March 2023

Article

22 Mar

Posted at 14:08h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following processes improves the consistency and longevity of a database structure? A. Input validation B. Query Parametrization C. Stored Procedures D. Normalization Correct Answer: D All of the activities listed here are good practices for database administration. Stored procedures, query parameterization, and input validation all protect against injection attacks. Normalization ensures that the database has a consistent structure and reduces the need to redesign the database in the future.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

22 Mar

Posted at 13:59h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Gavin recently posted signs around his organization's facility warning visitors that the area is under 24 hour video surveillance. What term best describes this control? A. Detective B. Deterrent C. Preventive D. Corrective Correct Answer: B The key to answering this question is to realize that it is asking about the posting of signs, not the installation of a video surveillance system. The signs themselves do not perform any detective function. Instead, they act to deter visitors from engaging in unauthorized activity due to the threat of detection by video surveillance (which may or may not actually exist).   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

22 Mar

Posted at 13:56h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Dennis recently received a SOC 2 Type 1 report from a cloud service provider. What assurance should he be able to gain from this report? A. The cloud provider has appropriate controls in place to protect the accuracy of its own financial reports B. The cloud provider has appropriate controls in place to protect the accuracy of Dennis' firm's financial reports C. The cloud provider has appropriate controls in place to protect privacy and security of data and those controls are operating effectively D. The cloud provider has appropriate controls in place to protect privacy and security of data Correct Answer: D Service Organizational Control (SOC) reports provide the results of an independent audit of a service provider. SOC 1 reports are done to verify controls that could impact a client's financial reporting. SOC 2 reports are done to verify controls that could impact security and privacy of data. Type 1 reports simply verify that controls are in place. Type 2 reports verify that the controls are operating efficiently and effectively. From a SOC 2 Type 1 report, Dennis can be confident that the provider has appropriate security and privacy controls but he cannot determine that they are operating efficiently and effectively. That would require a Type 2 report.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

In Archive