CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 81:
Which of the following is the BEST reason for placing a password lock on a mobile device?
A. Prevents an unauthorized user from accessing owner's data B. Enables remote wipe capabilities C. Stops an unauthorized user from using the device again D. Prevents an unauthorized user from making phone calls
A. Prevents an unauthorized user from accessing owner's data
Question 82:
An administrator has successfully implemented SSL on srv4.comptia.com using wildcard certificate *.comptia.com, and now wishes to implement SSL on srv5.comptia.com. Which of the following files should be copied from srv4 to accomplish this?
A. certificate, private key, and intermediate certificate chain B. certificate, intermediate certificate chain, and root certificate C. certificate, root certificate, and certificate signing request D. certificate, public key, and certificate signing request
A. certificate, private key, and intermediate certificate chain a wildcard certificate is a public key certificate which can be used with multiple subdomains of a domain. In public-key cryptography, the receiver has a private key known only to them; a public key corresponds to it, which they make known to others. The public key can be sent to all other parties; the private key is never divulged. A symmetric algorithm requires that receivers of the message use the same private key. Thus you should copy the certificate, the private key and the intermediate certificate chain from srv4 to srv5. Incorrect Answers: B: You will require the same private key to be copied as well since you intend using wildcard certificate. C: You intend using wildcard certificates and you cannot omit using the same private key. D: With wildcard certificates you require the same private key to be used, thus coping the public key is futile. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 292
Question 83:
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?
A. Review past security incidents and their resolution B. Rewrite the existing security policy C. Implement an intrusion prevention system D. Install honey pot systems
C. Implement an intrusion prevention system The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it Incorrect Answers: A: If the incidents have been resolved, the system would be configured to deal with those incidents. It is the new incidents that are the issue. B: Rewriting the security policy could be a step further down the line, after requirements have been determined. D: A honeypot is a system whose purpose it is to be attacked. An administrator can watch and study the attack to research current attack methodologies. References: http://en.wikipedia.org/wiki/Intrusion_prevention_system Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 213.
Question 84:
A company hires outside security experts to evaluate the security status of the corporate network. All of the company's IT resources are outdated and prone to crashing. The company requests that all testing be performed in a way which minimizes the risk of system failures. Which of the following types of testing does the company want performed?
A. Penetration testing B. WAF testing C. Vulnerability scanning D. White box testing
C. Vulnerability scanning D. White box testing Vulnerability scanning has minimal impact on network resource due to the passive nature of the scanning. A vulnerability scan is the process of scanning the network and/or I.T. infrastructure for threats and vulnerabilities. The threats and vulnerabilities are then evaluated in a risk assessment and the necessary actions taken to resolve and vulnerabilities. A vulnerability scan scans for known weaknesses such as missing patches or security updates. A vulnerability scan is the automated process of proactively identifying security vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited and/or threatened. While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the network's security. Incorrect Answers: A: Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. Pen tests can be automated with software applications or they can be performed manually. Either way, the process includes gathering information about the target before the test (reconnaissance), identifying possible entry points, attempting to break in (either virtually or for real) and reporting back the findings. The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents. Penetration is considered `active' because you are actively trying to circumvent the system's security controls to gain access to the system as opposed to vulnerability scanning which is considered passive. A passive scan would minimize the risk of system failures. Therefore, this answer is incorrect. B: WAF Testing is the process of testing web application firewalls. This is a specific test; it does not test general network resources for security flaws. Therefore, this answer is incorrect. D: White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). In white-box testing an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate outputs. This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT). White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a systemlevel test. Though this method of test design can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification or missing requirements. White-box testing is used for testing applications. It is not used to identify security issues in a network. Therefore, this answer is incorrect. References: http://www.webopedia.com/TERM/V/vulnerability_scanning.html http://searchsoftwarequality.techtarget.com/definition/penetration-testing http://en.wikipedia.org/ wiki/White-box_testing
Question 85:
XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night.
The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?
A. Social media policy B. Data retention policy C. CCTV policy D. Clean desk policy
D. Clean desk policy Clean Desk Policy Information on a desk--in terms of printouts, pads of note paper, sticky notes, and the like--can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. Incorrect Answers: A: Social media policy will refer to data made available over the network and not paper files which represent hard copies. B: Data retention policies refer to the period that data should be kept. C: CCTV refers to an aspect of video surveillance and not paper files. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 369
Question 86:
A security engineer is reviewing log data and sees the output below:
Log: Access denied with 403. Pattern matches form bypass Which of the following technologies was MOST likely being used to generate this log?
A. Host-based Intrusion Detection System B. Web application firewall C. Network-based Intrusion Detection System D. Stateful Inspection Firewall E. URL Content Filter
B. Web application firewall A web application firewall is a device, server add-on, virtual service, or system filter that defines a strict set of communication rules for a website and all visitors. It's intended to be an application-specific firewall to prevent cross-site scripting, SQL injection, and other web application attacks. Incorrect Answers: A: A host-based IDS (HIDS) watches the audit trails and log fi les of a host system. It's reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host. C: NIDS is reliable for detecting attacks directed against a host, whether they originate from an external source or are being perpetrated by a user locally logged in to the host. D: A stateful inspection firewall is aware that any valid outbound communication will trigger a corresponding response or reply from the external entity. E: URL filtering involves blocking websites (or sections of websites) based solely on the URL, restricting access to specified websites and certain web-based applications. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 6, 19, 20, 21.
Question 87:
A security administrator must implement a system that will support and enforce the following file system access control model:
Which of the following should the security administrator implement?
A. White and black listing B. SCADA system C. Trusted OS D. Version control
C. Trusted OS
Question 88:
A malicious user is sniffing a busy encrypted wireless network waiting for an authorized client to connect to it. Only after an authorized client has connected and the hacker was able to capture the client handshake with the AP can the hacker begin a brute force attack to discover the encryption key. Which of the following attacks is taking place?
A. IV attack B. WEP cracking C. WPA cracking D. Rogue AP
C. WPA cracking There are three steps to penetrating a WPA-protected network. Sniffing Parsing Attacking Incorrect Answers: A: Packet sniffing is not used for an IV attack. B: WEP provides protection from packet sniffing and eavesdropping against wireless transmissions D: Packet sniffing is not used for the Rogue AP. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 64, 189, 192. www.tomshardware.com/reviews/wireless-security-hack,2981-6.html
Question 89:
A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?
A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. C. Format the storage and reinstall both the OS and the data from the most current backup. D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. Rootkits are software programs that have the ability to hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display --the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like. The best way to handle this situation is to wipe the server and reinstall the operating system with the original installation disks and then restore the extracted data from your last known good backup. This way you can eradicate the rootkit and restore the data. Incorrect Answers: B: Keeping the data partition will not ensure that the rootkit is eradicated. C: Formatting the storage is not guaranteed to eradicate the rootkit since a rootkit is capable of manipulating function calls to the operating system. And also reinstalling the OS and data from the most recent backup may result in reinstalling the rootkit. D: Erasing the storage will not eradicate the rootkit. Furthermore you need to make use of the last known good backup and not the most current backup. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 301, 429
Question 90:
A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?
A. Implement a virtual firewall B. Install HIPS on each VM C. Virtual switches with VLANs D. Develop a patch management guide
C. Virtual switches with VLANs A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. Incorrect Answers: A: A virtual firewall (VF)is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided via a physical network firewall. B: HIPS watch the audit trails and log files of a host system. D: Patch management is the formal process of ensuring that updates and patches are properly tested and applied to production systems. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 12, 23, 246. http://en.wikipedia.org/wiki/Virtual_firewall
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.