Monday, February 12, 2018

Security+ and PKIs

Are you planning to take the SY0-401 or SY0-501 exam? If so, make sure you understand some basic PKI concepts. As an example, can you answer this sample Security+ practice test question?

Q. An organization hosts several web servers in a web farm used for e-commerce. Due to recent attacks, management is concerned that attackers might try to redirect web site traffic, allowing the attackers to impersonate their e-commerce site. Which of the following methods will address this issue?

A. Stapling

B. Perfect forward secrecy

C. Pinning

D. Key stretching

Check out the answer and full explanation here.


Monday, February 5, 2018

Cloud Computing

Are you planning to take the SY0-401 or SY0-501 Security+ exam?

Can you answer this sample Security+ practice test question?

Q. The Shelbyville Nuclear Power Plant stores some data in the cloud using its own resources. The Springfield school system also has a cloud using its own resources. Later, the two organizations decide to share some of the educational data in both clouds. Which of the following BEST describes the cloud created by these two organizations?

A. Community

B. Private

C. Public

D. PaaS

See if you're correct, and read the full explanation here.

Check out the answer (and the full explanation) here.


Monday, January 29, 2018

Protecting PII

Are you planning to take the SY0-401 or the SY0-501 Security+ exam? If so, make sure you have a basic understanding of privacy concepts.

As an example, see if you can answer this sample practice test question:

Q. Your organization has decided to increase the amount of customer data it maintains and use it for targeted sales. However, management is concerned that they will need to comply with existing laws related to PII. Which of the following should be completed to determine if the customer data is PII?

A. Privacy threshold assessment
B. Privacy impact assessment
C. Tabletop exercise
D. Affinity scheduling

More, do you know why the correct answer is correct and the incorrect answers are incorrect?

Check out the answer here.



Monday, January 22, 2018

Biggest Cybersecurity Threat

Do you know what many experts are referring to as the biggest cybersecurity threat?

You may be surprised.

Check out this sample Security+ practice test question to see if you can answer it. It also gives a hint of what may be the biggest security threat for any organization.

Q. The CEO of a company recently received an email. The email indicates that her company is being sued and names her specifically as a defendant in the lawsuit. It includes an attachment and the email describes the attachment as a subpoena. Which of the following BEST describes the social engineering principle used by the sender in this scenario?
A. Whaling
B. Phishing
C. Consensus
D. Authority

The answer and explanation is here, along with a short discussion of what many organizations consider the biggest security threat.


Monday, January 8, 2018

Security+ and Database Concepts

Are you planning to take the SY0-501 Security+ exam? If so, you should understand some database concepts that weren't tested in the SY0-401 exam.

See if you can you answer this question?

Q. Database administrators have created a database used by a web application. However, testing shows that the application is taking a significant amount of time accessing data within the database. Which of the following actions is MOST likely to improve the overall performance of a database?

A. Normalization

B. Client-side input validation

C. Server-side input validation

D. Obfuscation

Check out the answer and full explanation here.


Tuesday, January 2, 2018

IDSs and IPSs on the Security+ Exam

Are you planning to take the Security+ exam? If so, make sure you know about IDSs and IPSs.
For example, can you answer this question?

Q. A HIDS reported a vulnerability on a system based on a known attack. After researching the alert from the HIDS, you identify the recommended solution and begin applying it. What type of HIDS is in use?

A. Network-based

B. Signature-based

C. Heuristic-based

D. Anomaly-based

Check out the answer and explanation here.


Tuesday, December 26, 2017

Stackable Certifications from CompTIA

Have you heard about CompTIAs new stackable certifications? If you've earned more than a couple of CompTIA certifications, you may already have one of them.

As an example, if you an A+ and Network+ certification, you now also have the CompTIA IT Operations Specialist stackable certification.

Check out this blog post for more information.