CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 221:
Identifying residual risk is MOST important to which of the following concepts?
A. Risk deterrence B. Risk acceptance C. Risk mitigation D. Risk avoidance
B. Risk acceptance Risk acceptance is often the choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition. To truly qualify as acceptance, it cannot be a risk where the administrator or manager is unaware of its existence; it has to be an identified risk for which those involved understand the potential cost or damage and agree to accept it. Residual risk is always present and will remain a risk thus it should be accepted (risk acceptance) Incorrect Answers: A: Risk deterrence involves understanding something about the enemy and letting them know the harm that can come their way if they cause harm to you. C: Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. D: Risk Avoidance is the opposite of risk acceptance and involves identifying a risk and making the decision not to engage any longer in the actions associated with that risk. References: D Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 3, 9, 10
Question 222:
Which of the following protocols is MOST likely to be leveraged by users who need additional information about another user?
A. LDAP B. RADIUS C. Kerberos D. TACACS+
A. LDAP
Question 223:
Pete, the system administrator, has blocked users from accessing social media web sites. In addition to protecting company information from being accidentally leaked, which additional security benefit does this provide?
A. No competition with the company's official social presence B. Protection against malware introduced by banner ads C. Increased user productivity based upon fewer distractions D. Elimination of risks caused by unauthorized P2P file sharing
B. Protection against malware introduced by banner ads Banner, or header information messages sent with data to find out about the system(s) does happen. Banners often identify the host, the operating system running on it, and other information that can be useful if you are going to attempt to later breach the security of it. Incorrect Answers: A: Competition with a company's social presence is not a security risk or benefit. C: Many companies allow full use of social media in the workplace, believing that the marketing opportunities it holds outweigh any loss in productivity. But it is still a distraction. D: Social media web sites is by definition not P2P connections, it is mass distribution of data. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 344, 406
Question 224:
To ensure proper evidence collection, which of the following steps should be performed FIRST?
A. Take hashes from the live system B. Review logs C. Capture the system image D. Copy all compromised files
C. Capture the system image Capturing an image of the operating system in its exploited state can be helpful in revisiting the issue after the fact to learn more about it. This is essential since the collection of evidence process may result in some mishandling and changing the exploited state. Incorrect Answers: A: Hashes helps to be able to illustrate the situation and should be done prior to an incident where evidence is to be collected. NIST (the National Institute of Standards and Technology) maintains a National Software Reference Library (NSRL). One of the purposes of the NSRL is to collect "known, traceable software applications" through their hash values and store them in a Reference Data Set (RDS). The RDS can then be used by law enforcement, government agencies, and businesses to determine which files are important as evidence in criminal investigations. However, according to the order of volatility the first task should be to capture the system image. B: Review logs are part of collection of evidence, but in order of volatility it comes into the equation after system images have been captured. D: You first need to know which files were compromised to be able to copy compromised files. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 453-454
Question 225:
In Kerberos, the Ticket Granting Ticket (TGT) is used for which of the following?
A. Identification B. Authorization C. Authentication D. Multifactor authentication
C. Authentication An authentication ticket, also known as a ticket-granting ticket (TGT), is a small amount of encrypted data that is issued by a server in the Kerberos authentication model to begin the authentication process. When the client receives an authentication ticket, the client sends the ticket back to the server along with additional information verifying the client's identity. The server then issues a service ticket and a session key (which includes a form of password), completing the authorization process for that session. In the Kerberos model, all tickets are time-stamped and have limited lifetimes. This minimizes the danger that hackers will be able to steal or crack the encrypted data and use it to compromise the system. Ideally, no authentication ticket remains valid for longer than the time an expert hacker would need to crack the encryption. Authentication tickets are session-specific, further improving the security of the system by ensuring that no authentication ticket remains valid after a given session is complete. Incorrect Answers: A, B: The Ticket Granting Ticket (TGT) is used for authentication and not for identification or authorization. D: Multifactor authentication pools two or more independent credentials: What the user knows (password) What the user has (security token) What the user is (biometric verification). References: http://searchenterprisedesktop.techtarget.com/definition/authentication-ticket http://searchsecurity.techtarget.com/definition/multifactor-authentication-MFA
Question 226:
A new MPLS network link has been established between a company and its business partner.
The link provides logical isolation in order to prevent access from other business partners. Which of the following should be applied in order to achieve confidentiality and integrity of all data across the link?
A. MPLS should be run in IPVPN mode. B. SSL/TLS for all application flows. C. IPSec VPN tunnels on top of the MPLS link. D. HTTPS and SSH for all application flows.
C. IPSec VPN tunnels on top of the MPLS link. IPSec can very well be used with MPLS. IPSec could provide VPN tunnels on top if the MPLS link. Internet Protocol Security (IPSec) isn't a tunneling protocol, but it's used in conjunction with tunneling protocols. IPSec is oriented primarily toward LAN-to-LAN connections, but it can also be used with dial-up connections. IPSec provides secure authentication and encryption of data and headers; this makes it a good choice for security. Incorrect Answers: A: MPLS tunnelling would not hide the logical MPLS link. B: SSL/TLS could provide encryption, but not the tunnelling required for the logical isolation. D: To provide the required logical isolation tunnelling should be used. HTTPS and SSH cannot provide tunnelling. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 91, 103-105, 268, 271, 274, 274-275 http:// www.networkworld.com/article/2297191/lan-wan/chapter-6--how-ipseccomplements- mpls.html
Question 227:
An administrator needs to secure RADIUS traffic between two servers. Which of the following is the BEST solution?
A. Require IPSec with AH between the servers B. Require the message-authenticator attribute for each message C. Use MSCHAPv2 with MPPE instead of PAP D. Require a long and complex shared secret for the servers
A. Require IPSec with AH between the servers
Question 228:
Ann works at a small company and she is concerned that there is no oversight in the finance department; specifically, that Joe writes, signs and distributes paycheques, as well as other expenditures. Which of the following controls can she implement to address this concern?
A. Mandatory vacations B. Time of day restrictions C. Least privilege D. Separation of duties
D. Separation of duties Separation of duties divides administrator or privileged tasks into separate groupings, which in turn, is individually assigned to unique administrators. This helps in fraud prevention, error reduction, as well as conflict of interest prevention. For example, those who configure security should not be the same people who test security. In this case, Joe should not be allowed to write and sign paycheques. Incorrect Answers: A: Mandatory vacations require each employee to be on vacation for a minimal amount of time each year. During this time a different employee sits at their desk and performs their work tasks. This will not solve the problem, it will determine whether the user is committing fraud, being abusive, or if they are incompetent. B: Time of day restrictions limits when a specific user account can log on to the network according to the time of day. This will not help solve the problem. C: Least privilege states that users should only be granted the minimum necessary access, permissions, and privileges that are required for them to accomplish their work tasks. This is used for normal employees, whereas Separation of duties is for administrators. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 81, 82, 280.
Question 229:
Which of the following techniques enables a highly secured organization to assess security weaknesses in real time?
A. Access control lists B. Continuous monitoring C. Video surveillance D. Baseline reporting
B. Continuous monitoring Continuous monitoring point toward the never-ending review of what resources a user actually accesses, which is critical for preventing insider threats. Because the process is never-ending, assessments happen in real time. Incorrect Answers: A: Access Control List (ACL) specifies which users are allowed or refused the different types of available access based on the object type. It does not to assess security weaknesses in real time. C: Video surveillance provides real time monitoring of physical threats. D: A baseline report compares the current status of network systems in terms of security updates, performance or other metrics to a predefined set of standards. It does not to assess security weaknesses in real time. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 154, 156, 372. http://en.wikipedia.org/wiki/IT_baseline_protection
Question 230:
An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?
A. Cluster tip wiping B. Individual file encryption C. Full disk encryption D. Storage retention
A. Cluster tip wiping A computer hard disk is divided into small segments called clusters. A file usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted. Incorrect Answers: B: File encryption encrypts the content of a specified file to protect it from access by unauthorised users. It does not sanitise the reclaimed space on a hard drive. C: Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. It does not sanitise the reclaimed space on a hard drive. D. Storage retention, or data retention, is a policy for handling data, particularly sensitive data, within an organization. It is not related to sanitizing the reclaimed space on a hard drive. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236, 237, 252 https:// uwnthesis.wordpress.com/2013/07/10/ccleaner-how-to-configure-ccleaner-to-wipe- cluster-tips-on-drive/
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.