Monday, April 16, 2018

NAC Systems and Security+

Are you preparing for the SY0-501 or SY0-401 Security+ exam? If so, you should have a basic understanding of network components that support organizational security. This includes using NAC systems to verify computers meet preset security conditions.

See if you  can answer this sample Security+ question.

Q. Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following agents would the NAC MOST likely have?

A. Permanent

B. Health

C. RADIUS

D. Dissolvable

Check out the answer and full explanation here.


Monday, March 26, 2018

Security+ and Proxy Servers

Are you planning to take the SY0-401 Security+ or SY0-501 Security+ exam?  If so, make sure you understand basic network components.

As an example, see if you can answer this sample Security+ question.

Q.  Management at your organization wants to prevent employees from accessing social media sites using company-owned computers. Which of the following devices would you implement?

A. Transparent proxy

B. Reverse proxy

C. Nontransparent proxy

D. Caching proxy

Check out the answer and explanation here.


Monday, March 19, 2018

Security+ and Penetration Testing


Are you planning to take the SY0-501 or SY0-401 Security+ exam. If so, make sure you understand some basic penetration testing concepts.

As an example, see if you can answer this sample question?

Q. A penetration tester has successfully attacked a single computer within the network. The tester is now attempting to access other systems within the network via this computer. Which of the following BEST describes the tester’s current actions?

A. Performing reconnaissance

B. Performing the initial exploitation

C. Pivoting

D. Escalating privileges

Check out the answer (and full explanation) here.


Friday, March 2, 2018

Security+ and Secure Coding

The CompTIA Security+ exam includes many concepts related to secure coding techniques. If you're planning to take the SY0-401 or the SY0-501 Security+ exam, you should have a basic understanding of techniques such as proper error handling, input validation, and more.

As an example, can you answer this sample SY0-501 practice question?

Q. You are reviewing some Java code for an application and come across the following snippet:

You suspect that this will cause a problem. Which of the following BEST describes the problem?

A. NullPointerException

B. Invalid null assignment

C. Pointer dereference

D. Buffer overflow

Check out this page to see if you're correct (and see the full explanation).

Monday, February 26, 2018

Security+ and High Availability

For example, can you answer this question?

Q. Your organization is planning to deploy a new e-commerce web site. Management anticipates heavy processing requirements for a back-end application. The current design will use one web server and multiple application servers. Which of the following BEST describes the application servers?

A. Load balancing

B. Clustering

C. RAID

D. Affinity scheduling


Tuesday, February 20, 2018

Watch Out For This IRS Tax Scam

The IRS is warning people about another IRS tax scam. It's already hit several thousand people and based on its success so far, it will probably continue.
  • Criminals use stolen client data from tax professionals and use them to file fraudulent tax returns.
  • In the tax return, they ask the IRS to deposit the money into the taxpayer's bank account (or sometimes send a check).
  • Criminals then demand that the money be returned.
Check out the details here.


Monday, February 12, 2018

Security+ and PKIs

Are you planning to take the SY0-401 or SY0-501 exam? If so, make sure you understand some basic PKI concepts. As an example, can you answer this sample Security+ practice test question?

Q. An organization hosts several web servers in a web farm used for e-commerce. Due to recent attacks, management is concerned that attackers might try to redirect web site traffic, allowing the attackers to impersonate their e-commerce site. Which of the following methods will address this issue?

A. Stapling

B. Perfect forward secrecy

C. Pinning

D. Key stretching

Check out the answer and full explanation here.