June 2021

Article

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Twyla recently completed an assessment of her organization's call center and found that representatives discard paper notes from their calls with customers without shredding. What type of social engineering attack does this practice make her organization vulnerable to?A. Dumpster diving B. Shoulder surfing C. Tailgating D. Skimming Correct Answer: A Discarding notes containing customer information leaves the organization vulnerable to a dumpster diving attack where the attacker retrieves those records from the trash. Twyla should ensure that her organization shreds these records before discarding them. In a shoulder surfing attack, the attacker views a user's computer while they are entering or viewing sensitive information. Tailgating attacks seek to gain access to physical facilities by following an authorized user. Skimming attacks seek to gain credit card numbers by attaching false readers to legitimate credit card acceptance units. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Tina is an independent security researcher who tests the security of systems of large corporations. She is working with a large automotive supplier to test the security of their systems. What term best describes Tina's work on this engagement? A. Black hat B. Blue hat C. White hat D. Grey hat Correct Answer: C Tina is working under an authorized contract, so her work is clearly that of a white hat hacker. White hats do not need to be employees of the company being tested, they merely must be authorized to do their work. If Tina was working without permission, but intended to report results only to the target company, her work would be considered grey hat. If she had malicious intent, she would be a black hat hacker. Blue hat is not a term commonly used to categorize attackers. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Alan is assessing the results of a penetration test and discovered that the attackers managed to install a back door on one of his systems. What activity were the attackers most likely engaged in when they installed the back door? A. Pivoting B. Privilege Escalation C. Lateral Movement D. Persistence Correct Answer: D Back doors are an example of a persistence technique. They are designed to allow the attacker to regain access to the system even after the original flaw they exploited is patched. Pivoting and lateral movement techniques are used to switch targets after gaining initial access to an environment. Privilege escalation techniques are used to gain administrative privileges after obtaining access to a standard user account   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...