June 2022

Article

23 Jun

Posted at 15:00h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Tom is configuring an automated job that will retrieve information from a database each evening and use it to create a report that is sent to leaders. What type of account should he use to retrieve information from the database? A. User account B. Root account C. Shared account D. Service account Correct Answer: D This situation calls for the use of a service-specific account that is used only for this purpose and has the permissions necessary to retrieve the required information and no more. Root or administrative accounts should never be used for this purpose, nor should normal user accounts. Shared accounts should be avoided under almost all circumstances, making it another incorrect answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

23 Jun

Posted at 14:56h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Joe recently downloaded a vulnerability scanning tool and is using it to scan the networks of organizations located near him. His plan, if he finds vulnerabilities, is to approach the organization with the information and explain how they can correct the issue in a hope to generate goodwill and future consulting business. What term best describes Joe? A. White hat B. Black hat C. Grey hat D. Striped hat Correct Answer: C Joe is conducting network vulnerability scanning without permission. Therefore, his activity does not qualify as white hat hacking and may be illegal. However, he does not have malicious intent, so he is not a black hat either. Striped hat attackers are not an attacker type, so we can eliminate that option. Joe fits into the category of a grey hat hacker, one who does not have permission but also does not have malicious intent. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

23 Jun

Posted at 14:46h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Fran received a call from her company's help desk supervisor telling her that customers were receiving email messages informing them of a special promotion available for a limited time. Upon investigating these messages, Fran learned that they were sent by an attacker who somehow gained possession of her organization's customer list. What term best describes this attack? A. Whaling B. Pharming C. Spear Phishing D. Prepending Correct Answer: C We can eliminate prepending as an answer option because preprending attacks add prefixes to existing email addresses and other identifiers and this isn't mentioned here. Pharming attacks trick users into visiting a malicious website, so that isn't correct either. This is definitely a phishing attack, because it is soliciting sensitive information from customers over email. That leaves us with two possibilities: whaling and spear phishing. This attack is best described as a spear phishing attack because it was not sent blindly to many recipients but rather targeted at individuals who are actually customers of the company. Whaling attacks work in a similar way but target senior executives. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

In Archive