Practice Test Questions

07 Oct

Posted at 17:03h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. After an incident responder identifies that a security incident is in progress, what is the next step in the incident response process? A. Preparation B. Recovery C. Eradication D. Containment Correct Answer: D After identifying an incident, the team should next move into the containment phase where they seek to limit the damage caused by the incident. Containment occurs prior to the eradication and recovery phases. The preparation phase occurs before incident identification. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

29 Sep

Posted at 22:50h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Paula is reviewing her organization's account management lifecycle.  She is paying particular attention to the timeliness of account management activities and would like to prioritize areas that have the greatest risk.  Which one of the following activities should be her highest priority? A. Access modifications B. Onboarding C. Access reviews D. Offboarding Correct Answer: D The offboarding process is the area of greatest risk to the organization because failure to execute deprovisioning activities in a prompt manner may mean that employees who have left the organization retain access to sensitive information or systems. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

22 Sep

Posted at 23:44h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Katie is reviewing the security of a web server used by her organization. She discovers each of the items listed below. Which one of these items poses the greatest security risk and should be prioritized for remediation? A. The server uses TLS 1.2. B. The server supports access on port 80. C. The server runs Apache and MySQL. D. The server supports access on port 443. Correct Answer: C One of the basic server security principles is that each server should support only one primary function. Best practice dictates separating the web server (Apache) from the database server (MySQL). It is normal and standard for a web server to support both unencrypted access on port 80 and encrypted access on port 443. TLS 1.2 is a modern version of the protocol and is secure and acceptable for use. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...