CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 71:
A network engineer is setting up a network for a company. There is a BYOD policy for the employees so that they can connect their laptops and mobile devices.
Which of the following technologies should be employed to separate the administrative network from the network in which all of the employees' devices are connected?
A. VPN B. VLAN C. WPA2 D. MAC filtering
B. VLAN A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. Communications between ports within the same VLAN occur without hindrance, but communications between VLANs require a routing function. Incorrect Answers: A: A virtual private network (VPN) is a communication tunnel between two entities across an intermediary network. In most cases, the intermediary network is an untrusted network, such as the Internet, and therefore the communication tunnel is also encrypted. C: WPA2 is a new encryption scheme known as the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP), which is based on the Advanced Encryption Standard (AES) encryption scheme. To date, no real-world attack has compromised the encryption of a properly configured WPA2 wireless network. D: A MAC filter is a list of authorized wireless client interface MAC addresses that is used by a WAP to block access to all unauthorized devices. Although it's a useful feature to implement, it can only be used in environments with a small (fewer than 20 wireless devices), static set of wireless clients. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 11, 23, 60, 61.
Question 72:
The finance department works with a bank which has recently had a number of cyber attacks. The finance department is concerned that the banking website certificates have been compromised. Which of the following can the finance department check to see if any of the bank's certificates are still valid?
A. Bank's CRL B. Bank's private key C. Bank's key escrow D. Bank's recovery agent
A. Bank's CRL The finance department can check if any of the bank's certificates are in the CRL or not. If a certificate is not in the CRL then it is still valid. The CRL (Certificate revocation list) is exactly what its name implies: a list of subscribers paired with digital certificate status. The list enumerates revoked certificates along with the reason(s) for revocation. The dates of certificate issue, and the entities that issued them, are also included. In addition, each list contains a proposed date for the next release. Incorrect Answers: B: Within PKI there are only two methods to verify certificates or keys still are valid. One is using a CRL and the other is using the OCSP protocol. Private key verification cannot be used to a comprised CA. C: Key escrow cannot be used to check if a certification is revoked or not. Key escrow addresses the possibility that a third party may need to access keys. Under the conditions of key escrow, the keys needed to encrypt/decrypt data are held in an escrow account (think of the term as it relates to home mortgages) and made available if that third party requests them. The third party in question is generally the government, but it could also be an employer if an employee's private messages have been called into question. D: A recovery agent cannot be used to check if certificates are still valid. A key recovery agent is an entity that has the ability to recover a key, key components, or plaintext messages as needed. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 262, 279-285, 285
Question 73:
Which of the following security benefits would be gained by disabling a terminated user account rather than deleting it?
A. Retention of user keys B. Increased logging on access attempts C. Retention of user directories and files D. Access to quarantined files
A. Retention of user keys Account Disablement should be implemented when a user will be gone from a company whether they leave temporary or permanently. In the case of permanently leaving the company the account should be disabled. Disablement means that the account will no longer be an active account and that the user keys for that account are retained which would not be the case if the account was deleted from the system. Incorrect Answers: B: You will not be able to log on to a disabled account. C: The user directories and files being retained would only be beneficial for data recovery purposes. D: Disabling a terminated user account does not make its contents quarantined. Quarantine means isolating infected files. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 141.
Question 74:
A compromised workstation utilized in a Distributed Denial of Service (DDOS) attack has been removed from the network and an image of the hard drive has been created. However, the system administrator stated that the system was left unattended for several hours before the image was created. In the event of a court case, which of the following is likely to be an issue with this incident?
A. Eye Witness B. Data Analysis of the hard drive C. Chain of custody D. Expert Witness
C. Chain of custody Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. The evidence must always be within your custody, or you're open to dispute about possible evidence tampering. Incorrect Answers: A: An eye witness is clearly not the issue here since it is mentioned that the system was left unattended for several hours. B: Data analysis of the hard drive is not the issue since in the court case the biggest problem would be that the system in question was left unattended for several hours before the network image was taken. D: An expert witness is not a problem in the event of a court case since the chain of custody was broken as mentioned by the system administrator. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 448, 454 http://en.wikipedia.org/wiki/Chain_of_custody
Question 75:
Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?
A. $1,500 B. $3,750 C. $15,000 D. $75,000
B. $3,750 SLE ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. SLE = 250 x $300; ARO = 5% $75000 x 0.05 = $3750 Incorrect Answers: A: A $1500 amount assumes a breach likelihood of 2%. C: A $15000 amount assumes that the likelihood of a breach is 20%. D: $75000 would be the single loss expectancy. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 5-6
Question 76:
If you don't know the MAC address of a Linux-based machine, what command-line utility can you use to ascertain it?
A. macconfig B. ifconfig C. ipconfig D. config
B. ifconfig To find MAC address of a Unix/Linux workstation, use ifconfig or ip a. Incorrect Answers: A: macconfig is not a valid command-line utility. C: To find MAC address of a Windows-based workstation, use ipconfig. D: config on its own will not solve the problem. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 60.
Question 77:
Matt, a security consultant, has been tasked with increasing server fault tolerance and has been given no budget to accomplish his task. Which of the following can Matt implement to ensure servers will withstand hardware failure?
A. Hardware load balancing B. RAID C. A cold site D. A host standby
B. RAID Fault tolerance is the ability of a system to sustain operations in the event of a component failure. Fault-tolerant systems can continue operation even though a critical component, such as a disk drive, has failed. This capability involves overengineering systems by adding redundant components and subsystems. RAID can achieve fault tolerance using software which can be done using the existing hardware and software. Incorrect Answers: A: Balancing the load between multiple servers instead of relying on only one reduces the response time, maximizes throughput, and allows better allocation of resources. It does not mean withstanding hardware failure, it just means high availability. It also adds costs and there is no budget. C: A cold site is a facility that isn't immediately ready to use. The organization using it must bring along its equipment and network. A cold site may provide network capability, but this isn't usually the case; the site provides a place for operations to resume, but it doesn't provide the infrastructure to support those operations. Thus no servers fault tolerance as is required. D: A Host standby assumes that you need to purchase additional servers to act as a standby. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 33, 103, 444
Question 78:
Which of the following devices is MOST likely being used when processing the following?
1 PERMIT IP ANY ANY EQ 80 2 DENY IP ANY ANY
A. Firewall B. NIPS C. Load balancer D. URL filter
A. Firewall Firewalls, routers, and even switches can use ACLs as a method of security management. An access control list has a deny ip any any implicitly at the end of any access control list. ACLs deny by default and allow by exception. Incorrect Answers: B: Network-based intrusion prevention system (NIPS) monitors the entire network for suspicious traffic by analyzing protocol activity. C: A load balancer is used to distribute network traffic load across several network links or network devices. D: A URL filter is used to block URLs (websites) to prevent users accessing the website. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 10, 24. http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html http://en.wikipedia.org/wiki/ Intrusion_prevention_system http:// www.provision.ro/threat-management/web-application-security/url-filtering#pagei-1| pagep-1|
Question 79:
Customers' credit card information was stolen from a popular video streaming company. A security consultant determined that the information was stolen, while in transit, from the gaming consoles of a particular vendor. Which of the following methods should the company consider to secure this data in the future?
A. Application firewalls B. Manual updates C. Firmware version control D. Encrypted TCP wrappers
D. Encrypted TCP wrappers Wrapping sensitive systems with a specific control is required when protecting data in transit. TCP wrappers are also security controls. TCP Wrapper is a host- based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It allows host or subnetwork IP addresses, names and/or inetd query replies, to be used as tokens on which to filter for access control purposes. TCP Wrapper should not be considered a replacement for a properly configured firewall. Instead, TCP Wrapper should be used in conjunction with a firewall and other security enhancements in order to provide another layer of protection in the implementation of a security policy. Incorrect Answers: A: Application firewalls are usually better protection for database servers or web servers than are other types of firewalls. Application firewalls, in addition to packet filtering, filter specific application related content. B: Manual updates will not be practical considering that data is in transit when it gets stolen. C: Firmware version control is closely related to updating the firmware. You should always be sure that each device is using the correct version of firmware since viruses may specifically target the firmware in routers and switches if you do not update these. References: https://www.freebsd.org/doc/handbook/tcpwrappers.html Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 421
Question 80:
When performing the daily review of the system vulnerability scans of the network Joe, the administrator, noticed several security related vulnerabilities with an assigned vulnerability identification number. Joe researches the assigned vulnerability identification number from the vendor website. Joe proceeds with applying the recommended solution for identified vulnerability. Which of the following is the type of vulnerability described?
A. Network based B. IDS C. Signature based D. Host based
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.