Friday, October 20, 2017

Certificate Revocation Lists

Are you planning to take the Security+ exam? If so, make sure you understand PKI concepts. See if you can answer this practice test question.

Q. Your organization is planning to implement an internal PKI. What is required to ensure users can validate certificates?

A. An intermediate CA

B. CSR

C. Wildcard certificates

D. CRL


See if you're correct (and see the full explanation) here.

Monday, October 2, 2017

Security+ and Unauthorized System Access

Are you preparing to take the Security+ exam? If so make sure you understand some of the methods attackers use to gain unauthorized access to systems. See if you can answer this sample question.

Q. A recent antivirus scan on a server detected a Trojan. A technician removed the Trojan, but a security administrator expressed concern that unauthorized personnel might be able to access data on the server. The security administrator decided to check the server further. Of the following choices, what is the administrator MOST likely looking for on this server?

A. Backdoor

B. Logic bomb

C. Rootkit

D. Botnet

Check out the answer (and full explanation) here.


Friday, September 29, 2017

Security+ and Basic Forensic Procedures

Are you planning to take the Security+ exam? If so, make sure you understand basic forensic procedures.

See if can you answer this sample question?

Q. Security personnel confiscated a user’s workstation after a security incident. Administrators removed the hard drive for forensic analysis, but left it unattended for several hours before capturing an image. What could prevent the company from taking the employee to court over this incident?

A. Witnesses were not identified.

B. A chain of custody was not maintained.

C. An order of volatility was not maintained.

D. A hard drive analysis was not complete.

Check your answer (and see the full explanation) here.


Monday, September 25, 2017

Mobile Device Security & Security+

Are you planning to take the Security+ exam? See if you can answer this sample practice test question.

Q.  Your company provides electrical and plumbing services to homeowners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?

A. Mobile device management

B. Disabling unused features

C. Remote wiping

D. GPS tracking

Check out the answer and full explanation here.


Monday, September 18, 2017

Active VS Passive IDS Responses

Are you planning to take the Security+ exam?

If so make sure you know about many tools used in networks. For example, can you answer this question?

Q. A security company wants to gather intelligence about current methods attackers are using against its clients. What can it use?

A. Vulnerability scan

B. Honeynet

C. MAC address filtering

D. Evil twin

Check out the answer (and full explanation) here.


Monday, September 11, 2017

Beware Hurricane Related Scams

Beware of scammers that target both disaster victims and potential donors. US-CERT warns users to be watchful for various malicious cyber activity designed to take advantage of people after disasters.



As an example, you should exercise caution when handling emails related to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information, contain malicious attachments, or links to malware-infected websites.

Additionally, you should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.



Friday, September 8, 2017

Protocol IDs and Ports

Are you planning to take the Security+ exam? If so, make sure you know the relevant ports and protocol IDs.

See if you can answer this practice test question.

Q. You need to enable the use of NetBIOS through a firewall. Which ports should you open?

A. 137 through 139

B. 20 and 21

C. 80 and 443

D. 22 and 3389

Check out the answer (and full explanation) here.