November 2018

Article

24 Nov

Posted at 19:26h in Practice Test Questions by

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text]Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. [/vc_column_text][vc_row_inner row_type="row" type="full_width" text_align="left" css_animation=""][vc_column_inner][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text] Carla is concerned about the exfiltration of sensitive information from her corporate network by employees. Which one of the following controls would be least effective at meeting this requirement? A. Encrypting data in transit B. Blocking the use of personal email accounts C. Implementing data loss prevention systems D. Building least privilege access controls Correct Answer: A. Carla should implement least privilege access controls to limit the amount of information available to any individual user. She can also use a data loss prevention (DLP) system to detect the exfiltration of sensitive information. Blocking the use of personal email accounts limits a common method for exfiltrating sensitive information. Adding encryption in transit is not likely to reduce the risk of internal theft, as employees may still access stored sensitive information. [/vc_column_text][/vc_column][/vc_row]...

24 Nov

Posted at 19:24h in Practice Test Questions by

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text]Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. [/vc_column_text][vc_row_inner row_type="row" type="full_width" text_align="left" css_animation=""][vc_column_inner][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text] Gayle is logging onto a website managed by a third party vendor using credentials provided by her employer. The authentication system uses SAML-based authentication. In this scenario, who is the identity provider? A. The vendor B. Gayle's web browser C. The certificate authority D. Gayle's employer Correct Answer: D In SAML authentication, the user agent is the web browser, application, or other technology used by the end user. The service provider is the service that the user would like to access. The identity provider is the organization providing the authentication mechanism. The certificate authority issues digital certificates required to secure the connections. [/vc_column_text][/vc_column][/vc_row]...

24 Nov

Posted at 19:23h in Practice Test Questions by

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text]Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. [/vc_column_text][vc_row_inner row_type="row" type="full_width" text_align="left" css_animation=""][vc_column_inner][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text] Devin manages a shared computing environment for multiple customers and is worried about one of his customers accessing virtual machines owned by other customers. He would like to protect against these virtual machine escape attacks. What is the best control that he can implement? A. Network firewall B. Hypervisor patching C. Port security D. Input validation Correct Answer: B Virtual machine (VM) escape attacks target vulnerabilities in the hypervisor supporting a virtualized environment. The strongest control to protect hypervisors against these attacks is to keep them patched. Network firewalls and port security are network security controls that occur outside of the virtualized environment and would not be effective in this case. Input validation is an application security control. [/vc_column_text][/vc_column][/vc_row]...

In Archive