CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 131:
Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify that the email came from Joe and decrypt it? (Select TWO).
A. The CA's public key B. Ann's public key C. Joe's private key D. Ann's private key E. The CA's private key F. Joe's public key
D. Ann's private key F. Joe's public key Joe wants to send a message to Ann. It's important that this message not be altered. Joe will use the private key to create a digital signature. The message is, in effect, signed with the private key. Joe then sends the message to Ann. Ann will use the public key attached to the message to validate the digital signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key provided by Joe--the public key--to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus Ann would compare the signature area referred to as a message in the message with the calculated value digest (her private key in this case). If the values match, the message hasn't been tampered with and the originator is verified as the person they claim to be. Incorrect Answers: A: The certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. B: Ann is the recipient and her public key is not required to verify e-mail sent by Joe. C: Ann requires Joe's public key, not his private key. E: A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. A certificate is nothing more than a mechanism that associates the public key with an individual. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 261, 279 http://searchsecurity.techtarget.com/definition/digital-signature
Question 132:
Which of the following should be used to authenticate and log connections from wireless users connecting with EAP-TLS?
A. Kerberos B. LDAP C. SAML D. RADIUS
D. RADIUS
Question 133:
Which of the following should be used when a business needs a block cipher with minimal key size for internal encryption?
A. AES B. Blowfish C. RC5 D. 3DES
B. Blowfish Blowfish is an encryption system invented by a team led by Bruce Schneier that performs a 64- bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits). Incorrect Answers: A: For AES there are three ciphers each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits. C: RC5 has a variable block size (32, 64 or 128 bits), key size (0 to 2040 bits) and number of rounds (0 to 255). The original suggested choice of parameters were a block size of 64 bits, a 128-bit key and 12 rounds. D: Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it's more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys). References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 250, 251, 255-256
Question 134:
An auditor's report discovered several accounts with no activity for over 60 days. The accounts were later identified as contractors' accounts who would be returning in three months and would need to resume the activities. Which of the following would mitigate and secure the auditors finding?
A. Disable unnecessary contractor accounts and inform the auditor of the update. B. Reset contractor accounts and inform the auditor of the update. C. Inform the auditor that the accounts belong to the contractors. D. Delete contractor accounts and inform the auditor of the update.
A. Disable unnecessary contractor accounts and inform the auditor of the update. A disabled account cannot be used. It is `disabled'. Whenever an employee leaves a company, the employee's user account should be disabled. The question states that the accounts are contractors' accounts who would be returning in three months. Therefore, it would be easier to keep the accounts rather than deleting them which would require that the accounts are recreated in three months time. By disabling the accounts, we can ensure that the accounts cannot be used; in three months when the contractors are back, we can simply re-enable the accounts. Incorrect Answers: B: Resetting an account is typically something you would do with a computer account rather than a user account. Resetting an account clears the security identifier associated with the account which effectively creates a different account with the same name. This would prevent any access to resources that was granted to the original account. Disabling the accounts would be a better solution. Therefore, this answer is incorrect. C: Informing the auditor that the accounts belong to the contractors would not prevent access to the accounts for the three months until the contractors return. This answer does not improve security and is therefore incorrect. D: It would be easier to keep the accounts rather than deleting them which would require that the accounts are recreated in three months time when the contractors return. By disabling the accounts, we can ensure that the accounts cannot be used; then in three months when the contractors are back, we can simply re-enable the accounts. Therefore, this answer is incorrect.
Question 135:
Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?
A. Record time offset B. Clean desk policy C. Cloud computing D. Routine log review
B. Clean desk policy Clean Desk Policy Information on a desk--in terms of printouts, pads of note paper, sticky notes, and the like--can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. This will mitigate the risk of data loss when applied. Incorrect Answers: A: Record time offset is usually critical in the event of forensic investigations. C: Cloud computing means hosting services and data on the Internet instead of hosting it locally. This poses a security risk and you will need to apply measures to mitigate the risk. D: Routine log reviews, albeit system logs or event logs, or audit logs, security log or access logs, are used to monitor and diagnose networks. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 196, 453
Question 136:
A systems administrator has implemented PKI on a classified government network. In the event that a disconnect occurs from the primary CA, which of the following should be accessible locally from every site to ensure users with bad certificates cannot gain access to the network?
A. A CRL B. Make the RA available C. A verification authority D. A redundant CA
A. A CRL A certificate revocation list (CRL) is created and distributed to all CAs to revoke a certificate or key. By checking the CRL you can check if a particular certificate has been revoked. Incorrect Answers: B: Access to a registration authority (RA) is not required to check for bad certificates. A CRL will do fine. A registration authority (RA) offloads some of the work from a CA. An RA system operates as a middleman in the process: It can distribute keys, accept registrations for the CA, and validate identities. C: A verification authority is used to check the uniqueness of a certificate, not primarily to check for bad certificates. The user identity must be unique within each CA domain. The third-party validation authority (VA)/verification authority can provide this information on behalf of the CA. The binding is established through the registration and issuance process. D: A redundant CA is not required to check for bad certificates. A CRL will do fine. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 279-280, 285
Question 137:
Company employees are required to have workstation client certificates to access a bank website. These certificates were backed up as a precautionary step before the new computer upgrade. After the upgrade and restoration, users state
they can access the bank's website, but not login.
Which is the following is MOST likely the issue?
A. The IP addresses of the clients have change B. The client certificate passwords have expired on the server C. The certificates have not been installed on the workstations D. The certificates have been installed on the CA
C. The certificates have not been installed on the workstations The computer certificates must be installed on the upgraded client computers. Incorrect Answers: A: Changing the IP address of a client would not affect the certificate. B: It is not likely that the certificates expired at the time that the clients were upgraded. D: It is not likely that the client certificates were installed on the CA at the time that the clients were upgraded. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 281-284
Question 138:
Which of the following is being tested when a company's payroll server is powered off for eight hours?
A. Succession plan B. Business impact document C. Continuity of operations plan D. Risk assessment plan
C. Continuity of operations plan Continuity of operations plan is the effort to ensure the continued performance of critical business functions during a wide range of potential emergencies. Incorrect Answers: A: Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions. B: A business impact analysis/document is part of the business continuity planning and focuses on evaluating the processes. D: A risk assessment plan, like a business impact analysis forms part of the Business continuity plan and provides a company with an accurate picture of the situation it faces. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 432-434, 454 http://www.cio.com/article/2381021/best-practices/how-to-create-an-effective-business- continuity-plan.html
Question 139:
Users can authenticate to a company's web applications using their credentials from a popular social media site. Which of the following poses the greatest risk with this integration?
A. Malicious users can exploit local corporate credentials with their social media credentials B. Changes to passwords on the social media site can be delayed from replicating to the company C. Data loss from the corporate servers can create legal liabilities with the social media site D. Password breaches to the social media site affect the company application as well
D. Password breaches to the social media site affect the company application as well Social networking and having you company's application authentication `linked' to users' credential that they use on social media sites exposes your company's application exponentially more than is necessary. You should strive to practice risk avoidance. Incorrect Answers: A: One would assume that only the company's users would be able to authenticate to the company's application and you would be able to audit log on attempts. B: Delays in password when changes are made is not such a sever security risk as a breach in passwords. C: Data loss on your company servers does not pose as great a security risk as breach of passwords. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 364, 406
Question 140:
Which of the following is a measure of biometrics performance which rates the ability of a system to correctly authenticate an authorized user?
A. Failure to capture B. Type II C. Mean time to register D. Template capacity
B. Type II Type II, or false acceptance rate (FAR), is the measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. Incorrect Answers: A: Failure to capture refers to the probability that an automatic system fails to detect a biometric input when presented properly. C: Mean time to register is not a valid option. D: Template capacity refers to the maximum number of sets of data which can be stored in the system. References: http://en.wikipedia.org/wiki/Biometrics
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.