Monday, October 31, 2016

Understanding Smurf Attacks

Are you preparing to take the Security+ exam? Do you know about smurf attacks?

Test yourself and see if can you answer this practice test  question?

Q. A network administrator needs to ensure the company’s network is protected against smurf attacks. What should the network administrator do?

A. Install flood guards.

B. Use salting techniques.

C. Verify border routers block directed broadcasts.

D. Ensure protocols use timestamps and sequence numbers.

Check your answer and see a full explanation here.

Friday, October 28, 2016

VPN Protocols and Security+

Are you planning to take the Security+ exam?

If so you should have a good understanding of VPN protocols. See if you can answer this Security+ practice question.

Q. Your organization is planning to implement a VPN and wants to ensure it is secure. Which of the following protocols is the BEST choice to use with the VPN?

A. HTTP

B. SFTP

C. IPsec

D. PPTP



Thursday, October 27, 2016

Third-Party Agreeements

Are you studying for the Security+ exam? Do you have a good understanding of third-party agreements?

More importantly, can you answer this sample Security+ question that we recently added to the online quizzes?

Q. The BizzFad company decides to partner with Costington’s to bid on a contract. Management in both companies realize that they need to share proprietary data. However, they want to ensure that distribution of this data is limited within each of the companies. Which of the following will BEST meet this need?

A. MOU

B. BPA

C. NDA

D. ISA

Check your answer here. 





Tuesday, October 25, 2016

Why Do Some People Pass Security+ and Others Fail?

People send me notes almost every day telling me that they've passed the Security+ exam using materials I've created. These are always a joy to read.

Every now and then I hear from people telling me that they dropped the exam.

What's the difference between the two?  Recently, a simple message has emerged. Preparation.

For example, people that are prepared can answer questions such as this one that we recently
 added to our online quiz banks.

Q. Your organization recently updated an online application employees use to log in when working from home. Employees enter their username and password into the application from their smartphone and the application logs their location using GPS. What type of authentication is being used?

A. One-factor

B. Dual-factor

C. Something you are

D. Somewhere you are

Are you prepared? See the answer and full explanation here.


Monday, October 24, 2016

Understanding a CSR and a CA

The Security+ exam expects you to understand  some cryptography topics.

As an example, you should have a basic understanding of a certificate signing request (CSR) and a certificate authority (CA). See if you can answer this sample question?

Q. You need to submit a CSR to a CA. Which of the following would you do FIRST?

A. Generate a new RSA-based session key.

B. Generate a new RSA-based private key.

C. Generate the CRL.

D. Implement OCSP.

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.


Thursday, October 20, 2016

Topology Using Coaxial Cable

Are you planning to take the Network+ exam? Do you have a basic understanding of common network topologies such as topologies that use a coaxial cable?

For example, can you answer this sample Network+ question?

Q. You are a network technician for a small company. Another technician accidentally cut one of the cables effectively separating the network into two networks. Of the following choices, what type of network topology is this?

A. Bus

B. Mesh

C. Ring

D. Star

Check your answer here.

Tuesday, October 18, 2016

Using a Switch for Security


Do you understand how basic network devices such as a Switch work? You should if you're planning to take the Security+ exam.  

As an example, can you answer this Security+ practice test question?

Q. Your organization has several switches used within the network. You need to implement a security control to secure the switch from physical access. What should you do?

A. Disable unused ports.

B. Implement an implicit deny rule.

C. Disable STP.

D. Enable SSH.

You can see the full answer and explanation here



Monday, October 17, 2016

Mitigating Risks in Static Environments

Are you planning to take the Security+ exam? Do you understand how to mitigate risks in static environments?

For example, can you answer this Security+ practice question?

Q. Homer noticed that several generators within the nuclear power plant have been turning on without user interaction. Security investigators discovered that an unauthorized file was installed and causing these generators to start at timed intervals. Further, they determined this file was installed during a visit by external engineers. What should Homer recommend to mitigate this threat in the future?

A. Create an internal CA.

B. Implement WPA2 Enterprise.

C. Implement patch management processes.

D. Configure the SCADA within a VLAN.

Check your answer here.


Friday, October 14, 2016

Security+ and Configuring Routers


Are you preparing for the Security+ exam? See if you can you answer this sample Security+ question?

Q. Edna Krabappel has updated the network in her home and plans to use it to teach concepts within the classroom. She wants to demonstrate how to update the configuration on the routers in her network by sending data from the classroom. Which of the following would she MOST likely use to meet this need?

A. SAML

B. SCAP

C. SDLC

D. SOAP

More, do you know why the correct answer is correct and the incorrect answers are incorrect? Check out the answer and explanation here.




Thursday, October 13, 2016

Password Policy Settings

Are you planning to take the Security+ exam. Do you should understand password policy settings in Group Policy.

For example, can you answer this sample Security+ question?

Q. Developers in your organization have created an application designed for the sales team. Salespeople can log on to the application using a simple password of 1234. However, this password does not meet the organization’s password policy. What is the BEST response by the security administrator after learning about this?

A. Nothing. Strong passwords aren’t required in applications.
B. Modify the security policy to accept this password.
C. Document this as an exception in the application’s documentation.
D. Direct the application team manager to ensure the application adheres to the organization’s password policy.

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.


Planning Networks

Are you prepping for the Network+ exam? Can you answer this sample Network+ question?

Q. A business owner hired you to help her create a basic network. Of the following choices, what would you do FIRST?

A. Purchase a switch and access point supported by the ISP
B. Identify the operating systems used within the network
C. Create a list of requirements and constraints
D. Upgrade computers within the network

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here. 

 

Monday, October 10, 2016

Something You Are

Are you planning on taking the Security+ exam? Do have a good understanding of the different authentication factors? See if you can you answer this sample Security+ question?

Q. Which type of authentication is a fingerprint scan?

A. Something you have
B. Biometric
C. PAP
D. One-time password

Check out the answer here:

Friday, October 7, 2016

Security Monitoring

If you're planning on taking the Security+ exam, you should have a basic understanding of relevant security control concepts and the importance of security monitoring.

Here's a sample question, can you answer this?

Q. You need to perform tests on your network to identify missing security controls. However, you want to have the least impact on systems that users are accessing. Which of the following tools is the best to meet this need?

A. Code review

B. Vulnerability scan

C. Ping sweep

D. Penetration test

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.


Wednesday, October 5, 2016

Routing Traffic between Networks

If you’re planning on taking the Network+ exam, you should have a basic understanding of network device that connect networks together by routing traffic between the networks.

For example, can you answer this question?

Q. You are helping a business owner set up a basic network and you have the following equipment:

2 laptops with wired and wireless NICs
2 desktop PCs with wired and wireless NICs
2 Ethernet cables
1 wireless router with three physical ports
1 cable modem

The owner wants to connect as many systems as possible to the network and the Internet using wired connections. The owner does not have a budget for any more equipment. How should you configure the network?

A. Connect the wireless router to the modem with a cable. Connect two computers to the router with a cable. Connect the two other computers to the wireless router wirelessly.

B. Connect the modem to the wireless router with a cable. Connect two computers to the modem with a cable. Connect the two other computers to the modem wirelessly.

C. Connect the modem to the wireless router with a cable. Connect one computer to the modem with a cable. Connect the three other computers to the modem wirelessly.

D. Connect the wireless router to the modem with a cable. Connect one computer to the router with a cable. Connect the three other computers to the wireless router wirelessly.

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.



Tuesday, October 4, 2016

Increasing Password Security

The something you know authentication factor typically refers to a shared secret, such as a password or even a PIN. This factor is the least secure form of authentication. If you’re planning on taking the Security+ exam, you should have a basic understanding of the important password security concepts. 

Here's a sample Security+ question?

Q. A user calls into the help desk and asks the help-desk professional to reset his password. Which of the following choices is the BEST choice for what the help-desk professional should do before resetting the password?

A. Verify the user’s original password.
B. Disable the user’s account.
C. Verify the user’s identity.
D. Enable the user’s account.

Do you know why the correct answer is correct and the incorrect answers are incorrect? See the full explanation and the correct answer here.