October 2021

Article

27 Oct

Posted at 14:28h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Helen learned that there is a process isolation vulnerability in the hypervisor platform used by her organization. What is the most direct risk that this vulnerability poses? A. Privilege Escalation B. Denial of Service C. VM Sprawl D. VM Escape Correct Answer: D The hypervisor is the component of a virtualization platform responsible for managing resources and isolating virtual machines from each other. A failure to properly perform isolation can result in a VM escape attack, where one virtual machine is able to access the resources assigned to other virtual machines, compromising the security of the entire platform. VM sprawl occurs when an organization has too many unused virtual machines and loses track of them. It is possible that a successful VM escape attack could lead to a denial of service or privilege escalation attack, but the question is asking us to identify the most direct risk, so I'm going to stick with VM escape here. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

27 Oct

Posted at 14:24h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Julian is auditing the protocols in use on a Linux server and finds that it supports SSH, FTPS, LDAP, and RDP. Which one of these protocols does not use encryption when used in its default configuration? A. LDAP B. RDP C. FTPS D. SSH Correct Answer: A What we need to do here is eliminate the answer choices that we know are encrypted protocols. SSH, the secure shell, allows administrative connections to servers over an encrypted channel, so that's not correct. FTPS is a secure version of the file transfer protocol and it is also encrypted. The remote desktop protocol, used by Windows systems, is also a secure protocol, so we can eliminate that answer choice. We're left with the lightweight directory access protocol, LDAP. LDAP is unencrypted by default, while the LDAPS protocol provides a secure, encrypted alternative. So the correct answer here is the unencrypted LDAP protocol Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

27 Oct

Posted at 14:19h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Under GDPR, which one of the following statements about Data Protection Officers (DPOs) is incorrect? A. DPOs must be appointed based upon professional qualities and expert knowledge B. Regulatory bodies must be informed of the name and contact information for the DPO C. DPOs must be employees of the organization D. Organizations may not provide instructions to the DPO on performing their tasks under GDPR Article 39 Correct Answer: C Let's walk through these and eliminate the statements that we know are correct about the GDPR. First, it is true that data protection officers, or DPOs, must be appointed based upon their professional expertise. DPOs must be well-qualified for their positions. So we can eliminate that answer. And once an organization appoints a DPO, they must notify regulators of the appointment and provide contact information so that the regulators may contact the DPO. Finally, organizations must provide the DPO with autonomy to perform their work under GDPR Article 39, so we'll eliminate that answer. Organizations are allowed to designate a contractor or service provider as an external DPO, if they wish to do so, so that makes the statement that DPOs must be employees of the organization the incorrect statement and our correct answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

In Archive