CompTIA JK0-022 Online Practice
Questions and Exam Preparation
JK0-022 Exam Details
Exam Code
:JK0-022
Exam Name
:CompTIA Security+ Certification
Certification
:CompTIA Security+
Vendor
:CompTIA
Total Questions
:1149 Q&As
Last Updated
:Feb 05, 2025
CompTIA JK0-022 Online Questions &
Answers
Question 61:
Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks?
A. Malicious logic B. Cross-site scripting C. SQL injection D. Buffer overflow
D. Buffer overflow
Question 62:
Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties?
A. LDAP B. SAML C. TACACS+ D. Kerberos
B. SAML Security Assertion Markup Language (SAML) is an open-standard data format centred on XML. It is used for supporting the exchange of authentication and authorization details between systems, services, and devices. Incorrect Answers: A, C, D: None of these options are based on XML. References: Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 270- 274.
Question 63:
A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption.
Which of the following should be implemented?
A. WPA2-CCMP with 802.1X B. WPA2-PSK C. WPA2-CCMP D. WPA2-Enterprise
D. WPA2-Enterprise D: WPA-Enterprise is also referred to as WPA-802.1X mode, and sometimes just WPA (as opposed to WPA-PSK), this is designed for enterprise networks and requires a RADIUS authentication server. This requires a more complicated setup, but provides additional security (e.g. protection against dictionary attacks on short passwords). Various kinds of the Extensible Authentication Protocol (EAP) are used for authentication. RADIUS can be managed centrally, and the servers that allow access to a network can verify with a RADIUS server whether an incoming caller is authorized. Thus the RADIUS server can perform all authentications. This will require users to use their passwords on their user accounts. Incorrect Answers: A and C: CCMP is a block cipher that makes use of a 128 bit key. CCMP provides the following security services: Data confidentiality; ensures only authorized parties can access the information; Authentication; provides proof of genuineness of the user; Access control in conjunction with layer management. However, WPA2 includes support for CCMP. B: EAP-PSK is documented in an experimental RFC that provides a lightweight and extensible EAP method that does not require any public-key cryptography. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 145, 172, 182.
Question 64:
An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?
A. Implement IIS hardening by restricting service accounts. B. Implement database hardening by applying vendor guidelines. C. Implement perimeter firewall rules to restrict access. D. Implement OS hardening by applying GPOs.
D. Implement OS hardening by applying GPOs. Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing or disabling unnecessary functions and features, removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and disabling unnecessary services. This can be implemented using the native security features of an operating system, such as Group Policy Objects (GPOs). Incorrect Answers: A: Internet Information Services (IIS) is a Windows service that allows a computer to function as a Web Server. This is usually installed on a server rather than a workstation. B: Database hardening will improve security for a database; it does not improve security for workstations. C: Perimeter firewall rules can be used to restrict network access to host machines but this is a network-based, and not a host-based, security mechanism. References: Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215, 227 Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 202- 206, 211
Question 65:
On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge. Which of the following does this describe?
A. Tailgating B. Shoulder surfing C. Interference D. Illegal downloading
B. Shoulder surfing
Question 66:
Which of the following ports is used for SSH, by default?
A. 23 B. 32 C. 12 D. 22
D. 22 Secure Shell (SSH) is a cryptographic network protocol for securing data communication. It establishes a secure channel over an insecure network in a client- server architecture, connecting an SSH client application with an SSH server. Common applications include remote command- line login, remote command execution, but any network service can be secured with SSH. SSH uses port 22. Incorrect Answers: A: Port 23 is used by the Telnet protocol, not by SSH. B: Port 32 is an unassigned port. C: Port 12 is an unassigned port. References: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers http://en.wikipedia.org/wiki/Secure_Shell http://www.planetlinks.com/tec236/notes-terms/4-10-06/default-tcp-ports-list.html
Question 67:
An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack?
A. Integer overflow B. Cross-site scripting C. Zero-day D. Session hijacking E. XML injection
C. Zero-day D. Session hijacking The vulnerability is undocumented and unknown. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it--this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term "zero day" refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users. Incorrect Answers: A: Integer overflow is the result of an attempt by a CPU to arithmetically generate a number larger than what can fit in the devoted memory storage space. Arithmetic operations always have the potential of returning unexpected values, which may cause an error that forces the whole program to shut down. For this reason, most programmers prefer to perform mathematical operations inside an exception frame, which returns an exception in the case of integer overflow instead. This is not what is described in this question. Therefore, this answer is incorrect. B: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug- in systems on which they rely. Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site. When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system. By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user. This is not what is described in this question. Therefore, this answer is incorrect. D: In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session--sometimes also called a session key--to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer. This is not what is described in this question. Therefore, this answer is incorrect. E: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best way to prevent XML injection attacks is to filter the user's input and sanitize it to make certain that it does not cause XPath to return more data than it should. This is not what is described in this question. Therefore, this answer is incorrect. References: http://www.pctools.com/security-news/zero-day-vulnerability/ http://www.techopedia.com/definition/14427/integer-overflow http://en.wikipedia.org/wiki/Cross- site_scripting http://en.wikipedia.org/wiki/Session_hijacking Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 337
Question 68:
Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10.
Given the above information, which of the following can be inferred about the above environment?
A. 192.168.1.30 is a web server. B. The web server listens on a non-standard port. C. The router filters port 80 traffic. D. The router implements NAT.
D. The router implements NAT. Network address translation (NAT) allows you to share a connection to the public Internet via a single interface with a single public IP address. NAT maps the private addresses to the public address. In a typical configuration, a local network uses one of the designated "private" IP address subnets. A router on that network has a private address (192.168.1.1) in that address space, and is also connected to the Internet with a "public" address (10.2.2.1) assigned by an Internet service provider. Incorrect Answers: A: If that were true, then the routers IP address would not be the source. B, C: The diagram shows that a TCP connection has been established. If these were happening, there wouldn't be a connection established. References: https://technet.microsoft.com/en-us/library/dd469812.aspx http://en.wikipedia.org/wiki/Transmission_Control_Protocol
Question 69:
When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers.
Which of the following is the MOST likely reason for the unusual results?
A. The user is attempting to highjack the web server session using an open-source browser. B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks. C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website. D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website. The code in the question is an example of a SQL Injection attack. The code `1=1' will always provide a value of true. This can be included in statement designed to return all rows in a SQL table. SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. Incorrect Answers: A: Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user. Once the user's session ID has been accessed (through session prediction), the attacker can masquerade as that user and do anything the user is authorized to do on the network. The code in the question is not an example of session hijacking. Therefore, this answer is incorrect. B: A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example a botnet) flooding the targeted system with traffic. When a server is overloaded with connections, new connections can no longer be accepted. The major advantages to an attacker of using a distributed denial-of-service attack are that multiple machines can generate more attack traffic than one machine, multiple attack machines are harder to turn off than one attack machine, and that the behavior of each attack machine can be stealthier, making it harder to track and shut down. These attacker advantages cause challenges for defense mechanisms. For example, merely purchasing more incoming bandwidth than the current volume of the attack might not help, because the attacker might be able to simply add more attack machines. This after all will end up completely crashing a website for periods of time. The code in the question is not an example of the data that would be sent in a DDoS attack. Therefore, this answer is incorrect. C: Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. The code in the question does not contain foreign language characters; it is code typically used in a SQL injection attack. Therefore, this answer is incorrect. References: http://en.wikipedia.org/wiki/SQL_injection http://searchsoftwarequality.techtarget.com/definition/session-hijacking http://en.wikipedia.org/wiki/Denial-of-service_attack
Question 70:
How often, at a MINIMUM, should Sara, an administrator, review the accesses and rights of the users on her system?
A. Annually B. Immediately after an employee is terminated C. Every five years D. Every time they patch the server
A. Annually Reviewing the accesses and rights of the users on a system at least annually is acceptable practice. More frequently would be desirable but too frequently would be a waste of administrative time. Incorrect Answers: B: You could check that a user hasn't accessed your system after the user has been terminated. However, this question is asking about all users. It is unnecessary to check the accesses and rights of all users every time one user is terminated. Therefore, this answer is incorrect. C: Every five years is too long. You should check the accesses and rights of the users on a system at least annually. Therefore, this answer is incorrect. D: It is unnecessary to check the accesses and rights of the users on a system every time the system is patched. This would be a waste of administrative time. Therefore, this answer is incorrect.
Nowadays, the certification exams become more and more important and required by more and more
enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare
for the exam in a short time with less efforts? How to get a ideal result and how to find the
most reliable resources? Here on Vcedump.com, you will find all the answers.
Vcedump.com provide not only CompTIA exam questions,
answers and explanations but also complete assistance on your exam preparation and certification
application. If you are confused on your JK0-022 exam preparations
and CompTIA certification application, do not hesitate to visit our
Vcedump.com to find your solutions here.