CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 101:
HOTSPOT
The security administrator has installed a new firewall which implements an implicit DENY policy by default Click on the firewall and configure it to allow ONLY the following communication.
1.
The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2.
The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3.
The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.
Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can
be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.
Hot Area:
Question 102:
A company wants to ensure that all credentials for various systems are saved within a central database so that users only have to login once for access to all systems. Which of the following would accomplish this?
A. Multi-factor authentication B. Smart card access C. Same Sign-On D. Single Sign-On
D. Single Sign-On Single sign-on means that once a user (or other subject) is authenticated into a realm, re- authentication is not required for access to resources on any realm entity. Single sign-on is able to internally translate and store credentials for the various mechanisms, from the credential used for original authentication. Incorrect Answers: A: Multifactor authentication requires a user to provide two or more authentication factors for authentication purposes. It does not guarantee that users only have to login once for access to all systems. B: Smart cards are credit-card-sized IDs, badges, or security passes with an embedded integrated circuit chip that can include data regarding the authorized bearer. This data can then be used for identification and/or authentication purposes. It does not guarantee that users only have to login once for access to all systems. C: Same Sign-On means that users will have to re-enter their credentials, but they can use the exact same credentials they use to sign on locally. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 282, 284. http://blogs.technet.com/b/jeff_stokes/archive/2013/07/08/today-s-cloud-tip-same-sign-on-vs- single-sign-on.aspx
Question 103:
The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?
A. Implicit deny B. VLAN management C. Port security D. Access control lists
D. Access control lists In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this question we need to configure routing. When configuring routing, you specify which IP range (in this case, the IP subnet of the remote site) is allowed to route traffic through the router to the FTP server. Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted. Incorrect Answers: A: Implicit deny is used in access control lists in applications, firewalls or routers. The idea is that everything is implicitly denied except what is allowed. For example, in a firewall ACL, you create ACL entries to allow traffic at the top of the list. If traffic coming in doesn't match the conditions in a allow ACL entry, then the traffic is implicitly denied. However, in this question, we need to configure an allow entry in an ACL to allow the remote site to connect to the FTP server. Therefore, implicit deny is not the correct answer. B: VLAN management is the process of managing VLANs in network switches. Switches (and therefore VLANs) work in Layer 2 of the OSI model. C: Port security works at level 2 of the OSI model and allows an administrator to configure switch ports so that only certain MAC addresses can use the port. References: http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html http://en.wikipedia.org/wiki/Virtual_LAN Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 157.
Question 104:
Which of the following passwords is the LEAST complex?
A. MyTrain!45 B. Mytr@in!! C. MyTr@in12 D. MyTr@in#8
B. Mytr@in!! Password policies often enforce a minimum of three out of four standard character types, which includes uppercase and lowercase letters, numbers, and symbols. Although this option includes three of the four character types, it does not include numbers, which makes it less complex than the other options. Incorrect Answers: A, C, D: These three options are more complex as they include all four of the standard password character types. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292.
Question 105:
Which of the following is an important implementation consideration when deploying a wireless network that uses a shared password?
A. Authentication server B. Server certificate C. Key length D. EAP method
C. Key length Key length is the main issue of concern since the wireless network uses a shared password. With risks of shared passwords makes the length of the password a crucial factor to risk mitigation. Incorrect Answers: A: An authentication server is used to authenticate access points and switches on 802.1X. This is the norm. B: Server certificates are used when authentication and trust relationships are established. This is normal. D: EAP (Extensible Authentication protocol) method being used is normal. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 139-140, 158
Question 106:
Purchasing receives an automated phone call from a bank asking to input and verify credit card information. The phone number displayed on the caller ID matches the bank. Which of the following attack types is this?
A. Hoax B. Phishing C. Vishing D. Whaling
C. Vishing Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone. The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to "verify identity" or to "ensure that fraud does not occur." If the attack is carried out by telephone, caller ID spoofing can cause the victim's set to indicate a legitimate source, such as a bank or a government agency. Vishing is difficult for authorities to trace, particularly when conducted using VoIP. Furthermore, like many legitimate customer services, vishing scams are often outsourced to other countries, which may render sovereign law enforcement powerless. Consumers can protect themselves by suspecting any unsolicited message that suggests they are targets of illegal activity, no matter what the medium or apparent source. Rather than calling a number given in any unsolicited message, a consumer should directly call the institution named, using a number that is known to be valid, to verify all recent activity and to ensure that the account information has not been tampered with. Incorrect Answers: A: A hoax is something that makes a person believe that something is real when it is not. A hoax is usually not malicious or theft. Therefore, this answer is incorrect. B: Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Phishing email will direct the user to visit a website where they are asked to update personal information, such as a password, credit card, social security, or bank account numbers, that the legitimate organization already has. The website, however, is bogus and set up only to steal the information the user enters on the page. Phishing emails are blindly sent to thousands, if not millions of recipients. By spamming large groups of people, the "phisher" counts on the email being read by a percentage of people who actually have an account with the legitimate company being spoofed in the email and corresponding webpage. In this question, a telephone call was received so this is an example of vishing rather than phishing. Therefore, this answer is incorrect. D: Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles. Hackers who engage in whaling often describe these efforts as "reeling in a big fish," applying a familiar metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber threats. In this question, the `attack' was targeted towards the purchasing department rather than company executives. Therefore, this answer is incorrect. References: http://searchunifiedcommunications.techtarget.com/definition/vishing http://www.webopedia.com/TERM/P/phishing.html http://www.techopedia.com/definition/28643/whaling
Question 107:
Signed digital certificates used to secure communication with a web server are MOST commonly associated with which of the following ports?
A. 25 B. 53 C. 143 D. 443
D. 443
Question 108:
An administrator notices that former temporary employees' accounts are still active on a domain. Which of the following can be implemented to increase security and prevent this from happening?
A. Implement a password expiration policy. B. Implement an account expiration date for permanent employees. C. Implement time of day restrictions for all temporary employees. D. Run a last logon script to look for inactive accounts.
D. Run a last logon script to look for inactive accounts. You can run a script to return a list of all accounts that haven't been used for a number of days, for example 30 days. If an account hasn't been logged into for 30 days, it's a safe bet that the user the account belonged to is no longer with the company. You can then disable all the accounts that the script returns. A disabled account cannot be used to log in to a system. This is a good security measure. As soon as an employee leaves the company, the employees account should always be disabled. Incorrect Answers: A: A password expiration policy is always a good idea as it forces users to change their passwords regularly. However, an expired password does not prevent you logging in. When you log in using an account with an expired password, you are prompted to change the password. Therefore, this answer is incorrect. B: Implementing an account expiration date for permanent employees is not a good idea. When the accounts expire, no one would be able to log in. Account expiration is useful for temporary employees (where you know when they will be leaving), not permanent employees. Therefore, this answer is incorrect. C: Time of day restrictions will restrict users to logging in at certain times of the day only (for example: during office hours). However this does not prevent people logging in during the allowed hours. Therefore, this answer is incorrect.
Question 109:
Which of the following should be considered to mitigate data theft when using CAT5 wiring?
A. CCTV B. Environmental monitoring C. Multimode fiber D. EMI shielding
D. EMI shielding EMI Shielding refers to the process of preventing electronic emissions from your computer systems from being used to gather intelligence and preventing outside electronic emissions from disrupting your information-processing abilities. Thus all wiring should be shielded to mitigate data theft. Incorrect Answers: A: CCTV is used to record everything it sees, thus creating evidence in case of theft. Though data theft can also occur over a network and a camera will only record the area where it is set up. Shielding is a more important data theft mitigation measure. B: Environmental monitoring is carried out by means of a HVAC system and furthermore shielding the wiring is part of environmental monitoring. C: Multimode fiber is not used to mitigate data theft. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 380
Question 110:
An employee recently lost a USB drive containing confidential customer data. Which of the following controls could be utilized to minimize the risk involved with the use of USB drives?
A. DLP B. Asset tracking C. HSM D. Access control
A. DLP Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Incorrect Answers: B: Asset tracking can be as simple as a serial number etched in the device or as complex as a GPS locator. Related to this is inventory control. A complete and accurate list of all devices is an integral part of mobile device management. However in this case the USB drive is already lost. C: HSM is a backup type it provides continuous online backup using optical or tape jukeboxes. D: Access Control refers to who has access to resources and clearly users should be granted access if they require it to perform their duties. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 419, 437
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.