Practice Test Questions

25 May

Posted at 12:34h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following approaches attaches an OCSP validation message to the digital certificate sent to users by a website? A. Certificate Chaining B. Certificate Pinning C. Certificate Stapling D. Certificate Attachment Correct Answer: C Certificate chaining is used to delegate authority to subordinate certificate authorities. So, that is not the correct answer. Certificate pinning is a technique used to prevent changes in the valid certificate for a domain, which is another incorrect answer. Certificate stapling attaches an OCSP validation to the digital certificate, making it our correct answer. Certificate stapling also saves the client and server the time of repeatedly querying the OCSP server for certificate validity. That last choice, certificate attachment, is just a made-up term and it’s not a valid technique.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

25 May

Posted at 12:29h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following cryptographic algorithms does not depend upon the prime factorization problem? A. RSA B. GPG C. ECC D. PGP Correct Answer: C The prime factorization problem forms the basis for most public key cryptographic algorithms, including RSA, PGP, and GPG. So, that eliminates all three of those – RSA, PGP, and GPG – as the answer. The elliptic curve cryptosystem (ECC) does not depend upon the prime factorization problem. The security of ECC depends upon the difficulty of finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point. That makes it our correct answer!   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

25 May

Posted at 12:24h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Maliah is responding to a security incident where a call center representative was tricked into disclosing his password. The representative went to visit a company website and was redirected to an illegitimate site that looked like the corporate site, but stole his password. What term best describes this attack? A. Phishing B. Watering Hole C. Whaling D. Pharming Correct Answer: D Phishing is a broad term used to describe obtaining user credentials and sensitive data fraudulently, usually through unsolicited email. In this case, the victim was redirected to an illegitimate website, so that wasn't a phishing attack. A watering hole attack is designed around a website that a particular group visits often. For example, it might place malicious code on a message board visited by employees of a company. Watering hole attacks don't redirect users. So, that's not the correct answer either. Whaling is a type of phishing aimed at high profile employees. We've already ruled out phishing attacks, so this is another incorrect answer .This scenario is an example of a pharming attack, where the victim was redirected to an illegitimate site and had their credentials stolen.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...