CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 251:
Which of the following network architecture concepts is used to securely isolate at the boundary between networks?
A. VLAN B. Subnetting C. DMZ D. NAT
C. DMZ A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. The DMZ is a buffer network between the public untrusted Internet and the private trusted LAN. Often a DMZ is deployed through the use of a multihomed firewall. Incorrect Answers: A: A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. B: Subnetting is a dividing process used on networks to divide larger groups of hosts into smaller collections. D: NAT converts the IP addresses of internal systems found in the header of network packets into public IP addresses. A demilitarized zone (DMZ) is an area of a network that is designed specifically for public users to access. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 23, 39.
Question 252:
A vulnerability assessment indicates that a router can be accessed from default port 80 and default port 22. Which of the following should be executed on the router to prevent access via these ports? (Select TWO).
A. FTP service should be disabled B. HTTPS service should be disabled C. SSH service should be disabled D. HTTP service should disabled E. Telnet service should be disabled
C. SSH service should be disabled D. HTTP service should disabled Port 80 is used by HTTP. Port 22 is used by SSH. By disabling the HTTP and Telnet services, you will prevent access to the router on ports 80 and 22. Incorrect Answers: A: FTP uses ports 20 and 21. Disabling this service will not prevent access to the router on ports 80 or 22. Therefore, this answer is incorrect. B: HTTPS uses port 443. Disabling this service will not prevent access to the router on ports 80 or 22. Therefore, this answer is incorrect. E: Telnet uses port 23. Disabling this service will not prevent access to the router on ports 80 or 22. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Question 253:
An administrator notices an unusual spike in network traffic from many sources. The administrator suspects that:
A. it is being caused by the presence of a rogue access point. B. it is the beginning of a DDoS attack. C. the IDS has been compromised. D. the internal DNS tables have been poisoned.
B. it is the beginning of a DDoS attack. A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack. Incorrect Answers: A: A rogue access point would not cause a spike in network traffic from many sources unless many computers had connected to the rogue access point and started sending lots of traffic. Therefore, this answer is incorrect. C: The question states that an administrator notices an unusual spike in network traffic from many sources. You would typically notice this on a firewall or an IDS system. It's unlikely the IDS has been compromised. A DDoS attack is far more common. Therefore, this answer is incorrect. D: DNS poisoning is the process of inserting incorrect information into DNS records. This may cause a slight increase in broadcast traffic on the network (as computers try to locate each other) but it would not cause a serious spike in network traffic. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Denial-of-service_attack
Question 254:
During a server audit, a security administrator does not notice abnormal activity. However, a network security analyst notices connections to unauthorized ports from outside the corporate network. Using specialized tools, the network security analyst also notices hidden processes running. Which of the following has MOST likely been installed on the server?
A. SPIM B. Backdoor C. Logic bomb D. Rootkit
D. Rootkit A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. A rootkit may consist of spyware and other programs that: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to escape detection. The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network. Incorrect Answers: A: SPIM is a term sometimes used to refer to spam over IM (Instant Messaging). It's also called just spam, instant spam, or IM marketing. No matter what the name, it consists of unwanted messages transmitted through some form of instant messaging service, which can include Short Message Service (SMS). SPIM is not what is described in this question. Therefore, this answer is incorrect. B: A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit. A backdoor is not what is described in this question. Therefore, this answer is incorrect. C: A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files should they ever be terminated from the company. Software that is inherently malicious, such as viruses and worms, often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. This technique can be used by a virus or worm to gain momentum and spread before being noticed. Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs". To be considered a logic bomb, the payload should be unwanted and unknown to the user of the software. As an example, trial programs with code that disables certain functionality after a set time are not normally regarded as logic bombs. A logic bomb is not what is described in this question. Therefore, this answer is incorrect. References: http://searchmidmarketsecurity.techtarget.com/definition/rootkit http://en.wikipedia.org/wiki/Logic_bomb
Question 255:
An organizations' security policy requires that users change passwords every 30 days. After a security audit, it was determined that users were recycling previously used passwords. Which of the following password enforcement policies would have mitigated this issue?
A. Password history B. Password complexity C. Password length D. Password expiration
A. Password history
Question 256:
Which of the following has serious security implications for large organizations and can potentially allow an attacker to capture conversations?
A. Subnetting B. NAT C. Jabber D. DMZ
C. Jabber Jabber is a new unified communications application and could possible expose you to attackers that want to capture conversations because Jabber provides a single interface across presence, instant messaging, voice, video messaging, desktop sharing and conferencing. Incorrect Answers: A: Subnetting means that you make use of a subnet mask value to divide a network into smaller components. In essence this gives you more networks, but a smaller number of hosts available on each, thus making your network more secure and manageable. B: Network Address Translation is meant to extend the number of usable internet addresses sin that it allows a company to present a single address to the Internet for all computer connections. But NAT also acts a a fire wall and effectively hides your network from the world. D: A DMZ (demilitarized zone) is an area in a network that allows restrictive access to untrusted users and isolates the internal network from access by external users and systems. It does so by using routers and firewalls to limit access to sensitive network resources. References: http://www.cisco.com/web/about/ac49/ac0/ac1/ac258/JabberInc.html Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 87-88, 93
Question 257:
Matt, a security administrator, wants to configure all the switches and routers in the network in order to securely monitor their status. Which of the following protocols would he need to configure on each device?
A. SMTP B. SNMPv3 C. IPSec D. SNMP
B. SNMPv3 Currently, SNMP is predominantly used for monitoring and performance management. SNMPv3 defines a secure version of SNMP and also facilitates remote configuration of the SNMP entities. Incorrect Answers: A: SMTP is the email-forwarding protocol used on the Internet and intranets. C: IPSec provides for encryption security using symmetric cryptography. This means communication partners use shared secret keys to encrypt and decrypt traffic over the IPSec VPN link. D: You can use SNMP to interact with several network devices to acquire status information, performance data, statistics, and configuration details via a management console. References: http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 40, 42, 50.
Question 258:
A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks. Which of the following is MOST likely the reason for the sub-interfaces?
A. The network uses the subnet of 255.255.255.128. B. The switch has several VLANs configured on it. C. The sub-interfaces are configured for VoIP traffic. D. The sub-interfaces each implement quality of service.
B. The switch has several VLANs configured on it. A subinterface is a division of one physical interface into multiple logical interfaces. Routers commonly employ subinterfaces for a variety of purposes, most common of these are for routing traffic between VLANs. Also, IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network. Incorrect Answers: A, C, D: Subnets, VoIP, and QoS do not make use of this standard. References: http://en.wikipedia.org/wiki/Subinterface http://en.wikipedia.org/wiki/IEEE_802.1Q
Question 259:
Joe must send Ann a message and provide Ann with assurance that he was the actual sender. Which of the following will Joe need to use to BEST accomplish the objective?
A. A pre-shared private key B. His private key C. Ann's public key D. His public key
B. His private key
Question 260:
A security administrator must implement a wireless encryption system to secure mobile devices' communication. Some users have mobile devices which only support 56-bit encryption. Which of the following wireless encryption methods should be implemented?
A. RC4 B. AES C. MD5 D. TKIP
A. RC4 RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS. Incorrect Answers: B: AES supports key sizes of 128, 192, and 256 bits, with 128 bits being the default. Advanced Encryption Standard (AES) has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is the current product used by U.S. governmental agencies. C: The Message Digest Algorithm (MD) creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2. MD4 was used by NTLM (discussed in a moment) to compute the NT Hash. MD5 is the newest version of the algorithm. It produces a 128-bit hash. D: To strengthen WEP encryption, a Temporal Key Integrity Protocol (TKIP) was employed. This placed a 128-bit wrapper around the WEP encryption with a key that is based on things such as the MAC address of the destination device and the serial number of the packet. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 171, 250, 251, 255
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.