CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 151:
A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application?
A. Black box testing B. White box testing C. Gray box testing D. Design review
C. Gray box testing In this question, we know the tester has some knowledge of the application because the tester developed a plug-in module for it. However, the tester does not have detailed information about the entire application. Therefore, this is a grey-box test. Gray box testing, also called gray box analysis, is a strategy for software debugging in which the tester has limited knowledge of the internal details of the program. A gray box is a device, program or system whose workings are partially understood. Gray box testing can be contrasted with black box testing, a scenario in which the tester has no knowledge or access to the internal workings of a program, or white box testing, a scenario in which the internal particulars are fully known. Gray box testing is commonly used in penetration tests. Gray box testing is considered to be non-intrusive and unbiased because it does not require that the tester have access to the source code. With respect to internal processes, gray box testing treats a program as a black box that must be analyzed from the outside. During a gray box test, the person may know how the system components interact but not have detailed knowledge about internal program functions and operation. A clear distinction exists between the developer and the tester, thereby minimizing the risk of personnel conflicts. Incorrect Answers: A: Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied to virtually every level of software testing: unit, integration, system and acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as well. Specific knowledge of the application's code/internal structure and programming knowledge in general is not required. The tester is aware of what the software is supposed to do but is not aware of how it does it. For instance, the tester is aware that a particular input returns a certain, invariable output but is not aware of how the software produces the output in the first place. In this question, the tester has some knowledge of the application. Therefore, this answer is incorrect. B: White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT). White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a systemlevel test. In this question, the tester has some knowledge of the application but not the detailed knowledge required for a white-box test. Therefore, this answer is incorrect. D: A design review in terms of application development is the process of reviewing the design of the modules and units used in the application. However, in this question, the application has already been developed. Furthermore, a design review does not describe the process of testing an application. Therefore, this answer is incorrect. References: http://searchsoftwarequality.techtarget.com/definition/gray-box http://en.wikipedia.org/wiki/Black-box_testing http://en.wikipedia.org/wiki/White-box_testing
Question 152:
An administrator needs to submit a new CSR to a CA. Which of the following is a valid FIRST step?
A. Generate a new private key based on AES. B. Generate a new public key based on RSA. C. Generate a new public key based on AES. D. Generate a new private key based on RSA.
D. Generate a new private key based on RSA. Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The private key is needed to produce, but it is not part of, the CSR. The private key is an RSA key. The private encryption key that will be used to protect sensitive information. Note: A CSR or Certificate Signing request is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that will be included in your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually created at the same time that you create the CSR. Incorrect Answers: A: The private key that is generated is an RSA key, not an AES key. B: The produce the CSR you need a private key, not a public key. C: The produce the CSR you need a private key, not a public key. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 279-280 http://en.wikipedia.org/wiki/Certificate_signing_request
Question 153:
Matt, an administrator, notices a flood fragmented packet and retransmits from an email server. After disabling the TCP offload setting on the NIC, Matt sees normal traffic with packets flowing in sequence again. Which of the following utilities was he MOST likely using to view this issue?
A. Spam filter B. Protocol analyzer C. Web application firewall D. Load balancer
B. Protocol analyzer A protocol analyzer is a tool used to examine the contents of network traffic. Commonly known as a sniffer, a protocol analyzer can be a dedicated hardware device or software installed onto a typical host system. In either case, a protocol analyzer is first a packet capturing tool that can collect network traffic and store it in memory or onto a storage device. Once a packet is captured, it can be analyzed either with complex automated tools and scripts or manually. Incorrect Answers: A: A spam filter is a software or hardware tool whose primary purpose is to identify and block/filter/remove unwanted messages (that is, spam). Spam is most commonly associated with email, but spam also exists in instant messaging (IM), short message service (SMS), Usenet, and web discussions/forums/comments/ blogs. Because spam consumes about 89 percent of all email traffic (see the Intelligence Reports at www.messagelabs.com), it's essential to filter and block spam at every opportunity. C: A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. It's intended to be an application-specific firewall to prevent cross-site scripting, SQL injection, and other web application attacks. D: A load balancer is used to spread or distribute network traffic load across several network links or network devices. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 10, 18, 19.
Question 154:
A vulnerability scan is reporting that patches are missing on a server. After a review, it is determined that the application requiring the patch does not exist on the operating system.
Which of the following describes this cause?
A. Application hardening B. False positive C. Baseline code review D. False negative
B. False positive False positives are essentially events that are mistakenly flagged and are not really events to be concerned about. Incorrect Answers: A: The term hardening is usually applied to operating systems. The idea is to "lock down" the operating system as much as is practical. For example, ensure that all unneeded services are turned off, all unneeded software is uninstalled, patches are updated, user accounts are checked for security, and so forth. Hardening is a general process of making certain that the operating system itself is as secure as it can be. C: A baseline represents a secure state and a review of the baseline code is not a vulnerability report that security patches are missing as stated in the scenario. D: A False negative is exactly the opposite of a false positive. With a false negative, you are not alerted to a situation when you should be alerted. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 28, 52 http://www.cgisecurity.com/questions/falsepositive.shtml
Question 155:
Which of the following is a common coding error in which boundary checking is not performed?
A. Input validation B. Fuzzing C. Secure coding D. Cross-site scripting
A. Input validation Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain. Incorrect Answers: B: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. C: Proper and secure coding can prevent many attacks, including cross-site scripting, SQL injection and buffer overflows. D: Cross-site scripting (XSS) is a form of malicious code-injection attack on a web server in which an attacker injects code into the content sent to website visitors. XSS can be mitigated by implementing patch management on the web server, using firewalls, and auditing for suspicious activity References: http://en.wikipedia.org/wiki/Fuzz_testing Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 218, 257 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 192, 229, 319
Question 156:
An administrator was asked to review user accounts. Which of the following has the potential to cause the MOST amount of damage if the account was compromised?
A. A password that has not changed in 180 days B. A single account shared by multiple users C. A user account with administrative rights D. An account that has not been logged into since creation
C. A user account with administrative rights
Question 157:
A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration. Which of the following should be implemented to secure the devices without risking availability?
A. Host-based firewall B. IDS C. IPS D. Honeypot
B. IDS An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of "flavors" and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content. Incorrect Answers: A: The question states: The administrator wants to monitor device security without changing their baseline configuration. Installing and configure host-based firewalls would change the baseline configuration. A host-based or personal software firewall can often limit communications to only approved applications and protocols and can usually prevent externally initiated connections. It will not monitor device security. C: The question states: The administrator wants to monitor device security without changing their baseline configuration. The word `monitor' is an important distinction. It doesn't say block or prevent. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent/block intrusions that are detected. D: A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies. A honeypot is not used to monitor device security. References: http://en.wikipedia.org/wiki/Intrusion_detection_system Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 213, 246. http://en.wikipedia.org/wiki/Intrusion_prevention_system
Question 158:
A software firm posts patches and updates to a publicly accessible FTP site. The software firm also posts digitally signed checksums of all patches and updates. The firm does this to address:
A. Integrity of downloaded software. B. Availability of the FTP site. C. Confidentiality of downloaded software. D. Integrity of the server logs.
A. Integrity of downloaded software. Digital Signatures is used to validate the integrity of the message and the sender. In this case the software firm that posted the patches and updates digitally signed the checksums of all patches and updates. Incorrect Answers: B: Availability is not the concern in this case since the patches and updates are posted to a publicly accessible FTP site. C: Confidentiality is not an issue since the patches and updates are posted to a publicly accessible FTP site. D: The server logs are not the focus of the integrity concerns. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 261, 414
Question 159:
Using proximity card readers instead of the traditional key punch doors would help to mitigate:
A. Impersonation B. Tailgating C. Dumpster diving D. Shoulder surfing
D. Shoulder surfing Using a traditional key punch door, a person enters a code into a keypad to unlock the door. Someone could be watching the code being entered. They would then be able to open the door by entering the code. The process of watching the key code being entered is known as shoulder surfing. Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it's relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. Incorrect Answers: A: Impersonation is where a person, computer, software application or service pretends to be someone or something it's not. Impersonation is commonly non- maliciously used in client/server applications. However, it can also be used as a security threat. Using proximity card readers instead of the traditional key punch doors would not prevent impersonation. Therefore, this answer is incorrect. B: Tailgating in IT security would be an unauthorized person following and authorized person into a building or room such as a datacenter. If a building has a card reader where an authorized person can hold up a card to the reader to unlock the door, someone tailgating could follow the authorized person into the building by walking through the door before it closes and locks. Using proximity card readers instead of the traditional key punch doors would not prevent tailgating. Therefore, this answer is incorrect. C: Dumpster diving is looking for treasure in someone else's trash. (A dumpster is a large trash container.) In the world of information technology, dumpster diving is a technique used to retrieve information that could be used to carry out an attack on a computer network. Dumpster diving isn't limited to searching through the trash for obvious treasures like access codes or passwords written down on sticky notes. Seemingly innocent information like a phone list, calendar, or organizational chart can be used to assist an attacker using social engineering techniques to gain access to the network. To prevent dumpster divers from learning anything valuable from your trash, experts recommend that your company establish a disposal policy where all paper, including print-outs, is shredded in a cross- cut shredder before being recycled, all storage media is erased, and all staff is educated about the danger of untracked trash. Using proximity card readers instead of the traditional key punch doors would not prevent dumpster diving. Therefore, this answer is incorrect. References: http://searchsecurity.techtarget.com/definition/shoulder-surfing http://searchsecurity.techtarget.com/definition/dumpster-diving
Question 160:
The company's sales team plans to work late to provide the Chief Executive Officer (CEO) with a special report of sales before the quarter ends. After working for several hours, the team finds they cannot save or print the reports.
Which of the following controls is preventing them from completing their work?
A. Discretionary access control B. Role-based access control C. Time of Day access control D. Mandatory access control
C. Time of Day access control Time of day restrictions limit when users can access specific systems based on the time of day or week. It can limit access to sensitive environments to normal business hours when oversight and monitoring can be performed to prevent fraud, abuse, or intrusion. In this case, the sales team is prevented from saving or printing reports after a certain time. Incorrect Answers: A: Discretionary access control (DAC) allows access to be granted or restricted by an object's owner based on user identity and on the discretion of the object owner. Since the sales team had access, and the restriction only kicked in after several hours, DAC cannot be responsible. B: Role-based Access Control is basically based on a user's job description. When a user is assigned a specific role in an environment, that user's access to objects is granted based on the required tasks of that role. Since the sales team needs to save and print reports, they would not be restricted if restrictions were role-based. D: Mandatory Access Control allows access to be granted or restricted based on the rules of classification. Since they had access earlier, they clearly had the necessary classification. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 278- 284.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.