Latest CompTIA JK0-018 Real Exam Download 481-500



Jane, a security analyst, is reviewing logs from hosts across the Internet which her company uses to gather data on new malware. Which of the following is being implemented by Jane’s company?

A. Vulnerability scanner

B. Honeynet

C. Protocol analyzer

D. Port scanner

Correct Answer: B


Sara, a senior programmer for an application at a software development company, has also assumed an auditing role within the same company. She will be assessing the security of the application. Which of the following will she be performing?

A. Blue box testing

B. Gray box testing

C. Black box testing

D. White box testing

Correct Answer: D


Jane, a security analyst, wants to ensure that data is being stored encrypted, in the event that a corporate laptop is stolen. Which of the following encryption types will accomplish her goal?

A. IPSec

B. Secure socket layer

C. Whole disk

D. Transport layer security

Correct Answer: C


Which of the following BEST describes a directory traversal attack?

A. A malicious user can insert a known pattern of symbols in a URL to access a file in another section of the directory.

B. A malicious user can change permissions or lock out user access from a webroot directory or subdirectories.

C. A malicious user can delete a file or directory in the webroot directory or subdirectories.

D. A malicious user can redirect a user to another website across the Internet.

Correct Answer: A


Sara, the Chief Executive Officer (CEO) of a corporation, wishes to receive her corporate email and file attachments on her corporate mobile computing device. If the device is lost or stolen, the BEST security measure to ensure that sensitive information is not comprised would be:

A. to immediately file a police report and insurance report

B. the ability to remotely wipe the device to remove the data

C. to immediately issue a replacement device and restore data from the last backup

D. to turn on remote GPS tracking to find thedevice and track its movements

Correct Answer: B


In her morning review of new vendor patches, a security administrator has identified an exploit that is marked as critical. Which of the following is the BEST course of action?

A. The security administrator should wait seven days before testing the patch to ensure that the vendor does not issue an updated version, which would require reapplying the patch.

B. The security administrator should download the patch and install it to her workstation to test whether it will be able to be applied to all workstations in the environment.

C. The security administrator should alert the risk management department to document the patch and add it to the next monthly patch deployment cycle.

D. The security administrator should download the patch to the test network, apply it to affected systems, and evaluate the results on the test systems.

Correct Answer: D


Which of the following protocols allows for secure transfer of files? (Select TWO).






Correct Answer: CD


Sara, a security administrator, is configuring a new firewall. She has entered statements into the firewall configuration as follows:

– Allow all Web traffic

– Deny all Telnet traffic

– Allow all SSH traffic

Mike, a user on the network, tries unsuccessfully to use RDP to connect to his work computer at home. Which of the following principles BEST explains why Mike’s attempt to connect is not successful?

A. Explicit deny

B. Loop protection

C. Implicit deny

D. Implicit permit

Correct Answer: C


Jane, a security administrator, notices that a program has crashed. Which of the following logs should Jane check?

A. Access log

B. Firewall log

C. Audit log

D. Application log

Correct Answer: D


Users at a corporation are unable to login using the directory access server at certain times of the day. Which of the following concepts BEST describes this lack of access?

A. Mandatory access control

B. Least privilege

C. Time of day restrictions

D. Discretionary access control

Correct Answer: C


Which of the following passwords is the LEAST complex?

A. MyTrain!45

B. Mytr@in!!

C. MyTr@in12

D. MyTr@in#8

Correct Answer: B


During a penetration test from the Internet, Jane, the system administrator, was able to establish a connection to an internal router, but not successfully log in to it. Which ports and protocols are MOST likely to be open on the firewall? (Select FOUR).

A. 21

B. 22

C. 23

D. 69

E. 3389


G. Terminal services

H. Rlogin

I. Rsync

J. Telnet

Correct Answer: BCFJ


During an anonymous penetration test, Jane, a system administrator, was able to identify a shared print spool directory, and was able to download a document from the spool. Which statement BEST describes her privileges?

A. All users have write access to the directory.

B. Jane has read access to the file.

C. All users have read access to the file.

D. Jane has read access to the directory.

Correct Answer: C


Sara, an IT security technician, has identified security weaknesses within her company’s code. Which of the following is a common security coding issue?

A. Input validation

B. Application fuzzing

C. Black box testing

D. Vulnerability scanning

Correct Answer: A


Which of the following is an application security coding problem?

A. Error and exception handling

B. Patch management

C. Application hardening

D. Application fuzzing

Correct Answer: A


Matt, an IT security technician, needs to create a way to recover lost or stolen company devices. Which of the following BEST meets this need?

A. Locking cabinets

B. GPS tracking

C. Safe

D. Firewalls

Correct Answer: B


An IT security technician needs to establish host based security for company workstations. Which of the following will BEST meet this requirement?

A. Implement IIS hardening by restricting service accounts.

B. Implement database hardening by applying vendor guidelines.

C. Implement perimeter firewall rules to restrict access.

D. Implement OS hardening by applying GPOs.

Correct Answer: D


Jane, an IT security technician, receives a call from the vulnerability assessment team informing her that port 1337 is open on a user’s workstation. Which of the following BEST describes this type of malware?

A. Logic bomb

B. Spyware

C. Backdoor

D. Adware

Correct Answer: C


Which of the following is the MOST specific plan for various problems that can arise within a system?

A. Business Continuity Plan

B. Continuity of Operation Plan

C. Disaster Recovery Plan

D. IT Contingency Plan

Correct Answer: D


Pete, an employee, needs a certificate to encrypt data. Which of the following would issue Pete a certificate?

A. Certification authority

B. Key escrow

C. Certificate revocation list

D. Registration authority

Correct Answer: A

Download Latest JK0-018 Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.