CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 1071:
Pete, a security analyst, has been tasked with explaining the different types of malware to his colleagues. The two malware types that the group seems to be most interested in are botnets and viruses. Which of the following explains the difference between these two types of malware?
A. Viruses are a subset of botnets which are used as part of SYN attacks. B. Botnets are a subset of malware which are used as part of DDoS attacks. C. Viruses are a class of malware which create hidden openings within an OS. D. Botnets are used within DR to ensure network uptime and viruses are not.
B. Botnets are a subset of malware which are used as part of DDoS attacks. A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation. Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator. Many computer users are unaware that their computer is infected with bots. Depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules. Incorrect Answers: A: A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are man-made. Once installed, a virus is not controlled by another user and it not used for SYN attacks. Therefore, this answer is incorrect. C: Viruses are a class of malware which create hidden openings within an OS This is a description of a backdoor, not a botnet. Therefore, this answer is incorrect. D: Botnets are used within DR (Disaster Recovery) to ensure network uptime this statement is completely false. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Botnet
Question 1072:
Certificates are used for: (Select TWO).
A. Client authentication. B. WEP encryption. C. Access control lists. D. Code signing. E. Password hashing.
A. Client authentication. D. Code signing. Certificates are used in PKI to digitally sign data, information, files, email, code, etc. Certificates are also used in PKI for client authentication. Incorrect Answers: B: Wired Equivalent Privacy (WEP) encryption is used with TKIP which placed a 128-bit wrapper around the WEP encryption and is based on the MAC address of the host device and the serial number of the packet. C: Access control lists are used to allow individual and highly controllable access to resources in a network. E: Hashing refers to the hash algorithms used in cryptography. It is used to derive a key mathematically from a message. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 156, 278, 281
Question 1073:
A company storing data on a secure server wants to ensure it is legally able to dismiss and prosecute staff who intentionally access the server via Telnet and illegally tamper with customer data. Which of the following administrative controls should be implemented to BEST achieve this?
A. Command shell restrictions B. Restricted interface C. Warning banners D. Session output pipe to /dev/null
C. Warning banners Within Microsoft Windows, you have the ability to put signs (in the form of onscreen pop-up banners) that appear before the login telling similar information-- authorized access only, violators will be prosecuted, and so forth. Such banners convey warnings or regulatory information to the user that they must "accept" in order to use the machine or network. You need to make staff aware that they may legally be prosecuted and a message is best given via a banner so that all staff using workstation will get notification. Incorrect Answers: A: Command shell restrictions are not used to make everyone aware that they may be prosecuted. It is rather used to implement the actual restriction. B: A restricted interface will just hamper staff in their execution of their duties. Prosecution can only be done when the staff is made aware of the prohibitions and accept the terms. D: Configuring the session output pipe tp /dev/null is applying the restriction and not making staff aware of the prohibitions. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 374
Question 1074:
When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would be: (Select TWO).
A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements. B. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers. C. Developed recovery strategies, test plans, post-test evaluation and update processes. D. Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential. E. Methods to review and report on system logs, incident response, and incident handling.
A. Methods and templates to respond to press requests, institutional and regulatory reporting requirements. B. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers. A: External emergency communications that should fit into your business continuity plan include notifying family members of an injury or death, discussing the disaster with the media, and providing status information to key clients and stakeholders. Each message needs to be prepared with the audience (e.g., employees, media, families, government regulators) in mind; broad general announcements may be acceptable in the initial aftermath of an incident, but these will need to be tailored to the audiences in subsequent releases. B: A typical emergency communications plan should be extensive in detail and properly planned by a business continuity planner. Internal alerts are sent using either email, overhead building paging systems, voice messages or text messages to cell/smartphones with instructions to evacuate the building and relocate at assembly points, updates on the status of the situation, and notification of when it's safe to return to work. Incorrect Answers: C: Recovery strategies are not included in the communications plan. D: Analysis of impact, dependencies and loss potential are not included in the communications plan. E: System logs, incident response, and incident handling are not included in the communications plan. References: http://searchdisasterrecovery.techtarget.com/Developing-an-emergency-communications-plan-A- template-for-business-continuity-planners
Question 1075:
Which of the following represents a cryptographic solution where the encrypted stream cannot be captured by a sniffer without the integrity of the stream being compromised?
A. Elliptic curve cryptography. B. Perfect forward secrecy. C. Steganography. D. Quantum cryptography.
D. Quantum cryptography.
Question 1076:
A server administrator notes that a legacy application often stops running due to a memory error. When reviewing the debugging logs, they notice code being run calling an internal process to exploit the machine. Which of the following attacks does this describe?
A. Zero-day B. Buffer overflow C. Cross site scripting D. Malicious add-on
B. Buffer overflow This question describes a buffer overflow attack. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. Incorrect Answers: A: A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it --this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term "zero day" refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. Zero-day attacks are generally not used to attack legacy applications. Memory errors are indicative of a buffer overflow attack. Therefore, this answer is incorrect. C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. XSS attacks are not used to attack legacy applications. Memory errors are indicative of a buffer overflow attack. Therefore, this answer is incorrect. D: The application is a legacy application. It is therefore unlikely to have an add-on. The question states that the application often stops running due to a memory error. Memory errors are indicative of a buffer overflow attack. Therefore, this answer is incorrect. References: http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Cross-site_scripting http://www.pctools.com/security-news/zero-day-vulnerability/
Question 1077:
A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?
A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned. B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively. C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced. D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.
A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned. Reviewing user permissions and group memberships form part of a privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation. Incorrect Answers: B: Reviewing the permissions of the transferred users does not address the high turnover of staff only the transfers. C: Employing measures to ease the help desks work load is not reason to review user permission settings. D: Ensuring all former employee user accounts have no permissions only address the employees that left and not the transfers. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 9-10
Question 1078:
Which of the following was launched against a company based on the following IDS log?
forum/commentary.pl/noframes/read/209" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 4.4.7.0)"
A. SQL injection B. Buffer overflow attack C. XSS attack D. Online password crack
B. Buffer overflow attack The username should be just a username; instead we can see it's a long line of text with an HTTP command in it. This is an example of a buffer overflow attack. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. Incorrect Answers: A: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. The code in the question is not SQL code. Therefore, this answer is incorrect. C: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. The code in this question is not an example of an XSS attack. Therefore, this answer is incorrect. D: The code in the question is not an online password crack. The long text in place of a username indicates an attempt to overflow a memory buffer. Therefore, this answer is incorrect. References: http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/SQL_injection http://en.wikipedia.org/wiki/Cross-site_scripting
Question 1079:
Which of the following can be implemented with multiple bit strength?
A. AES B. DES C. SHA-1 D. MD5 E. MD4
A. AES AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits. Incorrect Answers: B: The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It's based on a 56-bit key and has several modes that offer security and integrity. C: The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol. This algorithm produces a 160-bit hash value. SHA-2 has several sizes: 224, 256, 334, and 512 bit. D: The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2. MD5 is the newest version of the algorithm. It produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater security. E: The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 250, 251, 255-256
Question 1080:
A user has unknowingly gone to a fraudulent site. The security analyst notices the following system change on the user's host:
Old `hosts' file:
127.0.0.1 localhost New `hosts' file:
127.0.0.1 localhost
5.5.5.5 www.comptia.com
Which of the following attacks has taken place?
A. Spear phishing B. Pharming C. Phishing D. Vishing
B. Pharming We can see in this question that a fraudulent entry has been added to the user's hosts file. This will point the URL: www.comptia.com to 5.5.5.5 instead of the correct IP address. Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof Web sites which appear legitimate, pharming 'poisons' a DNS server (or hosts file) by infusing false information into the DNS server, resulting in a user's request being redirected elsewhere. Your browser, however will show you are at the correct Web site, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail while pharming allows the scammers to target large groups of people at one time through domain spoofing. Incorrect Answers: A: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority. In this question, host file poisoning is used rather than email. Therefore, this answer is incorrect. C: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page. In this question, host file poisoning is used rather than email. Therefore, this answer is incorrect. D: Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone. In this question, host file poisoning is used rather than voice. Therefore, this answer is incorrect. References: http://www.webopedia.com/TERM/P/pharming.html http://searchsecurity.techtarget.com/definition/spear-phishing http://searchunifiedcommunications.techtarget.com/definition/vishing http://www.webopedia.com/ TERM/P/phishing.html
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.