Practice Test Questions

27 Oct

Posted at 14:16h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following authentication mechanisms is most susceptible to pass-the-hash attacks? A. Kerberos B. SAML C. NTLM D. Shibboleth Correct Answer: C Pass the hash attacks do not affect the Kerberos authentication system and they are also not likely found in the technologies supporting federation, such as the Security Assertion Markup Language (SAML), or Shibboleth. The NT LAN Manager (NTLM) authentication system used in some Windows-based networks is particularly susceptible to pass-the-hash attacks, so that's our correct answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

27 Oct

Posted at 14:12h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Darcy is concerned about an attacker launching a MAC flooding attack on her network. Which one of the following controls would best protect against MAC flooding attacks?A. Port Security B. Port Tapping C. Protocol Validation D. Input Validation Correct Answer: A MAC flooding occurs when a single device sends many different MAC addresses to a switch, causing it to overflow its ARP table and begin sending traffic to incorrect ports, potentially causing a breach of sensitive information. Input validation is a control used to protect applications from user input, so that's not relevant here. Port tapping is used to gain access to network traffic being sent through a switch, so we don't need that either. And protocol validation is used to verify the contents of network traffic, so it's also not the correct answer. MAC flooding can be prevented through the use of port security mechanisms, which limit the number of MAC addresses allowed from a single network port Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

24 Jun

Posted at 17:36h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Tina is an independent security researcher who tests the security of systems of large corporations. She is working with a large automotive supplier to test the security of their systems. What term best describes Tina's work on this engagement? A. Black hat B. Blue hat C. White hat D. Grey hat Correct Answer: C Tina is working under an authorized contract, so her work is clearly that of a white hat hacker. White hats do not need to be employees of the company being tested, they merely must be authorized to do their work. If Tina was working without permission, but intended to report results only to the target company, her work would be considered grey hat. If she had malicious intent, she would be a black hat hacker. Blue hat is not a term commonly used to categorize attackers. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...