January 2022

Article

29 Jan

Posted at 12:51h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Alan Is Conducting A Penetration Test And Gains Access To An Application Server. During His Attack, He Creates A New Administrative Account On The Server That He Can Use To Access The System Through Its Standard User Interface. What Testing Goal Is Alan Hoping To Achieve With This Action?A. Pivoting B. Cleanup C. Lateral Movement D. Persistence Correct Answer: D Alan is providing himself with a way to access the system at a later date through alternative channels. This is an example of persistence, allowing his access to the system to remain intact even if the original vulnerability he exploited is later patched. Pivoting and lateral movement are techniques where the attacker gains access to one system and then uses that access to gain access to other systems. That’s not what’s happening here. Finally, cleanup occurs when the attacker removes traces of their presence from the network. That hasn’t yet happened in this scenario.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

29 Jan

Posted at 12:25h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Alan is conducting a penetration test and gains access to an application server. During his attack, he creates a new administrative account on the server that he can use to access the system through its standard user interface. What testing goal is Alan hoping to achieve with this action?A. Pivoting B. Cleanup C. Lateral Movement D. Persistence Correct Answer: D Alan is providing himself with a way to access the system at a later date through alternative channels. This is an example of persistence, allowing his access to the system to remain intact even if the original vulnerability he exploited is later patched. Pivoting and lateral movement are techniques where the attacker gains access to one system and then uses that access to gain access to other systems. That's not what's happening here. Finally, cleanup occurs when the attacker removes traces of their presence from the network. That hasn't yet happened in this scenario. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

29 Jan

Posted at 12:20h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which ISO standard contains specific guidance on the privacy of personally identifiable information? A. ISO 27001 B. ISO 27002 C. ISO 31000 D. ISO 27701 Correct Answer: D ISO standard 27701 contains guidance on enhancing an information security management system to establish privacy standards for personally identifiable information. ISO 27001 and 27002 cover the standards and best practices for implementing an information security management system. The ISO 31000 family of standards cover the design and implementation of a risk management program. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

In Archive