[Free] 2018(Aug) Dumps4cert CompTIA JK0-018 Dumps with VCE and PDF Download 351-360
Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug CompTIA Official New Released JK0-018
100% Free Download! 100% Pass Guaranteed!
CompTIA Security E2C
Question No: 351 – (Topic 4)
Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?
-
Routine log audits
-
Job rotation
-
Risk likelihood assessment
-
Separation of duties
Answer: A
Question No: 352 – (Topic 4)
Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO).
A. 110
B. 137
C. 139
D. 143
E. 161
F. 443
Answer: B,C
Question No: 353 – (Topic 4)
Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?
-
Disable default SSID broadcasting.
-
Use WPA instead of WEP encryption.
-
Lower the access point’s power settings.
-
Implement MAC filtering on the access point.
Answer: D
Question No: 354 – (Topic 4)
After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being
described?
-
Trusted OS
-
Mandatory access control
-
Separation of duties
-
Single sign-on
Answer: D
Question No: 355 – (Topic 4)
Which of the following means of wireless authentication is easily vulnerable to spoofing?
-
MAC Filtering
-
WPA – LEAP
-
WPA – PEAP
-
Enabled SSID
Answer: A
Question No: 356 – (Topic 4)
Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?
-
Disk encryption
-
Encryption policy
-
Solid state drive
-
Mobile device policy
Answer: A
Question No: 357 – (Topic 4)
The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) is to: (Select TWO).
-
Permit redirection to Internet-facing web URLs.
-
Ensure all HTML tags are enclosed in angle brackets, e.g., “lt;” and “gt;”.
-
Validate and filter input on the server side and client side.
-
Use a web proxy to pass website requests between the user and the application.
-
Restrict and sanitize use of special characters in input and URLs.
Answer: C,E
Question No: 358 – (Topic 4)
When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;-” and “or 1=1 -“) were input instead of the expected letters and numbers. Which of the following is the MOST likely reason for the unusual results?
-
The user is attempting to highjack the web server session using an open-source browser.
-
The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.
-
The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.
-
The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.
Answer: D
Question No: 359 – (Topic 4)
When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would bE. (Select TWO).
-
Methods and templates to respond to press requests, institutional and regulatory reporting requirements.
-
Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.
-
Developed recovery strategies, test plans, post-test evaluation and update processes.
-
Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential.
-
Methods to review and report on system logs, incident response, and incident handling.
Answer: A,B
Question No: 360 – (Topic 4)
Key elements of a business impact analysis should include which of the following tasks?
-
Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.
-
Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.
-
Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.
-
Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.
Answer: D
100% Dumps4cert Free Download!
–JK0-018 PDF
100% Dumps4cert Pass Guaranteed!
–JK0-018 Dumps
Dumps4cert | ExamCollection | Testking | |
---|---|---|---|
Lowest Price Guarantee | Yes | No | No |
Up-to-Dated | Yes | No | No |
Real Questions | Yes | No | No |
Explanation | Yes | No | No |
PDF VCE | Yes | No | No |
Free VCE Simulator | Yes | No | No |
Instant Download | Yes | No | No |