Practice Test Questions

14 Mar

Posted at 08:27h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Jessica is creating a virtual private cloud (VPC) with a private subnet in her IaaS environment. Which one of the following IP address ranges would not be appropriate for this subnet? A. 172.16.0.0/16 B. 10.16.0.0/16 C. 192.168.0.0/16 D. 181.10.0.0/16 Correct Answer: D The following address ranges are available for use on private networks and subnets: 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0-192.168.255.255. Three of the subnets presented in this question fall into these ranges while the fourth, 181.10.0.0/16 does not. That subnet is a public address range assigned to a particular user and should not be used on a private subnet.   Interested in more practice test questions?   Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

14 Mar

Posted at 08:24h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Brynn is concerned about the risks associated with web application attacks and wishes to perform input validation. What is the best place to perform this task? A. In the user's browser via HTML B. On the web server C. In the user's browser via JavaScript D. On the database server Correct Answer: B Input validation should always be performed on the web server. Database servers do not see the full input provided by the user and are not well-situated to perform input validation. Input validation should never be performed at the web browser because a malicious user can disable that validation code. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

14 Mar

Posted at 08:19h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Harold is investigating a security incident where the victim was visiting a message board and viewed a message containing malicious code. He had another tab open in his browser that was logged into a popular shopping website. The malicious code on the message board made a purchase on the shopping website without his knowledge and shipped the merchandise to an overseas address. What type of attack likely took place? A. Server-side request forgery B. Cross-site scripting C. Cross-site request forgery D. Phishing Correct Answer: C In this case, the attack depended upon the fact that the victim was already logged into the shopping website. The attacker knew that some portion of the visitors to the message board would be logged into that site and took advantage of that trust relationship to send commands through the user's browser to the shopping site. That's an example of a cross-site request forgery attack. Cross-site scripting attacks work in a similar manner but they do not leverage those trust relationships. Server-side request forgery attacks target the web server itself rather than the end user. Phishing attacks attempt to trick the user into sharing sensitive information, but this attack took place without the victim's knowledge. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...