[Free] 2017(Nov) Dumps4cert Testinsides CompTIA JK0-022 Dumps with VCE and PDF Download 381-390

Dumps4cert 2017 Nov CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/JK0-022.html

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 381 – (Topic 2)

Several employees have been printing files that include personally identifiable information of customers. Auditors have raised concerns about the destruction of these hard copies after they are created, and management has decided the best way to address this concern is by preventing these files from being printed.

Which of the following would be the BEST control to implement?

  1. File encryption

  2. Printer hardening

  3. Clean desk policies

  4. Data loss prevention

Answer: D Explanation:

Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. This would address the concerns of the auditors.

Question No: 382 – (Topic 2)

Which of the following statements is MOST likely to be included in the security awareness training about P2P?

  1. P2P is always used to download copyrighted material.

  2. P2P can be used to improve computer system response.

  3. P2P may prevent viruses from entering the network.

  4. P2P may cause excessive network bandwidth.

Answer: D Explanation:

P2P networking by definition involves networking which will reduce available bandwidth for the rest of the users on the network.

Question No: 383 – (Topic 2)

Which of the following provides the BEST explanation regarding why an organization needs to implement IT security policies?

  1. To ensure that false positives are identified

  2. To ensure that staff conform to the policy

  3. To reduce the organizational risk

  4. To require acceptable usage of IT systems

Answer: C Explanation:

Once risks has been identified and assessed then there are five possible actions that should be taken. These are: Risk avoidance, Risk transference, Risk mitigation, Risk deterrence and Risk acceptance. Anytime you engage in steps to reduce risk, you are busy with risk mitigation and implementing IT security policy is a risk mitigation strategy.

Question No: 384 – (Topic 2)

Which of the following concepts is BEST described as developing a new chain of command in the event of a contingency?

  1. Business continuity planning

  2. Continuity of operations

  3. Business impact analysis

  4. Succession planning

Answer: D Explanation:

Succession planning outlines those internal to the organization who have the ability to step into positions when they open. By identifying key roles that cannot be left unfilled and associating internal employees who can step into these roles, you can groom those employees to make sure that they are up to speed when it comes time for them to fill those positions.

Question No: 385 – (Topic 2)

Which of the following is a security risk regarding the use of public P2P as a method of collaboration?

  1. Data integrity is susceptible to being compromised.

  2. Monitoring data changes induces a higher cost.

  3. Users are not responsible for data usage tracking.

  4. Limiting the amount of necessary space for data storage.

Answer: A Explanation:

Peer-to-peer (P2P) networking is commonly used to share files such as movies and music,

but you must not allow users to bring in devices and create their own little networks. All networking must be done through administrators and not on a P2P basis. Data integrity can easily be compromised when using public P2P networking.

Question No: 386 – (Topic 2)

The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available?

  1. Cloud computing

  2. Full disk encryption

  3. Data Loss Prevention

  4. HSM

Answer: A Explanation:

Cloud computing means hosting services and data on the Internet instead of hosting it locally. There is thus no issue when the company’s server is taken offline.

Question No: 387 – (Topic 2)

While rarely enforced, mandatory vacation policies are effective at uncovering:

  1. Help desk technicians with oversight by multiple supervisors and detailed quality control systems.

  2. Collusion between two employees who perform the same business function.

  3. Acts of incompetence by a systems engineer designing complex architectures as a member of a team.

  4. Acts of gross negligence on the part of system administrators with unfettered access to system and no oversight.

Answer: D Explanation:

Least privilege (privilege reviews) and job rotation is done when mandatory vacations are

implemented. Then it will uncover areas where the system administrators neglected to check all users’ privileges since the other users must fill in their positions when they are on their mandatory vacation.

Question No: 388 – (Topic 2)

An email client says a digital signature is invalid and the sender cannot be verified. The recipient is concerned with which of the following concepts?

  1. Integrity

  2. Availability

  3. Confidentiality

  4. Remediation

Answer: A Explanation:

A digital signature is similar in function to a standard signature on a document. It validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Digital Signatures is used to validate the integrity of the message and the sender. Integrity means the message can’t be altered without detection.

Question No: 389 – (Topic 2)

A certificate used on an ecommerce web server is about to expire. Which of the following will occur if the certificate is allowed to expire?

  1. The certificate will be added to the Certificate Revocation List (CRL).

  2. Clients will be notified that the certificate is invalid.

  3. The ecommerce site will not function until the certificate is renewed.

  4. The ecommerce site will no longer use encryption.

Answer: B Explanation:

A similar process to certificate revocation will occur when a certificate is allowed to expire. Notification will be sent out to clients of the invalid certificate. The process of revoking a

certificate begins when the CA is notified that a particular certificate needs to be revoked. This must be done whenever the private key becomes known. The owner of a certificate can request that it be revoked at any time, or the administrator can make the request.

Question No: 390 – (Topic 2)

An internal auditor is concerned with privilege creep that is associated with transfers inside the company. Which mitigation measure would detect and correct this?

  1. User rights reviews

  2. Least privilege and job rotation

  3. Change management

  4. Change Control

Answer: A Explanation:

A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. This means that a user rights review will reveal whether user accounts have been assigned according to their ‘new’ job descriptions , or if there are privilege creep culprits after transfers has occurred.

100% Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert JK0-022 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE

Leave a Reply

Your email address will not be published. Required fields are marked *