April 2019

Article

14 Apr

Posted at 21:15h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. In which one of the following attacks against Bluetooth technology is the attacker able to steal information from the device? A. Bluesnarfing B. Bluejacking C. Blueballing D. Bluefeeding Correct Answer: A In a bluesnarfing attack, the attacker establishes a Bluetooth connection to a target device and then retrieves information from that device. Bluejacking attacks only allow the attacker to display a message on the device. Blueballing attacks allow an attacker to break an existing Bluetooth connection between two devices. Bluefeeding attacks do not exist. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

07 Apr

Posted at 20:15h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Bill is securing a set of terminals used to access a highly sensitive web application. He would like to protect against a man-in-the-browser attack. Which one of the following actions would be most effective in meeting Bill's goal? A. Requiring multifactor authentication B. Requiring TLS encryption C. Disabling certificate pinning D. Disabling browser extensions Correct Answer: D In a man-in-the-browser attack, the attacker manages to gain a foothold inside the user's browser, normally by exploiting a browser extension. This gives him or her access to all information accessed with the browser, regardless of whether the site uses strong authentication or transport encryption (such as TLS). Certificate pinning is a technique used to protect against inauthentic digital certificates and would not protect against a man-in-the-browser attack. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

In Archive