CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 111:
An administrator discovers that many users have used their same passwords for years even though the network requires that the passwords be changed every six weeks. Which of the following, when used together, would BEST prevent users from reusing their existing password? (Select TWO).
A. Length of password B. Password history C. Minimum password age D. Password expiration E. Password complexity F. Non-dictionary words
B. Password history C. Minimum password age In this question, users are forced to change their passwords every six weeks. However, they are able to change their password and enter the same password as the new password. Password history determines the number of previous passwords that cannot be used when a user changes his password. For example, a password history value of 5 would disallow a user from changing his password to any of his previous 5 passwords. When a user is forced to change his password due to a maximum password age period expiring, (the question states that the network requires that the passwords be changed every six weeks) he could change his password to a previously used password. Or if a password history value of 5 is configured, the user could change his password six times to cycle back round to his original password. This is where the minimum password age comes in. This is the period that a password must be used for. For example, a minimum password age of 30 would determine that when a user changes his password, he must continue to use the same password for at least 30 days. Incorrect Answers: A: The length of password determines how many characters a password must contain. It will not prevent users from changing their passwords multiple times to cycle back to their original passwords. D: Password expiration determines how long a password can be used for before it must be changed. In this question, the password expiration is 6 weeks. Password expiration will force users to change their passwords but it will not prevent users from changing their passwords multiple times to cycle back to their original passwords. E: Password complexity determines what a password should include. For example, you could require a password to contain uppercase and lowercase letters and numbers. . It will not prevent users from changing their passwords multiple times to cycle back to their original passwords. F: Non-dictionary words is a setting that determines that a password should not be a word that can be found in a dictionary. This is to prevent a "dictionary attack" where software can be used to attempt to access a system by using the words of a dictionary as the password. References: https://technet.microsoft.com/enus/library/cc757692%28v=ws.10%29.aspx#w2k3tr_sepol_accou_set_kuwh
Question 112:
Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?
A. Trusted OS B. Host software baselining C. OS hardening D. Virtualization
D. Virtualization Virtualization is used to host one or more operating systems in the memory of a single host computer and allows multiple operating systems to run simultaneously on the same hardware. Virtualization offers the flexibility of quickly and easily making backups of entire virtual systems, and quickly recovering the virtual system when errors occur. Furthermore, malicious code compromises of virtual systems rarely affect the host system, which allows for safer testing and experimentation. Incorrect Answers: A: Trusted OS is an access-control feature that limits resource access to client systems that run operating system that are known to implement specific security features. B: Application baseline defines the level or standard of security that will be implemented and maintained for the application. It may include requirements of hardware components, operating system versions, patch levels, installed applications and their configurations, and available ports and services. Systems can be compared to the baseline to ensure that the required level of security is being maintained. C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215-217 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 37, 208, 246
Question 113:
The systems administrator wishes to implement a hardware-based encryption method that could also be used to sign code. They can achieve this by:
A. Utilizing the already present TPM. B. Configuring secure application sandboxes. C. Enforcing whole disk encryption. D. Moving data and applications into the cloud.
A. Utilizing the already present TPM. Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. Incorrect Answers: B: Sandboxing is the process of isolating a system before installing new applications on it so as to restrict any potential harm it may cause to production systems. C: Whole disk encryption can be implemented by either a software-based cryptography solutions or by a hardware based solution such as a Trusted Platform Module (TPM) or a Hardware Security Module (HSM). D. Moving data and applications to the cloud does not ensure that the data or applications are encrypted in its new location. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 204-205, 237 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 250
Question 114:
Which of the following can be used to maintain a higher level of security in a SAN by allowing isolation of mis-configurations or faults?
A. VLAN B. Protocol security C. Port security D. VSAN
D. VSAN A storage area network (SAN) is a secondary network that offers storage isolation by consolidating storage devices such as hard drives, drive arrays, optical jukeboxes, and tape libraries. Virtualization can be used to further enhance the security of a SAN by using switches to create a VSAN. These switches act as routers controlling and filtering traffic into and out of the VSAN while allowing unrestricted traffic within the VSAN. Incorrect Answers: A: A Virtual area network (VLAN) is segmented network in which switches are used to perform the segmentation. The switches also perform routing functions, controlling and filtering traffic between VLANS. B, C: Protocol and Port security is provided by firewalls. Firewalls control or filter traffic between systems based on protocols and the ports used by those protocols. Firewalls could be used to isolate the SAN but it is unlikely to isolate mis-configurations or faults. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 89-91 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 5-6, http://en.wikipedia.org/ wiki/VSAN
Question 115:
Which of the following malware types is MOST likely to execute its payload after Jane, an employee, has left the company?
A. Rootkit B. Logic bomb C. Worm D. Botnet
B. Logic bomb This is an example of a logic bomb. The logic bomb is configured to `go off' or when Jane has left the company. A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs. Incorrect Answers: A: A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection. A rootkit is not what is described in this question. Therefore, this answer is incorrect. C: A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. A worm is not what is described in this question. Therefore, this answer is incorrect. D: A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks. The word botnet is a combination of the words robot and network. The term is usually used with a negative or malicious connotation. Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator. Many computer users are unaware that their computer is infected with bots. Depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules. A botnet is not what is described in the question. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Logic_bomb http://searchmidmarketsecurity.techtarget.com/definition/rootkit http://en.wikipedia.org/wiki/Computer_worm http://en.wikipedia.org/wiki/Botnet
Question 116:
Which of the following should the security administrator implement to limit web traffic based on country of origin? (Select THREE).
A. Spam filter B. Load balancer C. Antivirus D. Proxies E. Firewall F. NIDS G. URL filtering
D. Proxies E. Firewall G. URL filtering A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. Firewalls manage traffic using a rule or a set of rules. A URL is a reference to a resource that specifies the location of the resource. A URL filter is used to block access to a site based on all or part of a URL. Incorrect Answers: A: A spam filter deals with identifying and blocking/filtering/removing unsolicited messages. B: A load balancer is used to acquire more optimal infrastructure utilization, reduce response time, maximize throughput, decrease overloading, and remove bottlenecks. C: An antivirus monitors the local system for the presence of malware in memory, in active processes, and in storage. F: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 10, 18-21.
Question 117:
A security team has established a security awareness program. Which of the following would BEST prove the success of the program?
A. Policies B. Procedures C. Metrics D. Standards
C. Metrics All types of training should be followed up- be tested to see if it worked and how much was learned in the training process. You must follow up and gather training metrics to validate compliance and security posture. By training metrics, we mean some quantifiable method for determining the efficacy of training. Incorrect Answers: A, B: A user-awareness program helps individuals in an organization understand how to implement policies, procedures, and technologies to ensure effective security. Policies together with procedures are part of the training and concerns that employees should be made aware of during the training process. D: Standards refer to the types of policies and guidelines (the less formal type of policy) to measure risk and weighing risk. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 401
Question 118:
A security analyst noticed a colleague typing the following command:
`Telnet some-host 443'
Which of the following was the colleague performing?
A. A hacking attempt to the some-host web server with the purpose of achieving a distributed denial of service attack. B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. C. Trying to establish an insecure remote management session. The colleague should be using SSH or terminal services instead. D. A mistaken port being entered because telnet servers typically do not listen on port 443.
B. A quick test to see if there is a service running on some-host TCP/443, which is being routed correctly and not blocked by a firewall. B: The Telnet program parameters are: telnet is the name or IP address of the remote server to connect to. is the port number of the service to use for the connection. TCP port 443 provides the HTTPS (used for secure web connections) service; it is the default SSL port. By running the Telnet some-host 443 command, the security analyst is checking that routing is done properly and not blocked by a firewall. Incorrect Answers: A: The telnet command parameter used by the colleague is done to check what service is running, i.e. HTTPS, not an attempt to get a denial of service attack. C: TCP port 443 will not allow an insecure remote session because is the default SSL port. D: TCP port 443 is the default SSL port and SSH makes use of TCP port 22. References: https://support.microsoft.com/en-us/kb/290051 Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 83.
Question 119:
Joe, a technician, is tasked with finding a way to test operating system patches for a wide variety of servers before deployment to the production environment while utilizing a limited amount of hardware resources. Which of the following would provide the BEST environment for performing this testing?
A. OS hardening B. Application control C. Virtualization D. Sandboxing
C. Virtualization D. Sandboxing
Question 120:
A network administrator has a separate user account with rights to the domain administrator group. However, they cannot remember the password to this account and are not able to login to the server when needed. Which of the following is MOST accurate in describing the type of issue the administrator is experiencing?
A. Single sign-on B. Authorization C. Access control D. Authentication
D. Authentication Authentication generally requires one or more of the following: ?Something you know: a password, code, PIN, combination, or secret phrase. ?Something you have: a smart card, token device, or key. ?Something you are: a fingerprint, a retina scan, or voice recognition; often referred to as biometrics, discussed later in this chapter. ?Somewhere you are: a physical or logical location. ?Something you do: typing rhythm, a secret handshake, or a private knock. Incorrect Answers: A: Single sign-on is when a user is authenticated into the realm, they need not re-authenticate to access resources on any realm entity. Authentication has not occurred in this instance. B: Authorization occurs after authentication, and ensures that the requested activity or object access is possible given the rights and privileges assigned to the authenticated identity. Authorization indicates who is trusted to perform specific operations. C: Access Control is defined as the control and management of users and their privileges and activities in a secure environment. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 275- 284.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.