[Free] 2018(Aug) Dumps4cert CompTIA JK0-022 Dumps with VCE and PDF Download 331-340

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 331 – (Topic 2)

Which of the following is the MOST important step for preserving evidence during forensic procedures?

  1. Involve law enforcement

  2. Chain of custody

  3. Record the time of the incident

  4. Report within one hour of discovery

Answer: B Explanation:

Chain of custody deals with how evidence is secured, where it is stored, and who has access to it. When you begin to collect evidence, you must keep track of that evidence at all times and show who has it, who has seen it, and where it has been. The evidence must always be within your custody, or you’re open to dispute about possible evidence tampering. Thus to preserve evidence during a forensic procedure the chain of custody is of utmost importance.

Question No: 332 – (Topic 2)

A company has decided to move large data sets to a cloud provider in order to limit the costs of new infrastructure. Some of the data is sensitive and the Chief Information Officer wants to make sure both parties have a clear understanding of the controls needed to protect the data.

Which of the following types of interoperability agreement is this?

  1. ISA

  2. MOU

  3. SLA

  4. BPA

Answer: A Explanation:

ISA/ Interconnection Security Agreement is an agreement between two organizations that

have connected systems. The agreement documents the technical requirements of the connected systems.

Question No: 333 – (Topic 2)

XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night.

The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?

  1. Social media policy

  2. Data retention policy

  3. CCTV policy

  4. Clean desk policy

Answer: D Explanation:

Clean Desk Policy Information on a desk-in terms of printouts, pads of note paper, sticky notes, and the like-can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk.

Question No: 334 – (Topic 2)

Which of the following is a Data Loss Prevention (DLP) strategy and is MOST useful for securing data in use?

  1. Email scanning

  2. Content discovery

  3. Database fingerprinting

  4. Endpoint protection

Answer: D Explanation:

Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. DLP systems share commonality with network intrusion prevention systems. Endpoint protection provides security and management over both physical and virtual environments.

Question No: 335 – (Topic 2)

The incident response team has received the following email message.

From: monitor@ext-company.com To: security@company.com Subject: Copyright infringement

A copyright infringement alert was triggered by IP address at 09: 50: 01 GMT.

After reviewing the following web logs for IP, the team is unable to correlate and identify the incident.

09: 45: 33 http: //remote.site.com/login.asp?user=john

09: 50: 22 http: //remote.site.com/logout.asp?user=anne

10: 50: 01 http: //remote.site.com/access.asp?file=movie.mov

11: 02: 45 http: //remote.site.com/download.asp?movie.mov=ok

Which of the following is the MOST likely reason why the incident response team is unable to identify and correlate the incident?

  1. The logs are corrupt and no longer forensically sound.

  2. Traffic logs for the incident are unavailable.

  3. Chain of custody was not properly maintained.

  4. Incident time offsets were not accounted for.

Answer: D


It is quite common for workstation times to be off slightly from actual time, and that can happen with servers as well. Since a forensic investigation is usually dependent on a step- by-step account of what has happened, being able to follow events in the correct time sequence is critical. Because of this, it is imperative to record the time offset on each affected machine during the investigation. One method of assisting with this is to add an entry to a log file and note the time that this was done and the time associated with it on the system.

Question No: 336 – (Topic 2)

Matt, a security analyst, needs to implement encryption for company data and also prevent theft of company data. Where and how should Matt meet this requirement?

  1. Matt should implement access control lists and turn on EFS.

  2. Matt should implement DLP and encrypt the company database.

  3. Matt should install Truecrypt and encrypt the company server.

  4. Matt should install TPMs and encrypt the company database.

Answer: B Explanation:

Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. Encryption is used to protect data.

Question No: 337 – (Topic 2)

Which of the following helps to apply the proper security controls to information?

  1. Data classification

  2. Deduplication

  3. Clean desk policy

  4. Encryption

Answer: A


Information classification is done by confidentiality and comprises of three categories, namely: public use, internal use and restricted use. These categories make applying the appropriate policies and security controls practical.

Question No: 338 – (Topic 2)

An administrator wants to minimize the amount of time needed to perform backups during the week. It is also acceptable to the administrator for restoration to take an extended time frame.

Which of the following strategies would the administrator MOST likely implement?

  1. Full backups on the weekend and incremental during the week

  2. Full backups on the weekend and full backups every day

  3. Incremental backups on the weekend and differential backups every day

  4. Differential backups on the weekend and full backups every day

Answer: A Explanation:

A full backup is a complete, comprehensive backup of all fi les on a disk or server. The full backup is current only at the time it’s performed. Once a full backup is made, you have a complete archive of the system at that point in time. A system shouldn’t be in use while it undergoes a full backup because some fi les may not get backed up. Once the system goes back into operation, the backup is no longer current. A full backup can be a time- consuming process on a large system.

An incremental backup is a partial backup that stores only the information that has been changed since the last full or the last incremental backup. If a full backup were performed on a Sunday night, an incremental backup done on Monday night would contain only the information that changed since Sunday night. Such a backup is typically considerably smaller than a full backup. Each incremental backup must be retained until a full backup can be performed. Incremental backups are usually the fastest backups to perform on most systems, and each incremental backup tape is relatively small.

Question No: 339 – (Topic 2)

Various network outages have occurred recently due to unapproved changes to network and security devices. All changes were made using various system credentials. The security analyst has been tasked to update the security policy. Which of the following risk mitigation strategies would also need to be implemented to reduce the number of network outages due to unauthorized changes?

  1. User rights and permissions review

  2. Configuration management

  3. Incident management

  4. Implement security controls on Layer 3 devices

Answer: A Explanation:

Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions. Also reviewing user rights and permissions will afford the security analyst the opportunity to put the principle of least privilege in practice as well as update the security policy

Question No: 340 – (Topic 2)

Which of the following assets is MOST likely considered for DLP?

  1. Application server content

  2. USB mass storage devices

  3. Reverse proxy

  4. Print server

Answer: B Explanation:

Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data. A USB presents the most likely device to be used to steal data because of its physical size.

100% Dumps4cert Free Download!
JK0-022 PDF
100% Dumps4cert Pass Guaranteed!
JK0-022 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com