XYZ Corporation is about to purchase another company to expand its operations. The CEO is concerned about information leaking out, especially with the cleaning crew that comes in at night.
The CEO would like to ensure no paper files are leaked. Which of the following is the BEST policy to implement?
A. Social media policy
B. Data retention policy
C. CCTV policy
D. Clean desk policy
Correct Answer: D
Clean Desk Policy Information on a desk--in terms of printouts, pads of note paper, sticky notes, and the like--can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk.
Incorrect Answers:
A: Social media policy will refer to data made available over the network and not paper files which represent hard copies.
B: Data retention policies refer to the period that data should be kept.
C: CCTV refers to an aspect of video surveillance and not paper files.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 369
Question 442:
The manager has a need to secure physical documents every night, since the company began enforcing the clean desk policy. The BEST solution would include: (Select TWO).
A. Fire- or water-proof safe.
B. Department door locks.
C. Proximity card.
D. 24-hour security guard.
E. Locking cabinets and drawers.
Correct Answer: AE
Using a safe and locking cabinets to protect backup media, documentation, and any other physical artifacts that could do harm if they fell into the wrong hands would form part of keeping employees desks clean as in a clean desk policy.
Incorrect Answers:
B: Door lock will keep intruders out of the rooms and buildings. It does not keep the desk clean.
C: Proximity cards are in essence any card or ID that would be used with a card reader that will grant legitimate users access to an area, room or building it does not interfere with the clean desk policy.
D: Security guards are used to keep intruders out.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 369-370, 373
Question 443:
Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?
A. Record time offset
B. Clean desk policy
C. Cloud computing
D. Routine log review
Correct Answer: B
Clean Desk Policy Information on a desk--in terms of printouts, pads of note paper, sticky notes, and the like--can be easily seen by prying eyes and taken by thieving hands. To protect data and your business, encourage employees to
maintain clean desks and to leave out only those papers that are relevant to the project they are working on at that moment. All sensitive information should be put away when the employee is away from their desk. This will mitigate the risk of
data loss when applied.
Incorrect Answers:
A: Record time offset is usually critical in the event of forensic investigations.
C: Cloud computing means hosting services and data on the Internet instead of hosting it locally. This poses a security risk and you will need to apply measures to mitigate the risk.
D: Routine log reviews, albeit system logs or event logs, or audit logs, security log or access logs, are used to monitor and diagnose networks.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 196, 453
Question 444:
Why would a technician use a password cracker?
A. To look for weak passwords on the network
B. To change a user's passwords when they leave the company
C. To enforce password complexity requirements
D. To change users passwords if they have forgotten them
Correct Answer: A
A password cracker will be able to expose weak passwords on a network.
Incorrect Answers:
B: Changing users' passwords when they leave the company is not advisable why not just eliminate their passwords to mitigate risk.
C: Enforcing password complexity would make the password stronger and not easily crackable.
D: If users happen to forget their passwords, then they should request a change in password rather than a technician using a password cracker.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 407
Question 445:
Results from a vulnerability analysis indicate that all enabled virtual terminals on a router can be accessed using the same password. The company's network device security policy mandates that at least one virtual terminal have a different password than the other virtual terminals. Which of the following sets of commands would meet this requirement?
A. line vty 0 6 P@s5W0Rd password line vty 7 Qwer++!Y password
B. line console 0 password password line vty 0 4 password P@s5W0Rd
C. line vty 0 3 password Qwer++!Y line vty 4 password P@s5W0Rd
D. line vty 0 3 password Qwer++!Y line console 0 password P@s5W0Rd
Correct Answer: C
The VTY lines are the Virtual Terminal lines of the router, used solely to control inbound Telnet connections. They are virtual, in the sense that they are a function of software - there is no hardware associated with them.
Two numbers follow the keyword VTY because there is more than one VTY line for router access. The default number of lines is five on many Cisco routers. Here, I'm configuring one password for all terminal (VTY) lines. I can specify the
actual terminal or VTY line numbers as a range. The syntax that you'll see most often, vty 0 4, covers all five terminal access lines.
Incorrect Answers:
A: The number 6 is highly unlikely to be used since the default number of lines is 5 on most Cisco routers.
B: Using a 0 vty means that there are no passwords.
D: The command will not yield a different password for the virtual terminal.
Which of the following is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead?
A. Enticement
B. Entrapment
C. Deceit
D. Sting
Correct Answer: B
Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead. Entrapment is a valid legal defense in a criminal prosecution.
Incorrect Answers:
A: Enticement is the process of luring someone into your plan or trap.
C: Deceit is an act to propagate beliefs of things that are not true.
D: According to Wikipedia a sting is a deceptive operation designed to catch a person committing a crime. Almost akin to setting a honey trap.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 65 http://en.wikipedia.org/wiki/Sting_operation
Question 447:
In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?
A. Security control frameworks
B. Best practice
C. Access control methodologies
D. Compliance activity
Correct Answer: B
Best practices are based on what is known in the industry and those methods that have consistently shown superior results over those achieved by other means. Furthermore best practices are applied to all aspects in the work environment.
Incorrect Answers:
A: Security control frameworks refer to the backbone of SAFE (architecture) and unification is the underlying key to security which incorporates all ptrs of the network, including the WAN, the extranet, the Internet, and the intranet.
C: Access control methodologies refer to Mandatory- Discretionary- and Rule-based access control types that can be implemented.
D: Compliance activity usually comes into focus when a third party involvement is being considered.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 29
Question 448:
What is the term for the process of luring someone in (usually done by an enforcement officer or a government agent)?
A. Enticement
B. Entrapment
C. Deceit
D. Sting
Correct Answer: A
Enticement is the process of luring someone into your plan or trap.
Incorrect Answers:
B: Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead. Entrapment is a valid legal defense in a criminal prosecution.
C: Deceit is an act to propagate beliefs of things that are not true.
D: According to Wikipedia a sting is a deceptive operation designed to catch a person committing a crime. Almost akin to setting a honey trap.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 65 http://en.wikipedia.org/wiki/Sting_operation
Question 449:
An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?
A. Business continuity planning
B. Quantitative assessment
C. Data classification
D. Qualitative assessment
Correct Answer: C
Information classification is done by confidentiality and comprises of three categories, namely:
public use, internal use and restricted use. Knowing how to apply these categories and matching it up with the appropriate data handling will address the situation of the data `unknown sensitivity'
Incorrect Answers:
A: Business continuity planning (BCP) is the process of implementing policies, controls, and procedures to counteract the effects of losses, outages, or failures of critical business processes. BCP is primarily a management tool that ensures
that critical business functions can be performed when normal business operations are disrupted.
B: Quantitative assessment is cost-based and objective risk assessment.
D: Qualitative assessment is opinion-based and subjective risk assessment.
References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 7, 404, 431
Question 450:
Which of the following security awareness training is BEST suited for data owners who are concerned with protecting the confidentiality of their data?
A. Social networking use training
B. Personally owned device policy training
C. Tailgating awareness policy training
D. Information classification training
Correct Answer: D
Information classification is done by confidentiality and comprises of three categories, namely:
public use, internal use and restricted use. Knowing these categories and how to handle data according to its category is essential in protecting the confidentiality of the data.
Incorrect Answers:
A: Social networking can sometimes be a useful marketing tool, however most companies would rather choose to avoid social networking since the exposure of your data would be too great. Risk avoidance would be better.
B: It is best policy for companies not to allow users to bring their own devises why would they provide training for own devices other than informing users that they are not allowed to bring their own devices.
C: Tailgating refers to the act of following someone through a door they just unlocked. This is a physical security issue.
References:
Dul Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 404
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your JK0-022 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.