Friday, September 21, 2018

Subtle Word Choices on Security+

If you're planning to take the SY0-501 version of the Security+ exam, you may run across questions with subtle word choices. For example, a question could have one answer correct. However, a subtle change in a phrase in a question would make that answer incorrect.

Consider this question that was recently added to the gcgapremium.com site:

Q. Your organization is planning to implement SELinux in enforcing mode as a mandatory access control (MAC) model. Which of the following roles will specify the subjects that can access certain data objects?

A. Administrator

B. System

C. Owner

D. User

Do you know the answer? More, do you know why the correct answer is correct and why the incorrect answers are incorrect? Check out the answer and explanation here.

Monday, August 13, 2018

Security+ and Symmetric Encryption Concepts

Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data. If you're planning to take the SY0-501 exam, you should have a basic understanding of cryptography concepts such as cipher types and cipher modes.

Can you answer this Sample Security+ practice test question?

Q. Which of the following is a symmetric encryption algorithm that encrypts data 1 bit at a time?

A. Block cipher

B. Stream cipher

C. AES

D. DES

E. MD5

Check out the answer and full explanation here.


Monday, July 16, 2018

Russian Hacking

Russian hacking was exposed in a detailed indictment of 12 Russians by the US Department of Justice (DoJ). While reading through it I was intrigued at how the indictment laid out methods that the Russians used in clear and simple English.

Reading through the indictment, it gave all the classic indications of an advanced persistent threat (APT), the indictment never said so. Instead it indicated the attacks came from Units 26165 and 74455, which are part of a Russian military agency called the Main Intelligence Directorate of the General Staff. This is commonly abbreviated as GRU.



Read more about it here.

Monday, June 11, 2018

Digital Certificates and Security+

Are you planning to take the either the SY0-501 or the SY0-401 version of the Security+ exam?

If so, make sure you understand some basics about certificates, including what they contain.

As an example, see if you can answer this sample Security+ question.

Q. You are examining a certificate received from a web server used for secure transport encryption. Which of the following items will you be able to see in the certificate. (Choose TWO.)

A. The server’s private key
B. The CAs public key
C. The OID
D. The server’s public key
E. The CSR

See if you're correct (and view the full explanation) here.


Monday, June 4, 2018

Security+ Questions with 8 Possible Answers

Are you preparing for the CompTIA SY0-501 Security+ exam?

If so, you might like to that you may see more than just 4 possible answers.

Some people are reporting that they're seeing as many as  6 or 8 multiple choice answers in multiple choice questions. And you are typically required to pick multiple correct answers.

Check out this practice test question as an example:

Q. You suspect that an attacker is performing a reconnaissance attack against servers in your organization’s DMZ. The attacker is attempting to gather as much information as possible on these servers. You decide to check the logs of these servers to determine if the attacker is attempting a banner grabbing attack. Which of the following commands MOST likely indicate that the attacker is launching a banner grabbing attack? (Select FOUR.)

A. netcat
B. ipconfig
D. ping
E. arp
F. grep
G. tcpdump
H. nmap
I. telnet

Do you know the answers? Check out this blog post to see if you're correct.


Tuesday, May 29, 2018

Baseline Deviations and Security+

Are you planning to take the SY0-401 or SY0-501 Security+ exam?

If so, you should understand how baselines can be used to identify changes or deviations.

See f you can answer this sample practice test question.

Q. Network administrators have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer.

You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of applications from the master image, you verify this application is very likely the problem.

What allowed you to make this determination?

A. Least functionality

B. Sandbox

C. Blacklist

D. Integrity measurements

See if you're correct (and view a full explanation here). 

Monday, May 21, 2018

Security+ Personnel Management Policies

Are you planning to take the Security+ exam? If so, you might like to review some common personnel management policies.

See if you can answer this sample question.

Q. After a major data breach, Lisa has been tasked with reviewing security policies related to data loss. Which of the following is MOST closely related to data loss?

A. Clean desk policy

B. Legal hold policy

C. Job rotation policy

D. Background check policy

Read the full explanation (and see if you're correct) here.