CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 271:
Ann was reviewing her company's event logs and observed several instances of GUEST accessing the company print server, file server, and archive database. As she continued to investigate, Ann noticed that it seemed to happen at random intervals throughout the day, but mostly after the weekly automated patching and often logging in at the same time. Which of the following would BEST mitigate this issue?
A. Enabling time of day restrictions B. Disabling unnecessary services C. Disabling unnecessary accounts D. Rogue machine detection
C. Disabling unnecessary accounts
Question 272:
A security administrator examines a network session to a compromised database server with a packet analyzer. Within the session there is a repeated series of the hex character 90 (x90). Which of the following attack types has occurred?
A. Buffer overflow B. Cross-site scripting C. XML injection D. SQL injection
A. Buffer overflow The hex character 90 (x90) means NOP or No Op or No Operation. In a buffer overflow attack, the buffer can be filled and overflowed with No Op commands. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. Incorrect Answers: B: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. A repeated series of the hex character 90 is not an example of an XSS attack. Therefore, this answer is incorrect. C: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the user's input and sanitize it to make certain that it does not cause XPath to return more data than it should. A repeated series of the hex character 90 is not an example of XML injection. Therefore, this answer is incorrect. D: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. A repeated series of the hex character 90 is not an example of SQL injection. Therefore, this answer is incorrect. References: http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Cross-site_scripting Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 337 http:// en.wikipedia.org/wiki/SQL_injection
Question 273:
Which of the following authentication services should be replaced with a more secure alternative?
A. RADIUS B. TACACS C. TACACS+ D. XTACACS
B. TACACS Terminal Access Controller Access-Control System (TACACS) is less secure than XTACACS, which is a proprietary extension of TACACS, and less secure than TACACS+, which replaced TACACS and XTACACS. Incorrect Answers: A, C: TACACS+ and RADIUS have mostly replaced TACACS and XTACACS in modern networks. D: XTACACS is a proprietary extension of TACACS. References: http://en.wikipedia.org/wiki/TACACS
Question 274:
Which of the following authentication services uses a ticket granting system to provide access?
A. RADIUS B. LDAP C. TACACS+ D. Kerberos
D. Kerberos The basic process of Kerberos authentication is as follows: The subject provides logon credentials. The Kerberos client system encrypts the password and transmits the protected credentials to the KDC. The KDC verifies the credentials and then creates a ticket-granting ticket (TGT--a hashed form of the subject's password with the addition of a time stamp that indicates a valid lifetime). The TGT is encrypted and sent to the client. The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm. The subject requests access to resources on a network server. This causes the client to request a service ticket (ST) from the KDC. The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a time stamp that indicates its valid lifetime. The client receives the ST. The client sends the ST to the network server that hosts the desired resource. The network server verifies the ST. If it's verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved. Incorrect Answers: A: Radius does not make use of tickets. B: The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. C: TACACS+ makes use of Kerberos as an authentication mechanism. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 270- 274.
Question 275:
A distributed denial of service attack can BEST be described as:
A. Invalid characters being entered into a field in a database application. B. Users attempting to input random or invalid data into fields within a web browser application. C. Multiple computers attacking a single target in an organized attempt to deplete its resources. D. Multiple attackers attempting to gain elevated privileges on a target system.
C. Multiple computers attacking a single target in an organized attempt to deplete its resources. A Distributed Denial of Service (DDoS) attack is an attack from several different computers targeting a single computer. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable. Such attacks usually lead to a server overload. A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. Malware can carry DDoS attack mechanisms; one of the better-known examples of this was MyDoom. Its DoS mechanism was triggered on a specific date and time. This type of DDoS involved hardcoding the target IP address prior to release of the malware and no further interaction was necessary to launch the attack. Incorrect Answers: A: Invalid characters being entered into a field in a database application does not describe a DDoS attack. Therefore, this answer is incorrect. B: Users attempting to input random or invalid data into fields within a web browser application does not describe a DDoS attack. Therefore, this answer is incorrect. D: Multiple attackers attempting to gain elevated privileges on a target system does not describe a DDoS attack. In "distributed denial-of-service", distributed means multiple computers, not multiple attackers. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Denial-of-service_attack
Question 276:
Which of the following types of authentication packages user credentials in a ticket?
A. Kerberos B. LDAP C. TACACS+ D. RADIUS
A. Kerberos The basic process of Kerberos authentication is as follows: The subject provides logon credentials. The Kerberos client system encrypts the password and transmits the protected credentials to the KDC. The KDC verifies the credentials and then creates a ticket-granting ticket (TGT--a hashed form of the subject's password with the addition of a time stamp that indicates a valid lifetime). The TGT is encrypted and sent to the client. The client receives the TGT. At this point, the subject is an authenticated principle in the Kerberos realm. The subject requests access to resources on a network server. This causes the client to request a service ticket (ST) from the KDC. The KDC verifies that the client has a valid TGT and then issues an ST to the client. The ST includes a time stamp that indicates its valid lifetime. The client receives the ST. The client sends the ST to the network server that hosts the desired resource. The network server verifies the ST. If it's verified, it initiates a communication session with the client. From this point forward, Kerberos is no longer involved. Incorrect Answers: B: The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. C: TACACS+ makes use of Kerberos as an authentication mechanism. D: Radius does not make use of tickets. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 270- 274.
Question 277:
A major security risk with co-mingling of hosts with different security requirements is:
A. Security policy violations. B. Zombie attacks. C. Password compromises. D. Privilege creep.
A. Security policy violations. The entire network is only as strong as the weakest host. Thus with the co-mingling of hosts with different security requirements would be risking security policy violations. Incorrect Answers: B: Zombie attacks are the same as botnets and it affects software. Bots itself is software that runs automatically and autonomously and as such is viewed as malicious software. C: Password compromises on any account would not be best practice and also amounts to a security incident. D: Privilege creep is usually uncovered during a privilege audit. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 220, 309
Question 278:
Data execution prevention is a feature in most operating systems intended to protect against which type of attack?
A. Cross-site scripting B. Buffer overflow C. Header manipulation D. SQL injection
B. Buffer overflow Data Execution Prevention (DEP) is a security feature included in modern operating systems. It marks areas of memory as either "executable" or "nonexecutable", and allows only data in an "executable" area to be run by programs, services, device drivers, etc. It is known to be available in Linux, OS X, Microsoft Windows, iOS and Android operating systems. DEP protects against some program errors, and helps prevent certain malicious exploits, especially attacks that store executable instructions in a data area via a buffer overflow. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the user's files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. Incorrect Answers: A: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. Data Execution Prevention (DEP) is not used to prevent against this type of attack. Therefore, this answer is incorrect. C: A header manipulation attack uses other methods (hijacking, cross-site forgery, and so forth) to change values in HTTP headers and falsify access. When used with XSRF, the attacker can even change a user's cookie. Internet Explorer 8 and above include InPrivate Filtering to help prevent some of this. By default, your browser sends information to sites as they need it--think of requesting a map from a site; it needs to know your location in order to give directions. With InPrivate Filtering, you can configure the browser not to share information that can be captured and manipulated. Data Execution Prevention (DEP) is not used to prevent against this type of attack. Therefore, this answer is incorrect. D: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. Data Execution Prevention (DEP) is not used to prevent against this type of attack. Therefore, this answer is incorrect. References: http://searchsecurity.techtarget.com/definition/buffer-overflow http://en.wikipedia.org/wiki/Cross-site_scripting Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 340 http:// en.wikipedia.org/wiki/SQL_injection
Question 279:
Which of the following describes how Sara, an attacker, can send unwanted advertisements to a mobile device?
A. Man-in-the-middle B. Bluejacking C. Bluesnarfing D. Packet sniffing
B. Bluejacking Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs or laptop computers, sending a vCard which typically contains a message in the name field (i.e., for bluedating or bluechat) to another Bluetooth-enabled device via the OBEX protocol. Bluetooth has a very limited range, usually around 10 metres (32.8 ft) on mobile phones, but laptops can reach up to 100 metres (328 ft) with powerful (Class 1) transmitters. Bluejacking is usually harmless, but because bluejacked people generally don't know what has happened, they may think that their phone is malfunctioning. Usually, a bluejacker will only send a text message, but with modern phones it's possible to send images or sounds as well. Bluejacking has been used in guerrilla marketing campaigns to promote advergames. Incorrect Answers: A: In cryptography and computer security, a man-in-the-middle attack is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle. A man in the middle attack is not used to send unwanted advertisements to a mobile device. Therefore, this answer is incorrect. C: Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection. Bluetooth is a high-speed but very short-range wireless technology for exchanging data between desktop and mobile computers, personal digital assistants (PDAs), and other devices. By exploiting a vulnerability in the way Bluetooth is implemented on a mobile phone, an attacker can access information -- such as the user's calendar, contact list and e-mail and text messages -without leaving any evidence of the attack. Other devices that use Bluetooth, such as laptop computers, may also be vulnerable, although to a lesser extent, by virtue of their more complex systems. Operating in invisible mode protects some devices, but others are vulnerable as long as Bluetooth is enabled. Bluesnarfing is stealing information over Bluetooth; it is not used to send unwanted advertisements to a mobile device. Therefore, this answer is incorrect. D: Packet sniffing is the process of intercepting data as it is transmitted over a network. A sniffer (packet sniffer) is a tool that intercepts data flowing in a network. If computers are connected to a local area network that is not filtered or switched, the traffic can be broadcast to all computers contained in the same segment. This doesn't generally occur, since computers are generally told to ignore all the comings and goings of traffic from other computers. However, in the case of a sniffer, all traffic is shared when the sniffer software commands the Network Interface Card (NIC) to stop ignoring the traffic. The NIC is put into promiscuous mode, and it reads communications between computers within a particular segment. This allows the sniffer to seize everything that is flowing in the network, which can lead to the unauthorized access of sensitive data. A packet sniffer can take the form of either a hardware or software solution. A sniffer is also known as a packet analyzer. Packet sniffing is not used to send unwanted advertisements to a mobile device. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/Bluejacking http://en.wikipedia.org/wiki/Man-in-the-middle_attack http://searchmobilecomputing.techtarget.com/definition/bluesnarfing http://www.techopedia.com/definition/4113/sniffer
Question 280:
Ann is a member of the Sales group. She needs to collaborate with Joe, a member of the IT group, to edit a file. Currently, the file has the following permissions:
Ann: read/write
Sales Group: read
IT Group: no access
If a discretionary access control list is in place for the files owned by Ann, which of the following would be the BEST way to share the file with Joe?
A. Add Joe to the Sales group. B. Have the system administrator give Joe full access to the file. C. Give Joe the appropriate access to the file directly. D. Remove Joe from the IT group and add him to the Sales group.
C. Give Joe the appropriate access to the file directly.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.