Practice Test Questions

02 Jul

Posted at 01:15h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Rob recently learned that his organization is not performing backups of critical systems on a routine basis.  What type of control gap has Rob identified? A. Preventive B. Corrective C. Deterrent D. Physical Correct Answer: B Backups offer organizations the opportunity to restore services to normal working conditions after an emergency situation arises. Therefore, they are best described as an example of a corrective control.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

02 Jul

Posted at 01:01h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. What type of information is classified in the MITRE ATT&CK framework? A. Indicators of compromise B. Adversary tactics C. Threat actors D. Threat vectors Correct Answer: B The MITRE ATT&CK framework documents common tactics, techniques, and procedures used by advanced persistent threats (APTs). The term is an acronym for Adversarial Tactics, Techniques, and Common Knowledge.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

02 Jul

Posted at 00:46h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Gina is reviewing the header information attached to an email message that was used in a phishing scam.  She retrieved this header information from her own organization's email server.  Which one of the following pieces of information in the header is the most reliable? A. The sender's email address B. The sender's name C. The IP address of the system originating the message D. The IP address of the system that forwarded the message to her organization's email server Correct Answer: D When interpreting email headers, analysts must be careful to take most information they contain with a grain of salt. Any information added by servers earlier in the chain usually can't be trusted, as it is open to manipulation. This includes information about the sender (such as their name and email address) as well as any IP addresses of systems earlier in the chain. Analysts can generally trust information added by their own servers, such as the IP address of the system that forwarded the message to the server.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...