Monday, June 11, 2018

Digital Certificates and Security+

Are you planning to take the either the SY0-501 or the SY0-401 version of the Security+ exam?

If so, make sure you understand some basics about certificates, including what they contain.

As an example, see if you can answer this sample Security+ question.

Q. You are examining a certificate received from a web server used for secure transport encryption. Which of the following items will you be able to see in the certificate. (Choose TWO.)

A. The server’s private key
B. The CAs public key
C. The OID
D. The server’s public key
E. The CSR

See if you're correct (and view the full explanation) here.


Monday, June 4, 2018

Security+ Questions with 8 Possible Answers

Are you preparing for the CompTIA SY0-501 Security+ exam?

If so, you might like to that you may see more than just 4 possible answers.

Some people are reporting that they're seeing as many as  6 or 8 multiple choice answers in multiple choice questions. And you are typically required to pick multiple correct answers.

Check out this practice test question as an example:

Q. You suspect that an attacker is performing a reconnaissance attack against servers in your organization’s DMZ. The attacker is attempting to gather as much information as possible on these servers. You decide to check the logs of these servers to determine if the attacker is attempting a banner grabbing attack. Which of the following commands MOST likely indicate that the attacker is launching a banner grabbing attack? (Select FOUR.)

A. netcat
B. ipconfig
D. ping
E. arp
F. grep
G. tcpdump
H. nmap
I. telnet

Do you know the answers? Check out this blog post to see if you're correct.


Tuesday, May 29, 2018

Baseline Deviations and Security+

Are you planning to take the SY0-401 or SY0-501 Security+ exam?

If so, you should understand how baselines can be used to identify changes or deviations.

See f you can answer this sample practice test question.

Q. Network administrators have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer.

You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of applications from the master image, you verify this application is very likely the problem.

What allowed you to make this determination?

A. Least functionality

B. Sandbox

C. Blacklist

D. Integrity measurements

See if you're correct (and view a full explanation here). 

Monday, May 21, 2018

Security+ Personnel Management Policies

Are you planning to take the Security+ exam? If so, you might like to review some common personnel management policies.

See if you can answer this sample question.

Q. After a major data breach, Lisa has been tasked with reviewing security policies related to data loss. Which of the following is MOST closely related to data loss?

A. Clean desk policy

B. Legal hold policy

C. Job rotation policy

D. Background check policy

Read the full explanation (and see if you're correct) here.


Tuesday, May 15, 2018

Common Malware Names and Security+

Are you planning to take the SY0-501 Security+ exam? If so, you might like to review some information on malware names.

Check out this sample Security+ practice test question that was recently added to the Extras quiz for the online SY0-501 practice test questions.

Q. You are troubleshooting a computer that is displaying erratic behavior. You suspect that malicious software was installed when the user downloaded and installed a free software application. You want to identify the name of the malware and you run the following netstat command from the command prompt:

C:\WINDOWS\system32>netstat -nab > netstat.txt

After opening the text file you see the following information.


Based on the output, what type of malware was most likely installed on the user’s computer?

A. Worm

B. Logic bomb

C. Ransomware

D. RAT

E. Crypto-malware

F. No malware is indicated

Check out the answer and full explanation here.


Monday, May 14, 2018

Understanding Network Separation

Are yo planning to take the Security+ SY0-401 or SY0-501 exam?

If so, see if you can answer this sample question.

Q. You are tasked with configuring a switch so that it separates VoIP and data traffic. Which of the following provides the BEST solution?
A. NAC
B. DMZ
C. SRTP
D. VLAN

Check out the answer and full explanation here.


Monday, May 7, 2018

Vulnerability Assessment Tools

Are you planning to take the SY0-401 or SY0-501 Security+ exam?

If so, see if you can answer this practice test question.

Q. You suspect that a user is running an unauthorized AP within the organization’s building. Which of the following tools is the BEST choice to see if an unauthorized AP is operating on the network?
A. Rogue system
B. Wireless scanner
C. Password cracker
D. Penetration test