CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 301:
Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives?
A. Virtualization B. Remote access C. Network access control D. Blade servers
A. Virtualization Because Virtualization allows a single set of hardware to host multiple virtual machines, it requires less hardware to maintain the current scenario. Incorrect Answers: B: Remote Access Services (RAS) refers to any server service that offers the ability to connect remote systems. It will not, however, reduce the number of physical servers. C: Operational security issues include network access control (NAC), authentication, and security topologies after the network installation is complete. Operational security encompasses everything that isn't related to design or physical security in your network. Instead of focusing on the physical components where the data is stored, the focus is on the topology and connections. D: A blade server is a stripped down server computer with a modular design optimized to minimize the use of physical space and energy. It will not, however, reduce the number of physical servers. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 19, 92, 95. http://en.wikipedia.org/wiki/Blade_server
Question 302:
An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests. Which of the following describes how this private key should be stored so that it is protected from theft?
A. Implement full disk encryption B. Store on encrypted removable media C. Utilize a hardware security module D. Store on web proxy file system
C. Utilize a hardware security module Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates. Incorrect Answers: A: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. B: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. Moving it to removable media would not improve its security as the removable media would need to be attacked to the web proxy if the SSL/TLS private keys are to be used effectively. D: The SSL/TLS private key needs to be installed on the web proxy in order to inspect HTTPS requests. However, simply installing it on the file system does not improve it's security. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236,
Question 303:
Which of the following types of application attacks would be used to specifically gain unauthorized information from databases that did not have any input validation implemented?
A. SQL injection B. Session hijacking and XML injection C. Cookies and attachments D. Buffer overflow and XSS
A. SQL injection To access information in databases, you use SQL. To gain unauthorized information from databases, a SQL Injection attack is used. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. Incorrect Answers: B: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the user's input and sanitize it to make certain that it does not cause XPath to return more data than it should. XML Injection is not used to gain unauthorized information from databases. This answer is therefore incorrect. C: Cookies are used to store information about web browsing sessions. Cookies and attachments are not used to gain unauthorized information from databases. This answer is therefore incorrect. D: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. Buffer overflow and XSS are not used to gain unauthorized information from databases. This answer is therefore incorrect. References: http://en.wikipedia.org/wiki/SQL_injection Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, 337
Question 304:
A company is trying to limit the risk associated with the use of unapproved USB devices to copy documents. Which of the following would be the BEST technology control to use in this scenario?
A. Content filtering B. IDS C. Audit logs D. DLP
D. DLP Data loss prevention (DLP) is a strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer. Incorrect Answers: A: Content filtering is the process of inspecting the content of a web page as it is downloaded. The content can then be blocked if it doesn't comply with the company's web policy. Content- control software determines what content will be available or perhaps more often what content will be blocked. Content filtering will not prevent documents being copied to a USB device. B: An IDS (Intrusion Detection System) is used to detect attempts to access a computer system or network. An IDS will not prevent documents being copied to a USB device. C: Audit logs are used to record events such as account logons, file access etc. An audit log may record when a file is accessed (if auditing is enabled for the file) but it will not prevent a file being copied to a USB device. References: http://whatis.techtarget.com/definition/data-loss-prevention-DLP
Question 305:
The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO).
A. Fire- or water-proof safe. B. Department door locks. C. Proximity card. D. 24-hour security guard. E. Locking cabinets and drawers.
A. Fire- or water-proof safe. E. Locking cabinets and drawers. Using a safe and locking cabinets to protect backup media, documentation, and any other physical artifacts that could do harm if they fell into the wrong hands would form part of keeping employees desks clean as in a clean desk policy. Incorrect Answers: B: Door lock will keep intruders out of the rooms and buildings. It does not keep the desk clean. C: Proximity cards are in essence any card or ID that would be used with a card reader that will grant legitimate users access to an area, room or building it does not interfere with the clean desk policy. D: Security guards are used to keep intruders out. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 369-370, 373
Question 306:
What is a system that is intended or designed to be broken into by an attacker?
A. Honeypot B. Honeybucket C. Decoy D. Spoofing system
A. Honeypot A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies. According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes: The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned. The hacker can be caught and stopped while trying to obtain root access to the system. By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers. There are two main types of honeypots: Production - A production honeypot is one used within an organization's environment to help mitigate risk. Research - A research honeypot add value to research in computer security by providing a platform to study the threat. Incorrect Answers: B: A honey bucket is not an IT term. It's a term for a waterless toilet. A honeypot is a system designed to be attacked. Therefore, this answer is incorrect. C: A honeypot could be described as a decoy. It is a system often imitating another system but designed to be attacked. However, a honeypot is the specific name for a system designed to be attacked. Therefore, this answer is incorrect. D: Spoofing system is not the correct term for a system that is designed to be attacked. A honeypot could be described as a spoofing system in that a honeypot often imitates another system. However, a honeypot is the specific name for a system designed to be attacked. Therefore, this answer is incorrect. References: https://ethics.csc.ncsu.edu/abuse/hacking/honeypots/study.php
Question 307:
When Ann an employee returns to work and logs into her workstation she notices that, several desktop configuration settings have changed. Upon a review of the CCTV logs, it is determined that someone logged into Ann's workstation. Which of the following could have prevented this from happening?
A. Password complexity policy B. User access reviews C. Shared account prohibition policy D. User assigned permissions policy
A. Password complexity policy The most important countermeasure against password crackers is to use long, complex passwords, which are changed regularly. Since changes were made to Ann's desktop configuration settings while she was not at work, means that her password was compromised. Incorrect Answers: B: User access reviews are performed to conclude whether users have been performing their work tasks correctly or if there have been failed and/or successful attempts at violating company policies or the law. It would not have prevented Ann's password being compromised. C: Shared account prohibition aids in providing user accountability. It would not have prevented Ann's password being compromised. D: User assigned permissions can be assigned by the user. Since Ann's workstation was accessed using her password, the intruder would also have her permissions. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 292, 294.
Question 308:
After a company has standardized to a single operating system, not all servers are immune to a well-known OS vulnerability. Which of the following solutions would mitigate this issue?
A. Host based firewall B. Initial baseline configurations C. Discretionary access control D. Patch management system
D. Patch management system A patch is an update to a system. Sometimes a patch adds new functionality; in other cases, it corrects a bug in the software. Patch Management can thus be used to fix security problems discovered within the OS thus negating a known OS vulnerability. Incorrect Answers: A: A host-based firewall can be used to guard against attacks and malware, and in the question you are required to mitigate a server-vulnerability after the OS has been standardized on all servers. B: Initial baseline configurations are concerned with security posturing which means the representation of a secure state. C: Discretionary Access Control is as a flexible access method regarding access to information. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 57, 151, 221, 222 http://www.computerweekly.com/feature/Microsoft-patch-management-tools
Question 309:
Jane, a security administrator, has observed repeated attempts to break into a server. Which of the following is designed to stop an intrusion on a specific server?
A. HIPS B. NIDS C. HIDS D. NIPS
A. HIPS This question is asking which of the following is designed to stop an intrusion on a specific server. To stop an intrusion on a specific server, you would use a HIPS (Host Intrusion Prevention System). The difference between a HIPS and other intrusion prevention systems is that a HIPS is a software intrusion prevention systems that is installed on a `specific server'. Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. A HIPS (Host Intrusion Prevention System) is software installed on a host which monitors the host for suspicious activity by analyzing events occurring within that host with the aim of detecting and preventing intrusion. Incorrect Answers: B: A NIDS (Network Intrusion Detection System) is typically a hardware device designed to detect intrusion attempts to the network, not a specific host. Therefore, this answer is incorrect. C: A HIDS (Host Intrusion Detection System) is a host based system. However it is a `detection' system not a prevention system. Therefore it will only detect intrusion attempts; it will not stop them. Therefore, this answer is incorrect. D: A NIPS (Network Intrusion Prevention System) is typically a hardware device designed to prevent intrusion attempts to the network, not a specific host. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Intrusion_prevention_system
Question 310:
Upper management decides which risk to mitigate based on cost. This is an example of:
A. Qualitative risk assessment B. Business impact analysis C. Risk management framework D. Quantitative risk assessment
D. Quantitative risk assessment Quantitative analysis / assessment is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure. Quantitative assessments assign a dollar amount. Incorrect Answers: A: Risk can also be calculated qualitatively and are subjective in nature. B: A business impact analysis is the process of evaluating all of the critical systems in an organization to define impact and recovery plans. BIA isn't concerned with external threats or vulnerabilities; the analysis focuses on the impact a loss would have on the organization. A BIA comprises the following: identifying critical functions, prioritizing critical business functions, calculating a timeframe for critical systems loss, and estimating the tangible impact on the organization. C: A risk management framework is an umbrella term that concerns all risk management best practices. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 17, 28-29
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.