CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 211:
Which of the following relies on the use of shared secrets to protect communication?
A. RADIUS B. Kerberos C. PKI D. LDAP
A. RADIUS Obfuscated passwords are transmitted by the RADIUS protocol via a shared secret and the MD5 hashing algorithm. Incorrect Answers: B: Kerberos works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. C: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates D: The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. References: http://en.wikipedia.org/wiki/RADIUS http://en.wikipedia.org/wiki/Kerberos_%28protocol%29 http://en.wikipedia.org/wiki/Public_key_infrastructure http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
Question 212:
An employee connects a wireless access point to the only jack in the conference room to provide Internet access during a meeting. The access point is configured to use WPA2-TKIP. A malicious user is able to intercept clear text HTTP communication between the meeting attendees and the Internet. Which of the following is the reason the malicious user is able to intercept and see the clear text communication?
A. The malicious user has access to the WPA2-TKIP key. B. The wireless access point is broadcasting the SSID. C. The malicious user is able to capture the wired communication. D. The meeting attendees are using unencrypted hard drives.
C. The malicious user is able to capture the wired communication.
Question 213:
Jane has implemented an array of four servers to accomplish one specific task. This is BEST known as which of the following?
A. Clustering B. RAID C. Load balancing D. Virtualization
A. Clustering Anytime you connect multiple computers to work/act together as a single server, it is known as clustering. Clustered systems utilize parallel processing (improving performance and availability) and add redundancy (but also add costs). Incorrect Answers: B: RAID, or redundant array of independent disks (RAID). RAID allows your existing servers to have more than one hard drive so that if the main hard drive fails, the system keeps functioning. C: Load balancing is a way of providing high availability by splitting the workload across multiple computers. D: Virtualization is the foundation for cloud computing. You cannot have cloud computing without virtualization. It makes it possible by abstracting the hardware and making it available to the virtual machines. The abstraction is done through the use of a hypervisor, which can be either Type I (bare metal) or Type II (hosted). References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 234-235
Question 214:
Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?
A. Email scanning B. Content discovery C. Database fingerprinting D. Endpoint protection
D. Endpoint protection Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. DLP systems share commonality with network intrusion prevention systems. Endpoint protection provides security and management over both physical and virtual environments. Incorrect Answers: A: Email scanning would only be providing security over one aspect of data protection. B: Content discovery is mainly useful for social marketing campaigns to drive more traffic to your websites. C: Database fingerprinting refers mainly to classifying data. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 10 http://www.websense.com/content/support/library/data/v76/help/Fingerprinting%20DB.aspx
Question 215:
Which of the following risk concepts requires an organization to determine the number of failures per year?
A. SLE B. ALE C. MTBF D. Quantitative analysis
B. ALE ALE is the annual loss expectancy value. This is a monetary measure of how much loss you could expect in a year. Incorrect Answers: A: SLE is a monetary value, and it represents how much you expect to lose at any one time: the single loss expectancy. SLE can be divided into two components: AV (asset value) and the EF (exposure factor). C: The mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component. This measurement determines the component's anticipated lifetime. D: Quantitative analysis is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 5, 8, 17 http://www.ciscopress.com/articles/article.asp?p=1998559andseqNum=2
Question 216:
Everyone in the accounting department has the ability to print and sign checks. Internal audit has asked that only one group of employees may print checks while only two other employees may sign the checks. Which of the following concepts would enforce this process?
A. Separation of Duties B. Mandatory Vacations C. Discretionary Access Control D. Job Rotation
A. Separation of Duties Separation of duties means that users are granted only the permissions they need to do their work and no more. Incorrect Answers: B: A mandatory vacation policy requires all users to take time away from work to refresh. C: Discretionary Access Control makes allowance for flexibility on access control within the company which is to be avoided in this scenario. D: Rotating jobs would mean that all the employees will at any one time still have authority to sign checks. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 25, 151, 153
Question 217:
A network stream needs to be encrypted. Sara, the network administrator, has selected a cipher which will encrypt 8 bits at a time before sending the data across the network. Which of the following has Sara selected?
A. Block cipher B. Stream cipher C. CRC D. Hashing algorithm
A. Block cipher With a block cipher the algorithm works on chunks of data--encrypting one and then moving to the next. Example: Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. Incorrect Answers: B: A stream cipher is used for encrypting data when the size of the data is unknown (such as streaming a movie). The data is encrypted one bit at a time as it is streamed. C: Cyclic redundancy check (CRC) is used for error-detecting, not for encryption. D: A hash function is used to map digital data of variable size to digital data of fixed length. A hash function is not used for encryption. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 250, 255-256 http://en.wikipedia.org/wiki/Cyclic_redundancy_check
Question 218:
Ann has recently transferred from the payroll department to engineering. While browsing file shares, Ann notices she can access the payroll status and pay rates of her new coworkers. Which of the following could prevent this scenario from occurring?
A. Credential management B. Continuous monitoring C. Separation of duties D. User access reviews
D. User access reviews
Question 219:
A security administrator needs a locally stored record to remove the certificates of a terminated employee. Which of the following describes a service that could meet these requirements?
A. OCSP B. PKI C. CA D. CRL
D. CRL A CRL is a locally stored record containing revoked certificates and revoked keys. Incorrect Answers: A: OCSP is a protocol, not a database. The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of an X.509 digital certificate. B: A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. Within a PKI you can use CRL to meet the requirements in this question. C: In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. You don't use a CA to store revoked certificates. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 279-280, 279-285, 285
Question 220:
A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator's concerns?
A. Install a mobile application that tracks read and write functions on the device. B. Create a company policy prohibiting the use of mobile devices for personal use. C. Enable GPS functionality to track the location of the mobile devices. D. Configure the devices so that removable media use is disabled.
D. Configure the devices so that removable media use is disabled. Mobile devices can be plugged into computers where they appear as an additional disk in the same way as a USB drive. This is known as removable media. This would enable users to copy company data onto the mobile devices. By disabling removable media use, the users will not be able to copy data onto the mobile devices. Incorrect Answers: A: A mobile application that tracks read and write functions on the device (if such an application exists) would only monitor the activity. It wouldn't stop data being written to the device. B: Policies provide guidelines. A policy prohibiting the use of mobile devices for personal use would not stop data being written to the device as the policy would still need to be enforced. C: Global Positioning System (GPS) tracking can be used to identify its location of a stolen device and can allow authorities to recover the device. However, for GPS tracking to work, the device must have an Internet connection or a wireless phone service over which to send its location information. This would not prevent data being written to the device. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.