CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 1121:
The IT department has setup a share point site to be used on the intranet. Security has established the groups and permissions on the site. No one may modify the permissions and all requests for access are centrally managed by the security team. This is an example of which of the following control types?
A. Rule based access control B. Mandatory access control C. User assigned privilege D. Discretionary access control
D. Discretionary access control Discretionary access control (DAC) allows access to be granted or restricted by an object's owner based on user identity and on the discretion of the object owner. Incorrect Answers: A: Rule-based access control is used for network devices that filter traffic based on filtering rules. B: Mandatory Access Control allows access to be granted or restricted based on the rules of classification. C: User assigned privilege is when permissions are allowed or refused based on a specific individual user. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 278- 284, 294.
Question 1122:
Based on information leaked to industry websites, business management is concerned that unauthorized employees are accessing critical project information for a major, well-known new product. To identify any such users, the security administrator could:
A. Set up a honeypot and place false project documentation on an unsecure share. B. Block access to the project documentation using a firewall. C. Increase antivirus coverage of the project servers. D. Apply security updates and harden the OS on all project servers.
A. Set up a honeypot and place false project documentation on an unsecure share. In this scenario, we would use a honeypot as a `trap' to catch unauthorized employees who are accessing critical project information. A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies. According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes: The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned. The hacker can be caught and stopped while trying to obtain root access to the system. By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers. There are two main types of honeypots: Production - A production honeypot is one used within an organization's environment to help mitigate risk. Research A research honeypot add value to research in computer security by providing a platform to study the threat. Incorrect Answers: B: Blocking access to the project documentation by using a firewall would block all access to the documentation including access to authorized employees. It would not help to determine which unauthorized employees are attempting to access the documentation. Therefore, this answer is incorrect. C: Antivirus software is used to scan a system for known virus threats. It would not detect unauthorized users attempting to access the project documentation. Therefore, this answer is incorrect. D: Applying security updates to harden a server is always a good idea. However, security updates would not detect unauthorized users attempting to access the project documentation. Therefore, this answer is incorrect. References: https://ethics.csc.ncsu.edu/abuse/hacking/honeypots/study.php
Question 1123:
DRAG DROP
A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and drop the applicable controls to each asset type.
Instructions: Controls can be used multiple times and not all placeholders need to be filled. When you have completed the simulation, please select the Done button to submit.
Select and Place:
Question 1124:
Multi-tenancy is a concept found in which of the following?
A. Full disk encryption B. Removable media C. Cloud computing D. Data loss prevention
C. Cloud computing One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This "multitenant" nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security. Incorrect Answers: A, B, D: None of these options offer multitenancy. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 37. http://en.wikipedia.org/wiki/Multitenancy
Question 1125:
When designing a new network infrastructure, a security administrator requests that the intranet web server be placed in an isolated area of the network for security purposes. Which of the following design elements would be implemented to comply with the security administrator's request?
A. DMZ B. Cloud services C. Virtualization D. Sandboxing
A. DMZ A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall. Incorrect Answers: B: A private cloud is a cloud service within a corporate network and isolated from the Internet. The private cloud is for internal use only. C: D: Virtualization offers several benefits, such as being able to launch individual instances of servers or services as needed, real-time scalability, and the ability to run the exact OS version required for a certain application. D: Sandboxing is a means of quarantine or isolation. It's implemented to restrict new or otherwise suspicious software from being able to cause harm to production systems. It can be used against applications or entire OSs. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 37, 38, 39, 250.
Question 1126:
Which statement is TRUE about the operation of a packet sniffer?
A. It can only have one interface on a management network. B. They are required for firewall operation and stateful inspection. C. The Ethernet card must be placed in promiscuous mode. D. It must be placed on a single virtual LAN interface.
C. The Ethernet card must be placed in promiscuous mode. A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer. Incorrect Answers: A: A packet sniffer can have more than one interface on a management network. Therefore, this answer is incorrect. B: A packet sniffer is not required for firewall operation and stateful inspection. Firewalls and packet sniffers are two different devices. Therefore, this answer is incorrect. D: A virtual LAN interface is not required for packet sniffing. Therefore, this answer is incorrect. References: http://www.techopedia.com/definition/4113/sniffer
Question 1127:
Access mechanisms to data on encrypted USB hard drives must be implemented correctly otherwise:
A. user accounts may be inadvertently locked out. B. data on the USB drive could be corrupted. C. data on the hard drive will be vulnerable to log analysis. D. the security controls on the USB drive can be bypassed.
D. the security controls on the USB drive can be bypassed. A common access mechanism to data on encrypted USB hard drives is a password. If a weak password is used, someone could guess the password and bypass the security controls on the USB drive to access the data. Incorrect Answers: A: Not configuring a password (or other access mechanism) on an encrypted USB hard drive would not lock out a user account. It would just enable someone to access the data on the hard drive. B: Not configuring a password (or other access mechanism) on an encrypted USB hard drive would not corrupt the data. It would just enable someone to access the data on the hard drive. C: Not configuring a password (or other access mechanism) on an encrypted USB hard drive would not cause the data on the hard drive will be vulnerable to log analysis. It would just enable someone to access the data on the hard drive. References: http://www.pcadvisor.co.uk/test-centre/pc-peripheral/114492/group-test-top-7-encrypted-hard- drives/?pn=2
Question 1128:
Which of the following can be implemented in hardware or software to protect a web server from cross-site scripting attacks?
A. Intrusion Detection System B. Flood Guard Protection C. Web Application Firewall D. URL Content Filter
C. Web Application Firewall Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity. Incorrect Answers: A: An Intrusion Detection System (IDS) is used to detect attempts to access a system. It cannot be used to detect cross-site scripting attacks where a malicious user is injecting malicious content into content being downloaded by a user. B: Flood Guard Protection is used to prevent a network being flooded by data such as DoS, SYN floods, ping floods etc. The flood of data saturates the network and prevents the successful transmission of valid data across the network. Flood Guard Protection is not used to prevent cross-site scripting attacks. D. A URL Content Filter is used to permit access to allowed URLs (Websites) only or to block access to URLs that are not allowed according to company policy. For example, a company might use a URL Content Filter to block access to social networking sites. A URL Content Filter is not used to prevent cross-site scripting attacks. References: http://en.wikipedia.org/wiki/Cross-site_scripting https://www.owasp.org/index.php/Web_Application_Firewall
Question 1129:
Which of the following concepts defines the requirement for data availability?
A. Authentication to RADIUS B. Non-repudiation of email messages C. Disaster recovery planning D. Encryption of email messages
C. Disaster recovery planning A disaster-recovery plan, or scheme, helps an organization respond effectively when a disaster occurs. Disasters may include system failure, network failure, infrastructure failure, and natural disaster. The primary emphasis of such a plan is reestablishing services and minimizing losses. Incorrect Answers: A: Authentication issues deals with authorized access to resources. B: Nonrepudiation prevents one party from denying actions that they carried out and in the electronic world nonrepudiation measures can be a two-key cryptographic system and the involvement of a third party to verify the validity. This respected third party `vouches' for the individuals in the two-key system. D: Encryption of email messages is concerned with confidentiality. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 29, 262, 433-434
Question 1130:
An administrator has advised against the use of Bluetooth phones due to bluesnarfing concerns. Which of the following is an example of this threat?
A. An attacker using the phone remotely for spoofing other phone numbers B. Unauthorized intrusions into the phone to access data C. The Bluetooth enabled phone causing signal interference with the network D. An attacker using exploits that allow the phone to be disabled
B. Unauthorized intrusions into the phone to access data Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages -- without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled. Incorrect Answers: A: An attacker using the phone remotely for spoofing other phone numbers is not an example of bluesnarfing. Bluesnarfing is the theft of data from a mobile device over a Bluetooth connection. Therefore, this answer is incorrect. C: A Bluetooth enabled phone causing signal interference with the network is an example of interference, not bluesnarfing. Bluesnarfing is the theft of data from a mobile device over a Bluetooth connection. Therefore, this answer is incorrect. D: An attacker using exploits that allow the phone to be disabled is not an example of bluesnarfing. Bluesnarfing is the theft of data from a mobile device over a Bluetooth connection, not the disabling of a mobile device. Therefore, this answer is incorrect. References: http://searchmobilecomputing.techtarget.com/definition/bluesnarfing
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.