November 2018

Article

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text]Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. [/vc_column_text][vc_row_inner row_type="row" type="full_width" text_align="left" css_animation=""][vc_column_inner][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text] Ralph comes across a legacy infrastructure that uses telnet to create an administrative connection between a client and server. Even though this connection takes place over a private network link, Ralph would like to replace telnet with a secure protocol to prevent eavesdropping. What protocol would be the easiest drop-in replacement for telnet? A. SSH B. FTPS C. TLS D. SSL Correct Answer: A. The secure shell (SSH) functions in a manner that is functionally equivalent to telnet but adds encryption and other security features. SSL and TLS may be used to encrypt communications but they do not provide the connection features of SSH on their own. The file transfer protocol - secure (FTPS) is used for transferring files and does not allow interactive administrative sessions similar to the ones provided by telnet. [/vc_column_text][/vc_column][/vc_row]...

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text]Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.[/vc_column_text][vc_row_inner row_type="row" type="full_width" text_align="left" css_animation=""][vc_column_inner][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text] Andy is developing requirements for a disaster recovery site and needs the ability to recover operations as quickly as possible. Which one of the following recovery site options provides the quickest activation time? A. Warm site B. Mobile site C. Cold site D. Hot site Correct Answer: D. Cold sites have only basic infrastructure available and require the longest period of time to activate operations. They are also the cheapest option. Warm sites add hardware, and possible software, to the mix but do not have a current copy of the data running. They require hours to activate. Hot sites are up and running at all times and can assume operations at a moment's notice. They are the most expensive option. Mobile sites are transportable on trailers and are a good choice for a last-minute recovery plan.[/vc_column_text][/vc_column][/vc_row]...

[vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text]Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.[/vc_column_text][vc_row_inner row_type="row" type="full_width" text_align="left" css_animation=""][vc_column_inner][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row row_type="row" use_row_as_full_screen_section="no" type="full_width" angled_section="no" text_align="left" background_image_as_pattern="without_pattern" css_animation=""][vc_column][vc_column_text] Kevin runs a vulnerability scan on a system on his network and identifies a SQL injection vulnerability. Which one of the following security controls is likely not present on the network? A. DLP B. TLS C. WAF D. IDS Correct Answer: C. A web application firewall (WAF), if present, would likely block SQL injection attack attempts, making SQL injection vulnerabilities invisible to a vulnerability scanner. A data loss prevention system (DLP) does not protect against web application vulnerabilities, such as SQL injection. An intrusion detection system (IDS) might identify a SQL injection exploit attempt but it is not able to block the attack. Transport layer security (TLS) encrypts web content but encryption would not prevent an attacker from engaging in SQL injection attacks.[/vc_column_text][/vc_column][/vc_row]...