September 2018

Article

23 Sep

Posted at 15:11h in Practice Test Questions by

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text]Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.[/vc_column_text][vc_row_inner row_type="row" type="full_width" text_align="left" css_animation=""][vc_column_inner][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text] Ben would like to identify all of the active network connections and services listening for connections on a Linux system that he is analyzing. What command-line utility can he use to meet this need? A. tcpdump B. pstools C. netcat D. netstat Correct Answer: D. The netstat command lists all of the active network connections on a system as well as the status of ports that are listening for requests. The tcpdump command captures network traffic and would see active network connections but does not identify ports that are listening without an active connection. The pstools comand is used to find infomration about processes running on a system but does not provide network port or version information. The netcat command is used to send information via a network pipe. [/vc_column_text][/vc_column][/vc_row]...

23 Sep

Posted at 15:07h in Practice Test Questions by

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text]Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.[/vc_column_text][vc_row_inner row_type="row" type="full_width" text_align="left" css_animation=""][vc_column_inner][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text] Which one of the following security controls is most effective against zero-day attacks? A. Application control B. Signature-based antivirus C. Vulnerability scans D. Intrusion prevention systems Correct Answer: A. Zero-day attacks are attacks that are not previously known to the security community. Therefore, signature based controls, such as vulnerability scans, antivirus software, and intrusion prevention systems are not effective against these attacks. Application control software may use whitelisting to limit software running on a system to a list of known good applications. This technique may prevent zero-day malware from running on the protected system. [/vc_column_text][/vc_column][/vc_row]...

23 Sep

Posted at 15:01h in Uncategorized by

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text]Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.[/vc_column_text][vc_row_inner row_type="row" type="full_width" text_align="left" css_animation=""][vc_column_inner][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text] Brian is the physical security official for a data center hosting organization. While entering the building this morning, he noticed that one employee used his badge to enter the building and then held the door open for two other employees. Which one of the following situations occurred? A. Dumpster diving B. Piggybacking C. Impersonation D. Shoulder surfing Correct Answer: B. This is a classic example of a piggybacking attack where one person enters a physical facility and then holds the door open for others to enter without requiring that they also use the access control system. In a dumpster diving attack, individuals rummage through the trash searching for sensitive information. In a shoulder surfing attack, the perpetrator looks over the shoulder of an individual while they use a computer. There is no sign that the individuals entering the building without authenticating were making false claims of identity, so there is no evidence of an impersonation attack. [/vc_column_text][/vc_column][/vc_row]...

In Archive