May 2022

Article

20 May

Posted at 15:11h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Josh is reviewing and updating the firewall rules used by his organization to react to changing needs. What type of control primarily describes the network firewall? A. Detective B. Deterrent C. Corrective D. Preventive Correct Answer: D While it is possible to make an argument that the network firewall fits into all of these categories, a firewall's primary purpose is to block unwanted traffic from entering the network. Therefore, it is best described as a preventative control. Detective controls are designed to identify malicious activity that occurs. Corrective controls are designed to restore normal service after a security incident. Deterrent controls are designed to discourage a potential attacker from attempting an attack. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

20 May

Posted at 15:08h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Marty is the web administrator for the Memphis Belle Casino. He hosts the company's website at memphisbelle.com. He recently discovered that a competitor registered the domain names memphisbell.com, memphisbellecasino.com, and thememphisbelle.com. What type of attack has taken place? A. DNS Poisoning B. Typosquatting C. DNS Hijacking D. Domain Hijacking Correct Answer: B The attacker is not altering any of Marty's DNS records, so this is not a DNS hijacking or poisoning attack. They are also not stealing a domain that Marty already registered so it is not a domain hijacking attack.This is an example of a typosquatting attack, where the attacker registers domain names that are common typos of a legitimate domain. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

20 May

Posted at 15:03h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. In what type of penetration test does the attacker have no access to information about the tested environment other than that gathered during the attacker's own reconnaissance efforts? A. Grey Box B. Blue Box C. White Box D. Black Box Correct Answer: D Attackers do receive different levels of information in advance of a white box or grey box test, making them incorrect answers here. Blue box testing is not a type of penetration test, so that is another incorrect answer.Finally, black box penetration tests begin by providing the attacker with no information about the target environment, making it our correct answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

In Archive