Practice Test Questions

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.In what type of attack does the attacker place malicious content on a website that is frequented by individuals in the target organization, in the hopes that one of those individuals will visit the site with a vulnerable system and become compromised?A. Man-in-the-middle attack B. Man-in-the-browser attack C. Watering hole attack D. DDoS attackCorrect Answer: CWatering hole attacks take advantage of the fact that many people are predictable in their web surfing patterns. They place malicious content at a site likely to attract the target audience (the watering hole) and then wait for a compromise to occur.Interested in more practice test questions?Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.Roger's company did not have a strong disaster recovery plan and suffered a catastrophic data center outage. With no plan in place, what option likely allows them the quickest recovery at their primary site?A. Mobile site B. Hot site C. Warm site D. Cold siteCorrect Answer: ACold sites have only basic infrastructure available and require the longest period of time to activate operations. They are also the cheapest option. Warm sites add hardware, and possible software, to the mix but do not have a current copy of the data running. They require hours to activate. Hot sites are up and running at all times and can assume operations at a moment's notice. They are the most expensive option. Mobile sites are transportable on trailers and are a good choice for a last-minute recovery plan. They would work well in this scenario because Roger could bring a mobile site to their primary facility and use it to recover operations during the restoration effort at the primary site.Interested in more practice test questions?Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.Roland's company requires that supervisors approve payment requests entered by accounting clerks when the total amount of the payment is over $10,000. What type of control is this?A. Least privilege B. Separation of duties C. Job rotation D. Two-person controlCorrect Answer: DTwo-person control requires the concurrence of two individuals for sensitive actions. That is the scenario described here. Separation of duties says that an individual should not have both permissions necessary to perform a sensitive action. This is a closely related, but distinct principle. There is no evidence given that supervisors do not have the ability to create payments, so separation of duties is not in play here.Interested in more practice test questions?Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!...