March 2021

Article

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Tim's organization is planning the future of their data center infrastructure and has decided that they would like to move to a cloud service model. They have already embraced virtualization but would like to gain the management benefits of a cloud offering. They are working with a service provider who will provision hardware for their exclusive use. That equipment will reside in a data center that serves many customers. What type of cloud deployment model is Tim's organization considering? A. Public B. Hybrid C. Community D. Private Correct Answer: D This is an example of a private cloud deployment, where the service provider is dedicating hardware to this specific customer. Private clouds may operate in data centers that are dedicated to that single customer or, as in this case, they may operate in shared data centers. The difference is that each customer's equipment is segregated and customers do not share hardware. That shared hardware approach is the hallmark of public and community cloud models. Hybrid cloud models mix elements of public and private clouds. There is no indication that Tim's organization intends to do this. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Fran is investigating an attack that took place against a website operated by her organization. When she looked at the authentication log entries, she saw that the attacker attempted to log into thousands of different accounts using a series of common passwords before eventually finding a combination that worked. What term best describes this attack? A. Credential stuffing B. Brute force C. Password spraying D. Rainbow table Correct Answer: A Answering this question is a little tricky because it depends upon you not only recognizing that each of these options are indeed password attacks but also knowing the details of how each one of them works. Let's start by knocking off two of the more clearly incorrect answers. First, this is not a brute force attack. A brute force attack attempts every possible password against an account and in this case we have a series of common passwords being used against a lot of accounts. Second, it is not a rainbow table attack. That type of attack requires that the attacker have access to a file containing hashed passwords, which is not the case here. That leaves us with password spraying and credential stuffing: two similar attack types. Password spraying attacks take username and password combinations that were compromised on other sites and use them to attempt logging into the target site, based on the presumption that people will reuse passwords from site to site. Credential stuffing attacks use a series of commonly chosen passwords to attempt to log into a series of accounts. That's what happened in this scenario. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...