CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 1081:
Which of the following cryptographic algorithms is MOST often used with IPSec?
A. Blowfish B. Twofish C. RC4 D. HMAC
D. HMAC The HMAC-MD5-96 (also known as HMAC-MD5) encryption technique is used by IPSec to make sure that a message has not been altered. Incorrect Answers: A: Blowfish can be used with IPSec but not as often as HMAC. B: Twofish, a variant of Blowfish, can be used with IPSec but not as often as HMAC. C: RC4 is popular with wireless and WEP/WPA encryption. IPSec can use HMAC-MD5 for data integrity. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 139, 250, 251, 255-256, 260
Question 1082:
A network administrator is asked to send a large file containing PII to a business associate.
Which of the following protocols is the BEST choice to use?
A. SSH B. SFTP C. SMTP D. FTP
B. SFTP SFTP encrypts authentication and data traffic between the client and server by making use of SSH to provide secure FTP communications. As a result, SFTP offers protection for both the authentication traffic and the data transfer taking place between a client and server. Incorrect Answers: A: SSH is employed by SFTP. C: SMTP is the email-forwarding protocol used on the Internet and intranets. D: Standard FTP does not provide any confidentiality protection because it sends all data in the clear. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 49, 50.
Question 1083:
After reviewing the firewall logs of her organization's wireless APs, Ann discovers an unusually high amount of failed authentication attempts in a particular segment of the building. She remembers that a new business moved into the office space across the street. Which of the following would be the BEST option to begin addressing the issue?
A. Reduce the power level of the AP on the network segment B. Implement MAC filtering on the AP of the affected segment C. Perform a site survey to see what has changed on the segment D. Change the WPA2 encryption key of the AP in the affected segment
A. Reduce the power level of the AP on the network segment Some access points include power level controls that allow you to reduce the amount of output provided if the signal is traveling too far. Incorrect Answers: B: MAC filtering is an option further down the line. If reducing the amount of output resolves the issue, the administrative effort will be much less that have to compile a list of the MAC addresses associated with users' computers and then entering those addresses. C: A site survey is recommended when laying out a network. D: The fact that Ann has found failed authentication attempts shows that the WPA2 encryption is not the real issue. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 177, 178.
Question 1084:
A computer supply company is located in a building with three wireless networks. The system security team implemented a quarterly security scan and saw the following.
A. Rogue access point B. Near field communication C. Jamming D. Packet sniffing
A. Rogue access point The question states that the building has three wireless networks. However, the scan is showing four wireless networks with the SSIDs: Computer AreUs1 , Computer AreUs2 , Computer AreUs3 and Computer AreUs4. Therefore, one of these wireless networks probably shouldn't be there. This is an example of a rogue access point. A rogue access point is a wireless access point that has either been installed on a secure company network without explicit authorization from a local network administrator, or has been created to allow a hacker to conduct a man-in-themiddle attack. Rogue access points of the first kind can pose a security threat to large organizations with many employees, because anyone with access to the premises can install (maliciously or non-maliciously) an inexpensive wireless router that can potentially allow access to a secure network to unauthorized parties. Rogue access points of the second kind target networks that do not employ mutual authentication (client-server server- client) and may be used in conjunction with a rogue RADIUS server, depending on security configuration of the target network. To prevent the installation of rogue access points, organizations can install wireless intrusion prevention systems to monitor the radio spectrum for unauthorized access points. Incorrect Answers: B: Near field communication (NFC) is a set of short-range wireless technologies, typically requiring a distance of 10 cm or less. NFC operates at 13.56 MHz on ISO/IEC 18000-3 air interface and at rates ranging from 106 kbit/s to 424 kbit/s. NFC always involves an initiator and a target; the initiator actively generates an RF field that can power a passive target. This enables NFC targets to take very simple form factors such as tags, stickers, key fobs, or cards that do not require batteries. NFC peer-to-peer communication is possible, provided both devices are powered. NFC tags contain data and are typically read-only, but may be rewriteable. They can be custom- encoded by their manufacturers or use the specifications provided by the NFC Forum, an industry association charged with promoting the technology and setting key standards. The tags can securely store personal data such as debit and credit card information, loyalty program data, PINs and networking contacts, among other information. The NFC Forum defines four types of tags that provide different communication speeds and capabilities in terms of configurability, memory, security, data retention and write endurance. Tags currently offer between 96 and 4,096 bytes of memory. The SSID's in the question indicate wireless networks. Therefore this answer is incorrect. C: Jamming is used to block transmissions typically over wireless or radio frequencies. This is not what is described in this question. Therefore, this answer is incorrect. D: Packet sniffing is the process of intercepting data as it is transmitted over a network. A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer. This is not what is described in this question. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Rogue_access_point http://en.wikipedia.org/wiki/Near_field_communication http://www.techopedia.com/definition/4113/sniffer
Question 1085:
Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?
A. Certification authority B. Key escrow C. Certificate revocation list D. Registration authority
A. Certification authority A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. Incorrect Answers: B: Key escrow is not related to issuing certificates. Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee's private messages have been called into question. C: A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key. A CRL is not used to issue certificates. D: A registration authority (RA) offloads some of the work from a CA. An RA system operates as a middleman in the process: It can distribute keys, accept registrations for the CA, and validate identities. However, the RA doesn't issue certificates; that responsibility remains with the CA. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 278-290
Question 1086:
A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a `listening' state. No other ports are open. Which of the following services should be disabled to ensure secure communications?
A. HTTPS B. HTTP C. RDP D. TELNET
B. HTTP HTTP uses port 80. HTTP does not provide encrypted communications. Port 443 is used by HTTPS which provides secure encrypted communications. Port 3389 is used by RDP (Remote Desktop Protocol) which does provide encrypted communications. Incorrect Answers: A: HTTPS uses port 443. HTTPS uses SSL or TLS certificates to secure HTTP communications. HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTP is secure so this answer is incorrect. C: RDP (Remote Desktop Protocol) is used to remotely connect to a Windows computer. RDP uses encrypted communications and is therefore considered secure. This answer is therefore incorrect. D: Telnet uses port 23. This is not one of the ports listed as open in the question. This answer is therefore incorrect. References: http://searchsoftwarequality.techtarget.com/definition/HTTPS http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Question 1087:
Methods to test the responses of software and web applications to unusual or unexpected inputs are known as:
A. Brute force. B. HTML encoding. C. Web crawling. D. Fuzzing.
D. Fuzzing. Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. Incorrect Answers: A: Brute force is a type of attack that consists of systematically checking all possible keys or passwords until a match is found. B: HTML encoding applies to web applications only. When user input is not properly escaped and encoded it could be exploited for cross-site scripting. User input that encodes special characters without proper escaping can lead to malicious code execution in the DOM. C: Web Crawling applies to web application and describes the action taken by a program as it browses from page to page on a web application. References: http://en.wikipedia.org/wiki/Fuzz_testing http://en.wikipedia.org/wiki/Brute-force_attack https://blog.whitehatsec.com/tag/html-encoding/ http://projects.webappsec.org/w/page/13246986/Web%20Application%20Security%20Scanner %20Evaluation%20Criteria Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 218, 257 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 229,
Question 1088:
An administrator needs to secure a wireless network and restrict access based on the hardware address of the device. Which of the following solutions should be implemented?
A. Use a stateful firewall B. Enable MAC filtering C. Upgrade to WPA2 encryption D. Force the WAP to use channel 1
B. Enable MAC filtering
Question 1089:
Which of the following offers the LEAST secure encryption capabilities?
A. TwoFish B. PAP C. NTLM D. CHAP
B. PAP PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP or EAP. Incorrect Answers: A: TwoFish provides stronger encryption compared to NTLM, CHAP and PAP. Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. Twofish is related to the earlier block cipher Blowfish. C: NTLM provides stronger encryption compared to CHAP and PAP. NT LAN Manager (NTLM) is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users. NTLM is being replaced by Kerberos. D: CHAP provides a more secure encryption than PAP. CHAP provides protection against replay attacks by the peer through the use of an incrementally changing identifier and of a variable challenge-value. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 139, 143, 251, 256
Question 1090:
A company's chief information officer (CIO) has analyzed the financial loss associated with the company's database breach. They calculated that one single breach could cost the company $1,000,000 at a minimum. Which of the following documents is the CIO MOST likely updating?
A. Succession plan B. Continuity of operation plan C. Disaster recovery plan D. Business impact analysis
D. Business impact analysis Business impact analysis (BIA) is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn't concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization. Incorrect Answers: A: Succession planning outlines those internal to the organization who have the ability to step into positions when they open. B: Continuity of operation plan refers to policies, processes and methods that an organization has to follow to minimize the impact of failure of the key components needed for operations. C: Disaster recovery plan usually deals with site relocation in the event of an emergency, natural disaster, or service outage. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 29, 432
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.