Monday, July 24, 2017

Security+ and Door Access System

Are you planning to take the Security+ exam? If so, make sure you understand physical security concepts. For example, Can you answer this sample Security+ question?

Q. You need to secure access to a data center. Which of the following choices provides the BEST physical security to meet this need? (Select THREE.)

A. Biometrics

B. Cable locks

C. CCTV

D. Mantrap

See if you're correct and view the full explanation here.

Friday, July 21, 2017

Security+ and VPN Authentication Services

Are you planning to take the Security+ exam? If so, make sure you understand some basic VPN authentication services. As an example, see if you can answer this practice test question.

Q. Which of the following choices provide authentication services for remote users and devices? (Select TWO.)

A. Kerberos

B. RADIUS

C. Secure LDAP

D. Diameter

Check out the answer (and the full explanation here).


Monday, July 17, 2017

Protecting Against Attacks

Are you planning to take the Security+ exam? See if you can you answer this practice test question.

Q. Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be the MOST effective at reducing the success of these attacks?

A. Implement a BYOD policy.

B. Update the AUP.

C. Provide training on data handling.

D. Implement a program to increase security awareness.

Monday, July 10, 2017

Authentication Mechanisms and Security+

Are you planning to take the Security+ exam? See if you can you answer this Security+ practice test question?

Q. You are logging on to your bank’s web site using your email address and a password. What is the purpose of the email address in this example?

A. Identification

B. Authentication

C. Authorization

D. Availability

Check out the answer (and full explanation) here.


Thursday, July 6, 2017

Security+ and Cloud Computing

Are you planning to take the Security+ exam? If so, make sure you understand some basics on cloud computing.

See if you can answer this sample question.

Q. Of the following choices, which one is a cloud computing option that allows customers to apply patches to the operating system?

A. Hybrid cloud

B. Software as a Service

C. Infrastructure as a Service

D. Private

You can view the answer (and the full explanation) here.


Monday, July 3, 2017

Security+ and Penetration Testing

Are you planning to take the Security+ exam? See if you can answer this sample question related to penetration testing.

Q. During a penetration test, a tester injected extra input into an application causing the application to crash. What does this describe?

A. SQL injection

B. Fuzzing

C. Transitive access

D. XSRF

You can view the answer and the full explanation here.


Friday, June 30, 2017

Analyzing Network Traffic & Hard Drives

Are you preparing for the Security+ exam? If so, make sure you understand some basics related to forensics.

See if you can you answer this sample practice test question.

Q. After a recent incident, a forensic analyst was given several hard drives to analyze. What should the analyst do first?

A. Take screenshots and capture system images.
B. Take hashes and screenshots.
C. Take hashes and capture system images.
D. Perform antivirus scans and create chain-of-custody documents.

Check out the answer and full explanation here.


Monday, June 26, 2017

BYOD Policies and Security+

Are you preparing for the Security+ exam? If so, make sure you understand the security issues related to mobile devices.

For example, see if can you answer this sample Security+ question?

Q. Management within your company is considering allowing users to connect to the corporate network with their personally owned devices. Which of the following represents a security concern with this policy?

A. Inability to ensure devices are up to date with current system patches

B. Difficulty in locating lost devices

C. Cost of the devices

D. Devices might not be compatible with applications within the network

See if you're correct here.


Friday, June 23, 2017

Vulnerabilities and Security+

Are you planning to take the Security+ exam?

If so, make sure you understand various methods used to reduce vulnerabilities, including vulnerability scans.

As an example, can you answer this sample question?

Q. You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you’ve verified the servers have these patches installed. Which of the following BEST describes this?

A. False negative

B. Misconfiguration on servers

C. False positive

D.Servers not hardened

Check out the answer (and full explanation) here.


Monday, June 19, 2017

Matching Security Controls to Security Goals

Are you planning to take the Security+ exam? Do you know how to match security controls to security goals?

As an example, see if you can answer this sample Security+ question.

Q. An organization needs to improve fault tolerance to increase data availability. However, the organization has a limited budget. Which of the following is the BEST choice to meet the organization’s needs?

A. RAID

B. Backup system

C. Cluster

D. UPS

Check out the answer (and the full explanation) here.


Friday, June 16, 2017

Security+ and Incident Response

Are you preparing to take the Security+ exam? If so, make sure you understand incident response procedures. For example, see if you can answer this practice test question.

Q. You work as a help-desk professional in a large organization. You have begun to receive an extraordinary number of calls from employees related to malware. Using common incident response procedures, what should be your FIRST response?

A. Preparation

B. Identification

C. Escalation

D. Mitigation

Check out the answer and the full explanation here.


Monday, June 12, 2017

Attacks and Countermeasures

Are you planning to take the Security+ exam? See if you can answer this sample practice test question.

Q. Some protocols include timestamps and sequence numbers. What types of attacks do these components help protect against?


A. Smurf

B. Replay

C. Flood guards

D. Salting

See if you're correct and view the full explanation here.


Friday, June 9, 2017

Security+ and Query Attacks

Are you preparing to take the Security+ exam? If so, make sure you can identify common attacks. For example, can you answer this question?

Q. Looking at logs for an online web application, you see that someone has entered the following phrase into several queries:

' or '1'='1' --

Which of the following is the MOST likely explanation for this?

A. A buffer overflow attack

B. An XSS attack

C. A SQL injection attack

D. An LDAP injection attack

Check out the answer (and the full explanation) here. 


Monday, June 5, 2017

Protocols and Ports in Security+

If you're planning to take the Security+ exam, you should have a basic understanding of relevant protocols and ports to implement basic network security.

For example, can you answer this question?

Q. Bart wants to block access to all external web sites. Which port should he block at the firewall?

A. TCP 22

B. TCP 53

C. UDP 69

D. TCP 80

More, do you know why the correct answer is correct and the incorrect answers are incorrect?

See if you're correct here.

Will you see port questions on the Security+ exam? You never know. However, I saw two.

Friday, June 2, 2017

Detecting Hidden System Infection

Are you preparing to take the Security+ exam? See if you can answer this sample question.

Q. A security administrator recently noticed abnormal activity on a workstation. It is connecting to computers outside the organization’s internal network, using uncommon ports. Using a security toolkit, the administrator discovered the computer is also running several hidden processes. Which of the following choices BEST indicates what the administrator has found?

A. Rootkit

B. Backdoor

C. Spam

D. Trojan

Check your answer and view the full explanation here.


Monday, May 29, 2017

My Experience with the Security+ Exam

I took the Security+ exam (SYO-401 version) last week. While I've held the certification since 2005, I wanted to see how it looked and compare this to what readers have shared with me.

This blog post outlines what I saw including the number of questions, the types of questions, and some key strategies I used to pass.


Friday, May 26, 2017

Security+ and Wireless Security

Are you planning to take the Security+ exam? See if you can answer this sample practice test questio

Q. Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?

A. An authentication server with a digital certificate installed on the authentication server

B. An authentication server with DHCP installed on the authentication server

C. An authentication server with DNS installed on the authentication server

D. An authentication server with WEP running on the access point



Monday, May 22, 2017

Security+ Device Security Concepts

Are you preparing to take the Security+ exam? See if you can answer this sample practice test question.

Q. Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?

A. Asset tracking

B. Screen lock

C. Mobile device management

D. GPS tracking

Check out the answer and the full explanation here. 



Friday, May 19, 2017

Defense In Depth

Are you preparing to take the Security+ exam? See if you can answer this Security+ practice test question.

Q. An organization wants to provide protection against malware attacks. Administrators have installed antivirus software on all computers. Additionally, they implemented a firewall and an IDS on the network. Which of the following BEST identifies this principle?

A. Implicit deny

B. Layered security

C. Least privilege

D. Flood guard

Check out the answer and a full explanation here.


Monday, May 15, 2017

WannaCry Ransomware

Are you one of the more than 200,000 users in over 150 countries that WannaCry today?

On May 12, the WannaCry ransomware began infecting computers around the world. This malware infects systems, encrypts user files, and demands a payment of about $300 within three days.

See if you can answer this sample Security+ question. It includes information on the standard security practice that would have prevented this infection, if people followed it.

Q. A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?

A. Virtualization

B. Sandboxing

C. IDS

D. Patch management



Friday, May 12, 2017

Security+ and Data Leakage

Are you planning to take the Security+ exam? See if you can answer this sample test question.

Q. Your organization blocks access to social media web sites. The primary purpose is to prevent data leakage, such as the accidental disclosure of proprietary information. What is an additional security benefit of this policy?

A. Improves employee productivity

B. Enables cognitive password attacks

C. Prevents P2P file sharing

D. Protects against banner ad malware

See if you're correct (and the full explanation) here.

Monday, May 8, 2017

Security+ and Command Line Questions

Are you preparing for the Security+ exam?

If so, you might like to know about the command line questions that are appearing on the exam. The good news is that they are very likely beta questions. Read more here....



Friday, May 5, 2017

Security+ and Management Controls

Are you preparing for the Security+ exam? See if you can you answer this practice test question?

Q. Which of the following is a management control?

A. Encryption

B. Security policy

C. Least privilege

D. Change management

Check out the answer here. The explanation will help you understand why the incorrect answers are incorrect and why correct answer is correct.



Monday, May 1, 2017

Security+ and Server Management Using VMs

Are you preparing for the Security+ exam? See if you can you answer this sample question.

Q. A company is implementing a feature that allows multiple servers to operate on a single physical server. What is this?

A. Virtualization

B. IaaS

C. Cloud computing

D. DLP

Check out the answer and full explanation here. 



Monday, April 24, 2017

Security+ and Monitoring System Account Access

Can you answer this sample Security+ question?

Q. You need to create an account for a contractor who will be working at your company for 90 days. Which of the following is the BEST security step to take when creating this account?

A. Configure history on the account.

B. Configure a password expiration date on the account.

C. Configure an expiration date on the account.

D. Configure complexity.

See if you're correct, along with a full explanation here.


Friday, April 21, 2017

Security+ and Authentication Factors

Are you planning to take the Security+ exam? If so, make sure you understand authentication factors.

See if you can answer this Security+ practice test question.

Q. Your network infrastructure requires users to authenticate with something they are and something they know. Which of the following choices BEST describes this authentication method?

A. Passwords

B. Dual-factor

C. Biometrics

D. Diameter

Check the answer here.



Monday, April 17, 2017

Authentication and Security+

Are you preparing to take the Security+ exam? If so, make sure you understand some authentication concepts. See if you can answer this sample question.

Q. When you log on to your online bank account, you are also able to access a partner’s credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe?

A. SSO

B. Same sign-on

C. SAML

D. Kerberos

Check out the answer here. 


Friday, April 14, 2017

Threats Security+

Are you preparing for the Security+ exam?

See if you can answer this practice test question.

Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What BEST describes this activity?

A. Fuzzing

B. Sniffing

C. Spear phishing

D. Advanced persistent threat

See if you're correct here. 


Monday, April 10, 2017

Security+ and Monitoring Tools

Are you planning to take the Security+ exam? If so, make sure you have a good understanding of tools available that both security professionals and attackers use.

See if you can answer this sample practice test question.

Q. Your organization security policy requires that personnel notify security administrators if an incident occurs. However, this is not occurring consistently. Which of the following could the organization implement to ensure security administrators are notified in a timely manner?

A. Routine auditing

B. User rights and permissions reviews

C. Design review

D. Incident response team

Check your answer here.


Friday, April 7, 2017

Security+ and Wireless Footprints

Are you preparing to take the Security+ exam? Do you have a good understanding of wireless topics?

See if you can answer this sample Security+ question.

Q. Your organization maintains a separate wireless network for visitors in a conference room. However, you have recently noticed that people are connecting to this network even when there aren’t any visitors in the conference room. You want to prevent these connections, while maintaining easy access for visitors in the conference room. Which of the following is the BEST solution?

A. Disable SSID broadcasting.

B. Enable MAC filtering.

C. Use wireless jamming.

D. Reduce antenna power.

Check your answer and view the full explanation here.


Monday, April 3, 2017

Physical Security Measures and Security+

Are you preparing to take the Security+ exam? If so, make sure you understand various security controls including physical security controls.

See if you can answer this sample question.

Q. Thieves recently rammed a truck through the entrance of your company’s main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this from happening again?

A. Bollards

B. Guards

C. CCTV

D. Mantrap

See if you're correct and view the full explanation here.


Friday, March 31, 2017

Security+ and Patch Management

Are you planning to take the Security+ exam? If so, make sure you understand basics about patch management.

See if you can you answer this sample question.

Q. A software vendor recently developed a patch for one of its applications. Before releasing the patch to customers, the vendor needs to test it in different environments. Which of the following solutions provides the BEST method to test the patch in different environments?

A. Baseline image

B. BYOD

C. Virtualized sandbox

D. Change management

Check out the answer and a full explanation here.


Monday, March 27, 2017

Using One-Time Passwords

Are you preparing to take the Security+ exam? If so, make sure you know about one-time passwords. For example, can you answer this sample question?

Q. Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?

A. HOTP

B. TOTP

C. CAC

D. Kerberos

Check out the answer and see a full explanation here.



Friday, March 24, 2017

Forensic Analysis Tools and Security+

Are you planning to take the Security+ exam?

Do you know some basics about forensic analysis?

Computer forensics analyzes evidence from computers to determine details on computer incidents, similar to how CSI personnel analyze evidence from crime scenes. See if you can you answer this practice test question.

Q. A forensic expert is preparing to analyze a hard drive. Which of the following should the expert do FIRST?

A. Capture an image.

B. Identify the order of volatility.

C. Create a chain-of-custody document.

D. Take a screenshot.

See if you're correct here.


Monday, March 20, 2017

Passwords and Security+

Are you preparing to take the Security+ exam? See if you can answer this sample question about passwords.

Q. An outside security auditor recently completed an in-depth security audit on your network. One of the issues he reported was related to passwords. Specifically, he found the following passwords used on the network: Pa$$, 1@W2, and G7bT3. What should be changed to avoid the problem shown with these passwords?

A. Password complexity

B. Password length

C. Password history

D. Password reuse

See if you're correct and view the full explanation here.


Friday, March 17, 2017

Security+ and Ciphers

Are you planning to take the Security+ exam?

Do you know the differences between block ciphers and stream ciphers?

See if you can you answer this sample question.

Q. An application developer needs to use an encryption protocol to encrypt credit card data within a database used by the application. Which of the following would be the FASTEST, while also providing strong confidentiality?

A. AES-256

B. DES

C. Blowfish

D. SHA-2

Check out this post for the answer and a full explanation.


Monday, March 13, 2017

New Security+ Exam

Did you hear about the new Security+ (SY0-501) exam?

Someone's talking about it because I've recently received several queries asking me about it.

Yes, it's true that CompTIA updates their exams every three years. And yes it's reasonable to expect that they'll update the Security+ exam this year.

When CompTIA updates their exams, it often causes anxiety with many people. They wonder how they should respond. And many of them send their queries to me.

I've outlined many of the frequently asked questions I've received and expect in this blog post.



Friday, March 10, 2017

Physical Security Controls and Security+

Are you planning to take the Security+ exam? If so, make sure you understand what physical security controls are.

In general, a physical security control is something you can physically touch, such as a hardware lock, a fence, an identification badge, and a security camera.

See if you can you answer this sample question.

Q. Employees access a secure area by entering a cipher code, but this code does not identify individuals. After a recent security incident, management has decided to implement a key card system that will identify individuals who enter and exit this secure area. However, the installation might take six months or longer. Which of the following choices can the organization install immediately to identify individuals who enter or exit the secure area?

A. Mantrap

B. Access list

C. CCTV

D. Bollards

See if you are correct and read the full explanation here.


Friday, March 3, 2017

Using Risk Assessment Metrics

Are you preparing for the Security+ exam? Can you identify various risk assessment metrics?

See if you can answer this sample practice test question.

Q. A security expert is attempting to identify the number of failures a web server has in a year. Which of the following is the expert MOST likely identifying?

A. SLE

B. MTTR

C. ALE

D. MTTF

See if you're correct and read the full explanation here.

Monday, February 27, 2017

Protecting PII


Are you planning to take the Security+ exam? If so, make sure you know how to protect data such as Personally Identifiable Information (PII) data.

See if you can answer this sample test question.

Q. You need to transmit PII via email and you want to maintain its confidentiality. Of the following choices, what is the BEST solution?

A. Use hashes.

B. Encrypt it before sending.

C. Protect it with a digital signature.

D. Use RAID.

See if you're correct along with a full explanation here. 



Friday, February 24, 2017

Security+ and ARP Poisoning Attacks

Are you preparing to take the Security+ exam? If so, you should have a basic understanding of various types of attacks such as ARP poisoning attacks.

See if you can answer this question.

Q. You are troubleshooting an intermittent connectivity issue with a web server. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring?

A. DDoS attack

B. DoS attack

C. Smurf attack

D. Salting attack

Check your answer here and see a full explanation of why the correct answer is correct and why the incorrect answers are incorrect.


Monday, February 20, 2017

Virtualization and Security+

Are you planning to take the Security+ exam. If so, you should have a basic understanding of virtualization concepts including network design elements.

See if you can you answer this sample practice test question.

Q. Your company is planning on implementing a policy for users so that they can connect their mobile devices to the network. However, management wants to restrict network access for these devices. They should have Internet access and be able to access some internal servers, but management wants to ensure that they do not have access to the primary network where company-owned devices operate. Which of the following will BEST meet this goal?

A. WPA2 Enterprise

B. VPN

C. GPS

D. VLAN

Check the answer and explanation here.

Friday, February 17, 2017

Handling Exceptions and Errors

Are you preparing to take the Security+ exam? If so, you need to know about some basic software development principles such as error and exception handling routines.

See if you can answer this sample question.

Q. Web developers are implementing error and exception handling in a web site application. Which of the following represents a best practice for this?

A. Displaying a detailed error message but logging generic information on the error

B. Displaying a generic error message but logging detailed information on the error

C. Displaying a generic error message and logging generic information on the error

D. Displaying a detailed error message and logging detailed information on the error

Check out the answer along with a full explanation here.


Monday, February 13, 2017

Recognizing Malicious Links

Are you planning to take the Security+ exam? If so, you'll need to understand many different types of malware. See if you can answer this question.

Q. Marge reports that she keeps receiving unwanted emails about personal loans. What does this describe?

A. Phishing

B. Spear phishing

C. Spam

D. Vishing

See the answer and a full explanation here.



Friday, February 10, 2017

Setting Up Wireless Hot Spots

Are you planning to take the Security+ exam? You'll find that it tests your knowledge of wireless networks and wireless security. See if you can answer this practice test question?

Q. You are assisting a small business owner in setting up a public wireless hot spot for her customers. Which of the following actions are MOST appropriate for this hot spot?

A. Enabling Open System Authentication

B. Enabling MAC filtering

C. Disabling SSID broadcast

D. Installing Yagi antennas

See if you're correct here. It includes the correct answer and a full explanation.


Monday, February 6, 2017

Implementing Backup Policies

Are you preparing to take the Security+ exam?  Do you know about backup policies?

See if you can you answer this practice test question?

Q. A continuity of operations plan for an organization includes the use of a warm site. The BCP coordinator wants to verify that the organization’s backup data center is prepared to implement the warm site if necessary. Which of the following is the BEST choice to meet this need?

A. Perform a review of the disaster recovery plan.

B. Ask the managers of the backup data center.

C. Perform a disaster recovery exercise.

D. Perform a test restore.

Check out the answer and full explanation here.


Friday, February 3, 2017

Public Key & Private Key Match Pairing

Are you planning to take the Security+ exam? If so, you may want to spend some extra time on cryptography.

See if you can answer this sample Security+ question.

Q. An organization is implementing a PKI and plans on using public and private keys. Which of the following can be used to create strong key pairs?

A. MD5

B. RSA

C. AES

D. HMAC

Check out the answer and full explanation here.


Monday, January 30, 2017

Discovering Wireless Networks.

Are you planning to take the Security+ exam? If so, make sure you understand basic wireless network security.

See if you can you answer this sample Security+ practice test question?

Q. Management asks you if you can modify the wireless network to prevent users from easily discovering it. Which of the following would you modify to meet this goal?

A. CCMP

B. WPA2 Enterprise

C. SSID broadcast

D. MAC address filter

See the answer and full explanation here.


Thursday, January 26, 2017

Methods Used to Sanitize Drives

Are you planning to take the Security+ exam? Do you know about different methods used to remove data from devices? See if you can answer this question.

Q. A user recently worked with classified data on an unclassified system. You need to sanitize all the reclaimed space on this system’s hard drives while keeping the system operational. Which of the following methods will BEST meet this goal?

A. Use a cluster tip wiping tool.

B. Use a file shredding tool.

C. Degauss the disk.

D. Physically destroy the disk.

Check your answer and see the full explanation here.


Monday, January 23, 2017

Using XML-Based Standard

Are you planning to take the Security+ exam? See if you can you answer this sample question?

Q. Your organization recently made an agreement with third parties for the exchange of authentication and authorization information. The solution uses an XML-based open standard. Which of the following is the MOST likely solution being implemented?

A. RADIUS

B. Diameter

C. TACACS+

D. SAML

Check out the answer and full explanation here.


Friday, January 20, 2017

Attack Using HTML Links

Are you planning to take the Security+ exam? Make sure you're familiar with common HTML attacks so that you answer questions like this one:

Q. Homer recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code:










What is the MOST likely explanation?

A. XSRF

B. Buffer overflow

C. SQL injection

D. Fuzzing

Check out the answer and explanation here.



Tuesday, January 17, 2017

Security+ and Account Management

Are you planning to take the Security+ exam?  See if you can answer this sample Security+ practice test question?

Q. Members of a project team came in on the weekend to complete some work on a key project. However, they found that they were unable to access any of the project data. Which of the following choices is the MOST likely reason why they can’t access this data?

A. Discretionary access control

B. Time-of-day access control

C. Rule-based access control

D. Role-based access control

See if you're correct here. 

Thursday, January 12, 2017

Translating Public & Private IP Addresses

Are you preparing for the Security+ exam?  If so you need to understand some basic networking concepts.

As an example, see if you can answer this practice test question.

Q. Your organization has implemented a network design that allows internal computers to share one public IP address. Of the following choices, what did they MOST likely implement?

A. PAT

B. STP

C. DNAT

D. TLS

See if you're correct along with a full explanation here.


Tuesday, January 10, 2017

Hosting Virtual Systems

Are you planning to take the Security+ exam? If so you should have a basic understanding of virtualization.

See if you answer this sample question.

Q. You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?

A. Take a snapshot of the VM before deploying the new application.

B. Take a snapshot of the VM after deploying the new application.

C. Apply blacklisting techniques on the server for the new applications.

D. Back up the server after installing the new application.

See if you're correct here.