[Free] 2018(July) Dumps4cert CompTIA JK0-022 Dumps with VCE and PDF Download 651-660

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 July CompTIA Official New Released JK0-022
100% Free Download! 100% Pass Guaranteed!

CompTIA Academic/E2C Security Certification Exam Voucher Only

Question No: 651 – (Topic 4)

Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

  1. Fuzzing

  2. Patch management

  3. Error handling

  4. Strong passwords

Answer: C Explanation:

Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and should capture errors and exceptions so that they could be handled by the application.

Question No: 652 – (Topic 4)

The BEST methods for a web developer to prevent the website application code from being vulnerable to cross-site request forgery (XSRF) are to: (Select TWO).

  1. Permit redirection to Internet-facing web URLs.

  2. Ensure all HTML tags are enclosed in angle brackets, e.g., “lt;” and “gt;”.

  3. Validate and filter input on the server side and client side.

  4. Use a web proxy to pass website requests between the user and the application.

  5. Restrict and sanitize use of special characters in input and URLs.

Answer: C,E Explanation:

XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user’s knowledge.

XSRF can be prevented by adding a randomization string (called a nonce) to each URL request and session establishment and checking the client HTTP request header referrer for spoofing.

Question No: 653 – (Topic 4)

A team of firewall administrators have access to a `master password list’ containing service account passwords. Which of the following BEST protects the master password list?

  1. File encryption

  2. Password hashing

  3. USB encryption

  4. Full disk encryption

Answer: A Explanation:

File encryption can be used to protect the contents of individual files. It uses randomly generated symmetric encryption keys for the file and stores the key in an encrypted form using the user’s public key on the encrypted file.

Question No: 654 – (Topic 4)

Which of the following will allow Pete, a security analyst, to trigger a security alert because of a tracking cookie?

  1. Network based firewall

  2. Anti-spam software

  3. Host based firewall

  4. Anti-spyware software

Answer: D Explanation:

Spyware monitors a user’s activity and uses network protocols to reports it to a third party without the user’s knowledge. This is usually accomplished using a tracking cookie.

Question No: 655 – (Topic 4)

The call center supervisor has reported that many employees have been playing preinstalled games on company computers and this is reducing productivity.

Which of the following would be MOST effective for preventing this behavior?

  1. Acceptable use policies

  2. Host-based firewalls

  3. Content inspection

  4. Application whitelisting

Answer: D Explanation:

Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception list.

Question No: 656 – (Topic 4)

Joe, a network security engineer, has visibility to network traffic through network monitoring tools.

However, he’s concerned that a disgruntled employee may be targeting a server containing the company’s financial records. Which of the following security mechanism would be MOST appropriate to confirm Joe’s suspicion?

  1. HIDS

  2. HIPS

  3. NIPS

  4. NIDS

Answer: A Explanation:

A host-based IDS (HIDS) is an intrusion detection system that runs as a service on a host computer system. It is used to monitor the machine logs, system events, and application activity for signs of intrusion. It is useful for detecting attacks that originate outside the organization as well as attacks by internal users logged on to the system.

Question No: 657 – (Topic 4)

Which of the following types of encryption will help in protecting files on a PED?

  1. Mobile device encryption

  2. Transport layer encryption

  3. Encrypted hidden container

  4. Database encryption

Answer: A Explanation:

Device encryption encrypts the data on a Personal Electronic Device (PED). This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

Question No: 658 – (Topic 4)

A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator’s concerns?

  1. Install a mobile application that tracks read and write functions on the device.

  2. Create a company policy prohibiting the use of mobile devices for personal use.

  3. Enable GPS functionality to track the location of the mobile devices.

  4. Configure the devices so that removable media use is disabled.

Answer: D Explanation:

Mobile devices can be plugged into computers where they appear as an additional disk in the same way as a USB drive. This is known as removable media. This would enable users to copy company data onto the mobile devices. By disabling removable media use, the users will not be able to copy data onto the mobile devices.

Question No: 659 – (Topic 4)

Each server on a subnet is configured to only allow SSH access from the administrator’s workstation. Which of the following BEST describes this implementation?

  1. Host-based firewalls

  2. Network firewalls

  3. Network proxy

  4. Host intrusion prevention

Answer: A Explanation:

A host-based firewall is installed on a client system and is used to protect the client system from the activities of the user as well as from communication from the network or Internet. These firewalls manage network traffic using filters to block certain ports and protocols while allowing others to pass through the system.

Question No: 660 – (Topic 4)

After visiting a website, a user receives an email thanking them for a purchase which they did not request. Upon investigation the security administrator sees the following source code in a pop-up window:

lt;HTMLgt;

lt;body onload=quot;document.getElementByID(‘badForm’).submit()quot;gt;

lt;form id=quot;badFormquot; action=quot;shoppingsite.company.com/purchase.phpquot; method=quot;postquot; gt;

lt;input name=quot;Perform Purchasequot; value=quot;Perform Purchasequot;/gt;

lt;/formgt;

lt;/bodygt;

lt;/HTMLgt;

Which of the following has MOST likely occurred?

  1. SQL injection

  2. Cookie stealing

  3. XSRF

  4. XSS

Answer: C Explanation:

XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been authenticated. This is often accomplished without the user’s knowledge.

100% Dumps4cert Free Download!
Download Free Demo:JK0-022 Demo PDF
100% Dumps4cert Pass Guaranteed!
JK0-022 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.