Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
JK0-022 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 271-280

September 18, 2017

EnsurePass
2017 Sep CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/JK0-022.html

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 271 – (Topic 2)

Which of the following should Joe, a security manager, implement to reduce the risk of employees working in collusion to embezzle funds from his company?

  1. Privacy Policy

  2. Least Privilege

  3. Acceptable Use

  4. Mandatory Vacations

Answer: D Explanation:

When one person fills in for another, such as for mandatory vacations, it provides an opportunity to see what the person is doing and potentially uncover any fraud.

Question No: 272 – (Topic 2)

A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?

  1. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.

  2. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan.

  3. Format the storage and reinstall both the OS and the data from the most current backup.

  4. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.

Answer: A Explanation:

Rootkits are software programs that have the ability to hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display-the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like. The best way to handle this situation is to wipe the server and reinstall the operating system with the original installation disks and then restore the extracted data from your last known good backup. This way you can eradicate the rootkit and restore the data.

Question No: 273 – (Topic 2)

The method to provide end users of IT systems and applications with requirements related to acceptable use, privacy, new threats and trends, and use of social networking is:

  1. Security awareness training.

  2. BYOD security training.

  3. Role-based security training.

  4. Legal compliance training.

Answer: A Explanation:

Security awareness and training are critical to the success of a security effort. They include explaining policies, procedures, and current threats to both users and management.

Question No: 274 – (Topic 2)

Joe, a user, wants to send an encrypted email to Ann. Which of the following will Ann need to use to verify the validity’s of Joe’s certificate? (Select TWO).

  1. The CA’s public key

  2. Joe’s private key

  3. Ann’s public key

  4. The CA’s private key

  5. Joe’s public key

  6. Ann’s private key

Answer: A,E Explanation:

Joe wants to send a message to Ann. It’s important that this message not be altered. Joe will use the private key to create a digital signature. The message is, in effect, signed with the private key. Joe then sends the message to Ann. Ann will use the public key attached to the message to validate the digital signature. If the values match, Ann knows the message is authentic and came from Joe. Ann will use a key provided by Joe-the public key-to decrypt the message. Most digital signature implementations also use a hash to verify that the message has not been altered, intentionally or accidently, in transit. Thus Ann would compare the signature area referred to as a message in the message with the calculated value digest (her private key in this case). If the values match, the message hasn’t been tampered with and the originator is verified as the person they claim to be. This process provides message integrity, nonrepudiation, and authentication.

A certificate authority (CA) is an organization that is responsible for issuing, revoking, and distributing certificates. A certificate is nothing more than a mechanism that associates the public key with an individual.

If Joe wants to send Ann an encrypted e-mail, there should be a mechanism to verify to Ann that the message received from Mike is really from Joe. If a third party (the CA) vouches for Joe and Ann trusts that third party, Ann can assume that the message is authentic because the third party says so.

Question No: 275 – (Topic 2)

The Chief Technical Officer (CTO) has tasked The Computer Emergency Response Team (CERT) to develop and update all Internal Operating Procedures and Standard Operating Procedures documentation in order to successfully respond to future incidents. Which of the following stages of the Incident Handling process is the team working on?

  1. Lessons Learned

  2. Eradication

  3. Recovery

  4. Preparation

Answer: D Explanation:

Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Developing and updating all internal operating and standard operating procedures documentation to handle future incidents is preparation.

Question No: 276 – (Topic 2)

Which of the following concepts are included on the three sides of the quot;security trianglequot;? (Select THREE).

  1. Confidentiality

  2. Availability

  3. Integrity

  4. Authorization

  5. Authentication

  6. Continuity

Answer: A,B,C Explanation:

Confidentiality, integrity, and availability are the three most important concepts in security. Thus they form the security triangle.

Question No: 277 – (Topic 2)

End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:

  1. Date of birth.

  2. First and last name.

  3. Phone number.

  4. Employer name.

Answer: A Explanation:

Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Date of birth is personally identifiable information.

Question No: 278 – (Topic 2)

Mandatory vacations are a security control which can be used to uncover which of the following?

  1. Fraud committed by a system administrator

  2. Poor password security among users

  3. The need for additional security staff

  4. Software vulnerabilities in vendor code

Answer: A Explanation:

Mandatory vacations also provide an opportunity to discover fraud apart from the obvious benefits of giving employees a chance to refresh and making sure that others in the company can fill those positions and make the company less dependent on those persons; a sort pf replication and duplication at all levels.

Question No: 279 – (Topic 2)

A company is trying to implement physical deterrent controls to improve the overall security posture of their data center. Which of the following BEST meets their goal?

  1. Visitor logs

  2. Firewall

  3. Hardware locks

  4. Environmental monitoring

Answer: C Explanation:

Hardware security involves applying physical security modifications to secure the system(s) and preventing them from leaving the facility. Don’t spend all of your time worrying about intruders coming through the network wire while overlooking the obvious need for physical security. Hardware security involves the use of locks to prevent someone from picking up and carrying out your equipment.

Question No: 280 – (Topic 2)

A security administrator needs to update the OS on all the switches in the company. Which of the following MUST be done before any actual switch configuration is performed?

  1. The request needs to be sent to the incident management team.

  2. The request needs to be approved through the incident management process.

  3. The request needs to be approved through the change management process.

  4. The request needs to be sent to the change management team.

Answer: C Explanation:

Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. Thus the actual switch configuration should first be subject to the change management approval.

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass JK0-022 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE