[Free] 2018(Aug) Dumps4cert CompTIA JK0-018 Dumps with VCE and PDF Download 351-360

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug CompTIA Official New Released JK0-018
100% Free Download! 100% Pass Guaranteed!

CompTIA Security E2C

Question No: 351 – (Topic 4)

Ann, the security administrator, received a report from the security technician, that an unauthorized new user account was added to the server over two weeks ago. Which of the following could have mitigated this event?

  1. Routine log audits

  2. Job rotation

  3. Risk likelihood assessment

  4. Separation of duties

Answer: A

Question No: 352 – (Topic 4)

Which of the following ports should be opened on a firewall to allow for NetBIOS communication? (Select TWO).

A. 110

B. 137

C. 139

D. 143

E. 161

F. 443

Answer: B,C

Question No: 353 – (Topic 4)

Joe, the systems administrator, is setting up a wireless network for his team’s laptops only and needs to prevent other employees from accessing it. Which of the following would BEST address this?

  1. Disable default SSID broadcasting.

  2. Use WPA instead of WEP encryption.

  3. Lower the access point’s power settings.

  4. Implement MAC filtering on the access point.

Answer: D

Question No: 354 – (Topic 4)

After Ann, a user, logs into her banking websites she has access to her financial institution mortgage, credit card, and brokerage websites as well. Which of the following is being

described?

  1. Trusted OS

  2. Mandatory access control

  3. Separation of duties

  4. Single sign-on

Answer: D

Question No: 355 – (Topic 4)

Which of the following means of wireless authentication is easily vulnerable to spoofing?

  1. MAC Filtering

  2. WPA – LEAP

  3. WPA – PEAP

  4. Enabled SSID

Answer: A

Question No: 356 – (Topic 4)

Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?

  1. Disk encryption

  2. Encryption policy

  3. Solid state drive

  4. Mobile device policy

Answer: A

Question No: 357 – (Topic 4)

The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) is to: (Select TWO).

  1. Permit redirection to Internet-facing web URLs.

  2. Ensure all HTML tags are enclosed in angle brackets, e.g., “lt;” and “gt;”.

  3. Validate and filter input on the server side and client side.

  4. Use a web proxy to pass website requests between the user and the application.

  5. Restrict and sanitize use of special characters in input and URLs.

Answer: C,E

Question No: 358 – (Topic 4)

When an order was submitted via the corporate website, an administrator noted special characters (e.g., “;-” and “or 1=1 -“) were input instead of the expected letters and numbers. Which of the following is the MOST likely reason for the unusual results?

  1. The user is attempting to highjack the web server session using an open-source browser.

  2. The user has been compromised by a cross-site scripting attack (XSS) and is part of a botnet performing DDoS attacks.

  3. The user is attempting to fuzz the web server by entering foreign language characters which are incompatible with the website.

  4. The user is sending malicious SQL injection strings in order to extract sensitive company or customer data via the website.

Answer: D

Question No: 359 – (Topic 4)

When a communications plan is developed for disaster recovery and business continuity plans, the MOST relevant items to include would bE. (Select TWO).

  1. Methods and templates to respond to press requests, institutional and regulatory reporting requirements.

  2. Methods to exchange essential information to and from all response team members, employees, suppliers, and customers.

  3. Developed recovery strategies, test plans, post-test evaluation and update processes.

  4. Defined scenarios by type and scope of impact and dependencies, with quantification of loss potential.

  5. Methods to review and report on system logs, incident response, and incident handling.

Answer: A,B

Question No: 360 – (Topic 4)

Key elements of a business impact analysis should include which of the following tasks?

  1. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.

  2. Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.

  3. Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.

  4. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.

Answer: D

100% Dumps4cert Free Download!
JK0-018 PDF
100% Dumps4cert Pass Guaranteed!
JK0-018 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No