CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 1031:
A recent review of accounts on various systems has found that after employees' passwords are required to change they are recycling the same password as before. Which of the following policies should be enforced to prevent this from happening? (Select TWO).
A. Reverse encryption B. Minimum password age C. Password complexity D. Account lockouts E. Password history F. Password expiration
B. Minimum password age E. Password history
Question 1032:
Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?
A. Installing anti-malware B. Implementing an IDS C. Taking a baseline configuration D. Disabling unnecessary services
D. Disabling unnecessary services Preventive controls are to stop something from happening. These can include locked doors that keep intruders out, user training on potential harm (to keep them vigilant and alert), or even biometric devices and guards that deny access until authentication has occurred. By disabling all unnecessary services you would be reducing the attack surface because then there is less opportunity for risk incidents to happen. There are many risks with having many services enabled since a service can provide an attack vector that someone could exploit against your system. It is thus best practice to enable only those services that are absolutely required. Incorrect Answers: A: Installing anti-malware is actually increasing the attack surface because it will enable more services. B: Implementing IDS will also add an extra service to increase the attack surface of a specific host. C: Taking the baseline configuration is a representation of a secure state and is not necessarily reducing the attack surface. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 384 Gregg, Michael, CompTIA Security+ Rapid Review (Exam SY0-301), Pearson Education, Sebastopol, CA, 2012, p 107
Question 1033:
A network administrator identifies sensitive files being transferred from a workstation in the LAN to an unauthorized outside IP address in a foreign country. An investigation determines that the firewall has not been altered, and antivirus is upto-date on the workstation. Which of the following is the MOST likely reason for the incident?
A. MAC Spoofing B. Session Hijacking C. Impersonation D. Zero-day
D. Zero-day
Question 1034:
Which of the following provides the HIGHEST level of confidentiality on a wireless network?
A. Disabling SSID broadcast B. MAC filtering C. WPA2 D. Packet switching
C. WPA2 The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) authentication protocols were designed to address the core, easy-to-crack problems of WEP. Incorrect Answers: A: Disabling SSID broadcasting is not the best solution. One method of protecting the network that is often recommended is to disable, or turn off, the SSID broadcast (also known as cloaking). The access point is still there, and it is still accessible by those who have been told of its existence by the administrator, but it prevents those who are just scanning from finding it. This is considered a very weak form of security, because there are still other ways, albeit a bit more complicated, to discover the presence of the access point besides the SSID broadcast. B: MAC filtering would increase the security, but an authentication protocol such as WPA2 would still be required. Note: When MAC filtering is used, the administrator compiles a list of the MAC addresses associated with users' computers and enters those addresses. When a client attempts to connect and other values have been correctly entered, an additional check of the MAC address is done. If the address appears in the list, the client is allowed to join; otherwise, it is forbidden from doing so. D: Packet switching is a method of transferring data on an Ethernet network. Packet switching does not address wireless security. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 171, 178, 183, 258
Question 1035:
In the initial stages of an incident response, Matt, the security administrator, was provided the hard drives in question from the incident manager. Which of the following incident response procedures would he need to perform in order to begin the analysis? (Select TWO).
A. Take hashes B. Begin the chain of custody paperwork C. Take screen shots D. Capture the system image E. Decompile suspicious files
A. Take hashes D. Capture the system image A: Take Hashes. NIST (the National Institute of Standards and Technology) maintains a National Software Reference Library (NSRL). One of the purposes of the NSRL is to collect "known, traceable software applications" through their hash values and store them in a Reference Data Set (RDS). The RDS can then be used by law enforcement, government agencies, and businesses to determine which fi les are important as evidence in criminal investigations. D: A system image is a snapshot of what exists. Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. Incorrect Answers: B: Starting the chain of custody paperwork by the security administrator would be null and void since the evidence involved has already been removed from the scene and he would not know where it has been and who had in until it was given to him. C: Taking screen shots may be too late since it is only the hard drives in question that were handed to the security administrator by the incident manager. We could assume that the incident manager probably already took screenshots. E: Decompile suspicious files can only happen when the hard drives are mounted. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 453-454
Question 1036:
Which of the following controls mitigates the risk of Matt, an attacker, gaining access to a company network by using a former employee's credential?
A. Account expiration B. Password complexity C. Account lockout D. Dual factor authentication
A. Account expiration Account expiration is a secure feature to employ on user accounts for temporary workers, interns, or consultants. It automatically disables a user account or causes the account to expire at a specific time and on a specific day. Incorrect Answers: B: Implementing password complexity would not work, as the user is a former employee and would not be there to change their password to a more complex one. C: Account lockout automatically disables an account due to repeated failed log on attempts. Matt could get the password before reaching the log on attempt threshold. D: Matt could still discover both authentication factors to gain access. With the account disabled, there is no chance of that happening. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292- 294.
Question 1037:
Joe, a security administrator, is concerned with users tailgating into the restricted areas. Given a limited budget, which of the following would BEST assist Joe with detecting this activity?
A. Place a full-time guard at the entrance to confirm user identity. B. Install a camera and DVR at the entrance to monitor access. C. Revoke all proximity badge access to make users justify access. D. Install a motion detector near the entrance.
B. Install a camera and DVR at the entrance to monitor access. Tailgating is a favorite method of gaining entry to electronically locked systems by following someone through the door they just unlocked. With a limited budget installing a camera and DVR at the entrance to monitor access to the restricted areas is the most feasible solution. The benefit of a camera (also known as closed- circuit television, or CCTV) is that it is always running and can record everything it sees, creating evidence that can be admissible in court if necessary. Incorrect Answers: A: A full-time guard at the entrance of the restricted areas will also work, but would be more costly and guards can also be impersonated. Guards are also more costly in the sense that, guards in combination with security cameras will be more effective which means that you still need both. C: Revoking proximity badges will just give free access to all if no other measures are in place. D: A motion detector will inevitable be triggered even when legitimate users enter the restricted area. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 357, 367, 372
Question 1038:
Which of the following tools will allow a technician to detect security-related TCP connection anomalies?
A. Logical token B. Performance monitor C. Public key infrastructure D. Trusted platform module
B. Performance monitor Performance Monitor in a Windows system can monitor many different `counters'. For TCP network connections, you can monitor specific TCP related counters including the following: Connection Failures Connections Active Connections Established Connections Passive Connections Reset Segments Received/sec Segments Retransmitted/sec Segments Sent/sec Total Segments/sec By monitoring the counters listed above, you will be able to detect security-related TCP connection anomalies. Incorrect Answers: A: A logical token is used in Token Ring networks. A logical token is not a tool that would provide information regarding TCP connection anomalies. Therefore, this answer is incorrect. C: A Public key infrastructure (PKI) describes a system of providing certificates for public key cryptography. For example, a Certificate Authority would provide digital certificates to computers or users in the network for secured communications. A PKI is not a tool that would provide information regarding TCP connection anomalies. Therefore, this answer is incorrect. D: A Trusted platform module is a chip that securely stores cryptographic keys and other data. It is not a tool that would provide information regarding TCP connection anomalies. Therefore, this answer is incorrect.
Question 1039:
An administrator needs to connect a router in one building to a router in another using Ethernet. Each router is connected to a managed switch and the switches are connected to each other via a fiber line. Which of the following should be configured to prevent unauthorized devices from connecting to the network?
A. Configure each port on the switches to use the same VLAN other than the default one B. Enable VTP on both switches and set to the same domain C. Configure only one of the routers to run DHCP services D. Implement port security on the switches
D. Implement port security on the switches Port security in IT can mean several things: The physical control of all connection points, such as RJ-45 wall jacks or device ports, so that no unauthorized users or unauthorized devices can attempt to connect into an open port. The management of TCP and User Datagram Protocol (UDP) ports. If a service is active and assigned to a port, then that port is open. All the other 65,535 ports (of TCP or UDP) are closed if a service isn't actively using them. Port knocking is a security system in which all ports on a system appear closed. However, if the client sends packets to a specific set of ports in a certain order, a bit like a secret knock, then the desired service port becomes open and allows the client software to connect to the service. Incorrect Answers: A: A basic switch not configured for VLANs has VLAN functionality disabled or permanently enabled with a default VLAN that contains all ports on the device as members. Every device connected to one of its ports can send packets to any of the others. Separating ports by VLAN groups separates their traffic very much like connecting the devices to another, distinct switch of their own. Configuration of the first custom VLAN port group usually involves removing ports from the default VLAN, such that the first custom group of VLAN ports is actually the second VLAN on the device, in addition to the default VLAN B: VLAN Trunking Protocol (VTP) is a Cisco proprietary protocol that broadcasts the definition of Virtual Local Area Networks (VLAN) on the whole local area network. VTP achieves this by carrying VLAN information to all the switches in a VTP domain. C: The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 24. http://en.wikipedia.org/wiki/VLAN_Trunking_Protocol http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol http://en.wikipedia.org/wiki/Virtual_LAN
Question 1040:
A retail store uses a wireless network for its employees to access inventory from anywhere in the store. Due to concerns regarding the aging wireless network, the store manager has brought in a consultant to harden the network. During the site survey, the consultant discovers that the network was using WEP encryption. Which of the following would be the BEST course of action for the consultant to recommend?
A. Replace the unidirectional antenna at the front of the store with an omni-directional antenna. B. Change the encryption used so that the encryption protocol is CCMP-based. C. Disable the network's SSID and configure the router to only access store devices based on MAC addresses. D. Increase the access point's encryption from WEP to WPA TKIP.
B. Change the encryption used so that the encryption protocol is CCMP-based.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.