Monday, August 28, 2017

Data Handling and Labeling

Are you planning to take the Security+ exam? If so make sure you're familiar with data handling and labeling policies. As an example, see if you can answer this sample question.

Q. Security personnel recently released an online training module advising employees not to share personal information on any social media web sites that they visit. What is this advice MOST likely trying to prevent?

A. Spending time on non-work-related sites

B. Phishing attack

C. Cognitive password attacks

D.Rainbow table attack

See if you're correct, and view the full explanation here.


Friday, August 25, 2017

SY0-501 Study Guide

Woo Hoo! I've been working on the SY0-501 Study Guide for a few months now, but gratefully, the end is in sight.

I've finished the content for the last chapter and expect everything to move much quicker at this point. I still need to do another pass through it, but expect to pass it to the technical editor today or tomorrow at the latest. I'm also thankful that so many talented people are working behind the scenes to help me with this.

Check out this blog post for details on the study guide and a list of some of the differences in the objectives.

Monday, August 21, 2017

Social Engineering and Security+

Are you planning to take the Security+ exam? If so, make sure you understand common social engineering tactics.

See if you can answer this sample question.

Q. Lisa is a database administrator and received a phone call from someone identifying himself as a technician working with a known hardware vendor. The technician said he’s aware of a problem with database servers they’ve sold, but it only affects certain operating system versions. He asks Lisa what operating system the company is running on its database servers. Which of the following choices is the BEST response from Lisa?

A. Let the caller know what operating system and versions are running on the database servers to determine if any further action is needed.

B. Thank the caller and end the call, report the call to her supervisor, and independently check the vendor for issues.

C. Ask the caller for his phone number so that she can call him back after checking the servers.

D. Contact law enforcement personnel.

See if you are correct (and view the full explanation) here.


Friday, August 18, 2017

Security+ and Application Attacks

Are  you planning to take the Security+ exam? If so, make sure you understand application attacks. For example, see if you can you answer this practice test question?

Q. An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

A. Buffer overflow

B. Zero-day attack

C. Fuzzing

D. Session hijacking

See if you're correct, and view the full explanation here.


Friday, August 11, 2017

Security+ and Digital Signatures

Are you planning to take the Security+ exam? If so, make sure you understand cryptography topics such as digital signatures.

See if you can answer this Security+ practice test question.

Q. Lenny and Carl work in an organization that includes a PKI. Carl needs to send a digitally signed file to Lenny. What does Carl use in this process?

A. Carl’s public key

B. Carl’s private key

C. Lenny’s public key

D. Lenny’s private key

See the answer and the full explanation here.


Monday, August 7, 2017

/32 CIDR Notation in an ACL

Are you preparing to take the Security+ exam? If so, make sure you know how to craft rules in firewall and router ACLs. As an example, see if you can answer this question.

Q. You need to configure a firewall to allow traffic from Homer's computer to all of the servers within the 192.168.8.0/24 network. The following graphic shows a partial network diagram. Click it to view the image in full size.



Which of the following choices is the BEST to identify the source in the ACL rule?

A. 192.168.5.5/24

B. 192.168.5.5/32

C. 192.168.10.0/24

D. 192.168.10.0/32

See if you're correct (and view the full explanation) here.

Friday, August 4, 2017

Comparing Risks & Vulnerabilities

Are you planning to take the Security+ exam? If so, make sure you understand concepts such as risks and vulnerabilities.

For example, can you answer this question?

Q. Which of the following is most closely associated with residual risk?

A. Risk acceptance

B. Risk avoidance

C. Risk deterrence

D. Risk mitigation

E. Risk transference

See if you're correct (and read the full explanation) here.