September 2021

Article

28 Sep

Posted at 15:26h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Riley would like to improve the security of a current password-based authentication system. Which one of the following, if added to the current approach, would NOT allow her to describe the system as multi-factor authentication? A. ID card scan B. Retinal scan C. Login confirmation on a smartphone app D. Answering security questions pulled from her credit report Correct Answer: D Multifactor authentication requires mixing two factors. The existing password is a "something you know" factor, so we need to use factors from another category to achieve multifactor authentication. Now remember, you need to read these questions carefully. This question is asking you which one of these factors would NOT create multifactor authentication, so we're going to eliminate the choices that WOULD create multifactor authentication. It would be appropriate to add a "something you are" factor, such as a retinal scan, so we can eliminate that choice. We could also use a "something you have" factor, such as an ID card or smartphone. On the other hand, adding another "something you know" factor, such as security questions, would not qualify as multifactor authentication, so that's our correct answer here. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

28 Sep

Posted at 15:21h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Helen is the compliance officer for a healthcare system that treats patients, accepts credit cards for payment, and also provides financing for patients who cannot pay immediately. Which one of the following regulations is least likely to apply to Helen's organization? A. PCI DSS B. GLBA C. HIPAA D. FERPA Correct Answer: D As a healthcare provider, Helen's organization is almost certainly covered by HIPAA, so that's not the correct answer here. Remember, we're looking for the regulation that does NOT apply. Accepting credit cards makes Helen's organization subject to PCI DSS and extending financing likely makes them a financial institution regulated by GLBA. The healthcare system is less likely to be covered by FERPA, which regulates educational institutions. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

28 Sep

Posted at 15:14h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Brian is selecting a mobile device deployment model for his organization. In consultation with leadership, he selected an approach where employees will be able to select the device that they prefer and the company will purchase it for their use and manage it through their MDM system. What term best describes this deployment model?A. Bring your own device (BYOD) model B. Choose your own device (CYOD) model C. Corporate-owned personally-enabled (COPE) model D. Corporate-owned business-only (COBO) model Correct Answer: B This approach best matches the choose your own device (CYOD) deployment model. In this model, employees select their device and it is owned and managed by the company. This is more flexible than the corporate-owned, business-only (COBO) model. The scenario does not give us enough information to know whether personal use is permitted, so we cannot conclude that this is the corporate-owned personally-enabled (COPE) model. The company, not the employee, purchases and owns the device, so it is not the bring your own device (BYOD) model. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

In Archive