CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 281:
After a security incident involving a physical asset, which of the following should be done at the beginning?
A. Record every person who was in possession of assets, continuing post-incident. B. Create working images of data in the following order: hard drive then RAM. C. Back up storage devices so work can be performed on the devices immediately. D. Write a report detailing the incident and mitigation suggestions.
A. Record every person who was in possession of assets, continuing post-incident. Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user. Incorrect Answers: B: Creating images of the data on the hard drive and RAM addresses concerns about digital assets, not physical assets. C: Creating a backup of the storage device addresses concerns about digital assets, not physical assets. D: The writing of a report detailing the incident and mitigation suggestions occurs after an incident has been contained. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 95, 106-108, 238
Question 282:
Which of the following should Pete, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from their company?
A. Privacy Policy B. Least Privilege C. Acceptable Use D. Mandatory Vacations
D. Mandatory Vacations A mandatory vacation policy requires all users to take time away from work to refresh. But not only does mandatory vacation give the employee a chance to refresh, but it also gives the company a chance to make sure that others can fill in any gaps in skills and satisfies the need to have replication or duplication at all levels as well as an opportunity to discover fraud. Incorrect Answers: A: Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document that outlines how data collected is secured B: Least privilege is usually employed to assign users only the required permissions to do only their duties and no more. C: Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 25
Question 283:
Which of the following security account management techniques should a security analyst implement to prevent staff, who has switched company roles, from exceeding privileges?
A. Internal account audits B. Account disablement C. Time of day restriction D. Password complexity
A. Internal account audits Internal account auditing will allow you to switch the appropriate users to the proper accounts required after the switching of roles occurred and thus check that the principle of least privilege is followed. Incorrect Answers: B: Account disablement will prevent staff from being able to log on in any capacity which means that they will not be able to perform their duties. C: Almost every operating system--server and workstation--allows you to configure WHEN an account can have access to the system. `When' is a time restraint and not switching roles. These will only make accounts valid for certain times as per the policy. D: Password complexity will make passwords more secure and more difficult for miscreants to break it and log in to that user's account. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 140, 154
Question 284:
Ann is the data owner of financial records for a company. She has requested that she have the ability to assign read and write privileges to her folders. The network administrator is tasked with setting up the initial access control system and handing Ann's administrative capabilities. Which of the following systems should be deployed?
A. Role-based B. Mandatory C. Discretionary D. Rule-based
C. Discretionary
Question 285:
Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?
A. Input validation B. Exception handling C. Application hardening D. Fuzzing
D. Fuzzing Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks. Incorrect Answers: A: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain. B: Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application. C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services. References: http://en.wikipedia.org/wiki/Fuzz_testing Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 218, 257 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 229, 230, 319
Question 286:
Which of the following utilities can be used in Linux to view a list of users' failed authentication attempts?
A. badlog B. faillog C. wronglog D. killlog
B. faillog var/log/faillog - This Linux log fi le contains failed user logins. You'll find this log useful when tracking attempts to crack into your system. /var/log/apport.log This log records application crashes. Sometimes these can reveal attempts to compromise the system or the presence of a virus or spyware. Incorrect Answers: A, C, D: These are not files that can be found under the /var/log Directory as used in Linux. References: http://www.thegeekstuff.com/2011/08/linux-var-log-files/ Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 47
Question 287:
Which of the following is a management control?
A. Logon banners B. Written security policy C. SYN attack prevention D. Access Control List (ACL)
B. Written security policy Management control types include risk assessment, planning, systems and Services Acquisition as well as Certification, Accreditation and Security Assessment; and written security policy falls in this category. Incorrect Answers: A: Logon banners are configuration management which is an operational control type. C: SYN attack prevention is done by exercising technical control measures. D: ACLs are technical control measures. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 27
Question 288:
Which of the following is a best practice when a mistake is made during a forensics examination?
A. The examiner should verify the tools before, during, and after an examination. B. The examiner should attempt to hide the mistake during cross-examination. C. The examiner should document the mistake and workaround the problem. D. The examiner should disclose the mistake and assess another area of the disc.
C. The examiner should document the mistake and workaround the problem. Every step in an incident response should be documented, including every action taken by end users and the incident-response team. Incorrect Answers: A: Verifying the tools may help prevent the occurrence of a mistake during a forensic examination by does not address the actions to be taken should a mistake be made. B: Hiding the mistake is not advisable as it would compromise the examination and would most likely be detected during the writing of the incident report. D: Rather than changing area of examination once the mistake has been acknowledged, ways of working around and overcoming the mistake should be taken. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 104
Question 289:
Joe, the Chief Technical Officer (CTO), is concerned about new malware being introduced into the corporate network. He has tasked the security engineers to implement a technology that is capable of alerting the team when unusual traffic is on the network. Which of the following types of technologies will BEST address this scenario?
A. Application Firewall B. Anomaly Based IDS C. Proxy Firewall D. Signature IDS
B. Anomaly Based IDS Anomaly-based detection watches the ongoing activity in the environment and looks for abnormal occurrences. An anomaly-based monitoring or detection method relies on definitions of all valid forms of activity. This database of known valid activity allows the tool to detect any and all anomalies. Anomaly-based detection is commonly used for protocols. Because all the valid and legal forms of a protocol are known and can be defined, any variations from those known valid constructions are seen as anomalies. Incorrect Answers: A: An application aware firewall provides filtering services for specific applications. C: Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data and makes rule-based decisions about whether the request should be forwarded or refused. The proxy intercepts all of the packets and reprocesses them for use internally. D: A signature-based monitoring or detection method relies on a database of signatures or patterns of known malicious or unwanted activity. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 16, 20. Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 98.
Question 290:
The Human Resources department has a parent shared folder setup on the server. There are two groups that have access, one called managers and one called staff. There are many sub folders under the parent shared folder, one is called payroll. The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission. Which of the following is the quickest way to prevent the staff group from gaining access to the payroll folder?
A. Remove the staff group from the payroll folder B. Implicit deny on the payroll folder for the staff group C. Implicit deny on the payroll folder for the managers group D. Remove inheritance from the payroll folder
B. Implicit deny on the payroll folder for the staff group Implicit deny is the default security stance that says if you aren't specifically granted access or privileges for a resource, you're denied access by default. Incorrect Answers: A: This will not work because the question states: "The parent folder access control list propagates all subfolders and all subfolders inherit the parent permission." C: This will deny access for the managers group. D: Removing inheritance from the payroll folder will also affect the manages group. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 26, 44.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.