CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 241:
A system administrator is using a packet sniffer to troubleshoot remote authentication. The administrator detects a device trying to communicate to TCP port 49. Which of the following authentication methods is MOST likely being attempted?
A. RADIUS B. TACACS+ C. Kerberos D. LDAP
B. TACACS+ TACACS makes use of TCP port 49 by default. Incorrect Answers: A: RADIUS makes use of UDP only. C, D: Kerberos and LDAP do not make use of TCP port 49. References: http://en.wikipedia.org/wiki/TACACS http://en.wikipedia.org/wiki/RADIUS http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Question 242:
A network administrator has recently updated their network devices to ensure redundancy is in place so that:
A. switches can redistribute routes across the network. B. environmental monitoring can be performed. C. single points of failure are removed. D. hot and cold aisles are functioning.
C. single points of failure are removed. Redundancy refers to systems that either are duplicated or fail over to other systems in the event of a malfunction. The best way to remove an SPOF from your environment is to add redundancy. Incorrect Answers: A: Redistribution of routes is not the purpose of redundancy. B: Environmental monitoring is concerned with water and flood damage as well as fire suppression and redundancy is concerned with availability of resources. D: Hot and cold aisles in server rooms are concerned with cooling the servers and equipment in the server room. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 30, 32, 382-383
Question 243:
A supervisor in the human resources department has been given additional job duties in the accounting department. Part of their new duties will be to check the daily balance sheet calculations on spreadsheets that are restricted to the accounting group. In which of the following ways should the account be handled?
A. The supervisor should be allowed to have access to the spreadsheet files, and their membership in the human resources group should be terminated. B. The supervisor should be removed from the human resources group and added to the accounting group. C. The supervisor should be added to the accounting group while maintaining their membership in the human resources group. D. The supervisor should only maintain membership in the human resources group.
C. The supervisor should be added to the accounting group while maintaining their membership in the human resources group. You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). By assigning the human resources supervisor's user account to the group means the supervisor will inherit the permissions of that group, and allow him to carry out the new duties. Because the new duties are being added to his normal duties, maintaining membership in the human resources group will allow the supervisor to continue performing his normal duties. Incorrect Answers: A: Because the new duties are being added to his normal duties, terminating the supervisor's membership in the human resources group will prevent the supervisor from carrying out his normal duties as he will no longer have the required permissions. B: Because the new duties are being added to his normal duties, removing the supervisor from the human resources group will prevent the supervisor from carrying out his normal duties as he will no longer have the required permissions. D: Maintaining the supervisor's membership in the human resources group only, will prevent the supervisor from carrying out his additional duties in the accounting department as the supervisor will not have the required permissions. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 294.
Question 244:
A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered.
Which of the following is occurring?
A. The user is encrypting the data in the outgoing messages. B. The user is using steganography. C. The user is spamming to obfuscate the activity. D. The user is using hashing to embed data in the emails.
B. The user is using steganography. Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. It is also the process of hiding a message in a medium such as a digital image, audio fi le, or other fi le. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message. Incorrect Answers: A: Encrypting data means securing the data. C: Spamming is any unwanted email. D: Hashing refers to the hash algorithms used in cryptography. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 248, 255, 261
Question 245:
The Chief Information Officer (CIO) has mandated web based Customer Relationship Management (CRM) business functions be moved offshore to reduce cost, reduce IT overheads, and improve availability. The Chief Risk Officer (CRO) has agreed with the CIO's direction but has mandated that key authentication systems be run within the organization's network. Which of the following would BEST meet the CIO and CRO's requirements?
A. Software as a Service B. Infrastructure as a Service C. Platform as a Service D. Hosted virtualization service
A. Software as a Service Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. Incorrect Answers: B: In an IaaS model, a third-party provider hosts hardware, software, servers, storage and other infrastructure components on behalf of its users. IaaS providers also host users' applications and handle tasks including system maintenance, backup and resiliency planning. C: Platform as a service (PaaS) is a cloud computing model that delivers applications over the Internet. In a PaaS model, a cloud provider delivers hardware and software tools (usually those needed for application development) to its users as a service. D: It is used to provide software development and QA/testing teams access to dependent system components that are needed to exercise an application under test (AUT), but are unavailable or difficult-to-access for development and testing purposes. References: http://searchcloudcomputing.techtarget.com/definition/Software-as-a-Service http://searchcloudcomputing.techtarget.com/definition/Infrastructure-as-a-Service- IaaS http://searchcloudcomputing.techtarget.com/definition/Platform-as-aService-PaaS http://en.wikipedia.org/wiki/Service_virtualization
Question 246:
A security analyst discovered data such as images and word documents hidden within different types of files. Which of the following cryptographic concepts describes what was discovered?
A. Symmetric encryption B. Non-repudiation C. Steganography D. Hashing
C. Steganography Steganography is the process of concealing a file, message, image, or video within another file, message, image, or video. Note: The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable will arouse interest, and may in themselves be incriminating in countries where encryption is illegal. Thus, whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent, as well as concealing the contents of the message. Incorrect Answers: A: Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. B: Nonrepudiation prevents one party from denying actions they carried out. D: A hash function is used to map digital data of variable size to digital data of fixed length. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 249-252, 255, 262, 323 http://en.wikipedia.org/wiki/Steganography
Question 247:
Which of the following MUST Matt, a security administrator, implement to verify both the integrity and authenticity of a message while requiring a shared secret?
A. RIPEMD B. MD5 C. SHA D. HMAC
D. HMAC HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key. The hashing function provides data integrity, while the symmetric key provides authenticity. Incorrect Answers: A: RIPEMD is a hashing function only and will not provide authenticity. The RACE Integrity Primitives Evaluation Message Digest (RIPEMD) algorithm was based on MD4. There were questions regarding its security, and it has been replaced by RIPEMD-160, which uses 160 bits. B: MD5 is a hashing function only and will not provide authenticity. The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2. C: SHA is a hashing function only and will not provide authenticity. The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 139, 255, 260
Question 248:
Pete, the security engineer, would like to prevent wireless attacks on his network. Pete has implemented a security control to limit the connecting MAC addresses to a single port. Which of the following wireless attacks would this address?
A. Interference B. Man-in-the-middle C. ARP poisoning D. Rogue access point
D. Rogue access point MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. In this question, a rogue access point would need to be able to connect to the network to provide access to network resources. If the MAC address of the rogue access point isn't allowed to connect to the network port, then the rogue access point will not be able to connect to the network. Incorrect Answers: A: There can be many sources of interference to network communications especially in wireless networks. However, limiting the MAC addresses that can connect to a network port will not prevent interference. Therefore, this answer is incorrect. B: In cryptography and computer security, a man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle. Limiting the MAC addresses that can connect to a network port is not used to prevent man-in-the-middle attacks. Therefore, this answer is incorrect. C: Address Resolution Protocol poisoning (ARP poisoning) is a form of attack in which an attacker changes the Media Access Control (MAC) address and attacks an Ethernet LAN by changing the target computer's ARP cache with a forged ARP request and reply packets. This modifies the layer -Ethernet MAC address into the hacker's known MAC address to monitor it. Because the ARP replies are forged, the target computer unintentionally sends the frames to the hacker's computer first instead of sending it to the original destination. As a result, both the user's data and privacy are compromised. An effective ARP poisoning attempt is undetectable to the user. ARP poisoning is also known as ARP cache poisoning or ARP poison routing (APR). Limiting the MAC addresses that can connect to a network port is not used to prevent ARP poisoning. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/MAC_filtering http://www.techopedia.com/definition/27471/address-resolution-protocol-poisoning-arp- poisoning
Question 249:
Which of the following is the MOST intrusive type of testing against a production system?
A. White box testing B. War dialing C. Vulnerability testing D. Penetration testing
D. Penetration testing Penetration testing is the most intrusive type of testing because you are actively trying to circumvent the system's security controls to gain access to the system. Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings. The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents. Penetration tests are sometimes called white hat attacks because in a pen test, the good guys are attempting to break in. Pen test strategies include: Targeted testing Targeted testing is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights-turned-on" approach because everyone can see the test being carried out. External testing This type of pen test targets a company's externally visible servers or devices including domain name servers (DNS), e-mail servers, Web servers or firewalls. The objective is to find out if an outside attacker can get in and how far they can get in once they've gained access. Internal testing This test mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause. Blind testing A blind test strategy simulates the actions and procedures of a real attacker by severely limiting the information given to the person or team that's performing the test beforehand. Typically, they may only be given the name of the company. Because this type of test can require a considerable amount of time for reconnaissance, it can be expensive. Double blind testing Double blind testing takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double- blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures. Incorrect Answers: A: White box testing is a software testing technique whereby explicit knowledge of the internal workings of the item being tested are used to select the test data. Unlike black box testing, white box testing uses specific knowledge of programming code to examine outputs. The test is accurate only if the tester knows what the program is supposed to do. He or she can then see if the program diverges from its intended goal. White box testing does not account for errors caused by omission, and all visible code must also be readable. White box testing is used to test the code of an application. It is not used to test the security controls of a production system. Therefore, this answer is incorrect. B: War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines. It is not used to test the security controls of a production system. Therefore, this answer is incorrect. C: A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates. A vulnerability scan is considered passive in that it doesn't actually attempt to circumvent the security controls of a system to gain access (unlike a penetration test). Therefore, this answer is incorrect. References: http://searchsoftwarequality.techtarget.com/definition/penetration-testing http://www.webopedia.com/TERM/W/White_Box_Testing.html http://en.wikipedia.org/wiki/War_dialing
Question 250:
A user has received an email from an external source which asks for details on the company's new product line set for release in one month. The user has a detailed spec sheet but it is marked "Internal Proprietary Information". Which of the following should the user do NEXT?
A. Contact their manager and request guidance on how to best move forward B. Contact the help desk and/or incident response team to determine next steps C. Provide the requestor with the email information since it will be released soon anyway D. Reply back to the requestor to gain their contact information and call them
B. Contact the help desk and/or incident response team to determine next steps This is an incident that has to be responded to by the person who discovered it- in this case the user. An incident is any attempt to violate a security policy, a successful penetration, a compromise of a system, or any unauthorized access to information. It's important that an incident response policy establish at least the following items: Outside agencies that should be contacted or notified in case of an incident Resources used to deal with an incident Procedures to gather and secure evidence List of information that should be collected about an incident Outside experts who can be used to address issues if needed Policies and guidelines regarding how to handle an incident Since the spec sheet has been marked Internal Proprietary Information the user should refer the incident to the incident response team. Incorrect Answers: A: The manager may or may not be part of the incident response team. C: The information has been marked Internal Proprietary Information and providing the information to the requestor would be in violation to the company. D: You should have the incident response team handle the situation rather than addressing the issue yourself. References: Du Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 444-447
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.