Friday, December 30, 2016

Recovering Encrypted Data

Are you preparing for the Security+ exam? See if you can you answer this sample question.

Q. A user’s laptop developed a problem and can no longer boot. Help desk personnel tried to recover the data on the disk, but the disk is encrypted. Which of the following can be used to retrieve data from the hard drive?

A. A trust relationship

B. Public key

C. Recovery agent

D. CRL

See the answer and a full explanation here.



Monday, December 26, 2016

Web Browser Attacks

Are you planning to take the Security+ exam. Do you understand some of the basic web browser attacks. See if you can you answer this practice Security+ question?

Q. Security analysts recently discovered that users in your organization are inadvertently installing malware on their systems after visiting the comptai.org web site. Users have a legitimate requirement to visit the comptia.org web site. What is the MOST likely explanation for this activity?

A. Smurf

B. Typo squatting

C. Fuzzing

D. Replay

See if you're correct and view the explanation here.


Tuesday, December 20, 2016

System Attacks Disrupting User’s Access

Are you planning to take the Security+ exam? If so, make sure you understand common attacks. As an example, see if you can answer this sample question.

Q. An IDS alerts on increased traffic. Upon investigation, you realize it is due to a spike in network traffic from several sources. Assuming this is malicious, what is the MOST likely explanation?

A. A smurf attack

B. A flood guard attack

C. A DoS attack

D. A DDoS attack

You can see the answer and explanation here.

Thursday, December 15, 2016

Network+ and Safety Precautions

Are you planning to take the Network+ exam? Do you have a basic understanding of safety precautions.

See if you can answer this sample Network+ question.

Q. Your organization recently purchased another company. Several administrators have inspected the server room at the new company and raised safety concerns. Specifically they state that the server room has a system that can remove all oxygen from the room and threaten the lives of anyone in the room. What is the purpose of this system?

A. ESD prevention

B. Safety of personnel

C. Temperature control

D. Fire suppression

Check out this link for the answer and a full explanation.

Monday, December 12, 2016

Remote Access

Are you planning to take the Security+ exam. If so, you should have a basic understanding of remote access methods. See if you can answer this sample question?

Q. Management within your organization wants some users to be able to access internal network resources from remote locations. Which of the following is the BEST choice to meet this need?

A. WAF

B. VPN

C. IDS

D. IPS

Check out the answer and explanation here.


Friday, December 9, 2016

Security Versus Personal Safety

Are you planning to take the Security+ exam. If so, make sure you have a basic understanding of implementing environmental controls. These controls directly contribute to the availability of systems but also weigh the value of personal safety.

See if you can you answer this sample question?

Q. An attacker was able to sneak into your building but was unable to open the server room door. He bashed the proximity badge reader with a portable fire extinguisher and the door opened. What is the MOST likely reason that the door opened?

A. The access system was designed to fail-open.

B. The access system was designed to fail-close.

C. The access system was improperly installed.

D. The portable fire extinguisher included a proximity badge.

Check out the answer and explanation here.

Thursday, December 8, 2016

Comparing Disk & Power Redundancies

Are you planning to take the Security+ exam. Do you have a basic understanding of redundancies. See if you can answer this sample practice test question.

Q. You are a technician at a small organization. You need to add fault-tolerance capabilities within the business to increase the availability of data. However, you need to keep costs as low as possible. Which of the following is the BEST choice to meet these needs?

A. Failover cluster

B. RAID-6

C. Backups

D. UPS

Check the answer and explanation here.


Tuesday, December 6, 2016

Protecting Sensitive Data

Protecting sensitive data is a significant concern for any organization so it's important to know the different methods used to do so. Check out this sample Security+ question.

Q. A security manager is reviewing security policies related to data loss. Which of the following is the security administrator MOST likely to be reviewing?

A. Clean desk policy

B. Separation of duties

C. Job rotation

D. Change management

Do you know why the incorrect answers are incorrect and why the correct answers are correct?

Check out the answer and explanation here.


Setting Up a Small Office Network

Are you planning to take the Network+ exam. Do you have a basic understanding of network devices?

See if you can you answer this question.

Q. You are helping a business owner set up small office network. Employees have ten laptops, each with Wi-Fi capabilities. The office has a DSL line. What equipment needs to be purchased? (Choose TWO.)

A. ISP

B. Wireless router

C. Modem

D. DSL balancer

E. Ten cables for the ten computers

You can check your answer here. 


Learn more about common network components.

Monday, December 5, 2016

Intrusion Detection System Threshold

See if you can answer this sample question for the Security+ exam.

Q. Administrators have noticed an increased workload recently. Which of the following can cause an increased workload from incorrect reporting?

A. False negatives

B. False positives

C. Separation of duties

D. Signature-based IDSs



Friday, December 2, 2016

Implementing Technical Controls

Technical controls are frequently tested in the Security+ exam. See if you can you answer this Security+ practice test question?

Q. Your organization issues users a variety of different mobile devices. However, management wants to reduce potential data losses if the devices are lost or stolen. Which of the following is the BEST technical control to achieve this goal?

A. Cable locks

B. Risk assessment

C. Disk encryption

D. Hardening the systems

Check your answer here.


Tuesday, November 29, 2016

Data Encryption Versus Hidden Message

Are you plannig to take the the Security+ exam? Do you understand basic cryptography concepts such as data encryption.

See if you can this question?

Q. Lisa hid several plaintext documents within an image file. Which security goal is she pursuing?

A. Encryption

B. Integrity

C. Steganography

D. Confidentiality

You can see the answer and an explanation here.


Monday, November 28, 2016

Preventing Software Installation

Are you planning to take the Security+ exam?

Check out this sample question.

Q. Your organization wants to ensure that employees do not install or play operating system games, such as solitaire and FreeCell, on their computers. Which of the following is the BEST choice to prevent this?

A. Security policy

B. Application whitelisting

C. Anti-malware software

D. Antivirus software



Tuesday, November 22, 2016

Web Application Vulnerabilities

Are you planning to take the Security+ exam? Make sure that you have a good understanding of web application vulnerabilities so that you can answer questions such as this one.

Q. While creating a web application, a developer adds code to limit data provided by users. The code prevents users from entering special characters. Which of the following attacks will this code MOST likely prevent?

A. Sniffing

B. Spoofing

C. XSS

D. Pharming

Check out the answer and explanation here.


Monday, November 21, 2016

Malware Types Targeting User’s Activity

Are you prepping for the Security+ exam? If so, make sure you know about the different types of malware.

See if you can answer this sample question.

Q. Of the following malware types, which one is MOST likely to monitor a user’s computer?

A. Trojan

B. Spyware

C. Adware

D. Ransomware

Check your answer and see the explanation here.


Friday, November 18, 2016

Client and Server Ports

Is the Security+ exam in your future? If so, see if you can answer this sample Security+ question:

Q. You recently learned that a network router has TCP ports 22 and 80 open, but the organization’s security policy mandates that these should not be accessible. What should you do?

A. Disable the FTP and HTTP services on the router.

B. Disable the DNS and HTTPS services on the router.

C. Disable the SSH and HTTP services on the router.

D. Disable the Telnet and Kerberos services on the router.

Check out the answer and explanation here.


Thursday, November 17, 2016

Securing Mobile Devices

Are you studying for the Security+ exam? You can expect some questions on mobile devices. See if you can answer this sample Security+ question?

Q. Your company has recently provided mobile devices to several employees. A security manager has expressed concerns related to data saved on these devices. Which of the following would BEST address these concerns?

A. Disabling the use of removable media

B. Installing an application that tracks the location of the device

C. Implementing a BYOD policy

D. Enabling geo-tagging

Check out the answer and explanation here.



Tuesday, November 15, 2016

Security+ and BYOD Containerization

Are you preparing to take the Security+ exam? If so, you're probably aware that a primary concern with Bring Your Own Device (BYOD) policies is protecting an organization's data.

One way of doing so is with BYOD containerization.

See if you can answer this sample practice question that we recently added to our online test banks.

Q. Your organization is planning to implement a BYOD policy. Which of the following security controls will help protect data using containerization?

A. Encrypt sensitive data
B. Storage segmentation
C. Full device encryption
D. Asset tracking

See if you're correct here.


Monday, November 14, 2016

Security+ and Business Continuity Planning

If you're planning to take the Security+ exam, you should have a basic understanding of business continuity planning (BCP) concepts.

A BCP helps an organization predict and plan for potential outages of critical services or functions. The goal is to ensure that critical business operations continue and the organization can survive the outage.

See if you can answer this sample Security+ question.

Q. A BCP includes a chart listing roles within the organization along with their matching responsibilities during a disaster. It also includes a chain of command. What is the purpose of this chart?

A. IT contingency planning

B. Succession planning

C. COOP

D. RTO

See how you did here. 




Friday, November 11, 2016

Binary and Decimal Number Systems

If you're planning on taking the Network+ exam, you need to have a basic knowledge of decimal and binary numbering systems . While this is basic knowledge, it is still important. If you haven't used these numbering system in a while, they might be a little foggy.

For example, see if you can convert the following decimal numbers to four binary bits:

1
3
5
9

The answer is available here along with a deeper dive into comparing decimal and binary.


Tuesday, November 8, 2016

Malware and Reverse Engineering

Can you answer this practice test question for Security+.

Q. Which of the following types of malware is the MOST difficult to reverse engineer?

A. Logic bomb

B. Trojan

C. Armored virus

D. Ransomware

Do you know the correct answer?

Do you know why the correct answer is correct and the incorrect answers are incorrect?
You can find the answer and explanation here.


Monday, November 7, 2016

Security+ Security Tools

Are you planing to take the Security+ exam? If so, you should have a basic understanding of security tools, including administrative security controls.

See if you can answer this sample question.

Q. Security administrators have recently implemented several security controls to enhance the network’s security posture. Management wants to ensure that these controls continue to function as intended. Which of the following tools is the BEST choice to meet this goal?

A. Routine audit
B. Change management
C. Design review
D. Black box test

Do you know the answer? Do you know why the correct answer is correct and the incorrect answers are incorrect? Check out the answer and explanation here.

Friday, November 4, 2016

Why You Should Disable User Accounts

Are you prepping for the Security+ exam? If so, do you know why you would disable user accounts?

See if you can answer this sample question.

Q. A company’s account management policy dictates that administrators should disable user accounts instead of deleting them when an employee leaves the company. What security benefit does this provide?

A. Ensures that user keys are retained

B. Ensures that user files are retained

C. Makes it easier to enable the account if the employee returns

D. Ensures that users cannot log on remotely

Check out the answer and explanation here.

Tuesday, November 1, 2016

Security+ and Wireless Credentials

Are you preparing for the Security+ exam? Do you know the best way to secure user credentials for a wireless network?

See if you can answer this sample question.

Q. You are planning a wireless network for a business. A core requirement is to ensure that the solution encrypts user credentials when users enter their usernames and passwords. Which of the following BEST meets this requirement?

A. WPA2-PSK

B. WEP over PEAP

C. WPS with LEAP

D. WPA2 over EAP-TTLS


Check your answer here.



Monday, October 31, 2016

Understanding Smurf Attacks

Are you preparing to take the Security+ exam? Do you know about smurf attacks?

Test yourself and see if can you answer this practice test  question?

Q. A network administrator needs to ensure the company’s network is protected against smurf attacks. What should the network administrator do?

A. Install flood guards.

B. Use salting techniques.

C. Verify border routers block directed broadcasts.

D. Ensure protocols use timestamps and sequence numbers.

Check your answer and see a full explanation here.

Friday, October 28, 2016

VPN Protocols and Security+

Are you planning to take the Security+ exam?

If so you should have a good understanding of VPN protocols. See if you can answer this Security+ practice question.

Q. Your organization is planning to implement a VPN and wants to ensure it is secure. Which of the following protocols is the BEST choice to use with the VPN?

A. HTTP

B. SFTP

C. IPsec

D. PPTP



Thursday, October 27, 2016

Third-Party Agreeements

Are you studying for the Security+ exam? Do you have a good understanding of third-party agreements?

More importantly, can you answer this sample Security+ question that we recently added to the online quizzes?

Q. The BizzFad company decides to partner with Costington’s to bid on a contract. Management in both companies realize that they need to share proprietary data. However, they want to ensure that distribution of this data is limited within each of the companies. Which of the following will BEST meet this need?

A. MOU

B. BPA

C. NDA

D. ISA

Check your answer here. 





Tuesday, October 25, 2016

Why Do Some People Pass Security+ and Others Fail?

People send me notes almost every day telling me that they've passed the Security+ exam using materials I've created. These are always a joy to read.

Every now and then I hear from people telling me that they dropped the exam.

What's the difference between the two?  Recently, a simple message has emerged. Preparation.

For example, people that are prepared can answer questions such as this one that we recently
 added to our online quiz banks.

Q. Your organization recently updated an online application employees use to log in when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. What type of authentication is being used?

A. One-factor

B. Dual-factor

C. Something you are

D. Somewhere you are

Are you prepared? See the answer and full explanation here.


Monday, October 24, 2016

Understanding a CSR and a CA

The Security+ exam expects you to understand  some cryptography topics.

As an example, you should have a basic understanding of a certificate signing request (CSR) and a certificate authority (CA). See if you can answer this sample question?

Q. You need to submit a CSR to a CA. Which of the following would you do FIRST?

A. Generate a new RSA-based session key.

B. Generate a new RSA-based private key.

C. Generate the CRL.

D. Implement OCSP.

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.


Thursday, October 20, 2016

Topology Using Coaxial Cable

Are you planning to take the Network+ exam? Do you have a basic understanding of common network topologies such as topologies that use a coaxial cable?

For example, can you answer this sample Network+ question?

Q. You are a network technician for a small company. Another technician accidentally cut one of the cables effectively separating the network into two networks. Of the following choices, what type of network topology is this?

A. Bus

B. Mesh

C. Ring

D. Star

Check your answer here.

Tuesday, October 18, 2016

Using a Switch for Security


Do you understand how basic network devices such as a Switch work? You should if you're planning to take the Security+ exam.  

As an example, can you answer this Security+ practice test question?

Q. Your organization has several switches used within the network. You need to implement a security control to secure the switch from physical access. What should you do?

A. Disable unused ports.

B. Implement an implicit deny rule.

C. Disable STP.

D. Enable SSH.

You can see the full answer and explanation here



Monday, October 17, 2016

Mitigating Risks in Static Environments

Are you planning to take the Security+ exam? Do you understand how to mitigate risks in static environments?

For example, can you answer this Security+ practice question?

Q. Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further, they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future?

A. Create an internal CA.

B. Implement WPA2 Enterprise.

C. Implement patch management processes.

D. Configure the SCADA within a VLAN.

Check your answer here.


Friday, October 14, 2016

Security+ and Configuring Routers


Are you preparing for the Security+ exam? See if you can you answer this sample Security+ question?

Q. Edna Krabappel has updated the network in her home and plans to use it to teach concepts within the classroom. She wants to demonstrate how to update the configuration on the routers in her network by sending data from the classroom. Which of the following would she MOST likely use to meet this need?

A. SAML

B. SCAP

C. SDLC

D. SOAP

More, do you know why the correct answer is correct and the incorrect answers are incorrect? Check out the answer and explanation here.




Thursday, October 13, 2016

Password Policy Settings

Are you planning to take the Security+ exam. Do you should understand password policy settings in Group Policy.

For example, can you answer this sample Security+ question?

Q. Developers in your organization have created an application designed for the sales team. Salespeople can log on to the application using a simple password of 1234. However, this password does not meet the organization’s password policy. What is the BEST response by the security administrator after learning about this?

A. Nothing. Strong passwords aren’t required in applications.
B. Modify the security policy to accept this password.
C. Document this as an exception in the application’s documentation.
D. Direct the application team manager to ensure the application adheres to the organization’s password policy.

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.


Planning Networks

Are you prepping for the Network+ exam? Can you answer this sample Network+ question?

Q. A business owner hired you to help her create a basic network. Of the following choices, what would you do FIRST?

A. Purchase a switch and access point supported by the ISP
B. Identify the operating systems used within the network
C. Create a list of requirements and constraints
D. Upgrade computers within the network

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here. 

 

Monday, October 10, 2016

Something You Are

Are you planning on taking the Security+ exam? Do have a good understanding of the different authentication factors? See if you can you answer this sample Security+ question?

Q. Which type of authentication is a fingerprint scan?

A. Something you have
B. Biometric
C. PAP
D. One-time password

Check out the answer here:

Friday, October 7, 2016

Security Monitoring

If you're planning on taking the Security+ exam, you should have a basic understanding of relevant security control concepts and the importance of security monitoring.

Here's a sample question, can you answer this?

Q. You need to perform tests on your network to identify missing security controls. However, you want to have the least impact on systems that users are accessing. Which of the following tools is the best to meet this need?

A. Code review

B. Vulnerability scan

C. Ping sweep

D. Penetration test

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.


Wednesday, October 5, 2016

Routing Traffic between Networks

If you’re planning on taking the Network+ exam, you should have a basic understanding of network device that connect networks together by routing traffic between the networks.

For example, can you answer this question?

Q. You are helping a business owner set up a basic network and you have the following equipment:

2 laptops with wired and wireless NICs
2 desktop PCs with wired and wireless NICs
2 Ethernet cables
1 wireless router with three physical ports
1 cable modem

The owner wants to connect as many systems as possible to the network and the Internet using wired connections. The owner does not have a budget for any more equipment. How should you configure the network?

A. Connect the wireless router to the modem with a cable. Connect two computers to the router with a cable. Connect the two other computers to the wireless router wirelessly.

B. Connect the modem to the wireless router with a cable. Connect two computers to the modem with a cable. Connect the two other computers to the modem wirelessly.

C. Connect the modem to the wireless router with a cable. Connect one computer to the modem with a cable. Connect the three other computers to the modem wirelessly.

D. Connect the wireless router to the modem with a cable. Connect one computer to the router with a cable. Connect the three other computers to the wireless router wirelessly.

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.



Tuesday, October 4, 2016

Increasing Password Security

The something you know authentication factor typically refers to a shared secret, such as a password or even a PIN. This factor is the least secure form of authentication. If you’re planning on taking the Security+ exam, you should have a basic understanding of the important password security concepts. 

Here's a sample Security+ question?

Q. A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password?

A. Verify the user’s original password.
B. Disable the user’s account.
C. Verify the user’s identity.
D. Enable the user’s account.

Do you know why the correct answer is correct and the incorrect answers are incorrect? See the full explanation and the correct answer here.

Friday, September 30, 2016

Security+ and Imaging

Imaging is a common methods of deploying systems and if you're planning on taking the Security+ exam, you should have a basic understanding imaging.

See if you can answer this sample Security+ question?

Q. Network administrators identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of services from the standard image, you verify this application is very likely the problem. What process allowed you to make this determination?

A. Banner grabbing

B. Hardening

C. Whitelisting

D. Baselining

More, do you know why the correct answer is correct and the incorrect answers are incorrect? See the full explanation and the correct answer here.

Thursday, September 29, 2016

Security+ and Hashing

Can you answer this sample Security+ question?

Q. A security technician runs an automated script every night designed to detect changes in files. Of the following choices, what are the most likely protocols used in this script?

A. PGP and MD5

B. ECC and HMAC

C. AES and Twofish

D. MD5 and HMAC

Check out the answer and explanation along with a more complete discussion of hashing here.



For more information on hashing, check out these blog posts.

Monday, September 26, 2016

Block XSS Attacks

Do you know how to block XSS attacks?

Can you answer this sample Security+ test question that we recently added to the online test banks?

Q. An attacker has launched several successful XSS attacks on a web application within your DMZ. The following graphic shows part of your network.


You determine that the attacker is launching the attacks via an anonymizer. Which of the following are the BEST choices to implement on the web server to prevent this attack? (Select TWO.)

A. Baseline reporting
B. Input validation
C. Code review
D. WAF
E. URL filtering
F. Column level access control

See if you answered it correctly by checking your answer and the explanation here. 

Sunday, September 25, 2016

Are You Ready to Become Security+ Certified?

You can get your Security+ certification by Thanksgiving if you start today. Maybe even sooner.

Start by getting the Security+ Full Access Package for only $39.99. That is almost 30% off the full price of $55.98. Hurry though. The sale ends soon.

I hear from people almost every day telling me that they've passed the exam using the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study  Guide and/or study materials on the premium site. They can help you too.

Here's what's included in this sales package.

Here's what you'll get:

  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. See a demo here. (This Amazon best-seller has helped many people just like you pass the Security+ exam the first time they took it.)


  • All of the extra multiple-choice questions we've added after publishing the study guide.
  • All of the performance-based questions we've published after publishing the study guide. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • Access to a free discount code for 10% off your Security+ voucher. Save $31.10 off the US retail cost for this voucher.
So are you ready to become Security+ certified? This page also includes step-by-step instructions you can use to get your certification by Thanksgiving. 

Friday, September 23, 2016

CryptoLocker Vs Police Virus

If you're planning on taking the Security+ exam, you should understand malware such as CryptoLocker and the Police Virus.

For example, can you answer this sample Security+ practice test question?

Q. After Maggie turned on her computer, she saw a message indicating that unless she made a payment, her hard drive would be formatted. What does this indicate?

A. Armored virus

B. Ransomware

C. Backdoor

D. Trojan

Check out this post to see the answer and explanation.


Thursday, September 22, 2016

Downgrade Attack and Security+

Can you answer the sample Security+ practice test question that we recently added to the online test banks?

Q. A web server has the newest TLS cryptographic protocol suite installed. However, you recently discovered it is susceptible to downgrade attacks. What should be done to ensure that systems use the MOST secure connections by default?

A. Replace the existing certificate with a new one.

B. Implement OCSP.

C. Reconfigure the cipher suite order.

D. Rekey the existing certificate.

Do you know the correct answer? More, do you know why the correct answer is correct and the incorrect answers are incorrect? Check out the answer and explanation here.

This post also includes a link you can use to check out servers in your organization. What do they get?

Wednesday, September 21, 2016

Connecting Network Devices

If you're planning on taking the Network+ exam, you should have a basic understanding of how to connect network devices.


For example can you answer this sample Network+ question?

Q. You need to network six PCs together for a basic network. The business owner does not want these devices to access the Internet. Which of the following items do you need? (Select TWO.)

A. Switch
B. Router
C. Firewall
D. CAT6 cables

Do you know why the correct answer is correct and the incorrect answers are incorrect? See if you're correct here.

Monday, September 19, 2016

Client-Side and Transitive Access Attacks

Do you understand client side and transitive access attacks? Can you answer this sample Security+ question?

 Q. Your organization hosts a web site within a DMZ and the web site accesses a database server in the internal network. ACLs on firewalls prevent any connections to the database server except from the web server. Database fields holding customer data are encrypted and all data in transit between the web site server and the database server are encrypted. Which of the following represents the GREATEST risk to the data on the server?

    A. Theft of the database server
    B. XML injection
    C. SQL injection
    D. Sniffing



More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.



Thursday, September 15, 2016

Security+ and Cookie Attacks

Are you familiar with cookie attacks? It doesn't refer to cookies actually attacking, but it does refer to how attackers can exploit vulnerabilities and access cookies.

As an example, can you answer this sample Security+ practice test question recently added to the gcgapremium.com online test banks?

Q. A penetration tester has successfully exploited a vulnerability against your organization giving him access to the following data:

User, password, login-date, cookie-id
Homer, canipass, 2016-09-01 11:12, 286755fad04869ca523320acce0dc6a4
Bart, passican, 2016-09-01 11:15, 8edd7261c353c87a113269cd37635c68
Marge, icanpass, 2016-09-01 11:19, 26887fbd90ac0340e29ad62470270401

What type of attack does this represent?

A. SQL injection
B. XML injection
C. XSS
D. Session hijacking

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.

Wednesday, September 14, 2016

Security+ and Port Security

If you're planning on taking the Security+ exam, you should have a basic understanding of port security and how it can be implemented.

For example, can you answer this sample Security+ practice test question?

Q. Your organization frequently has guests visiting in various conference rooms throughout the building. These guests need access to the Internet via wall jacks, but should not be able to access internal network resources. Employees need access to both the internal network and the Internet. What would BEST meet this need?

A. PAT and NAT
B. DMZ and VPN
C. VLANs and 802.1x
D. Routers and Layer 3 switches

More, do you know why the correct answer is correct and the incorrect answers are incorrect? You can check your answer here. 




Friday, September 9, 2016

Symmetric Block Ciphers

Are you planning on taking the Security+ exam? Do you have a good understanding of symmetric algorithms and block ciphers.

As an example, can you answer this sample Security+ question?

Q. Which of the following algorithms encrypts data in 64-bit blocks?
 A. AES
 B. DES
 C. Twofish
 D. RC4

Check your answer here.


Thursday, September 8, 2016

Security+ and Linux

Are you prepping for the Security+ exam? Do you know how to interpret basic Linux commands? 

See if you can answer this sample question.

Q. After entering the following command on a Linux system, what are you likely to see?

    cat /etc/shadow | grep root

A. The contents of the Linux password file
B. The password for the root account
C. The encrypted password of the root account
D. The encrypted password of the grep account

Check your answer here.