity.techtarget.com/definition/honeynet
Question 1013:
A security analyst needs to logon to the console to perform maintenance on a remote server. Which of the following protocols would provide secure access?
A. SCP B. SSH C. SFTP D. HTTPS
B. SSH Secure Shell (SSH) is a tunneling protocol originally used on Unix systems. It's now available for both Unix and Windows environments. SSH is primarily intended for interactive terminal sessions. SSH is used to establish a command-line, text-only interface connection with a server, router, switch, or similar device over any distance. Incorrect Answers: A: Secure Copy Protocol (SCP) is a secure file-transfer facility based on SSH and Remote Copy Protocol (RCP). C: SFTP encrypts authentication and data traffic between the client and server by making use of SSH to provide secure FTP communications. As a result, SFTP offers protection for both the authentication traffic and the data transfer taking place between a client and server. D: HTTPS provides the secure means for web-based transactions by utilizing various other protocols such as SSL and TLS. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 42, 46, 50. Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 271.
Question 1014:
Matt, a security administrator, wants to ensure that the message he is sending does not get intercepted or modified in transit. This concern relates to which of the following concepts?
A. Availability B. Integrity C. Accounting D. Confidentiality
B. Integrity Integrity means ensuring that data has not been altered. Hashing and message authentication codes are the most common methods to accomplish this. In addition, ensuring nonrepudiation via digital signatures supports integrity. Incorrect Answers: A: Availability refers to the measures that are used to keep services and systems operational. C: Accounting refers to applications. D: Confidentiality means that the message/data retains its privacy. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 414
Question 1015:
Which the following flags are used to establish a TCP connection? (Select TWO).
A. PSH B. ACK C. SYN D. URG E. FIN
B. ACK C. SYN To establish a TCP connection, the three-way (or 3-step) handshake occurs: SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment's sequence number to a random value A. SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number i.e. A+1, and the sequence number that the server chooses for the packet is another random number, B. ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A+1, and the acknowledgement number is set to one more than the received sequence number i.e. B+1. Incorrect Answers: A: The PSH flag tells the TCP stack to flush all buffers and send any outstanding data up to and including the data that had the PSH flag set. D: URG indicates that the urgent pointer field has a valid pointer to data that should be treated urgently and be transmitted before non-urgent data. E: FIN is used to indicate that the client will send no more data. References: http://linuxpoison.blogspot.com/2007/11/what-are-tcp-control-bits.html
Question 1016:
A user has several random browser windows opening on their computer. Which of the following programs can be installed on his machine to help prevent this from happening?
A. Antivirus B. Pop-up blocker C. Spyware blocker D. Anti-spam
B. Pop-up blocker Pop-up blockers prevent websites from opening new browser windows without the users consent. These are often used for advertisements but can also be used to distribute malicious code. Incorrect Answers: A: Antivirus software is used to protect systems against viruses, which are a form of malicious code designed to spread from one system to another, consuming network resources. C: Spyware monitors a user's activity and uses network protocols to reports it to a third party without the user's knowledge or consent. This is usually accomplished using a tracking cookie. D: A spam filter is a software or hardware solution used to identify and block, filter, or remove unwanted messages sent via email or instant messaging (IM). It does not block random browser windows, which are pop-up windows, from opening. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 246 Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 18-19, 161-162, 300
Question 1017:
Which of the following types of technologies is used by security and research personnel for identification and analysis of new security threats in a networked environment by using false data/hosts for information collection?
A. Honeynet B. Vulnerability scanner C. Port scanner D. Protocol analyzer
A. Honeynet
Question 1018:
The Chief Security Officer (CSO) is concerned about misuse of company assets and wishes to determine who may be responsible. Which of the following would be the BEST course of action?
A. Create a single, shared user account for every system that is audited and logged based upon time of use. B. Implement a single sign-on application on equipment with sensitive data and high-profile shares. C. Enact a policy that employees must use their vacation time in a staggered schedule. D. Separate employees into teams led by a person who acts as a single point of contact for observation purposes.
C. Enact a policy that employees must use their vacation time in a staggered schedule. A policy that states employees should use their vacation time in a staggered schedule is a way of employing mandatory vacations. A mandatory vacation policy requires all users to take time away from work while others step in and do the work of that employee on vacation. This will afford the CSO the opportunity to see who is using the company assets responsibly and who is abusing it. Incorrect Answers: A: A single shared user account for every system will not single out any one who might be the guilty party. You need to see and audit individual accounts to single out the guilty party. B: Single sign is about having a single / one only password for all resources on a given network which will make singling out a guilty party problematic. D: Separating and organizing employees into teams makes singling out a single guilty party problematic. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 25
Question 1019:
The IT department has setup a website with a series of questions to allow end users to reset their own accounts. Which of the following account management practices does this help?
A. Account Disablements B. Password Expiration C. Password Complexity D. Password Recovery
D. Password Recovery People tend to forget their own passwords and because a user's password in not stored on the operating system, only a hash value is kept and most operating systems allows the administrator to change the value meaning that the password can then be recovered. If you allow end users to reset their own accounts then the password recovery process is helped along. Incorrect Answers: A: Account disablements is akin to locking an account when users may be going on leave, or leave the company, etc. this is not aided in any way when you allow end users to reset their own accounts. B: Password expiration is a practice that should be implemented to mitigate security risks since the longer a password is in use, the easier it can be broken. This has nothing to do with resetting account passwords. C: Password complexity refers to the difficulty degree in the password. The more difficult/complex, the more difficult is will be for miscreant to guess the passwords. This is not allowing end users to reset their own accounts. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 139-140
Question 1020:
Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles?
A. User rights reviews B. Incident management C. Risk based controls D. Annual loss expectancy
A. User rights reviews A least privilege policy should be used when assigning permissions. Give users only the permissions and rights that they need to do their work and no more. Incorrect Answers: B: Incident management refers to the steps that are followed when events occur and is thus not a risk mitigation strategy. C: Risk based controls is not the same as risk mitigation. Risk mitigation refers to the actual steps taken to reduce risk. D: Annual Los Expectancy or ALE refers to the loss a company expects to lose in monetary value in a year. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 5, 10, 26, 413
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.