Practice Test Questions

22 Aug

Posted at 13:09h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Roland recently wrote code that implements a new feature demanded by end users of an application he manages. He would like users to examine the feature and determine whether it meets their needs. What environment is most appropriate for this activity? A. Test B. Development C. Staging D. Production Correct Answer: A The process described, where users evaluate features to determine whether they meet business requirements, is known as user acceptance testing (UAT) and it should take place in the test environment. So, that is the correct answer. Roland would have created the new feature in a development environment. After the code passes testing, it will move on to staging and then finally into production.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

22 Aug

Posted at 12:24h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following regulations provides strict, detailed procedures for the use of compensating controls? A. PCI DSS B. HIPAA C. GLBA D. FERPA Correct Answer: A While compensating controls may be used for any control requirement, PCI DSS includes very detailed procedures for documenting and approving acceptable compensating controls in credit card processing environments. The remaining answers are incorrect.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

21 Jul

Posted at 13:51h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Naomi is installing a new endpoint detection and response (EDR) solution for her organization. What category of control is she installing? A. Technical B. Operational C. Managerial D. Detective Correct Answer: A There are three categories of security control: technical, operational, and managerial. Technical controls enforce CIA in the digital space. Naomi is installing an EDR system that uses technology to detect and respond to security incidents. Therefore, the EDR system is best described as a technical control. Operational controls include the processes that we put in place to manage technology in a secure manner. So this is not the correct answer. Managerial controls are procedural mechanisms that focus on the mechanics of the risk management process. So this is not the correct answer either. Security controls also come in types such as: preventive, detective, corrective, deterrent, physical, and compensating controls. We are looking for control categories, not control types. So detective is another incorrect answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...