[Free] 2018(June) Dumps4cert CompTIA JK0-018 Dumps with VCE and PDF Download 421-430

By | July 2, 2018

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 May CompTIA Official New Released JK0-018
100% Free Download! 100% Pass Guaranteed!

CompTIA Security E2C

Question No: 421 – (Topic 5)

A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?

  1. Dual-factor authentication

  2. Multifactor authentication

  3. Single factor authentication

  4. Biometric authentication

Answer: C

Question No: 422 – (Topic 5)

The security administrator is implementing a malware storage system to archive all malware seen by the company into a central database. The malware must be categorized and stored based on similarities in the code. Which of the following should the security administrator use to identify similar malware?

  1. TwoFish

  2. SHA-512

  3. Fuzzy hashes

  4. HMAC

Answer: C

Question No: 423 – (Topic 5)

The security administrator installed a newly generated SSL certificate onto the company web server. Due to a mis-configuration of the website, a downloadable file containing one of the pieces of the key was available to the public. It was verified that the disclosure did not require a reissue of the certificate. Which of the following was MOST likely compromised?

  1. The file containing the recovery agent’s keys.

  2. The file containing the public key.

  3. The file containing the private key.

  4. The file containing the server’s encrypted passwords.

Answer: B

Question No: 424 – (Topic 5)

After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?

  1. Privilege escalation

  2. Advanced persistent threat

  3. Malicious insider threat

  4. Spear phishing

Answer: B

Question No: 425 – (Topic 5)

Which of the following was launched against a company based on the following IDS log? – – [21/May/2012:00:17:20 1200] quot;GET


AAAAAAAAA HTTP/1.1quot; 200 2731 quot;http://www.company.com/cgi- bin/forum/commentary.pl/noframes/read/209quot; quot;Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar;

  1. SQL injection

  2. Buffer overflow attack

  3. XSS attack

  4. Online password crack

Answer: B

Question No: 426 – (Topic 5)

The security administrator is analyzing a user’s history file on a Unix server to determine if the user was attempting to break out of a rootjail. Which of the following lines in the user’s history log shows evidence that the user attempted to escape the rootjail?

A. cd ../../../../bin/bash

  1. whoami

  2. ls /root

  3. sudo -u root

Answer: A

Question No: 427 – (Topic 5)

A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application?

  1. Black box testing

  2. White box testing

  3. Gray box testing

  4. Design review

Answer: C

Question No: 428 – (Topic 5)

A security administrator must implement all requirements in the following corporate policy:

->Passwords shall be protected against offline password brute force attacks.

->Passwords shall be protected against online password brute force attacks.

Which of the following technical controls must be implemented to enforce the corporate policy? (Select THREE).

  1. Account lockout

  2. Account expiration

  3. Screen locks

  4. Password complexity

  5. Minimum password lifetime

  6. Minimum password length

Answer: A,D,F

Question No: 429 – (Topic 5)

Which of the following is a best practice for error and exception handling?

  1. Log detailed exception but display generic error message

  2. Display detailed exception but log generic error message

  3. Log and display detailed error and exception messages

  4. Do not log or display error or exception messages

Answer: A

Question No: 430 – (Topic 5)

A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?

  1. Database field encryption

  2. File-level encryption

  3. Data loss prevention system

  4. Full disk encryption

Answer: A

100% Dumps4cert Free Download!
Download Free Demo:JK0-018 Demo PDF
100% Dumps4cert Pass Guaranteed!
JK0-018 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.