CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 261:
Maintenance workers find an active network switch hidden above a dropped-ceiling tile in the CEO's office with various connected cables from the office. Which of the following describes the type of attack that was occurring?
A. Spear phishing B. Packet sniffing C. Impersonation D. MAC flooding
B. Packet sniffing A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing packets sent from a computer system is known as packet sniffing. However, packet sniffing requires a physical connection to the network. The switch hidden in the ceiling is used to provide the physical connection to the network. Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal). A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer. Incorrect Answers: A: Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority. The attack described in this question is not an example of spear phishing. Therefore, this answer is incorrect. C: Impersonation is where a person, computer, software application or service pretends to be someone it's not. Impersonation is commonly non-maliciously used in client/server applications. However, it can also be used as a security threat. However, the attack described in this question is not an example of impersonation. Therefore, this answer is incorrect. D: In computer networking, MAC flooding is a technique employed to compromise the security of network switches. Switches maintain a MAC Table that maps individual MAC addresses on the network to the physical ports on the switch. This allows the switch to direct data out of the physical port where the recipient is located, as opposed to indiscriminately broadcasting the data out of all ports as a hub does. The advantage of this method is that data is bridged exclusively to the network segment containing the computer that the data is specifically destined for. In a typical MAC flooding attack, a switch is fed many Ethernet frames, each containing different source MAC addresses, by the attacker. The intention is to consume the limited memory set aside in the switch to store the MAC address table. The attack described in this question is not an example of MAC flooding. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Packet_analyzer http://en.wikipedia.org/wiki/MAC_flooding
Question 262:
In order for Sara, a client, to logon to her desktop computer, she must provide her username, password, and a four digit PIN. Which of the following authentication methods is Sara using?
A. Three factor B. Single factor C. Two factor D. Four factor
B. Single factor Single-factor authentication is when only one authentication factor is used. In this case, Something you know is being used as an authentication factor. Username, password, and PIN form part of Something you know. Incorrect Answers: A: Three factor authentication is when three different authentication factors are provided for authentication purposes. C: Two-factor authentication is when two different authentication factors are provided for authentication purposes. D: Four factor authentication is when four different authentication factors are provided for authentication purposes. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 280.
Question 263:
Which of the following BEST allows Pete, a security administrator, to determine the type, source, and flags of the packet traversing a network for troubleshooting purposes?
A. Switches B. Protocol analyzers C. Routers D. Web security gateways
B. Protocol analyzers A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. By capturing and analyzing the packets, Pete will be able to determine the type, source, and flags of the packets traversing a network for troubleshooting purposes. Well known software protocol analyzers include Message Analyzer (formerly Network Monitor) from Microsoft and Wireshark (formerly Ethereal). Incorrect Answers: A: A switch is a network device that Ethernet cables plug in to. The switch will direct traffic received on one switch port out on one or more other switch ports based on the MAC address of the destination computer(s). A switch receives and transmits network packets. It is not used to examine the contents of the packets to view the type, source, and flags of the packets. Therefore, this answer is incorrect. C: A router is a network device that routes data traffic according to the IP address of the destination computer(s). A router receives and transmits network packets. It is not used to examine the contents of the packets to view the type, source, and flags of the packets. Therefore, this answer is incorrect. D: A web security gateway can be thought of as a proxy server (performing proxy and caching functions) with web protection software built in. Depending on the vendor, the "web protection" can range from a standard virus scanner on incoming packets to monitoring outgoing user traffic for red flags as well. Potential red flags that the gateway can detect and/or prohibit include inappropriate content, trying to establish a peer-to-peer connection with a file-sharing site, instant messaging, and unauthorized tunneling. You can configure most web security gateways to block known HTTP/HTML exploits, strip ActiveX tags, strip Java applets, and block/strip cookies. A web security gateway is not used to examine the contents of the packets to view the type, source, and flags of the packets. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Wireshark Comptia Security + Study Guide. Page 103 Web Security Gateway
Question 264:
Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed.
Which of the following would be the BEST control to implement?
A. File encryption B. Printer hardening C. Clean desk policies D. Data loss prevention
D. Data loss prevention Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. This would address the concerns of the auditors. Incorrect Answers: A: File encryption is used to protect data not to prevent legitimate users from accessing the data and working with it. B: Printer hardening does not mean that the staff members may not print the files. Rather it is the files that are already printed that raised the concern. C: Clean Desk Policy Information on a desk refers to the printouts, pads of note paper, sticky notes, and the like; can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. However in this case the actual printed files and its destruction is of concern. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 369
Question 265:
A company hired Joe, an accountant. The IT administrator will need to create a new account for Joe. The company uses groups for ease of management and administration of user accounts. Joe will need network access to all directories, folders and files within the accounting department.
Which of the following configurations will meet the requirements?
A. Create a user account and assign the user account to the accounting group. B. Create an account with role-based access control for accounting. C. Create a user account with password reset and notify Joe of the account creation. D. Create two accounts: a user account and an account with full network administration rights.
B. Create an account with role-based access control for accounting. Role-based Access Control is basically based on a user's job description. When a user is assigned a specific role in an environment, that user's access to objects is granted based on the required tasks of that role. The IT administrator should, therefore, create an account with role- based access control for accounting for Joe. Incorrect Answers: A: Assigning Joe's user account to the accounting group will not necessarily allow Joe the required access, as different users require different access. C: Creating a user account with password reset will not allow Joe the required access, as permissions still have to be granted. D: Doing this will give Joe more rights than is required. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 82, 280.
Question 266:
Matt, an administrator, is concerned about the wireless network being discovered by war driving. Which of the following can be done to mitigate this?
A. Enforce a policy for all users to authentic through a biometric device. B. Disable all SSID broadcasting. C. Ensure all access points are running the latest firmware. D. Move all access points into public access areas.
B. Disable all SSID broadcasting. B: War driving is the act of using a detection tool to look for wireless networking signals. The setting making a wireless network closed (or at least hidden) is the disabling of service set identifier (SSID) broadcasting. Thus by disabling all SSID broadcasting you can mitigate the risk of war driving. Incorrect Answers: A: A biometric device is used as a physical security device granting access based on uniquely identifiable characteristic/traits it is not done to mitigate the risk of war driving. C: Running the latest firmware does not mean that you disabled SSID broadcasting which is essential if you want to mitigate the risk of war driving. D: Moving all access points into public access areas will not mitigate the risk of war driving, rather it would facilitate it. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 185.
Question 267:
A corporation is looking to expand their data center but has run out of physical space in which to store hardware. Which of the following would offer the ability to expand while keeping their current data center operated by internal staff?
A. Virtualization B. Subnetting C. IaaS D. SaaS
A. Virtualization Virtualization allows a single set of hardware to host multiple virtual machines. Incorrect Answers: B: Subnetting is how networks are divided. C, D: These are models of Cloud Computing. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 17, 19, 89.
Question 268:
Which of the following security architecture elements also has sniffer functionality? (Select TWO).
A. HSM B. IPS C. SSL accelerator D. WAP E. IDS
B. IPS E. IDS Sniffer functionality means the ability to capture and analyze the content of data packets as they are transmitted across the network. IDS and IPS systems perform their functions by capturing and analyzing the content of data packets. An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of "flavors" and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization. IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack's content. Incorrect Answers: A: A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. An HSM does not have sniffer functionality. Therefore, this answer is incorrect. C: SSL acceleration is a method of offloading the processor-intensive public-key encryption algorithms involved in SSL transactions to a hardware accelerator. An SSL accelerator does not have sniffer functionality. Therefore, this answer is incorrect. D: A WAP (Wireless Access Point) is a device used to create a wireless network. A WAP receives and transmits data packets over a wireless network connection. However, a WAP does not have sniffer functionality. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Intrusion_detection_system http://en.wikipedia.org/wiki/Hardware_security_module http://en.wikipedia.org/wiki/SSL_acceleration
Question 269:
Which of the following would MOST likely involve GPS?
A. Wardriving B. Protocol analyzer C. Replay attack D. WPS attack
A. Wardriving
Question 270:
Connections using point-to-point protocol authenticate using which of the following? (Select TWO).
A. RIPEMD B. PAP C. CHAP D. RC4 E. Kerberos
B. PAP C. CHAP B: A password authentication protocol (PAP) is an authentication protocol that uses a password. PAP is used by Point to Point Protocol to validate users before allowing them access to server resources. C: CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. Incorrect Answers: A: RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a family of cryptographic hash functions. RIPEMD is not used for point-to-point protocol authentication. D: RC4 is not used for point-to-point protocol authentication. RC4 (Rivest Cipher 4) is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS). E: Kerberos is primarily at aimed a clientserver model, not at point-to-point connections, and it provides mutual authentication--both the user and the server verify each other's identity. It works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 139, 147-148, 251, 255
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.