Ensurepass

QUESTION 141

The use of social networking sites introduces the risk of:

A. Disclosure of proprietary information

B. Data classification issues

C. Data availability issues

D. Broken chain of custody

Correct Answer: A


QUESTION 142

Which the following flags are used to establish a TCP connection? (Select TWO).

A. PSH

B. ACK

C. SYN

D. URG

E. FIN

Correct Answer: BC


QUESTION 143

Which of the following is MOST likely to result in data loss?

A. Accounting transferring confidential staff details via SFTP to the payroll department

B. Back office staff accessing and updating details on the mainframe via SSH

C. Encrypted backup tapes left unattended at reception for offsite storage

D. Developers copying data from production to the test environments via a USB stick

Correct Answer: D


QUESTION 144

Sara, a security administrator, sends an email to the user to verify their password has been reset. Which of the following threats is BEST mitigated by this action?

A. Spear phishing

B. Impersonation

C. Hoaxes

D. Evil twin

Correct Answer: B


QUESTION 145

Which of the following describes an LDAP injection attack?

A. Creating a copy of user credentials during the LDAP authentication session

B. Manipulating an application’s LDAP query to gain or alter access rights

C. Sending buffer overflow to the LDAP query service

D. Using XSS to direct the user to a rogue LDAP server

Correct Answer: B


QUESTION 146

Which of the following concepts defines the requirement for data availability?

A. Authentication to RADIUS

B. Non-repudiation of email messages

C. Disaster recovery planning

D. Encryption of email messages

Correct Answer: C


QUESTION 147

Which of the following is an example of multifactor authentication?

A. Credit card and PIN

B. Username and password

C. Password and PIN

D. Fingerprint and retina scan

Correct Answer: A


QUESTION 148

Which of the following is an attack designed to steal cell phone data and contacts?

A. Bluesnarfing

B. Smurfing

C. Fuzzing

D. Bluejacking

Correct Answer: A


QUESTION 149

Which of the following best practices is commonly found at the end of router ACLs?

A. Time of day restrictions

B. Implicit deny

C. Implicit allow

D. Role-based access controls

Correct Answer: B


QUESTION 150

Which of the following uses TCP / UDP port 53 by default?

A. DNS

B. SFTP

C. SSH

D. NetBIOS

Correct Answer: A


QUESTION 151

An organization is recovering data following a datacenter outage and determines that backup copies of files containing personal information were stored in an unsecure location, because the sensitivity was unknown. Which of the following activities should occur to prevent this in the future?

A. Business continuity planning

B. Quantitative assessment

C. Data classification

D. Qualitative assessment

Correct Answer: C


QUESTION 152

Sara, the network administrator, was alerted to an unauthorized email that was sent to specific VIPs in the company with a malicious attachment. Which of the following types of attacks is MOST likely being described?

A. Vishing

B. Whaling

C. DDoS

D. Pharming

Correct Answer: B


QUESTION 153

In the event of a mobile device being lost or stolen, which of the following BEST protects against sensitive information leakage?

A. Cable locks

B. Remote wipe

C. Screen lock

D. Voice encryption

Correct Answer: B


QUESTION 154

Which of the following should Sara, a security administrator, perform periodically to reduce an organization’s risk exposure by verifying employee access?

A. Account revalidation

B. Incident management

C. Qualitative analysis

D. Quantitative analysis

Correct Answer: A


QUESTION 155

Which of the following is the MAIN benefit of server-side versus client-side input validation?

A. Server-side input validation results in a more secure system than client-side input validation.

B. Client-side input validation can lead to local buffer overflows while server-side input validation can lead to remote buffer overflow.

C. Client-side input validation results in a more secure system than server-side input validation.

D. Server-side input validation is prone to buffer overflows while client-side input validation is not.

Correct Answer: A


QUESTION 156

Which of the following is MOST appropriate when storing backup tapes in a physically non-secure room?

A. Use an in-tape GPS tracking device.

B. Store the tapes in a locked safe.

C. Encrypt the tapes with AES.

D. Securely wipe the tapes.

Correct Answer: B


QUESTION 157

Grandfather-Father-Son and Tower of Hanoi are common:

A. Trojans that collect banking information.

B. Backup tape rotation strategies.

C. Penetration testing best practices.

D. Failover practices in clustering.

Correct Answer: B


QUESTION 158

Which of the following is the below pseudo-code an example of?

IF VARIABLE (CONTAINS NUMBERS = TRUE) THEN EXIT

A. Buffer overflow prevention

B. Input validation

C. CSRF prevention

D. Cross-site scripting prevention

Correct Answer: B


QUESTION 159

Which of the following can BEST be implemented on a mobile phone to help prevent any sensitive data from being recovered if the phone is lost?

A. Voice encryption

B. Screen locks

C. Device encryption

D. GPS tracking

Correct Answer: C


QUESTION 160

Which of the following security concepts would Sara, the security administrator, use to mitigate the risk of data loss?

A. Record time offset

B. Clean desk policy

C. Cloud computing

D. Routine log review

Correct Answer: B

Download Latest JK0-018 Real Free Tests , help you to pass exam 100%.

Comments are closed.