Monday, August 21, 2017

Social Engineering and Security+

Are you planning to take the Security+ exam? If so, make sure you understand common social engineering tactics.

See if you can answer this sample question.

Q. Lisa is a database administrator and received a phone call from someone identifying himself as a technician working with a known hardware vendor. The technician said he’s aware of a problem with database servers they’ve sold, but it only affects certain operating system versions. He asks Lisa what operating system the company is running on its database servers. Which of the following choices is the BEST response from Lisa?

A. Let the caller know what operating system and versions are running on the database servers to determine if any further action is needed.

B. Thank the caller and end the call, report the call to her supervisor, and independently check the vendor for issues.

C. Ask the caller for his phone number so that she can call him back after checking the servers.

D. Contact law enforcement personnel.

See if you are correct (and view the full explanation) here.


Friday, August 18, 2017

Security+ and Application Attacks

Are  you planning to take the Security+ exam? If so, make sure you understand application attacks. For example, see if you can you answer this practice test question?

Q. An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

A. Buffer overflow

B. Zero-day attack

C. Fuzzing

D. Session hijacking

See if you're correct, and view the full explanation here.


Friday, August 11, 2017

Security+ and Digital Signatures

Are you planning to take the Security+ exam? If so, make sure you understand cryptography topics such as digital signatures.

See if you can answer this Security+ practice test question.

Q. Lenny and Carl work in an organization that includes a PKI. Carl needs to send a digitally signed file to Lenny. What does Carl use in this process?

A. Carl’s public key

B. Carl’s private key

C. Lenny’s public key

D. Lenny’s private key

See the answer and the full explanation here.


Monday, August 7, 2017

/32 CIDR Notation in an ACL

Are you preparing to take the Security+ exam? If so, make sure you know how to craft rules in firewall and router ACLs. As an example, see if you can answer this question.

Q. You need to configure a firewall to allow traffic from Homer's computer to all of the servers within the 192.168.8.0/24 network. The following graphic shows a partial network diagram. Click it to view the image in full size.



Which of the following choices is the BEST to identify the source in the ACL rule?

A. 192.168.5.5/24

B. 192.168.5.5/32

C. 192.168.10.0/24

D. 192.168.10.0/32

See if you're correct (and view the full explanation) here.

Friday, August 4, 2017

Comparing Risks & Vulnerabilities

Are you planning to take the Security+ exam? If so, make sure you understand concepts such as risks and vulnerabilities.

For example, can you answer this question?

Q. Which of the following is most closely associated with residual risk?

A. Risk acceptance

B. Risk avoidance

C. Risk deterrence

D. Risk mitigation

E. Risk transference

See if you're correct (and read the full explanation) here.


Monday, July 31, 2017

Digital Signatures and Integrity

Are you preparing to take the Security+ exam? See if you can answer this sample practice test question?

Q. Users in your organization sign their emails with digital signatures. What provides integrity for these certificates?

A. Hashing

B. Encryption

C. Non-repudiation

D. Private key

See if you're correct (and view the full explanation) here.

Monday, July 24, 2017

Security+ and Door Access System

Are you planning to take the Security+ exam? If so, make sure you understand physical security concepts. For example, Can you answer this sample Security+ question?

Q. You need to secure access to a data center. Which of the following choices provides the BEST physical security to meet this need? (Select THREE.)

A. Biometrics

B. Cable locks

C. CCTV

D. Mantrap

See if you're correct and view the full explanation here.