Monday, January 29, 2018

Protecting PII

Are you planning to take the SY0-401 or the SY0-501 Security+ exam? If so, make sure you have a basic understanding of privacy concepts.

As an example, see if you can answer this sample practice test question:

Q. Your organization has decided to increase the amount of customer data it maintains and use it for targeted sales. However, management is concerned that they will need to comply with existing laws related to PII. Which of the following should be completed to determine if the customer data is PII?

A. Privacy threshold assessment
B. Privacy impact assessment
C. Tabletop exercise
D. Affinity scheduling

More, do you know why the correct answer is correct and the incorrect answers are incorrect?

Check out the answer here.



Monday, January 22, 2018

Biggest Cybersecurity Threat

Do you know what many experts are referring to as the biggest cybersecurity threat?

You may be surprised.

Check out this sample Security+ practice test question to see if you can answer it. It also gives a hint of what may be the biggest security threat for any organization.

Q. The CEO of a company recently received an email. The email indicates that her company is being sued and names her specifically as a defendant in the lawsuit. It includes an attachment and the email describes the attachment as a subpoena. Which of the following BEST describes the social engineering principle used by the sender in this scenario?
A. Whaling
B. Phishing
C. Consensus
D. Authority

The answer and explanation is here, along with a short discussion of what many organizations consider the biggest security threat.


Monday, January 8, 2018

Security+ and Database Concepts

Are you planning to take the SY0-501 Security+ exam? If so, you should understand some database concepts that weren't tested in the SY0-401 exam.

See if you can you answer this question?

Q. Database administrators have created a database used by a web application. However, testing shows that the application is taking a significant amount of time accessing data within the database. Which of the following actions is MOST likely to improve the overall performance of a database?

A. Normalization

B. Client-side input validation

C. Server-side input validation

D. Obfuscation

Check out the answer and full explanation here.


Tuesday, January 2, 2018

IDSs and IPSs on the Security+ Exam

Are you planning to take the Security+ exam? If so, make sure you know about IDSs and IPSs.
For example, can you answer this question?

Q. A HIDS reported a vulnerability on a system based on a known attack. After researching the alert from the HIDS, you identify the recommended solution and begin applying it. What type of HIDS is in use?

A. Network-based

B. Signature-based

C. Heuristic-based

D. Anomaly-based

Check out the answer and explanation here.