Practice Test Questions

29 Mar

Posted at 03:48h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Harold is examining the web server logs after detecting unusual activity on the system. He finds the log excerpt shown below. What type of attack did someone attempt against this system based upon the data shown in these logs? A. SQL injection B. Cross-site scripting C. Domain hijacking D. Directory traversal Correct Answer: A The third log entry shows clear signs of a SQL injection attack. Notice that the parameters passed to the web page include an appended SQL command: UNION SELECT 1,2,3,4,5. This is designed to retrieve the first five columns from the database table and will likely succeed if the web application is not performing proper input validation. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

23 Mar

Posted at 03:36h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following security controls would be MOST effective in combatting buffer overflow attacks? A. IDS B. ASLR C. VPN D. DLP Correct Answer: B Address space layout randomization (ASLR) is a security technique that randomizes the location of objects in memory, making a buffer overflow attack less likely to succeed. Virtual private networks (VPN) provide transport encryption and data loss prevention (DLP) systems provide protection against data exfiltration. Neither would be effective against buffer overflow attacks. Intrusion detection systems (IDS) may identify a buffer overflow attack but would not prevent it from succeeding. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

17 Mar

Posted at 02:30h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Chris is investigating a security incident at his organization where an attacker entered the building wearing a company uniform and demanded that the receptionist provide him access to a network closet. He told the receptionist that he needed to access the closet immediately to prevent a major network disaster. Which one of the following principles of social engineering did the attacker NOT exploit? A. Intimidation B. Urgency C. Authority D. Consensus Correct Answer: D The attacker entered the building wearing a uniform, which is a sign of authority. He threatened the receptionist (intimidation) with an impending network outage (urgency). There is no indication that he tried to build consensus. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...