Monday, January 30, 2017

Discovering Wireless Networks.

Are you planning to take the Security+ exam? If so, make sure you understand basic wireless network security.

See if you can you answer this sample Security+ practice test question?

Q. Management asks you if you can modify the wireless network to prevent users from easily discovering it. Which of the following would you modify to meet this goal?

A. CCMP

B. WPA2 Enterprise

C. SSID broadcast

D. MAC address filter

See the answer and full explanation here.


Thursday, January 26, 2017

Methods Used to Sanitize Drives

Are you planning to take the Security+ exam? Do you know about different methods used to remove data from devices? See if you can answer this question.

Q. A user recently worked with classified data on an unclassified system. You need to sanitize all the reclaimed space on this system’s hard drives while keeping the system operational. Which of the following methods will BEST meet this goal?

A. Use a cluster tip wiping tool.

B. Use a file shredding tool.

C. Degauss the disk.

D. Physically destroy the disk.

Check your answer and see the full explanation here.


Monday, January 23, 2017

Using XML-Based Standard

Are you planning to take the Security+ exam? See if you can you answer this sample question?

Q. Your organization recently made an agreement with third parties for the exchange of authentication and authorization information. The solution uses an XML-based open standard. Which of the following is the MOST likely solution being implemented?

A. RADIUS

B. Diameter

C. TACACS+

D. SAML

Check out the answer and full explanation here.


Friday, January 20, 2017

Attack Using HTML Links

Are you planning to take the Security+ exam? Make sure you're familiar with common HTML attacks so that you answer questions like this one:

Q. Homer recently received an email thanking him for a purchase that he did not make. He asked an administrator about it and the administrator noticed a pop-up window, which included the following code:










What is the MOST likely explanation?

A. XSRF

B. Buffer overflow

C. SQL injection

D. Fuzzing

Check out the answer and explanation here.



Tuesday, January 17, 2017

Security+ and Account Management

Are you planning to take the Security+ exam?  See if you can answer this sample Security+ practice test question?

Q. Members of a project team came in on the weekend to complete some work on a key project. However, they found that they were unable to access any of the project data. Which of the following choices is the MOST likely reason why they can’t access this data?

A. Discretionary access control

B. Time-of-day access control

C. Rule-based access control

D. Role-based access control

See if you're correct here. 

Thursday, January 12, 2017

Translating Public & Private IP Addresses

Are you preparing for the Security+ exam?  If so you need to understand some basic networking concepts.

As an example, see if you can answer this practice test question.

Q. Your organization has implemented a network design that allows internal computers to share one public IP address. Of the following choices, what did they MOST likely implement?

A. PAT

B. STP

C. DNAT

D. TLS

See if you're correct along with a full explanation here.


Tuesday, January 10, 2017

Hosting Virtual Systems

Are you planning to take the Security+ exam? If so you should have a basic understanding of virtualization.

See if you answer this sample question.

Q. You are preparing to deploy a new application on a virtual server. The virtual server hosts another server application that employees routinely access. Which of the following is the BEST method to use when deploying the new application?

A. Take a snapshot of the VM before deploying the new application.

B. Take a snapshot of the VM after deploying the new application.

C. Apply blacklisting techniques on the server for the new applications.

D. Back up the server after installing the new application.

See if you're correct here.




Monday, January 9, 2017

New Year's Resolution

Did you create a New Year's resolution?

Not this year, but last year.

If so, do you remember what it was? Most people don't.

People create a New Year's resolution with the best of intentions, but after a short time they forget it. Studies (such as the one done by Richard Wiseman) indicate that 88% of New Year's resolutions fail.



Do You Want Success Instead?

One of the reasons why resolutions fail is because they are generic. For example, someone might set a resolution of improving their career by earning more certifications.

If you want to really implement a change in your life, you can do so by setting a goal instead of creating a resolution. At a minimum, an effective goal states two things:


  • What you want
  • When you want it

As an example, if you want to get a security certification, you can set this goal:

I will earn the Security+ certification by midnight March 1, 2017. 

or

“I will earn the SSCP certification by midnight April 15th.”

or

“I will earn the CISSP certification by midnight May 15th.”

Creating Effective Goals the SMART way

During my time in the Navy, trainers taught me that effective goals are SMART:
  • Specific. State exactly what you want. For example, instead of setting the goal: “I want a certification,” set a goal of “I want to earn the Security+ certification.”
  • Measurable. Goals are specific enough so that anyone, including you, can tell when you’ve achieved it. For example, after taking and passing the Security+ exam, you’ll have the certificate that you can show to anyone.
  • Achievable. If you’re working in an IT job or pursuing one and have relevant Networking knowledge, it is achievable to earn the Security+ certification, often in 30 days or less.
  • Realistic. The Security+ exam is difficult, but I hear from people almost every day telling me that they've passed the exam using the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide and/or study packages on this site. With the relevant networking knowledge and the right study materials, this exam is within reach of anyone willing to take the time to study.
  • Time-limited. A date identifies when you expect to achieve the goal. This helps spur you to action and enables you to evaluate your progress.
For example, this is a SMART goal:

I will earn the Security+ certification by midnight March 1, 2017.

You can modify your goal substituting any other certification such as CASP, CCNA, or anything else you like. Similarly, you can change the date to something that is achievable based on your current knowledge and the certification.

Do You Want the Security+ Certification?

If you want to get the Security+ certification, I want to help. For a limited time, you can get the Security+ Full Study Package for only $39.99, almost 30% off the normal price of $55.98.

This package includes:
  • 525 practice test questions
    • 468 multiple-choice practice test questions.
    • Ten sets of performance-based questions (total of 57 questions)
  • Almost six hours of audio
  • 553 online flashcards and Remember This slides
  • End of chapter reviews from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide to remind you of key testable material
Sale ends Jan 14th.

If you don't have the study guide, you might like the Full Security+ Course instead. It's only $63.87 (a full 30%) until Jan 14th. It includes everything in the Security Full Study Package and also includes the full text of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide in an online study package.

No matter what you're pursuing though, I hope you achieve it.

If you're one of the people that set a New Year's resolution, you might find that it is already fading into the noise of the New Year. If you want to give it new life, change it into an effective goal. This will give you much better chance of ending the year as part of the 12% that achieves their New Year's resolution.

Friday, January 6, 2017

Comparing Full Duplex & Half Duplex Connections

Are you planning to take the Network+ exam? See if you can you answer this question.

Q. What is created by separate switch ports?

A. Collisison domains

B. Broadcast domains

C. VLAN

D. ACL

Check out the answer along with a full explanation here.


Tuesday, January 3, 2017

Hardware-Based Encryption Devices

Are you planning to take the Security+ exam? Do you know the differences between various hardware-based encrypt devices?

See if you can answer this sample question.

Q. You are comparing different encryption methods. Which method includes a storage root key?

A. HSM

B. NTFS

C. VSAN

D. TPM

Even if you know the correct answer, do you know why the other answers are incorrect?

Check out the answer and get a full explanation here.