Monday, September 18, 2017

Active VS Passive IDS Responses

Are you planning to take the Security+ exam?

If so make sure you know about many tools used in networks. For example, can you answer this question?

Q. A security company wants to gather intelligence about current methods attackers are using against its clients. What can it use?

A. Vulnerability scan

B. Honeynet

C. MAC address filtering

D. Evil twin

Check out the answer (and full explanation) here.


Monday, September 11, 2017

Beware Hurricane Related Scams

Beware of scammers that target both disaster victims and potential donors. US-CERT warns users to be watchful for various malicious cyber activity designed to take advantage of people after disasters.



As an example, you should exercise caution when handling emails related to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information, contain malicious attachments, or links to malware-infected websites.

Additionally, you should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.



Friday, September 8, 2017

Protocol IDs and Ports

Are you planning to take the Security+ exam? If so, make sure you know the relevant ports and protocol IDs.

See if you can answer this practice test question.

Q. You need to enable the use of NetBIOS through a firewall. Which ports should you open?

A. 137 through 139

B. 20 and 21

C. 80 and 443

D. 22 and 3389

Check out the answer (and full explanation) here.



Tuesday, September 5, 2017

Security+ and Networking Protocols

Are you planning to take the Security+ exam? If so, make sure you understand some basics related to networking protocols.

As an example, see if you can answer this sample Security+ Question?

Q. While reviewing logs on a firewall, you see several requests for the AAAA record of gcgapremium.com. What is the purpose of this request?

A. To identify the IPv4 address of gcgapremium.com

B. To identify the IPv6 address of gcgapremium.com

C. To identify the mail server for gcgapremium.com

D. To identify any aliases used by gcgapremium.com

See if you are correct and view the full explanation here.


Friday, September 1, 2017

Access Control Models and Security+

Are you planning to take the Security+ exam? See if you can you answer this Security+ practice test question:

Q. An organization has implemented an access control model that enforces permissions based on data labels assigned at different levels. What type of model is this?

A. DAC

B. MAC

C. Role-BAC

D. Rule-BAC

See if you're correct here?


Monday, August 28, 2017

Data Handling and Labeling

Are you planning to take the Security+ exam? If so make sure you're familiar with data handling and labeling policies. As an example, see if you can answer this sample question.

Q. Security personnel recently released an online training module advising employees not to share personal information on any social media web sites that they visit. What is this advice MOST likely trying to prevent?

A. Spending time on non-work-related sites

B. Phishing attack

C. Cognitive password attacks

D.Rainbow table attack

See if you're correct, and view the full explanation here.


Friday, August 25, 2017

SY0-501 Study Guide

Woo Hoo! I've been working on the SY0-501 Study Guide for a few months now, but gratefully, the end is in sight.

I've finished the content for the last chapter and expect everything to move much quicker at this point. I still need to do another pass through it, but expect to pass it to the technical editor today or tomorrow at the latest. I'm also thankful that so many talented people are working behind the scenes to help me with this.

Check out this blog post for details on the study guide and a list of some of the differences in the objectives.

Monday, August 21, 2017

Social Engineering and Security+

Are you planning to take the Security+ exam? If so, make sure you understand common social engineering tactics.

See if you can answer this sample question.

Q. Lisa is a database administrator and received a phone call from someone identifying himself as a technician working with a known hardware vendor. The technician said he’s aware of a problem with database servers they’ve sold, but it only affects certain operating system versions. He asks Lisa what operating system the company is running on its database servers. Which of the following choices is the BEST response from Lisa?

A. Let the caller know what operating system and versions are running on the database servers to determine if any further action is needed.

B. Thank the caller and end the call, report the call to her supervisor, and independently check the vendor for issues.

C. Ask the caller for his phone number so that she can call him back after checking the servers.

D. Contact law enforcement personnel.

See if you are correct (and view the full explanation) here.


Friday, August 18, 2017

Security+ and Application Attacks

Are  you planning to take the Security+ exam? If so, make sure you understand application attacks. For example, see if you can you answer this practice test question?

Q. An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

A. Buffer overflow

B. Zero-day attack

C. Fuzzing

D. Session hijacking

See if you're correct, and view the full explanation here.


Friday, August 11, 2017

Security+ and Digital Signatures

Are you planning to take the Security+ exam? If so, make sure you understand cryptography topics such as digital signatures.

See if you can answer this Security+ practice test question.

Q. Lenny and Carl work in an organization that includes a PKI. Carl needs to send a digitally signed file to Lenny. What does Carl use in this process?

A. Carl’s public key

B. Carl’s private key

C. Lenny’s public key

D. Lenny’s private key

See the answer and the full explanation here.


Monday, August 7, 2017

/32 CIDR Notation in an ACL

Are you preparing to take the Security+ exam? If so, make sure you know how to craft rules in firewall and router ACLs. As an example, see if you can answer this question.

Q. You need to configure a firewall to allow traffic from Homer's computer to all of the servers within the 192.168.8.0/24 network. The following graphic shows a partial network diagram. Click it to view the image in full size.



Which of the following choices is the BEST to identify the source in the ACL rule?

A. 192.168.5.5/24

B. 192.168.5.5/32

C. 192.168.10.0/24

D. 192.168.10.0/32

See if you're correct (and view the full explanation) here.

Friday, August 4, 2017

Comparing Risks & Vulnerabilities

Are you planning to take the Security+ exam? If so, make sure you understand concepts such as risks and vulnerabilities.

For example, can you answer this question?

Q. Which of the following is most closely associated with residual risk?

A. Risk acceptance

B. Risk avoidance

C. Risk deterrence

D. Risk mitigation

E. Risk transference

See if you're correct (and read the full explanation) here.


Monday, July 31, 2017

Digital Signatures and Integrity

Are you preparing to take the Security+ exam? See if you can answer this sample practice test question?

Q. Users in your organization sign their emails with digital signatures. What provides integrity for these certificates?

A. Hashing

B. Encryption

C. Non-repudiation

D. Private key

See if you're correct (and view the full explanation) here.

Monday, July 24, 2017

Security+ and Door Access System

Are you planning to take the Security+ exam? If so, make sure you understand physical security concepts. For example, Can you answer this sample Security+ question?

Q. You need to secure access to a data center. Which of the following choices provides the BEST physical security to meet this need? (Select THREE.)

A. Biometrics

B. Cable locks

C. CCTV

D. Mantrap

See if you're correct and view the full explanation here.

Friday, July 21, 2017

Security+ and VPN Authentication Services

Are you planning to take the Security+ exam? If so, make sure you understand some basic VPN authentication services. As an example, see if you can answer this practice test question.

Q. Which of the following choices provide authentication services for remote users and devices? (Select TWO.)

A. Kerberos

B. RADIUS

C. Secure LDAP

D. Diameter

Check out the answer (and the full explanation here).


Monday, July 17, 2017

Protecting Against Attacks

Are you planning to take the Security+ exam? See if you can you answer this practice test question.

Q. Social engineers have launched several successful phone-based attacks against your organization resulting in several data leaks. Which of the following would be the MOST effective at reducing the success of these attacks?

A. Implement a BYOD policy.

B. Update the AUP.

C. Provide training on data handling.

D. Implement a program to increase security awareness.

Monday, July 10, 2017

Authentication Mechanisms and Security+

Are you planning to take the Security+ exam? See if you can you answer this Security+ practice test question?

Q. You are logging on to your bank’s web site using your email address and a password. What is the purpose of the email address in this example?

A. Identification

B. Authentication

C. Authorization

D. Availability

Check out the answer (and full explanation) here.


Thursday, July 6, 2017

Security+ and Cloud Computing

Are you planning to take the Security+ exam? If so, make sure you understand some basics on cloud computing.

See if you can answer this sample question.

Q. Of the following choices, which one is a cloud computing option that allows customers to apply patches to the operating system?

A. Hybrid cloud

B. Software as a Service

C. Infrastructure as a Service

D. Private

You can view the answer (and the full explanation) here.


Monday, July 3, 2017

Security+ and Penetration Testing

Are you planning to take the Security+ exam? See if you can answer this sample question related to penetration testing.

Q. During a penetration test, a tester injected extra input into an application causing the application to crash. What does this describe?

A. SQL injection

B. Fuzzing

C. Transitive access

D. XSRF

You can view the answer and the full explanation here.


Friday, June 30, 2017

Analyzing Network Traffic & Hard Drives

Are you preparing for the Security+ exam? If so, make sure you understand some basics related to forensics.

See if you can you answer this sample practice test question.

Q. After a recent incident, a forensic analyst was given several hard drives to analyze. What should the analyst do first?

A. Take screenshots and capture system images.
B. Take hashes and screenshots.
C. Take hashes and capture system images.
D. Perform antivirus scans and create chain-of-custody documents.

Check out the answer and full explanation here.


Monday, June 26, 2017

BYOD Policies and Security+

Are you preparing for the Security+ exam? If so, make sure you understand the security issues related to mobile devices.

For example, see if can you answer this sample Security+ question?

Q. Management within your company is considering allowing users to connect to the corporate network with their personally owned devices. Which of the following represents a security concern with this policy?

A. Inability to ensure devices are up to date with current system patches

B. Difficulty in locating lost devices

C. Cost of the devices

D. Devices might not be compatible with applications within the network

See if you're correct here.


Friday, June 23, 2017

Vulnerabilities and Security+

Are you planning to take the Security+ exam?

If so, make sure you understand various methods used to reduce vulnerabilities, including vulnerability scans.

As an example, can you answer this sample question?

Q. You recently completed a vulnerability scan on your network. It reported that several servers are missing key operating system patches. However, after checking the servers, you’ve verified the servers have these patches installed. Which of the following BEST describes this?

A. False negative

B. Misconfiguration on servers

C. False positive

D.Servers not hardened

Check out the answer (and full explanation) here.


Monday, June 19, 2017

Matching Security Controls to Security Goals

Are you planning to take the Security+ exam? Do you know how to match security controls to security goals?

As an example, see if you can answer this sample Security+ question.

Q. An organization needs to improve fault tolerance to increase data availability. However, the organization has a limited budget. Which of the following is the BEST choice to meet the organization’s needs?

A. RAID

B. Backup system

C. Cluster

D. UPS

Check out the answer (and the full explanation) here.


Friday, June 16, 2017

Security+ and Incident Response

Are you preparing to take the Security+ exam? If so, make sure you understand incident response procedures. For example, see if you can answer this practice test question.

Q. You work as a help-desk professional in a large organization. You have begun to receive an extraordinary number of calls from employees related to malware. Using common incident response procedures, what should be your FIRST response?

A. Preparation

B. Identification

C. Escalation

D. Mitigation

Check out the answer and the full explanation here.


Monday, June 12, 2017

Attacks and Countermeasures

Are you planning to take the Security+ exam? See if you can answer this sample practice test question.

Q. Some protocols include timestamps and sequence numbers. What types of attacks do these components help protect against?


A. Smurf

B. Replay

C. Flood guards

D. Salting

See if you're correct and view the full explanation here.


Friday, June 9, 2017

Security+ and Query Attacks

Are you preparing to take the Security+ exam? If so, make sure you can identify common attacks. For example, can you answer this question?

Q. Looking at logs for an online web application, you see that someone has entered the following phrase into several queries:

' or '1'='1' --

Which of the following is the MOST likely explanation for this?

A. A buffer overflow attack

B. An XSS attack

C. A SQL injection attack

D. An LDAP injection attack

Check out the answer (and the full explanation) here. 


Monday, June 5, 2017

Protocols and Ports in Security+

If you're planning to take the Security+ exam, you should have a basic understanding of relevant protocols and ports to implement basic network security.

For example, can you answer this question?

Q. Bart wants to block access to all external web sites. Which port should he block at the firewall?

A. TCP 22

B. TCP 53

C. UDP 69

D. TCP 80

More, do you know why the correct answer is correct and the incorrect answers are incorrect?

See if you're correct here.

Will you see port questions on the Security+ exam? You never know. However, I saw two.

Friday, June 2, 2017

Detecting Hidden System Infection

Are you preparing to take the Security+ exam? See if you can answer this sample question.

Q. A security administrator recently noticed abnormal activity on a workstation. It is connecting to computers outside the organization’s internal network, using uncommon ports. Using a security toolkit, the administrator discovered the computer is also running several hidden processes. Which of the following choices BEST indicates what the administrator has found?

A. Rootkit

B. Backdoor

C. Spam

D. Trojan

Check your answer and view the full explanation here.


Monday, May 29, 2017

My Experience with the Security+ Exam

I took the Security+ exam (SYO-401 version) last week. While I've held the certification since 2005, I wanted to see how it looked and compare this to what readers have shared with me.

This blog post outlines what I saw including the number of questions, the types of questions, and some key strategies I used to pass.


Friday, May 26, 2017

Security+ and Wireless Security

Are you planning to take the Security+ exam? See if you can answer this sample practice test questio

Q. Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?

A. An authentication server with a digital certificate installed on the authentication server

B. An authentication server with DHCP installed on the authentication server

C. An authentication server with DNS installed on the authentication server

D. An authentication server with WEP running on the access point



Monday, May 22, 2017

Security+ Device Security Concepts

Are you preparing to take the Security+ exam? See if you can answer this sample practice test question.

Q. Key personnel in your organization have mobile devices, which store sensitive information. What can you implement to prevent data loss from these devices if a thief steals one?

A. Asset tracking

B. Screen lock

C. Mobile device management

D. GPS tracking

Check out the answer and the full explanation here. 



Friday, May 19, 2017

Defense In Depth

Are you preparing to take the Security+ exam? See if you can answer this Security+ practice test question.

Q. An organization wants to provide protection against malware attacks. Administrators have installed antivirus software on all computers. Additionally, they implemented a firewall and an IDS on the network. Which of the following BEST identifies this principle?

A. Implicit deny

B. Layered security

C. Least privilege

D. Flood guard

Check out the answer and a full explanation here.


Monday, May 15, 2017

WannaCry Ransomware

Are you one of the more than 200,000 users in over 150 countries that WannaCry today?

On May 12, the WannaCry ransomware began infecting computers around the world. This malware infects systems, encrypts user files, and demands a payment of about $300 within three days.

See if you can answer this sample Security+ question. It includes information on the standard security practice that would have prevented this infection, if people followed it.

Q. A recent risk assessment identified several problems with servers in your organization. They occasionally reboot on their own and the operating systems do not have current security fixes. Administrators have had to rebuild some servers from scratch due to mysterious problems. Which of the following solutions will mitigate these problems?

A. Virtualization

B. Sandboxing

C. IDS

D. Patch management



Friday, May 12, 2017

Security+ and Data Leakage

Are you planning to take the Security+ exam? See if you can answer this sample test question.

Q. Your organization blocks access to social media web sites. The primary purpose is to prevent data leakage, such as the accidental disclosure of proprietary information. What is an additional security benefit of this policy?

A. Improves employee productivity

B. Enables cognitive password attacks

C. Prevents P2P file sharing

D. Protects against banner ad malware

See if you're correct (and the full explanation) here.

Monday, May 8, 2017

Security+ and Command Line Questions

Are you preparing for the Security+ exam?

If so, you might like to know about the command line questions that are appearing on the exam. The good news is that they are very likely beta questions. Read more here....



Friday, May 5, 2017

Security+ and Management Controls

Are you preparing for the Security+ exam? See if you can you answer this practice test question?

Q. Which of the following is a management control?

A. Encryption

B. Security policy

C. Least privilege

D. Change management

Check out the answer here. The explanation will help you understand why the incorrect answers are incorrect and why correct answer is correct.



Monday, May 1, 2017

Security+ and Server Management Using VMs

Are you preparing for the Security+ exam? See if you can you answer this sample question.

Q. A company is implementing a feature that allows multiple servers to operate on a single physical server. What is this?

A. Virtualization

B. IaaS

C. Cloud computing

D. DLP

Check out the answer and full explanation here. 



Monday, April 24, 2017

Security+ and Monitoring System Account Access

Can you answer this sample Security+ question?

Q. You need to create an account for a contractor who will be working at your company for 90 days. Which of the following is the BEST security step to take when creating this account?

A. Configure history on the account.

B. Configure a password expiration date on the account.

C. Configure an expiration date on the account.

D. Configure complexity.

See if you're correct, along with a full explanation here.


Friday, April 21, 2017

Security+ and Authentication Factors

Are you planning to take the Security+ exam? If so, make sure you understand authentication factors.

See if you can answer this Security+ practice test question.

Q. Your network infrastructure requires users to authenticate with something they are and something they know. Which of the following choices BEST describes this authentication method?

A. Passwords

B. Dual-factor

C. Biometrics

D. Diameter

Check the answer here.



Monday, April 17, 2017

Authentication and Security+

Are you preparing to take the Security+ exam? If so, make sure you understand some authentication concepts. See if you can answer this sample question.

Q. When you log on to your online bank account, you are also able to access a partner’s credit card site, check-ordering services, and a mortgage site without entering your credentials again. What does this describe?

A. SSO

B. Same sign-on

C. SAML

D. Kerberos

Check out the answer here. 


Friday, April 14, 2017

Threats Security+

Are you preparing for the Security+ exam?

See if you can answer this practice test question.

Security experts at your organization have determined that your network has been repeatedly attacked from multiple entities in a foreign country. Research indicates these are coordinated and sophisticated attacks. What BEST describes this activity?

A. Fuzzing

B. Sniffing

C. Spear phishing

D. Advanced persistent threat

See if you're correct here. 


Monday, April 10, 2017

Security+ and Monitoring Tools

Are you planning to take the Security+ exam? If so, make sure you have a good understanding of tools available that both security professionals and attackers use.

See if you can answer this sample practice test question.

Q. Your organization security policy requires that personnel notify security administrators if an incident occurs. However, this is not occurring consistently. Which of the following could the organization implement to ensure security administrators are notified in a timely manner?

A. Routine auditing

B. User rights and permissions reviews

C. Design review

D. Incident response team

Check your answer here.


Friday, April 7, 2017

Security+ and Wireless Footprints

Are you preparing to take the Security+ exam? Do you have a good understanding of wireless topics?

See if you can answer this sample Security+ question.

Q. Your organization maintains a separate wireless network for visitors in a conference room. However, you have recently noticed that people are connecting to this network even when there aren’t any visitors in the conference room. You want to prevent these connections, while maintaining easy access for visitors in the conference room. Which of the following is the BEST solution?

A. Disable SSID broadcasting.

B. Enable MAC filtering.

C. Use wireless jamming.

D. Reduce antenna power.

Check your answer and view the full explanation here.


Monday, April 3, 2017

Physical Security Measures and Security+

Are you preparing to take the Security+ exam? If so, make sure you understand various security controls including physical security controls.

See if you can answer this sample question.

Q. Thieves recently rammed a truck through the entrance of your company’s main building. During the chaos, their partners proceeded to steal a significant amount of IT equipment. Which of the following choices can you use to prevent this from happening again?

A. Bollards

B. Guards

C. CCTV

D. Mantrap

See if you're correct and view the full explanation here.


Friday, March 31, 2017

Security+ and Patch Management

Are you planning to take the Security+ exam? If so, make sure you understand basics about patch management.

See if you can you answer this sample question.

Q. A software vendor recently developed a patch for one of its applications. Before releasing the patch to customers, the vendor needs to test it in different environments. Which of the following solutions provides the BEST method to test the patch in different environments?

A. Baseline image

B. BYOD

C. Virtualized sandbox

D. Change management

Check out the answer and a full explanation here.


Monday, March 27, 2017

Using One-Time Passwords

Are you preparing to take the Security+ exam? If so, make sure you know about one-time passwords. For example, can you answer this sample question?

Q. Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?

A. HOTP

B. TOTP

C. CAC

D. Kerberos

Check out the answer and see a full explanation here.



Friday, March 24, 2017

Forensic Analysis Tools and Security+

Are you planning to take the Security+ exam?

Do you know some basics about forensic analysis?

Computer forensics analyzes evidence from computers to determine details on computer incidents, similar to how CSI personnel analyze evidence from crime scenes. See if you can you answer this practice test question.

Q. A forensic expert is preparing to analyze a hard drive. Which of the following should the expert do FIRST?

A. Capture an image.

B. Identify the order of volatility.

C. Create a chain-of-custody document.

D. Take a screenshot.

See if you're correct here.


Monday, March 20, 2017

Passwords and Security+

Are you preparing to take the Security+ exam? See if you can answer this sample question about passwords.

Q. An outside security auditor recently completed an in-depth security audit on your network. One of the issues he reported was related to passwords. Specifically, he found the following passwords used on the network: Pa$$, 1@W2, and G7bT3. What should be changed to avoid the problem shown with these passwords?

A. Password complexity

B. Password length

C. Password history

D. Password reuse

See if you're correct and view the full explanation here.


Friday, March 17, 2017

Security+ and Ciphers

Are you planning to take the Security+ exam?

Do you know the differences between block ciphers and stream ciphers?

See if you can you answer this sample question.

Q. An application developer needs to use an encryption protocol to encrypt credit card data within a database used by the application. Which of the following would be the FASTEST, while also providing strong confidentiality?

A. AES-256

B. DES

C. Blowfish

D. SHA-2

Check out this post for the answer and a full explanation.


Monday, March 13, 2017

New Security+ Exam

Did you hear about the new Security+ (SY0-501) exam?

Someone's talking about it because I've recently received several queries asking me about it.

Yes, it's true that CompTIA updates their exams every three years. And yes it's reasonable to expect that they'll update the Security+ exam this year.

When CompTIA updates their exams, it often causes anxiety with many people. They wonder how they should respond. And many of them send their queries to me.

I've outlined many of the frequently asked questions I've received and expect in this blog post.



Friday, March 10, 2017

Physical Security Controls and Security+

Are you planning to take the Security+ exam? If so, make sure you understand what physical security controls are.

In general, a physical security control is something you can physically touch, such as a hardware lock, a fence, an identification badge, and a security camera.

See if you can you answer this sample question.

Q. Employees access a secure area by entering a cipher code, but this code does not identify individuals. After a recent security incident, management has decided to implement a key card system that will identify individuals who enter and exit this secure area. However, the installation might take six months or longer. Which of the following choices can the organization install immediately to identify individuals who enter or exit the secure area?

A. Mantrap

B. Access list

C. CCTV

D. Bollards

See if you are correct and read the full explanation here.


Friday, March 3, 2017

Using Risk Assessment Metrics

Are you preparing for the Security+ exam? Can you identify various risk assessment metrics?

See if you can answer this sample practice test question.

Q. A security expert is attempting to identify the number of failures a web server has in a year. Which of the following is the expert MOST likely identifying?

A. SLE

B. MTTR

C. ALE

D. MTTF

See if you're correct and read the full explanation here.

Monday, February 27, 2017

Protecting PII


Are you planning to take the Security+ exam? If so, make sure you know how to protect data such as Personally Identifiable Information (PII) data.

See if you can answer this sample test question.

Q. You need to transmit PII via email and you want to maintain its confidentiality. Of the following choices, what is the BEST solution?

A. Use hashes.

B. Encrypt it before sending.

C. Protect it with a digital signature.

D. Use RAID.

See if you're correct along with a full explanation here.