CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 171:
Sara, a security manager, has decided to force expiration of all company passwords by the close of business day. Which of the following BEST supports this reasoning?
A. A recent security breach in which passwords were cracked. B. Implementation of configuration management processes. C. Enforcement of password complexity requirements. D. Implementation of account lockout procedures.
A. A recent security breach in which passwords were cracked. A password only needs to be changed if it doesn't meet the compliance requirements of the company's password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to possible compromise as a result of a system intrusion. Incorrect Answers: B: Configuration management provides visibility and control of a system's performance, as well as its functional and physical attributes. C: Password complexity normally requires a minimum of three out of four standard character types to be represented in the password. It would not require forcing expiration of all company passwords by the close of business day. D: Account lockout automatically disables an account due to repeated failed log on attempts. It would not require forcing expiration of all company passwords by the close of business day. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292, 293. http://en.wikipedia.org/wiki/Configuration_management
Question 172:
An achievement in providing worldwide Internet security was the signing of certificates associated with which of the following protocols?
A. TCP/IP B. SSL C. SCP D. SSH
B. SSL SSL (Secure Sockets Layer) is used for establishing an encrypted link between two computers, typically a web server and a browser. SSL is used to enable sensitive information such as login credentials and credit card numbers to be transmitted securely. Incorrect Answers: A: TCP/IP (Transmission Control Protocol/Internet Protocol) is a layered suite of protocols used to enable network communications between computers. All communications over the Internet between a Web browser and a Web server use TCP/IP. HTTP and SSL run in the Application layer of the TCP/IP protocol suite. TCP/IP itself does not use digitally signed certificates. C: SCP (Secure Copy) uses SSH (Secure Shell) to copy files between computers using a secure encrypted connection. SSH uses public and private keys in a similar way to SSL to encrypt the connection, however SCP/SSH are not the protocols used to provide the "worldwide Internet security" that this question is asking about. D: SSH (Secure Shell) is commonly used to log into a remote machine and execute commands over a secure encrypted connection. SSH uses public and private keys in a similar way to SSL to encrypt the connection. However SSH is not the protocol used to provide the "worldwide Internet security" that this question is asking about. References: https://www.digicert.com/ssl.htm
Question 173:
In order to use a two-way trust model the security administrator MUST implement which of the following?
A. DAC B. PKI C. HTTPS D. TPM
B. PKI PKI is a high level concept. Within a PKI you use a trust model to set up trust between Certification Authorities (CAs). A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Incorrect Answers: A: DAC cannot be used to setup trust models. Discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)". C: HTTPS is just a protocol. You cannot use HTTPS to set up trust models. HTTPS is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. D: Trusted Platform Module (TPM) cannot be used to setup trust models. A TPM can be used to assist with hash key generation. TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. TPM can be used to protect smart phones and devices other than PCs as well. It can also be used to generate values used with whole disk encryption such as BitLocker. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 150, 151-152, 237, 274, 279-285, 290
Question 174:
During an audit, the security administrator discovers that there are several users that are no longer employed with the company but still have active user accounts. Which of the following should be performed?
A. Account recovery B. Account disablement C. Account lockouts D. Account expiration
B. Account disablement Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account. Incorrect Answers: A: Account recovery is usually done in cases where users have forgotten their password which they use to access their accounts. In this case the users have left the employment of the company. C: The need to lock an account occurs when a user is attempting to log in but giving incorrect values; locking this account is necessary to prevent a would-be attacker from repeatedly guessing at password values until they find a match. D: Account expiration is implemented when you want to force users to change their password to access their accounts on a regular basis. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 140, 141.
Question 175:
Which of the following devices is BEST suited to protect an HTTP-based application that is susceptible to injection attacks?
A. Protocol filter B. Load balancer C. NIDS D. Layer 7 firewall
D. Layer 7 firewall An application-level gateway firewall filters traffic based on user access, group membership, the application or service used, or even the type of resources being transmitted. This type of firewall operates at the Application layer (Layer 7) of the OSI model. Incorrect Answers: A: The Protocol Filter feature is used to block unwanted traffic from your network. The feature is commonly used to make sure employees, students or end users are using their Internet access for its intended productive use. B: A load balancer is used to distribute network traffic load across a number of network links or network devices. C: A network-based IDS (NIDS) watches network traffic in real time, and is reliable for detecting network-focused attacks, such as bandwidth-based DoS attacks. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 6, 10, 82. http://www.clearcenter.com/support/documentation/clearos_enterprise_5.1/user_guide/protocol_ filter
Question 176:
Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network?
A. Cross-platform compatibility issues between personal devices and server-based applications B. Lack of controls in place to ensure that the devices have the latest system patches and signature files C. Non-corporate devices are more difficult to locate when a user is terminated D. Non-purchased or leased equipment may cause failure during the audits of company-owned assets
B. Lack of controls in place to ensure that the devices have the latest system patches and signature files With employees who want to bring their own devices you will have to make them understand why they cannot. You do not want them plugging in a flash drive, let alone a camera, smartphone, tablet computer, or other device, on which company fi les could get intermingled with personal files. Allowing this to happen can create situations where data can leave the building that shouldn't as well as introduce malware to the system. Employees should not sync unauthorized smartphones to their work systems. Some smartphones use multiple wireless spectrums and unwittingly open up the possibility for an attacker in the parking lot to gain access through the phone to the internal network. Thus if you do not have controls in place then your network is definitely at risk. Incorrect Answers: A: Cross-platform compatibility issues would not be impacting on security, rather it would be of concern to the employee who wanted to connect their own devices to the company network. C: While this may be true, why would you want to locate personally owned devices, it is not the property of the company. D: Non-purchased and leased equipment is not a company asset. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 404 http://www.computerweekly.com/opinion/BYOD-data-protection-and-information-security- issues
Question 177:
A security administrator has been tasked with setting up a new internal wireless network that must use end to end TLS. Which of the following may be used to meet this objective?
A. WPA B. HTTPS C. WEP D. WPA 2
D. WPA 2 Wi-Fi Protected Access 2 (WPA2) was intended to provide security that's equivalent to that on a wired network, and it implements elements of the 802.11i standard. In April 2010, the Wi-Fi Alliance announced the inclusion of additional Extensible Authentication Protocol (EAP) types to its certification programs for WPA- and WPA2- Enterprise certification programs. EAP-TLS is included in this certification program. Note: Although WPA mandates the use of TKIP, WPA2 requires Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). CCMP uses 128-bit AES encryption with a 48-bit initialization vector. With the larger initialization vector, it increases the difficulty in cracking and minimizes the risk of a replay attack. Incorrect Answers: A: The difference between WPA and WPA2 is that the former implements most, but not all, of 802.11i in order to be able to communicate with older wireless devices that might still need an update through their firmware in order to be compliant. B: HTTPS is not a protocol for wireless communication. HTTPS is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. C: In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA). WEP does include support for TLS. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 75, 171, 172-173, 274
Question 178:
Which of the following is a hardware-based security technology included in a computer?
A. Symmetric key B. Asymmetric key C. Whole disk encryption D. Trusted platform module
D. Trusted platform module Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system's motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates. Incorrect Answers: A, B: Symmetrical and Asymmetrical keys are used in hardware- or software-based cryptography. C: Whole disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. This encryption can be provided by a software or a hardware solution. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,
Question 179:
Pete, an employee, is terminated from the company and the legal department needs documents from his encrypted hard drive. Which of the following should be used to accomplish this task? (Select TWO).
A. Private hash B. Recovery agent C. Public key D. Key escrow E. CRL
B. Recovery agent D. Key escrow B: If an employee leaves and we need access to data he has encrypted, we can use the key recovery agent to retrieve his decryption key. We can use this recovered key to access the data. A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. As opposed to escrow, recovery agents are typically used to access information that is encrypted with older keys. D: If a key need to be recovered for legal purposes the key escrow can be used. Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee's private messages have been called into question. Incorrect Answers: A: Private hash is not used within the PKI framework. C: A public key is publically known and would not have to be retrieved. E: A CRL is a locally stored record containing revoked certificates and revoked keys. A CRL cannot be used to recover lost keys. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 279-285, 285
Question 180:
Which of the following is an example of a false positive?
A. Anti-virus identifies a benign application as malware. B. A biometric iris scanner rejects an authorized user wearing a new contact lens. C. A user account is locked out after the user mistypes the password too many times. D. The IDS does not identify a buffer overflow.
A. Anti-virus identifies a benign application as malware. A false positive is an error in some evaluation process in which a condition tested for is mistakenly found to have been detected. In spam filters, for example, a false positive is a legitimate message mistakenly marked as UBE --unsolicited bulk email, as junk email is more formally known. Messages that are determined to be spam -- whether correctly or incorrectly -- may be rejected by a server or client-side spam filter and returned to the sender as bounce e-mail. One problem with many spam filtering tools is that if they are configured stringently enough to be effective, there is a fairly high chance of getting false positives. The risk of accidentally blocking an important message has been enough to deter many companies from implementing any anti-spam measures at all. False positives are also common in security systems. A host intrusion prevention system (HIPS), for example, looks for anomalies, such as deviations in bandwidth, protocols and ports. When activity varies outside of an acceptable range for example, a remote application attempting to open a normally closed port -- an intrusion may be in progress. However, an anomaly, such as a sudden spike in bandwidth use, does not guarantee an actual attack, so this approach amounts to an educated guess and the chance for false positives can be high. False positives contrast with false negatives, which are results indicating mistakenly that some condition tested for is absent. Incorrect Answers: B: If an authorized user is wearing a new contact lens, the biometric iris scanner would not recognize it and would correctly deny access. This is not a false positive. Therefore, this answer is incorrect. C: If a user mistypes their password too many times and an account lockout policy is configured, the account would correctly be locked if the policy condition (number of failed login attempts) is met. This is not a false positive. Therefore, this answer is incorrect. D: If an IDS (intrusion detection system) does not identify a buffer overflow, this is not a false positive. A `positive' result would be the IDS recognizing the buffer overflow. A false positive would be the IDS identifying something as a buffer overflow when a buffer overflow doesn't exist. Therefore, this answer is incorrect. References: http://whatis.techtarget.com/definition/false-positive
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.