Latest Certified Success Dumps Download

JK0-022 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Braindumps CompTIA JK0-022 Dumps with VCE and PDF 311-320

September 18, 2017

2017 Sep CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 311 – (Topic 2)

A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect’s emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered.

Which of the following is occurring?

  1. The user is encrypting the data in the outgoing messages.

  2. The user is using steganography.

  3. The user is spamming to obfuscate the activity.

  4. The user is using hashing to embed data in the emails.

Answer: B Explanation:

Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. It is also the process of hiding a message in a medium such as a digital image, audio fi le, or other fi le. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message.

Question No: 312 – (Topic 2)

A security administrator has just finished creating a hot site for the company. This implementation relates to which of the following concepts?

  1. Confidentiality

  2. Availability

  3. Succession planning

  4. Integrity

Answer: B Explanation:

Simply making sure that the data and systems are available for authorized users is what availability is all about. Data backups, redundant systems, and disaster recovery plans all support availability. And creating a hot site is about providing availability.

Question No: 313 – (Topic 2)

Digital signatures are used for ensuring which of the following items? (Select TWO).

  1. Confidentiality

  2. Integrity

  3. Non-Repudiation

  4. Availability

  5. Algorithm strength

Answer: B,C Explanation:

A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message.

Nonrepudiation prevents one party from denying actions that they carried out and in the electronic world nonrepudiation measures can be a two-key cryptographic system and the involvement of a third party to verify the validity. This respected third party ‘vouches’ for the individuals in the two-key system. Thus non-repudiation also impacts on integrity.

Question No: 314 – (Topic 2)

Key elements of a business impact analysis should include which of the following tasks?

  1. Develop recovery strategies, prioritize recovery, create test plans, post-test evaluation, and update processes.

  2. Identify institutional and regulatory reporting requirements, develop response teams and communication trees, and develop press release templates.

  3. Employ regular preventive measures such as patch management, change management, antivirus and vulnerability scans, and reports to management.

  4. Identify critical assets systems and functions, identify dependencies, determine critical downtime limit, define scenarios by type and scope of impact, and quantify loss potential.

Answer: D Explanation:

The key components of a Business impact analysis (BIA) include: Identifying Critical Functions

Prioritizing Critical Business Functions Calculating a Timeframe for Critical Systems Loss

Estimating the Tangible and Intangible Impact on the Organization

Question No: 315 – (Topic 2)

Which of the following is the primary security concern when deploying a mobile device on a network?

  1. Strong authentication

  2. Interoperability

  3. Data security

  4. Cloud storage technique

Answer: C Explanation:

Mobile devices, such as laptops, tablet computers, and smartphones, provide security challenges above those of desktop workstations, servers, and such in that they leave the office and this increases the odds of their theft which makes data security a real concern. At a bare minimum, the following security measures should be in place on mobile devices: Screen lock, Strong password, Device encryption, Remote Wipe or Sanitation, voice encryption, GPS tracking, Application control, storage segmentation, asses tracking and device access control.

Question No: 316 – (Topic 2)

A security administrator wants to deploy a physical security control to limit an individual’s access into a sensitive area. Which of the following should be implemented?

  1. Guards

  2. CCTV

  3. Bollards

  4. Spike strip

Answer: A Explanation:

A guard can be intimidating and respond to a situation and in a case where you want to limit an individual’s access to a sensitive area a guard would be the most effective.

Question No: 317 – (Topic 2)

A security administrator is reviewing the company’s continuity plan. The plan specifies an

RTO of six hours and RPO of two days. Which of the following is the plan describing?

  1. Systems should be restored within six hours and no later than two days after the incident.

  2. Systems should be restored within two days and should remain operational for at least six hours.

  3. Systems should be restored within six hours with a minimum of two days worth of data.

  4. Systems should be restored within two days with a minimum of six hours worth of data.

Answer: C Explanation:

The recovery time objective (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable. Beyond this time, the break in business continuity is considered to affect the business negatively. The RTO is agreed on during the business impact analysis (BIA) creation. The recovery point objective (RPO) is similar to RTO, but it defines the point at which the system needs to be restored. This could be where the system was two days before it crashed (whip out the old backup tapes) or five minutes before it crashed (requiring complete redundancy). As a general rule, the closer the RPO matches the item of the crash, the more expensive it is to obtain.

Question No: 318 – (Topic 2)

A security administrator plans on replacing a critical business application in five years. Recently, there was a security flaw discovered in the application that will cause the IT department to manually re-enable user accounts each month at a cost of $2,000. Patching the application today would cost $140,000 and take two months to implement. Which of the following should the security administrator do in regards to the application?

  1. Avoid the risk to the user base allowing them to re-enable their own accounts

  2. Mitigate the risk by patching the application to increase security and saving money

  3. Transfer the risk replacing the application now instead of in five years

  4. Accept the risk and continue to enable the accounts each month saving money

Answer: D Explanation:

This is a risk acceptance measure that has to be implemented since the cost of patching would be too high compared to the cost to keep the system going as is. Risk acceptance is often the choice you must make when the cost of implementing any of the other four

choices (i.e. risk deterrence, mitigation, transference or avoidance) exceeds the value of the harm that would occur if the risk came to fruition.

Question No: 319 – (Topic 2)

Which of the following is the BEST approach to perform risk mitigation of user access control rights?

  1. Conduct surveys and rank the results.

  2. Perform routine user permission reviews.

  3. Implement periodic vulnerability scanning.

  4. Disable user accounts that have not been used within the last two weeks.

Answer: B Explanation:

Risk mitigation is accomplished any time you take steps to reduce risk. This category includes installing antivirus software, educating users about possible threats, monitoring network traffic, adding a firewall, and so on. User permissions may be the most basic aspect of security and is best coupled with a principle of least privilege. And related to permissions is the concept of the access control list (ACL). An ACL is literally a list of who can access what resource and at what level. Thus the best risk mitigation steps insofar as access control rights are concerned, is the regular/routine review of user permissions.

Question No: 320 – (Topic 2)

A small business needs to incorporate fault tolerance into their infrastructure to increase data availability. Which of the following options would be the BEST solution at a minimal cost?

  1. Clustering

  2. Mirrored server

  3. RAID

  4. Tape backup

Answer: C Explanation:

RAID, or redundant array of independent disks (RAID). RAID allows your existing servers to have more than one hard drive so that if the main hard drive fails, the system keeps functioning. RAID can achieve fault tolerance using software which can be done using the existing hardware and software.

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass JK0-022 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE