[Free] 2018(Aug) Dumps4cert CompTIA JK0-022 Dumps with VCE and PDF Download 411-420

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 411 – (Topic 2)

It is important to staff who use email messaging to provide PII to others on a regular basis to have confidence that their messages are not intercepted or altered during transmission. They are concerned about which of the following types of security control?

  1. Integrity

  2. Safety

  3. Availability

  4. Confidentiality

Answer: A Explanation:

Integrity means that the messages/ data is not altered. PII is personally identifiable

information that can be used to uniquely identify an individual. PII can be used to ensure the integrity of data/messages.

Question No: 412 – (Topic 2)

After an audit, it was discovered that the security group memberships were not properly adjusted for employees’ accounts when they moved from one role to another. Which of the following has the organization failed to properly implement? (Select TWO).

  1. Mandatory access control enforcement.

  2. User rights and permission reviews.

  3. Technical controls over account management.

  4. Account termination procedures.

  5. Management controls over account management.

  6. Incident management and response plan.

Answer: B,E Explanation:

Reviewing user rights and permissions can be used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation and their job descriptions since they were all moved to different roles.

Control over account management would have taken into account the different roles that employees have and adjusted the rights and permissions of these roles accordingly.

Question No: 413 – (Topic 2)

After recovering from a data breach in which customer data was lost, the legal team meets with the Chief Security Officer (CSO) to discuss ways to better protect the privacy of customer data.

Which of the following controls support this goal?

  1. Contingency planning

  2. Encryption and stronger access control

  3. Hashing and non-repudiation

  4. Redundancy and fault tolerance

Answer: B Explanation:

Encryption is used to protect data/contents/documents. Access control refers to controlling who accesses any data/contents/documents and to exercise authorized control to the accessing of that data.

Question No: 414 – (Topic 2)

A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation. Which of the following BEST describes the procedure and security rationale for performing such reviews?

  1. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned.

  2. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work effectively.

  3. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced.

  4. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources.

Answer: A Explanation:

Reviewing user permissions and group memberships form part of a privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of the corporation.

Question No: 415 – (Topic 2)

In which of the following steps of incident response does a team analyse the incident and determine steps to prevent a future occurrence?

  1. Mitigation

  2. Identification

  3. Preparation

  4. Lessons learned

Answer: D Explanation:

Incident response procedures involves in chronological order: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Thus lessons are only learned after the mitigation occurred. For only then can you ‘step back’ and analyze the incident to prevent the same occurrence in future.

Question No: 416 DRAG DROP – (Topic 2)

A security administrator wants to implement strong security on the company smart phones and terminal servers located in the data center. Drag and drop the applicable controls to each asset type.

Instructions: Controls can be used multiple times and not all placeholders need to be filled. When you have completed the simulation, please select the Done button to submit.

Dumps4Cert 2018 PDF and VCE


Dumps4Cert 2018 PDF and VCE


Dumps4Cert 2018 PDF and VCE

Macintosh HD:Users:danielkeller:Desktop:Screen Shot 2015-07-28 at 4.16.31 PM.png


Dulaney, Emmett and Chuck Eastton, CompTIA Security Study Guide, Sixth Edition,

Sybex, Indianapolis, 2014, pp 221, 222, 369, 418 http://www.mentor-app.com/

Question No: 417 – (Topic 2)

Developers currently have access to update production servers without going through an approval process. Which of the following strategies would BEST mitigate this risk?

  1. Incident management

  2. Clean desk policy

  3. Routine audits

  4. Change management

Answer: D Explanation:

Change Management is a risk mitigation approach and refers to the structured approach that is followed to secure a company’s assets. This structured approach involves policies that should be in place and technological controls that should be enforced.

Question No: 418 – (Topic 2)

A security team has established a security awareness program. Which of the following would BEST prove the success of the program?

  1. Policies

  2. Procedures

  3. Metrics

  4. Standards

Answer: C Explanation:

All types of training should be followed up- be tested to see if it worked and how much was learned in the training process. You must follow up and gather training metrics to validate

compliance and security posture. By training metrics, we mean some quantifiable method for determining the efficacy of training.

Question No: 419 – (Topic 2)

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a database administrator performing several other job functions within the company. Which of the following is the BEST method to prevent such activities in the future?

  1. Job rotation

  2. Separation of duties

  3. Mandatory Vacations

  4. Least Privilege

Answer: B Explanation:

Separation of duties means that users are granted only the permissions they need to do their work and no more. More so it means that you are employing best practices. The segregation of duties and separation of environments is a way to reduce the likelihood of misuse of systems or information. A separation of duties policy is designed to reduce the risk of fraud and to prevent other losses in an organization.

Question No: 420 – (Topic 2)

Human Resources (HR) would like executives to undergo only two specific security training programs a year. Which of the following provides the BEST level of security training for the executives? (Select TWO).

  1. Acceptable use of social media

  2. Data handling and disposal

  3. Zero day exploits and viruses

  4. Phishing threats and attacks

  5. Clean desk and BYOD

  6. Information security awareness

Answer: D,F


Managers/ i.e. executives in the company are concerned with more global issues in the organization, including enforcing security policies and procedures. Managers should receive additional training or exposure that explains the issues, threats, and methods of dealing with threats. Management will also be concerned about productivity impacts and enforcement and how the various departments are affected by security policies.

Phishing is a form of social engineering in which you ask someone for a piece of information that you are missing by making it look as if it is a legitimate request. An email might look as if it is from a bank and contain some basic information, such as the user’s name. Executives an easily fall prey to phishing if they are not trained to lookout for these attacks.

100% Dumps4cert Free Download!
JK0-022 PDF
100% Dumps4cert Pass Guaranteed!
JK0-022 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com