CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 1091:
Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?
A. Protocol analyzer B. Router C. Firewall D. HIPS
A. Protocol analyzer A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing and analyzing the packets sent from two systems that are not communicating properly could help determine the cause of the issue. Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal). Incorrect Answers: B: A router is used to route traffic between hosts on different networks. It is not used to capture and analyze network traffic. C: A firewall is used to block unauthorized traffic from accessing hosts on a network. It is not used to capture and analyze network traffic. D: A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion. It is not used to capture and analyze network traffic. References: http://en.wikipedia.org/wiki/Wireshark
Question 1092:
A company is preparing to decommission an offline, non-networked root certificate server. Before sending the server's drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO).
A. Disk hashing procedures B. Full disk encryption C. Data retention policies D. Disk wiping procedures E. Removable media encryption
B. Full disk encryption D. Disk wiping procedures B: Full disk encryption is when the entire volume is encrypted; the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer's security. Full disk encryption is sometimes referred to as hard drive encryption. D: Disk wiping is the process of overwriting data on the repeatedly, or using a magnet to alter the magnetic structure of the disks. This renders the data unreadable. Incorrect Answers: A: Hashing is used to protect the integrity of data as it will indicate whether the data was altered or not. It does not protect against unauthorized access. C: Data Retention policies refer to the period that that should be kept and will thus not be helpful to the SCO to make sure that data will not be accessed. E: The Server's drives are not removable media thus data can still be accessed. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 290, 386 https://wiki.archlinux.org/index.php/Securely_wipe_disk
Question 1093:
A small company has a website that provides online customer support. The company requires an account recovery process so that customers who forget their passwords can regain access.
Which of the following is the BEST approach to implement this process?
A. Replace passwords with hardware tokens which provide two-factor authentication to the online customer support site. B. Require the customer to physically come into the company's main office so that the customer can be authenticated prior to their password being reset. C. Web-based form that identifies customer by another mechanism and then emails the customer their forgotten password. D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login.
D. Web-based form that identifies customer by another mechanism, sets a temporary password and forces a password change upon first login. People tend to forget their passwords, thus you should have a password recovery system for them that will not increase risk exposure. Setting a temporary password will restrict the time that the password is valid and thus decrease risk; and in addition forcing the customer to change it upon first login will make the password more secure for the customer. Incorrect Answers: A: Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. But in this case the problem stems from a forgotten password. B: Requiring customers to physically come in to the company's main office is not a viable option what if the customer is on a different continent? C: Emailing customers their forgotten password is risky as the email can be intercepted, a forgotten password is best being eliminated from the system as a forgotten password if still active can compromise your business as well as your customers. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp. 139, 142
Question 1094:
An investigator recently discovered that an attacker placed a remotely accessible CCTV camera in a public area overlooking several Automatic Teller Machines (ATMs). It is also believed that user accounts belonging to ATM operators may have been compromised. Which of the following attacks has MOST likely taken place?
A. Shoulder surfing B. Dumpster diving C. Whaling attack D. Vishing attack
A. Shoulder surfing The CCTV camera has recorded people entering their PINs in the ATMs. This is known as shoulder surfing. Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. Incorrect Answers: B: Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. This is not what is described in this question. Therefore, this answer is incorrect. C: Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles. Hackers who engage in whaling often describe these efforts as "reeling in a big fish," applying a familiar metaphor to the process of scouring technologies for loopholes and opportunities for data theft. Those who are engaged in whaling may, for example, hack into specific networks where these powerful individuals work or store sensitive data. They may also set up keylogging or other malware on a work station associated with one of these executives. There are many ways that hackers can pursue whaling, leading C-level or top-level executives in business and government to stay vigilant about the possibility of cyber threats. This is not what is described in this question. Therefore, this answer is incorrect. D: Vishing (voice or VoIP phishing) is an electronic fraud tactic in which individuals are tricked into revealing critical financial or personal information to unauthorized entities. Vishing works like phishing but does not always occur over the Internet and is carried out using voice technology. A vishing attack can be conducted by voice email, VoIP (voice over IP), or landline or cellular telephone. The potential victim receives a message, often generated by speech synthesis, indicating that suspicious activity has taken place in a credit card account, bank account, mortgage account or other financial service in their name. The victim is told to call a specific telephone number and provide information to "verify identity" or to "ensure that fraud does not occur." If the attack is carried out by telephone, caller ID spoofing can cause the victim's set to indicate a legitimate source, such as a bank or a government agency. This is not what is described in this question. Therefore, this answer is incorrect. References: http://searchsecurity.techtarget.com/definition/shoulder-surfing http://www.techopedia.com/definition/28643/whaling http://searchunifiedcommunications.techtarget.com/definition/vishing
Question 1095:
Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?
A. Twofish B. Diffie-Hellman C. ECC D. RSA
C. ECC Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys of smaller size. Incorrect Answers: A: Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). Twofish is quite similar and works on 128-bit blocks. B: Diffie-Hellman would require longer keys. D: Elliptic Curve Cryptography (ECC) provides similar functionality to RSA but uses smaller key sizes to obtain the same level of security. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 251, 252, 253, 254 http://www.studymode.com/essays/Elliptic-Curve-Cryptography-And-Its-Applications- 1560318.html http:// en.wikipedia.org/wiki/Elliptic_curve_cryptography
Question 1096:
A business has set up a Customer Service kiosk within a shopping mall. The location will be staffed by an employee using a laptop during the mall business hours, but there are still concerns regarding the physical safety of the equipment while it is not in use. Which of the following controls would BEST address this security concern?
A. Host-based firewall B. Cable locks C. Locking cabinets D. Surveillance video
C. Locking cabinets
Question 1097:
Which of the following types of logs could provide clues that someone has been attempting to compromise the SQL Server database?
A. Event B. SQL_LOG C. Security D. Access
A. Event Event logs include Application logs, such as those where SQL Server would write entries. This is where you would see logs with details of someone trying to access a SQL database. Incorrect Answers: B: This log does not contain information that would provide clues that someone has been attempting to compromise the SQL Server database. Therefore, this answer is incorrect. C: This log does not contain information that would provide clues that someone has been attempting to compromise the SQL Server database although the Security Event Log in Windows does contain information about attempted logins to a system. However, as another answer specifies an "Event" log, that answer is correct. Therefore, this answer is incorrect. D: This log does not contain information that would provide clues that someone has been attempting to compromise the SQL Server database. Therefore, this answer is incorrect. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 68, 469
Question 1098:
Which of the following types of risk reducing policies also has the added indirect benefit of cross training employees when implemented?
A. Least privilege B. Job rotation C. Mandatory vacations D. Separation of duties
B. Job rotation A job rotation policy defines intervals at which employees must rotate through positions. Similar in purpose to mandatory vacations, it helps to ensure that the company does not become too dependent on one person and it does afford the company with the opportunity to place another person in that same job. Incorrect Answers: A: A least privilege policy should be used when assigning permissions. Give users only the permissions that they need to do their work and no more. This does not involve cross-training. C: A mandatory vacation policy requires all users to take time away from work to refresh. D: Separation of duties means that users are granted only the permissions they need to do their work and no more. More so it means that there is differentiation between users, employees and duties per se which form part of best practices. There is thus no cross training. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 24, 25, 26, 153
Question 1099:
Which of the following has a storage root key?
A. HSM B. EFS C. TPM D. TKIP
C. TPM Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates on non-volatile (NV) memory. Data stored on NV memory is retained unaltered when the device has no power. The storage root key is embedded in the TPM to protect TPM keys created by applications, so that these keys cannot be used without the TPM. Incorrect Answers: A: Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates. However, the HSM does not have a storage root key. B: Encrypting File System (EFS) is used to encrypt files or entire volumes in a Windows computer. It uses certificates to encrypt the data but do not have a storage root key. D: TKIP (Temporal Key Integrity Protocol) is an encryption protocol used in Wireless networks. It was designed to provide more secure encryption than the relatively weak Wired Equivalent Privacy (WEP) and does not have a storage root key. References: http://www.cs.bham.ac.uk/~mdr/teaching/modules/security/lectures/TrustedComputingTCG.htm l http://en.wikipedia.org/wiki/Hardware_security_module http://searchmobilecomputing.techtarget.com/definition/TKIP Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 171, 237
Question 1100:
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
A. Enticement B. Entrapment C. Deceit D. Sting
B. Entrapment Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead. Entrapment is a valid legal defense in a criminal prosecution. Incorrect Answers: A: Enticement is the process of luring someone into your plan or trap. C: Deceit is an act to propagate beliefs of things that are not true. D: According to Wikipedia a sting is a deceptive operation designed to catch a person committing a crime. Almost akin to setting a honey trap. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 65 http://en.wikipedia.org/wiki/Sting_operation
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.