December 2019

Article

05 Dec

Posted at 18:20h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Donna was recently approached by the manager of a former employee who was seeking access to that employee's email account. She believes there is a valid business need for the access but is unsure how to obtain approval. What type of control would assist Donna and others in her organization in making these decisions? A. Service level agreement B. Data classification policy C. Data handling guidelines D. Standard operating procedure Correct Answer: D Donna's organization should consider implementing a standard operating procedure (SOP) for data access requests. This procedure could spell out the appropriate approval process for granting access to data stored in another user's account. A guideline is not mandatory and would not be appropriate in this case. A data classification policy would generally not cover access request procedures, nor would a service level agreement. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

05 Dec

Posted at 18:12h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following attacks is a critical threat that applies specifically to NTLM authentication? A. Rainbow table B. Man-in-the-middle C. Pass-the-hash D. Brute force Correct Answer: C All of these attacks are authentication attacks. Brute force and rainbow table attacks are generic attacks that may be used against any authentication system that stores hashed passwords. Man-in-the-middle attacks are generally used against web applications. Pass-the-hash attacks are specifically effective against NTLM authentication. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

05 Dec

Posted at 18:07h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Ron is concerned about the potential of attackers exploiting issues in the operating system supporting a virtualization hypervisor to gain access to information stored by guest operating systems. What type of hypervisor can he use to minimize this risk? A. Type 1 hypervisor B. Type 2 hypervisor C. Type 3 hypervisor D. Type 4 hypervisor Correct Answer: A In a type 1 hypervisor, the hypervisor runs directly on the system hardware, eliminating the need for an underlying operating system and reducing the environment's attack surface. Type 2 hypervisors require the use of a host operating system. Type 3 and 4 hypervisors do not exist. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

In Archive