CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 21:
A security administrator wishes to increase the security of the wireless network. Which of the following BEST addresses this concern?
A. Change the encryption from TKIP-based to CCMP-based. B. Set all nearby access points to operate on the same channel. C. Configure the access point to use WEP instead of WPA2. D. Enable all access points to broadcast their SSIDs.
A. Change the encryption from TKIP-based to CCMP-based. CCMP makes use of 128-bit AES encryption with a 48-bit initialization vector. This initialization vector makes cracking a bit more difficult. Incorrect Answers: B: Wireless APs with overlapping signals should use unique channel frequencies to reduce interference between them. C: WEP is not a secure encryption protocol. D: This will make the network visible, and open for attacks. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 172, 178. https://technet.microsoft.com/en-us/library/cc783011(v=ws.10).aspx
Question 22:
The use of social networking sites introduces the risk of:
A. Disclosure of proprietary information B. Data classification issues C. Data availability issues D. Broken chain of custody
A. Disclosure of proprietary information People and processes must be in place to prevent the unauthorized disclosure or proprietary information and sensitive information s these pose a security risk to companies. With social networking your company can be exposed to as many threats as the amount of users that make use of social networking and are not advised on security policy regarding the use of social networking. Incorrect Answers: B: Data classification refers to the categories that data can be divided into and of more concern would be the disclosure of proprietary information when using social networking sites. C: Availability would not be the issue here, but rather the over exposure/over availability of your data. D: Chain of custody issues is part of basic forensic procedures. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 335, 409- 410
Question 23:
A company determines a need for additional protection from rogue devices plugging into physical ports around the building.
Which of the following provides the highest degree of protection from unauthorized wired network access?
A. Intrusion Prevention Systems B. MAC filtering C. Flood guards D. 802.1x
D. 802.1x IEEE 802.1x is an IEEE Standard for Port-based Network Access Control (PNAC). It is part of the IEEE 802.1 group of networking protocols and provides an authentication mechanism to wireless devices connecting to a LAN or WLAN. Incorrect Answers: A: Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Plugging a device into the network would not be considered malicious activity so the IPS would not prevent it. B: MAC filtering is typically used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. C: Flood guards are used to prevent network flooding attacks such as DoS, SYN floods, ping floods etc. They are not used to prevent devices connecting to a network. References: http://en.wikipedia.org/wiki/IEEE_802.1X http://en.wikipedia.org/wiki/MAC_filtering http://en.wikipedia.org/wiki/Intrusion_prevention_system
Question 24:
Ann is an employee in the accounting department and would like to work on files from her home computer. She recently heard about a new personal cloud storage service with an easy web interface. Before uploading her work related files into the cloud for access, which of the following is the MOST important security concern Ann should be aware of?
A. Size of the files B. Availability of the files C. Accessibility of the files from her mobile device D. Sensitivity of the files
D. Sensitivity of the files
Question 25:
FTP/S uses which of the following TCP ports by default?
A. 20 and 21 B. 139 and 445 C. 443 and 22 D. 989 and 990
D. 989 and 990 FTPS uses ports 989 and 990. Incorrect Answers: A: FTP makes use of ports 20 and 21. B: Port 139 is used by NetBIOS, and port 445 is used by Microsoft-DS. C: Port 443 is used by HTTPS, and port 22 is used by SSH and SCP. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 81-83. http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Question 26:
Which of the following can be implemented if a security administrator wants only certain devices connecting to the wireless network?
A. Disable SSID broadcast B. Install a RADIUS server C. Enable MAC filtering D. Lowering power levels on the AP
C. Enable MAC filtering MAC filtering is commonly used in wireless networks. In computer networking, MAC Filtering (or GUI filtering, or layer 2 address filtering) refers to a security access control method whereby the 48-bit address assigned to each network card is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that he or she would use to access the network. Incorrect Answers: A: Disabling SSID broadcasting for the wireless network would make the network invisible to users' computers. The user would need to know the name (SSID) of the network and enter it manually in order to connect to the network. However, it does not prevent access to the network by anyone that knows the SSID of the wireless network. Therefore, this answer is incorrect. B: A RADIUS server is a server with a database of user accounts and passwords used as a central authentication database for users requiring network access. It is used by wireless networks that require WPA-Enterprise security. It can restrict which users can log on to the wireless network. However, it does not restrict which devices can connect to the wireless network. Therefore, this answer is incorrect. D: Lowering the power levels on the access point would reduce the range of the wireless network. However, it does not restrict which devices (within range) can connect to the wireless network. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/MAC_filtering
Question 27:
Matt, an IT administrator, wants to protect a newly built server from zero day attacks. Which of the following would provide the BEST level of protection?
A. HIPS B. Antivirus C. NIDS D. ACL
A. HIPS Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are, unlike intrusion detection systems, intrusion prevention systems are placed in- line and are able to actively prevent/ block intrusions that are detected. More specifically, IPS can take such actions as sending an alarm, dropping the malicious packets, resetting the connection and/ or blocking the traffic from the offending IP address. An IPS can also correct Cyclic Redundancy Check (CRC) errors, unfragment packet streams, prevent TCP sequencing issues, and clean up unwanted transport and network layer options. Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. A Host-based intrusion prevention system (HIPS) is an installed software package which monitors a single host for suspicious activity by analyzing events occurring within that host. As a zero-day attack is an unknown vulnerability (a vulnerability that does not have a fix or a patch to prevent it), the best defence would be an intrusion prevention system. Incorrect Answers: B: Antivirus software provides protection against KNOWN viruses. As a zero-day attack is an unknown vulnerability (a vulnerability that does not have a fix or a patch to prevent it) antivirus software cannot protect against it. This answer is therefore incorrect. C: NIDS (network intrusion detection systems) are designed to detect attempts to gain access to the network. We need to protect a server from zero day attacks, not the network. This answer is therefore incorrect. D: This question asks for the BEST option. A HIPS may be able to detect a zero day attack and is therefore a better option. An ACL (access control list) can only restrict access to resources. This answer is therefore incorrect. References: http://en.wikipedia.org/wiki/Intrusion_prevention_system
Question 28:
Which of the following is an example of multifactor authentication?
A. Credit card and PIN B. Username and password C. Password and PIN D. Fingerprint and retina scan
A. Credit card and PIN A credit card is a memory card that functions a type of two-factor authentication. The card is something you have, and its PIN is something you know. Multifactor authentication requires a user to provide two or more different types of authentication factors to prove their identity. Incorrect Answers: B, C, D: Each of these options offers 2 authentication factors. Each authentication factor pair is, however, of the same type. Username and password something you know. Password and PIN something you know. Fingerprint and retina scan something you are. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 280, 282.
Question 29:
A new intern was assigned to the system engineering department, which consists of the system architect and system software developer's teams. These two teams have separate privileges. The intern requires privileges to view the system
architectural drawings and comment on some software development projects.
Which of the following methods should the system administrator implement?
A. Group based privileges B. Generic account prohibition C. User access review D. Credential management
A. Group based privileges You can assign permissions to access resources either to a user or a group. The most efficient way is to assign permissions to a group (group based privileges). By assigning the intern's user account to both groups, the intern will inherit the permissions assigned to those groups. Incorrect Answers: B: Generic account prohibition is a rule that states no generic, shared, or anonymous accounts should be allowed in private networks or on any system where security is important. This will not allow the intern to view the system architectural drawings and comment on some software development projects. C: User access reviews are performed to conclude whether users have been performing their work tasks correctly or if there have been failed and/or successful attempts at violating company policies or the law. This will not allow the intern to view the system architectural drawings and comment on some software development projects. D: Credential management is a service or software product that is designed to store and manage user credentials. It allows users to specify longer and more random credentials for their different accounts without having to remember or writing them down. This will not allow the intern to view the system architectural drawings and comment on some software development projects. References: https://technet.microsoft.com/en-gb/library/cc786285%28v=ws.10%29.aspx Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 291- 294.
Question 30:
The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?
A. TwoFish B. SHA-512 C. Fuzzy hashes D. HMAC
C. Fuzzy hashes Hashing is used to ensure that a message has not been altered. It can be useful for positively identifying malware when a suspected file has the same hash value as a known piece of malware. However, modifying a single bit of a malicious file will alter its hash value. To counter this, a continuous stream of hash values is generated for rolling block of code. This can be used to determine the similarity between a suspected file and known pieces of malware. Incorrect Answers: A: Twofish is a block cipher algorithm that operates on 128-bit blocks of data and can use cryptographic keys of up to 256 bits in length. It is used to provide confidentiality protection of data. B: SHA-512 is a version of Secure Hash Algorithm (SHA) and is a 512-bit hash algorithm that can be used for hashing. Hashing is not an encryption algorithm but the hash can be used to verify that the data has not been altered. D: Hash-based Message Authentication Code (HMAC) is a hash algorithm that guarantees the integrity of a message during transmission, but does not provide non-repudiation. References: http://blog.sei.cmu.edu/post.cfm/fuzzy-hashing-techniques-in-applied-malware-analysis Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 332-333, 336
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.