Uncategorized

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.During a web application security review, Crystal discovered that one of her organization's applications is vulnerable to SQL injection attacks. Where would be the best place for Crystal to address the root cause issue?A. Database server configuration B. Web application firewall C. Web server configuration D. Application codeCorrect Answer: DWhile it may be possible to mitigate this issue by adjusting settings on any of the devices mentioned here, the root cause of a SQL injection vulnerability is faulty input validation in the application's source code. This root cause may only be addressed by modifying the application code.Interested in more practice test questions?Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.Samantha is the administrator of her organization's mobile devices and wants to ensure that users have current versions of operating system firmware. Which one of the following approaches will best meet this need?A. Administrator installation B. OTA upgrades C. User installation D. SideloadingCorrect Answer: BOver-the-air (OTA) upgrades occur automatically and without user or administrator intervention, making them the best way to ensure that devices remain current. If Samantha wants to control when these updates occur, she can manage OTA updates through her mobile device management (MDM) platform. Manual installation or sideloading by users or administrators is not likely to keep devices consistently updated.Interested in more practice test questions?Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies.Harold is examining the web server logs after detecting unusual activity on the system. He finds the log excerpt shown below. What type of attack did someone attempt against this system based upon the data shown in these logs?A. SQL injection B. Cross-site scripting C. Domain hijacking D. Directory traversalCorrect Answer: AThe third log entry shows clear signs of a SQL injection attack. Notice that the parameters passed to the web page include an appended SQL command: UNION SELECT 1,2,3,4,5. This is designed to retrieve the first five columns from the database table and will likely succeed if the web application is not performing proper input validation.Interested in more practice test questions?Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test!...