Uncategorized

20 May

Posted at 15:03h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. In what type of penetration test does the attacker have no access to information about the tested environment other than that gathered during the attacker's own reconnaissance efforts? A. Grey Box B. Blue Box C. White Box D. Black Box Correct Answer: D Attackers do receive different levels of information in advance of a white box or grey box test, making them incorrect answers here. Blue box testing is not a type of penetration test, so that is another incorrect answer.Finally, black box penetration tests begin by providing the attacker with no information about the target environment, making it our correct answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

20 May

Posted at 14:59h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Wanda would like to implement an operational security control that increases the likelihood that internal fraud will be detected. Which one of the following controls would best meet her objective? A. Separation of Duties B. Job Rotation C. Least Privilege D. Two-Person Control Correct Answer: B Two-person control, least privilege, and separation of duties are all designed to deter and prevent fraud from occurring in the first place. Of the controls listed, only job rotation serves to detect fraud that has already taken place. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

21 Apr

Posted at 17:53h in Uncategorized by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Brianna is considering the placement of a new service her organization is developing from among different geographic data center options offered by her cloud provider. She is concerned about what legal jurisdictions would apply to the data. What principle most directly governs this concern? A. Data Classification B. Data Remnance C. Data Stewardship D. Data Sovereignty Correct Answer: D Data classification is a system used to identify the sensitivity and criticality levels of different types of information processed by the organization, which isn’t our correct answer here. Data remnance is the issue that occurs when data remains on a storage device after the user deletes it,also not the answer we are looking for. The principle of data sovereignty states that data may be subject to the laws of the jurisdictions where it is stored, processed, and transmitted, making it our correct answer here. Data stewardship programs are designed to create governance schemes around the different types of information used by an organization, which is not Brianna’s concern in this scenario. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...