Tuesday, December 26, 2017

Stackable Certifications from CompTIA

Have you heard about CompTIAs new stackable certifications? If you've earned more than a couple of CompTIA certifications, you may already have one of them.

As an example, if you an A+ and Network+ certification, you now also have the CompTIA IT Operations Specialist stackable certification.

Check out this blog post for more information. 


Thursday, December 14, 2017

Switch Security

Are you planning to take the SY0-401 version or the SY0-501 version of the Security+ exam, you should have a basic understanding of secure network administration principles. This includes deploying switches securely.

See if you can answer this question.

Q. Your organization has several switches within the network. You need to implement a security control to prevent unauthorized access to these switches. Which of the following choices BEST meets this need?

A. Disable unused ports.

B. Implement an implicit deny rule.

C. Disable STP.

D. Enable SSH.

See if you're correct and view the full explanation here.


Friday, December 8, 2017

CompTIA Recertification Exam (RC0-501)

Have you heard about CompTIAs recertification exams (such as the RC0-501 for the Security+ certification).

It's only $175 (compared to $320 USD for SY0-501 exam), includes 35 questions (compared to 90 questions on the SY0-501 exam), and you can take it from home.

Check out this blog post for more information.




Wednesday, November 22, 2017

Friday, November 17, 2017

Holiday Scams and Malware Campaigns

I love the holiday season from Thanksgiving to New Years. For me, it's a time of relaxation, rejuvenation, and recreation with family and friends.

Unfortunately, the criminals love the holiday season too. You can fully expect them to continue to use a variety of creative methods to trick you out of your hard earned money.


Read the full post for tips on how to avoid the common scams.

Monday, November 13, 2017

Identifying Malware

Are you preparing to take the SY0-401 or SY0-501 Security+ exam? If so, make sure you can identify different malware types.

As an example, see if you can you answer this question?

Q. Dr. Terwilliger installed code designed to enable his account automatically if he ever lost his job as a sidekick on a television show. The code was designed to reenable his account three days after it is disabled. Which of the following does this describe?

A. Logic bomb

B. Rootkit

C. Spyware

D. Ransomware

See if you're correct (and see the full explanation) here.


Monday, November 6, 2017

SY0-401 or SY0-501 Security+ Exam?

If you're planning to take the Security+ exam, you might be wondering if you should take the SY0-401 or SY0-501 Security+ exam. I'm starting to get queries asking which one to take. As an example, here's a snippet of a recent query.

"...I plan to make a career change and move into cybersecurity. ... I want to complete security + certification... what exam would you recommend me to take SY0-401 or the new SY0-501"

Here's the short answer: SY0-401.

This blog post explains why.


Friday, November 3, 2017

Protecting Management Interfaces & Applications (Security+)

Are you planning to take the Security+ Exam? If so, make sure you understand basics on how to protect management interfaces and applications and

See if you can answer this sample practice test question?

Q. Attackers recently attacked a web server hosted by your organization. Management has tasked administrators with reducing the attack surface of this server to prevent future attacks. Which of the following will meet this goal?

A. Disabling unnecessary services

B. Installing and updating antivirus software

C. Identifying the baseline

D. Installing a NIDS

Check out the answer (and explanation) here.

If you're studying for the SY0-501 exam, check out the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide.



Friday, October 20, 2017

Certificate Revocation Lists

Are you planning to take the Security+ exam? If so, make sure you understand PKI concepts. See if you can answer this practice test question.

Q. Your organization is planning to implement an internal PKI. What is required to ensure users can validate certificates?

A. An intermediate CA

B. CSR

C. Wildcard certificates

D. CRL


See if you're correct (and see the full explanation) here.

Monday, October 2, 2017

Security+ and Unauthorized System Access

Are you preparing to take the Security+ exam? If so make sure you understand some of the methods attackers use to gain unauthorized access to systems. See if you can answer this sample question.

Q. A recent antivirus scan on a server detected a Trojan. A technician removed the Trojan, but a security administrator expressed concern that unauthorized personnel might be able to access data on the server. The security administrator decided to check the server further. Of the following choices, what is the administrator MOST likely looking for on this server?

A. Backdoor

B. Logic bomb

C. Rootkit

D. Botnet

Check out the answer (and full explanation) here.


Friday, September 29, 2017

Security+ and Basic Forensic Procedures

Are you planning to take the Security+ exam? If so, make sure you understand basic forensic procedures.

See if can you answer this sample question?

Q. Security personnel confiscated a user’s workstation after a security incident. Administrators removed the hard drive for forensic analysis, but left it unattended for several hours before capturing an image. What could prevent the company from taking the employee to court over this incident?

A. Witnesses were not identified.

B. A chain of custody was not maintained.

C. An order of volatility was not maintained.

D. A hard drive analysis was not complete.

Check your answer (and see the full explanation) here.


Monday, September 25, 2017

Mobile Device Security & Security+

Are you planning to take the Security+ exam? See if you can answer this sample practice test question.

Q.  Your company provides electrical and plumbing services to homeowners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?

A. Mobile device management

B. Disabling unused features

C. Remote wiping

D. GPS tracking

Check out the answer and full explanation here.


Monday, September 18, 2017

Active VS Passive IDS Responses

Are you planning to take the Security+ exam?

If so make sure you know about many tools used in networks. For example, can you answer this question?

Q. A security company wants to gather intelligence about current methods attackers are using against its clients. What can it use?

A. Vulnerability scan

B. Honeynet

C. MAC address filtering

D. Evil twin

Check out the answer (and full explanation) here.


Monday, September 11, 2017

Beware Hurricane Related Scams

Beware of scammers that target both disaster victims and potential donors. US-CERT warns users to be watchful for various malicious cyber activity designed to take advantage of people after disasters.



As an example, you should exercise caution when handling emails related to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information, contain malicious attachments, or links to malware-infected websites.

Additionally, you should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.



Friday, September 8, 2017

Protocol IDs and Ports

Are you planning to take the Security+ exam? If so, make sure you know the relevant ports and protocol IDs.

See if you can answer this practice test question.

Q. You need to enable the use of NetBIOS through a firewall. Which ports should you open?

A. 137 through 139

B. 20 and 21

C. 80 and 443

D. 22 and 3389

Check out the answer (and full explanation) here.



Tuesday, September 5, 2017

Security+ and Networking Protocols

Are you planning to take the Security+ exam? If so, make sure you understand some basics related to networking protocols.

As an example, see if you can answer this sample Security+ Question?

Q. While reviewing logs on a firewall, you see several requests for the AAAA record of gcgapremium.com. What is the purpose of this request?

A. To identify the IPv4 address of gcgapremium.com

B. To identify the IPv6 address of gcgapremium.com

C. To identify the mail server for gcgapremium.com

D. To identify any aliases used by gcgapremium.com

See if you are correct and view the full explanation here.


Friday, September 1, 2017

Access Control Models and Security+

Are you planning to take the Security+ exam? See if you can you answer this Security+ practice test question:

Q. An organization has implemented an access control model that enforces permissions based on data labels assigned at different levels. What type of model is this?

A. DAC

B. MAC

C. Role-BAC

D. Rule-BAC

See if you're correct here?


Monday, August 28, 2017

Data Handling and Labeling

Are you planning to take the Security+ exam? If so make sure you're familiar with data handling and labeling policies. As an example, see if you can answer this sample question.

Q. Security personnel recently released an online training module advising employees not to share personal information on any social media web sites that they visit. What is this advice MOST likely trying to prevent?

A. Spending time on non-work-related sites

B. Phishing attack

C. Cognitive password attacks

D.Rainbow table attack

See if you're correct, and view the full explanation here.


Friday, August 25, 2017

SY0-501 Study Guide

Woo Hoo! I've been working on the SY0-501 Study Guide for a few months now, but gratefully, the end is in sight.

I've finished the content for the last chapter and expect everything to move much quicker at this point. I still need to do another pass through it, but expect to pass it to the technical editor today or tomorrow at the latest. I'm also thankful that so many talented people are working behind the scenes to help me with this.

Check out this blog post for details on the study guide and a list of some of the differences in the objectives.

Monday, August 21, 2017

Social Engineering and Security+

Are you planning to take the Security+ exam? If so, make sure you understand common social engineering tactics.

See if you can answer this sample question.

Q. Lisa is a database administrator and received a phone call from someone identifying himself as a technician working with a known hardware vendor. The technician said he’s aware of a problem with database servers they’ve sold, but it only affects certain operating system versions. He asks Lisa what operating system the company is running on its database servers. Which of the following choices is the BEST response from Lisa?

A. Let the caller know what operating system and versions are running on the database servers to determine if any further action is needed.

B. Thank the caller and end the call, report the call to her supervisor, and independently check the vendor for issues.

C. Ask the caller for his phone number so that she can call him back after checking the servers.

D. Contact law enforcement personnel.

See if you are correct (and view the full explanation) here.


Friday, August 18, 2017

Security+ and Application Attacks

Are  you planning to take the Security+ exam? If so, make sure you understand application attacks. For example, see if you can you answer this practice test question?

Q. An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

A. Buffer overflow

B. Zero-day attack

C. Fuzzing

D. Session hijacking

See if you're correct, and view the full explanation here.


Friday, August 11, 2017

Security+ and Digital Signatures

Are you planning to take the Security+ exam? If so, make sure you understand cryptography topics such as digital signatures.

See if you can answer this Security+ practice test question.

Q. Lenny and Carl work in an organization that includes a PKI. Carl needs to send a digitally signed file to Lenny. What does Carl use in this process?

A. Carl’s public key

B. Carl’s private key

C. Lenny’s public key

D. Lenny’s private key

See the answer and the full explanation here.


Monday, August 7, 2017

/32 CIDR Notation in an ACL

Are you preparing to take the Security+ exam? If so, make sure you know how to craft rules in firewall and router ACLs. As an example, see if you can answer this question.

Q. You need to configure a firewall to allow traffic from Homer's computer to all of the servers within the 192.168.8.0/24 network. The following graphic shows a partial network diagram. Click it to view the image in full size.



Which of the following choices is the BEST to identify the source in the ACL rule?

A. 192.168.5.5/24

B. 192.168.5.5/32

C. 192.168.10.0/24

D. 192.168.10.0/32

See if you're correct (and view the full explanation) here.

Friday, August 4, 2017

Comparing Risks & Vulnerabilities

Are you planning to take the Security+ exam? If so, make sure you understand concepts such as risks and vulnerabilities.

For example, can you answer this question?

Q. Which of the following is most closely associated with residual risk?

A. Risk acceptance

B. Risk avoidance

C. Risk deterrence

D. Risk mitigation

E. Risk transference

See if you're correct (and read the full explanation) here.


Monday, July 31, 2017

Digital Signatures and Integrity

Are you preparing to take the Security+ exam? See if you can answer this sample practice test question?

Q. Users in your organization sign their emails with digital signatures. What provides integrity for these certificates?

A. Hashing

B. Encryption

C. Non-repudiation

D. Private key

See if you're correct (and view the full explanation) here.

Monday, July 24, 2017

Security+ and Door Access System

Are you planning to take the Security+ exam? If so, make sure you understand physical security concepts. For example, Can you answer this sample Security+ question?

Q. You need to secure access to a data center. Which of the following choices provides the BEST physical security to meet this need? (Select THREE.)

A. Biometrics

B. Cable locks

C. CCTV

D. Mantrap

See if you're correct and view the full explanation here.

Friday, July 21, 2017

Security+ and VPN Authentication Services

Are you planning to take the Security+ exam? If so, make sure you understand some basic VPN authentication services. As an example, see if you can answer this practice test question.

Q. Which of the following choices provide authentication services for remote users and devices? (Select TWO.)

A. Kerberos

B. RADIUS

C. Secure LDAP

D. Diameter

Check out the answer (and the full explanation here).


Monday, July 17, 2017

Protecting Against Attacks

Are you planning to take the Security+ exam? See if you can you answer this practice test question.

Q. Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be the MOST effective at reducing the success of these attacks?

A. Implement a BYOD policy.

B. Update the AUP.

C. Provide training on data handling.

D. Implement a program to increase security awareness.

Monday, July 10, 2017

Authentication Mechanisms and Security+

Are you planning to take the Security+ exam? See if you can you answer this Security+ practice test question?

Q. You are logging on to your bank’s web site using your email address and a password. What is the purpose of the email address in this example?

A. Identification

B. Authentication

C. Authorization

D. Availability

Check out the answer (and full explanation) here.


Thursday, July 6, 2017

Security+ and Cloud Computing

Are you planning to take the Security+ exam? If so, make sure you understand some basics on cloud computing.

See if you can answer this sample question.

Q. Of the following choices, which one is a cloud computing option that allows customers to apply patches to the operating system?

A. Hybrid cloud

B. Software as a Service

C. Infrastructure as a Service

D. Private

You can view the answer (and the full explanation) here.


Monday, July 3, 2017

Security+ and Penetration Testing

Are you planning to take the Security+ exam? See if you can answer this sample question related to penetration testing.

Q. During a penetration test, a tester injected extra input into an application causing the application to crash. What does this describe?

A. SQL injection

B. Fuzzing

C. Transitive access

D. XSRF

You can view the answer and the full explanation here.


Friday, June 30, 2017

Analyzing Network Traffic & Hard Drives

Are you preparing for the Security+ exam? If so, make sure you understand some basics related to forensics.

See if you can you answer this sample practice test question.

Q. After a recent incident, a forensic analyst was given several hard drives to analyze. What should the analyst do first?

A. Take screenshots and capture system images.
B. Take hashes and screenshots.
C. Take hashes and capture system images.
D. Perform antivirus scans and create chain-of-custody documents.

Check out the answer and full explanation here.


Monday, June 26, 2017

BYOD Policies and Security+

Are you preparing for the Security+ exam? If so, make sure you understand the security issues related to mobile devices.

For example, see if can you answer this sample Security+ question?

Q. Management within your company is considering allowing users to connect to the corporate network with their personally owned devices. Which of the following represents a security concern with this policy?

A. Inability to ensure devices are up to date with current system patches

B. Difficulty in locating lost devices

C. Cost of the devices

D. Devices might not be compatible with applications within the network

See if you're correct here.


Friday, June 23, 2017

Vulnerabilities and Security+

Are you planning to take the Security+ exam?

If so, make sure you understand various methods used to reduce vulnerabilities, including vulnerability scans.

As an example, can you answer this sample question?

Q. You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you’ve verified the servers have these patches installed. Which of the following BEST describes this?

A. False negative

B. Misconfiguration on servers

C. False positive

D.Servers not hardened

Check out the answer (and full explanation) here.


Monday, June 19, 2017

Matching Security Controls to Security Goals

Are you planning to take the Security+ exam? Do you know how to match security controls to security goals?

As an example, see if you can answer this sample Security+ question.

Q. An organization needs to improve fault tolerance to increase data availability. However, the organization has a limited budget. Which of the following is the BEST choice to meet the organization’s needs?

A. RAID

B. Backup system

C. Cluster

D. UPS

Check out the answer (and the full explanation) here.


Friday, June 16, 2017

Security+ and Incident Response

Are you preparing to take the Security+ exam? If so, make sure you understand incident response procedures. For example, see if you can answer this practice test question.

Q. You work as a help-desk professional in a large organization. You have begun to receive an extraordinary number of calls from employees related to malware. Using common incident response procedures, what should be your FIRST response?

A. Preparation

B. Identification

C. Escalation

D. Mitigation

Check out the answer and the full explanation here.


Monday, June 12, 2017

Attacks and Countermeasures

Are you planning to take the Security+ exam? See if you can answer this sample practice test question.

Q. Some protocols include timestamps and sequence numbers. What types of attacks do these components help protect against?


A. Smurf

B. Replay

C. Flood guards

D. Salting

See if you're correct and view the full explanation here.


Friday, June 9, 2017

Security+ and Query Attacks

Are you preparing to take the Security+ exam? If so, make sure you can identify common attacks. For example, can you answer this question?

Q. Looking at logs for an online web application, you see that someone has entered the following phrase into several queries:

' or '1'='1' --

Which of the following is the MOST likely explanation for this?

A. A buffer overflow attack

B. An XSS attack

C. A SQL injection attack

D. An LDAP injection attack

Check out the answer (and the full explanation) here. 


Monday, June 5, 2017

Protocols and Ports in Security+

If you're planning to take the Security+ exam, you should have a basic understanding of relevant protocols and ports to implement basic network security.

For example, can you answer this question?

Q. Bart wants to block access to all external web sites. Which port should he block at the firewall?

A. TCP 22

B. TCP 53

C. UDP 69

D. TCP 80

More, do you know why the correct answer is correct and the incorrect answers are incorrect?

See if you're correct here.

Will you see port questions on the Security+ exam? You never know. However, I saw two.

Friday, June 2, 2017

Detecting Hidden System Infection

Are you preparing to take the Security+ exam? See if you can answer this sample question.

Q. A security administrator recently noticed abnormal activity on a workstation. It is connecting to computers outside the organization’s internal network, using uncommon ports. Using a security toolkit, the administrator discovered the computer is also running several hidden processes. Which of the following choices BEST indicates what the administrator has found?

A. Rootkit

B. Backdoor

C. Spam

D. Trojan

Check your answer and view the full explanation here.


Monday, May 29, 2017

My Experience with the Security+ Exam

I took the Security+ exam (SYO-401 version) last week. While I've held the certification since 2005, I wanted to see how it looked and compare this to what readers have shared with me.

This blog post outlines what I saw including the number of questions, the types of questions, and some key strategies I used to pass.


Friday, May 26, 2017

Security+ and Wireless Security

Are you planning to take the Security+ exam? See if you can answer this sample practice test questio

Q. Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?

A. An authentication server with a digital certificate installed on the authentication server

B. An authentication server with DHCP installed on the authentication server

C. An authentication server with DNS installed on the authentication server

D. An authentication server with WEP running on the access point



Monday, May 22, 2017

Security+ Device Security Concepts

Are you preparing to take the Security+ exam? See if you can answer this sample practice test question.

Q. Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?

A. Asset tracking

B. Screen lock

C. Mobile device management

D. GPS tracking

Check out the answer and the full explanation here. 



Friday, May 19, 2017

Defense In Depth

Are you preparing to take the Security+ exam? See if you can answer this Security+ practice test question.

Q. An organization wants to provide protection against malware attacks. Administrators have installed antivirus software on all computers. Additionally, they implemented a firewall and an IDS on the network. Which of the following BEST identifies this principle?

A. Implicit deny

B. Layered security

C. Least privilege

D. Flood guard

Check out the answer and a full explanation here.


Monday, May 15, 2017

WannaCry Ransomware

Are you one of the more than 200,000 users in over 150 countries that WannaCry today?

On May 12, the WannaCry ransomware began infecting computers around the world. This malware infects systems, encrypts user files, and demands a payment of about $300 within three days.

See if you can answer this sample Security+ question. It includes information on the standard security practice that would have prevented this infection, if people followed it.

Q. A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?

A. Virtualization

B. Sandboxing

C. IDS

D. Patch management



Friday, May 12, 2017

Security+ and Data Leakage

Are you planning to take the Security+ exam? See if you can answer this sample test question.

Q. Your organization blocks access to social media web sites. The primary purpose is to prevent data leakage, such as the accidental disclosure of proprietary information. What is an additional security benefit of this policy?

A. Improves employee productivity

B. Enables cognitive password attacks

C. Prevents P2P file sharing

D. Protects against banner ad malware

See if you're correct (and the full explanation) here.

Monday, May 8, 2017

Security+ and Command Line Questions

Are you preparing for the Security+ exam?

If so, you might like to know about the command line questions that are appearing on the exam. The good news is that they are very likely beta questions. Read more here....



Friday, May 5, 2017

Security+ and Management Controls

Are you preparing for the Security+ exam? See if you can you answer this practice test question?

Q. Which of the following is a management control?

A. Encryption

B. Security policy

C. Least privilege

D. Change management

Check out the answer here. The explanation will help you understand why the incorrect answers are incorrect and why correct answer is correct.



Monday, May 1, 2017

Security+ and Server Management Using VMs

Are you preparing for the Security+ exam? See if you can you answer this sample question.

Q. A company is implementing a feature that allows multiple servers to operate on a single physical server. What is this?

A. Virtualization

B. IaaS

C. Cloud computing

D. DLP

Check out the answer and full explanation here. 



Monday, April 24, 2017

Security+ and Monitoring System Account Access

Can you answer this sample Security+ question?

Q. You need to create an account for a contractor who will be working at your company for 90 days. Which of the following is the BEST security step to take when creating this account?

A. Configure history on the account.

B. Configure a password expiration date on the account.

C. Configure an expiration date on the account.

D. Configure complexity.

See if you're correct, along with a full explanation here.


Friday, April 21, 2017

Security+ and Authentication Factors

Are you planning to take the Security+ exam? If so, make sure you understand authentication factors.

See if you can answer this Security+ practice test question.

Q. Your network infrastructure requires users to authenticate with something they are and something they know. Which of the following choices BEST describes this authentication method?

A. Passwords

B. Dual-factor

C. Biometrics

D. Diameter

Check the answer here.



Monday, April 17, 2017

Authentication and Security+

Are you preparing to take the Security+ exam? If so, make sure you understand some authentication concepts. See if you can answer this sample question.

Q. When you log on to your online bank account, you are also able to access a partner’s credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe?

A. SSO

B. Same sign-on

C. SAML

D. Kerberos

Check out the answer here.