Subtle Word Choices on Security+

If you're planning to take the SY0-501 version of the Security+ exam, you may run across questions with subtle word choices. For example, a question could have one answer correct. However, a subtle change in a phrase in a question would make that answer incorrect.

Consider this question that was recently added to the gcgapremium.com site:

Q. Your organization is planning to implement SELinux in enforcing mode as a mandatory access control (MAC) model. Which of the following roles will specify the subjects that can access certain data objects?

A. Administrator

B. System

C. Owner

D. User

Do you know the answer? More, do you know why the correct answer is correct and why the incorrect answers are incorrect? Check out the answer and explanation here.

Security+ and Symmetric Encryption Concepts

Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data. If you're planning to take the SY0-501 exam, you should have a basic understanding of cryptography concepts such as cipher types and cipher modes.

Can you answer this Sample Security+ practice test question?

Q. Which of the following is a symmetric encryption algorithm that encrypts data 1 bit at a time?

A. Block cipher

B. Stream cipher

C. AES

D. DES

E. MD5

Check out the answer and full explanation here.

Russian Hacking

Russian hacking was exposed in a detailed indictment of 12 Russians by the US Department of Justice (DoJ). While reading through it I was intrigued at how the indictment laid out methods that the Russians used in clear and simple English.

Reading through the indictment, it gave all the classic indications of an advanced persistent threat (APT), the indictment never said so. Instead it indicated the attacks came from Units 26165 and 74455, which are part of a Russian military agency called the Main Intelligence Directorate of the General Staff. This is commonly abbreviated as GRU.

Read more about it here.

Digital Certificates and Security+

Are you planning to take the either the SY0-501 or the SY0-401 version of the Security+ exam?

If so, make sure you understand some basics about certificates, including what they contain.

As an example, see if you can answer this sample Security+ question.

Q. You are examining a certificate received from a web server used for secure transport encryption. Which of the following items will you be able to see in the certificate. (Choose TWO.)

A. The server’s private key
B. The CAs public key
C. The OID
D. The server’s public key
E. The CSR

See if you're correct (and view the full explanation) here.

Security+ Questions with 8 Possible Answers

Are you preparing for the CompTIA SY0-501 Security+ exam?

If so, you might like to that you may see more than just 4 possible answers.

Some people are reporting that they're seeing as many as  6 or 8 multiple choice answers in multiple choice questions. And you are typically required to pick multiple correct answers.

Check out this practice test question as an example:

Q. You suspect that an attacker is performing a reconnaissance attack against servers in your organization’s DMZ. The attacker is attempting to gather as much information as possible on these servers. You decide to check the logs of these servers to determine if the attacker is attempting a banner grabbing attack. Which of the following commands MOST likely indicate that the attacker is launching a banner grabbing attack? (Select FOUR.)

A. netcat
B. ipconfig
D. ping
E. arp
F. grep
G. tcpdump
H. nmap
I. telnet

Do you know the answers? Check out this blog post to see if you're correct.

Baseline Deviations and Security+

Are you planning to take the SY0-401 or SY0-501 Security+ exam?

If so, you should understand how baselines can be used to identify changes or deviations.

See f you can answer this sample practice test question.

Q. Network administrators have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer.

You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of applications from the master image, you verify this application is very likely the problem.

What allowed you to make this determination?

A. Least functionality

B. Sandbox

C. Blacklist

D. Integrity measurements

See if you're correct (and view a full explanation here). 

Security+ Personnel Management Policies

Are you planning to take the Security+ exam? If so, you might like to review some common personnel management policies.

See if you can answer this sample question.

Q. After a major data breach, Lisa has been tasked with reviewing security policies related to data loss. Which of the following is MOST closely related to data loss?

A. Clean desk policy

B. Legal hold policy

C. Job rotation policy

D. Background check policy

Read the full explanation (and see if you're correct) here.

Common Malware Names and Security+

Are you planning to take the SY0-501 Security+ exam? If so, you might like to review some information on malware names.

Check out this sample Security+ practice test question that was recently added to the Extras quiz for the online SY0-501 practice test questions.

Q. You are troubleshooting a computer that is displaying erratic behavior. You suspect that malicious software was installed when the user downloaded and installed a free software application. You want to identify the name of the malware and you run the following netstat command from the command prompt:

C:\WINDOWS\system32>netstat -nab > netstat.txt

After opening the text file you see the following information.

Based on the output, what type of malware was most likely installed on the user’s computer?

A. Worm

B. Logic bomb

C. Ransomware

D. RAT

E. Crypto-malware

F. No malware is indicated

Check out the answer and full explanation here.

Understanding Network Separation

Are yo planning to take the Security+ SY0-401 or SY0-501 exam?

If so, see if you can answer this sample question.

Q. You are tasked with configuring a switch so that it separates VoIP and data traffic. Which of the following provides the BEST solution?

A. NAC

B. DMZ

C. SRTP

D. VLAN

Check out the answer and full explanation here.

Vulnerability Assessment Tools

Are you planning to take the SY0-401 or SY0-501 Security+ exam?

If so, see if you can answer this practice test question.

Q. You suspect that a user is running an unauthorized AP within the organization’s building. Which of the following tools is the BEST choice to see if an unauthorized AP is operating on the network?

A. Rogue system

B. Wireless scanner

C. Password cracker

D. Penetration test

Security+ and Physical Security Controls

Are you planning to take the SY0-501 or SY0-401 Security+ exam? If so, make sure you have a basic understanding of security controls including physical security controls.

 See if can answer this sample Security+ question

Q. Management within your organization wants to create a small network used by executives only. They want to ensure that this network is completely isolated from the main network. Which of the following choices BEST meets this need?

A. Airgap

B. Mantrap

C. Control diversity

D. Infrared motion detectors

Check out the answer and full explanation here.

Security+ and Log Entries

Are you preparing for the SY0-401 and SY0-501 Security+ exam? If so, you might like to review some information on log entries.

As an example, consider the following Security+ practice test question that I recently added to the test banks on the gcgapremium.com site.

Q. Your IPS recently raised an alert from the following log entry on of your organization’s web servers:

04/23/18 23:13:50 httpd: GET /wp/forms/process.php?input=cd%20../../../etc;cat%20shadow

Based on this log entry, which of the following is MOST likely occurring

A. False negative

B. XSS attack

C. Command injection attack

D. Password attack

E. Buffer overflow attack

Can you answer it? Check out the answer and full explanation here.

NAC Systems and Security+

Are you preparing for the SY0-501 or SY0-401 Security+ exam? If so, you should have a basic understanding of network components that support organizational security. This includes using NAC systems to verify computers meet preset security conditions.

See if you  can answer this sample Security+ question.

Q. Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following agents would the NAC MOST likely have?

A. Permanent

B. Health

C. RADIUS

D. Dissolvable

Check out the answer and full explanation here.

Security+ and Proxy Servers

Are you planning to take the SY0-401 Security+ or SY0-501 Security+ exam?  If so, make sure you understand basic network components.

As an example, see if you can answer this sample Security+ question.

Q.  Management at your organization wants to prevent employees from accessing social media sites using company-owned computers. Which of the following devices would you implement?

A. Transparent proxy

B. Reverse proxy

C. Nontransparent proxy

D. Caching proxy

Check out the answer and explanation here.

Security+ and Penetration Testing

Are you planning to take the SY0-501 or SY0-401 Security+ exam. If so, make sure you understand some basic penetration testing concepts.

As an example, see if you can answer this sample question?

Q. A penetration tester has successfully attacked a single computer within the network. The tester is now attempting to access other systems within the network via this computer. Which of the following BEST describes the tester’s current actions?

A. Performing reconnaissance

B. Performing the initial exploitation

C. Pivoting

D. Escalating privileges

Check out the answer (and full explanation) here.

Security+ and Secure Coding

The CompTIA Security+ exam includes many concepts related to secure coding techniques. If you're planning to take the SY0-401 or the SY0-501 Security+ exam, you should have a basic understanding of techniques such as proper error handling, input validation, and more.

As an example, can you answer this sample SY0-501 practice question?

Q. You are reviewing some Java code for an application and come across the following snippet:

You suspect that this will cause a problem. Which of the following BEST describes the problem?

A. NullPointerException

B. Invalid null assignment

C. Pointer dereference

D. Buffer overflow

Check out this page to see if you're correct (and see the full explanation).

Security+ and High Availability

For example, can you answer this question?

Q. Your organization is planning to deploy a new e-commerce web site. Management anticipates heavy processing requirements for a back-end application. The current design will use one web server and multiple application servers. Which of the following BEST describes the application servers?

A. Load balancing

B. Clustering

C. RAID

D. Affinity scheduling

Watch Out For This IRS Tax Scam

The IRS is warning people about another IRS tax scam. It's already hit several thousand people and based on its success so far, it will probably continue.

• Criminals use stolen client data from tax professionals and use them to file fraudulent tax returns.
• In the tax return, they ask the IRS to deposit the money into the taxpayer's bank account (or sometimes send a check).
• Criminals then demand that the money be returned.

Check out the details here.

Security+ and PKIs

Are you planning to take the SY0-401 or SY0-501 exam? If so, make sure you understand some basic PKI concepts. As an example, can you answer this sample Security+ practice test question?

Q. An organization hosts several web servers in a web farm used for e-commerce. Due to recent attacks, management is concerned that attackers might try to redirect web site traffic, allowing the attackers to impersonate their e-commerce site. Which of the following methods will address this issue?

A. Stapling

B. Perfect forward secrecy

C. Pinning

D. Key stretching

Check out the answer and full explanation here.

Cloud Computing

Are you planning to take the SY0-401 or SY0-501 Security+ exam?

Can you answer this sample Security+ practice test question?

Q. The Shelbyville Nuclear Power Plant stores some data in the cloud using its own resources. The Springfield school system also has a cloud using its own resources. Later, the two organizations decide to share some of the educational data in both clouds. Which of the following BEST describes the cloud created by these two organizations?

A. Community

B. Private

C. Public

D. PaaS

See if you're correct, and read the full explanation here.

Check out the answer (and the full explanation) here.

Protecting PII

Are you planning to take the SY0-401 or the SY0-501 Security+ exam? If so, make sure you have a basic understanding of privacy concepts.

As an example, see if you can answer this sample practice test question:

Q. Your organization has decided to increase the amount of customer data it maintains and use it for targeted sales. However, management is concerned that they will need to comply with existing laws related to PII. Which of the following should be completed to determine if the customer data is PII?

A. Privacy threshold assessment

B. Privacy impact assessment

C. Tabletop exercise

D. Affinity scheduling

More, do you know why the correct answer is correct and the incorrect answers are incorrect?

Check out the answer here.

Biggest Cybersecurity Threat

Do you know what many experts are referring to as the biggest cybersecurity threat?

You may be surprised.

Check out this sample Security+ practice test question to see if you can answer it. It also gives a hint of what may be the biggest security threat for any organization.

Q. The CEO of a company recently received an email. The email indicates that her company is being sued and names her specifically as a defendant in the lawsuit. It includes an attachment and the email describes the attachment as a subpoena. Which of the following BEST describes the social engineering principle used by the sender in this scenario?
A. Whaling
B. Phishing
C. Consensus
D. Authority

The answer and explanation is here, along with a short discussion of what many organizations consider the biggest security threat.

Security+ and Database Concepts

Are you planning to take the SY0-501 Security+ exam? If so, you should understand some database concepts that weren't tested in the SY0-401 exam.

See if you can you answer this question?

Q. Database administrators have created a database used by a web application. However, testing shows that the application is taking a significant amount of time accessing data within the database. Which of the following actions is MOST likely to improve the overall performance of a database?

A. Normalization

B. Client-side input validation

C. Server-side input validation

D. Obfuscation

Check out the answer and full explanation here.

IDSs and IPSs on the Security+ Exam

Are you planning to take the Security+ exam? If so, make sure you know about IDSs and IPSs.
For example, can you answer this question?

Q. A HIDS reported a vulnerability on a system based on a known attack. After researching the alert from the HIDS, you identify the recommended solution and begin applying it. What type of HIDS is in use?

A. Network-based

B. Signature-based

C. Heuristic-based

D. Anomaly-based

Check out the answer and explanation here.