December 2023

Article

30 Dec

Posted at 12:20h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Frank is reviewing the security of a customer environment and finds that they are using the Password Authentication Protocol on their network. What finding should Frank bring to the customer's attention. A. PAP is not compatible with non-Windows operating systems B. PAP is commonly configured by attackers and this may be a sign that the network is compromised C. PAP is an insecure protocol D. No finding is necessary, as PAP is a commonly used secure protocol Correct Answer: C PAP is not compatible with non-Windows operating systems and PAP is commonly configured by attackers and this may be a sign that the network is compromised are incorrect answers in this scenario. This is because PAP does not provide any encryption capability and is, therefore, not considered a secure protocol. Frank should recommend that his customer replace PAP with a secure alternative. This is the correct answer.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

30 Dec

Posted at 11:43h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Helen is concerned about eavesdropping on a network that she manages. If a user on the network accesses only HTTPS sites, what information would an eavesdropper be able to determine about the sites that the user visits? A. IP addresses, site domains, and site content B. IP addresses and site domains C. IP addresses only D. An eavesdropper would not be able to gather any of this information Correct Answer: C HTTPS traffic is protected by Transport Layer Security (TLS). An eavesdropper would not be able to see any information from inside the connection, such as the site domain or content. So these are not the correct answers. However, an eavesdropper would be able to determine the IP addresses of sites visited by the user. Making IP addresses the correct answer.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

29 Dec

Posted at 11:53h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Veronica is developing a web application that must interact with the database. She would like to safeguard it against SQL injection attacks. Which one of the following controls would best achieve her goal? A. Inline Queries B. Stored Procedures C. Normalizing her database structure D. Performing data wrangling Correct Answer: B Stored procedures are a form of parameterized query where the query template is stored on the database server, safe from modification. Making it our correct answer here. Users may only provide parameters to that query, which are executed in a manner that prevents SQL injection attacks.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

In Archive