JK0-022 Exam Details

  • Exam Code
    :JK0-022
  • Exam Name
    :CompTIA Security+ Certification
  • Certification
    :CompTIA Security+
  • Vendor
    :CompTIA
  • Total Questions
    :1149 Q&As
  • Last Updated
    :Feb 05, 2025

CompTIA JK0-022 Online Questions & Answers

  • Question 61:

    Failure to validate the size of a variable before writing it to memory could result in which of the following application attacks?

    A. Malicious logic
    B. Cross-site scripting
    C. SQL injection
    D. Buffer overflow

  • Question 62:

    Which of the following is an XML based open standard used in the exchange of authentication and authorization information between different parties?

    A. LDAP
    B. SAML
    C. TACACS+
    D. Kerberos

  • Question 63:

    A security administrator must implement a wireless security system, which will require users to enter a 30 character ASCII password on their accounts. Additionally the system must support 3DS wireless encryption.

    Which of the following should be implemented?

    A. WPA2-CCMP with 802.1X
    B. WPA2-PSK
    C. WPA2-CCMP
    D. WPA2-Enterprise

  • Question 64:

    An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

    A. Implement IIS hardening by restricting service accounts.
    B. Implement database hardening by applying vendor guidelines.
    C. Implement perimeter firewall rules to restrict access.
    D. Implement OS hardening by applying GPOs.

  • Question 65:

    On a train, an individual is watching a proprietary video on Joe's laptop without his knowledge. Which of the following does this describe?

    A. Tailgating
    B. Shoulder surfing
    C. Interference
    D. Illegal downloading

  • Question 66:

    Which of the following ports is used for SSH, by default?

    A. 23
    B. 32
    C. 12
    D. 22

  • Question 67:

    An attacker used an undocumented and unknown application exploit to gain access to a file server. Which of the following BEST describes this type of attack?

    A. Integer overflow
    B. Cross-site scripting
    C. Zero-day D. Session hijacking
    E. XML injection

  • Question 68:

    Review the following diagram depicting communication between PC1 and PC2 on each side of a router. Analyze the network traffic logs which show communication between the two computers as captured by the computer with IP 10.2.2.10.

    DIAGRAM PC1 PC2 [192.168.1.30]--------[INSIDE 192.168.1.1 router OUTSIDE 10.2.2.1]---------[10.2.2.10] LOGS 10:30:22, SRC 10.2.2.1:3030, DST 10.2.2.10:80, SYN 10:30:23, SRC 10.2.2.10:80, DST 10.2.2.1:3030, SYN/ACK 10:30:24, SRC 10.2.2.1:3030, DST 10.2.2.10:80, ACK

    Given the above information, which of the following can be inferred about the above environment?

    A. 192.168.1.30 is a web server.
    B. The web server listens on a non-standard port.
    C. The router filters port 80 traffic.
    D. The router implements NAT.

  • Question 69:

    When an order was submitted via the corporate website, an administrator noted special characters (e.g., ";--" and "or 1=1 --") were input instead of the expected letters and numbers.

    Which of the following is the MOST likely reason for the unusual results?

    A. The user is attempting to highjack the web server session using an open-source browser.
    B. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.
    C. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.
    D. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

  • Question 70:

    How often, at a MINIMUM, should Sara, an administrator, review the accesses and rights of the users on her system?

    A. Annually
    B. Immediately after an employee is terminated
    C. Every five years
    D. Every time they patch the server

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JK0-022 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.