Uncategorized

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Gavin is looking for guidance on how his organization should approach the evaluation of cloud service providers. What ISO document can help him with this work? A. ISO 27001 B. ISO 27701 C. ISO 27017 D. ISO 17789 Correct Answer: C ISO 27001 is a general description of controls appropriate for a cybersecurity program, while ISO 27701 provides control guidance for privacy programs neither of which are what we are looking for here. ISO 27017 provides guidance on the security controls that should be implemented by cloud service providers and would be useful to Gavin in evaluating such a provider. ISO 17789 provides a cloud reference architecture and does not offer specific security guidance, so that makes it another incorrect answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which one of the following emerging technologies provides the capability of creating a distributed, immutable ledger? A. Quantum Computing B. Blockchain C. Edge Computing D. Confidential Computing Correct Answer: B The blockchain is technology that uses cryptography to create a distributed immutable ledger. It is the technical foundation behind cryptocurrency and many other applications. Quantum computing is an emerging technology that uses principles of particle physics to perform computing, which is not what we are looking for. Edge computing moves compute power to Internet of Things (IoT) devices located at the “edge” of the network. Confidential computing is an area of re-search into methods for protecting data in use through the protection provided by a trusted execution environment (TEE), making it an incorrect answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Joe is using a virtual server instance running on a public cloud provider and would like to restrict the ports on that server accessible from the Internet. What security control would best allow him to meet this need? A. Geofencing B. Network traffic inspection C. Network firewall D. Network security groups Correct Answer: D Joe would not be able to modify the network firewall rules because those are only available to the cloud provider. Geofencing would restrict the geographic locations from which users may access the servers, which is not Joe’s requirement. Traffic inspection may be used to examine the traffic reaching the instance but is not normally used to create port-based restrictions, making it another incorrect answer. Network security groups however, provide functionality equivalent to network firewalls for cloud-hosted server instances. They allow the restriction of traffic that may reach a server instance, making Network security groups our correct answer. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...