Security+ and Basic Forensic Procedures

Are you planning to take the Security+ exam? If so, make sure you understand basic forensic procedures.

See if can you answer this sample question?

Q. Security personnel confiscated a user’s workstation after a security incident. Administrators removed the hard drive for forensic analysis, but left it unattended for several hours before capturing an image. What could prevent the company from taking the employee to court over this incident?

A. Witnesses were not identified.

B. A chain of custody was not maintained.

C. An order of volatility was not maintained.

D. A hard drive analysis was not complete.

Check your answer (and see the full explanation) here.

Mobile Device Security & Security+

Are you planning to take the Security+ exam? See if you can answer this sample practice test question.

Q.  Your company provides electrical and plumbing services to homeowners. Employees use tablets during service calls to record activity, create invoices, and accept credit card payments. Which of the following would BEST prevent disclosure of customer data if any of these devices are lost or stolen?

A. Mobile device management

B. Disabling unused features

C. Remote wiping

D. GPS tracking

Check out the answer and full explanation here.

Active VS Passive IDS Responses

Are you planning to take the Security+ exam?

If so make sure you know about many tools used in networks. For example, can you answer this question?

Q. A security company wants to gather intelligence about current methods attackers are using against its clients. What can it use?

A. Vulnerability scan

B. Honeynet

C. MAC address filtering

D. Evil twin

Check out the answer (and full explanation) here.

Beware Hurricane Related Scams

Beware of scammers that target both disaster victims and potential donors. US-CERT warns users to be watchful for various malicious cyber activity designed to take advantage of people after disasters.

As an example, you should exercise caution when handling emails related to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information, contain malicious attachments, or links to malware-infected websites.

Additionally, you should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.

Read more here...

Protocol IDs and Ports

Are you planning to take the Security+ exam? If so, make sure you know the relevant ports and protocol IDs.

See if you can answer this practice test question.

Q. You need to enable the use of NetBIOS through a firewall. Which ports should you open?

A. 137 through 139

B. 20 and 21

C. 80 and 443

D. 22 and 3389

Check out the answer (and full explanation) here.

Security+ and Networking Protocols

Are you planning to take the Security+ exam? If so, make sure you understand some basics related to networking protocols.

As an example, see if you can answer this sample Security+ Question?

Q. While reviewing logs on a firewall, you see several requests for the AAAA record of gcgapremium.com. What is the purpose of this request?

A. To identify the IPv4 address of gcgapremium.com

B. To identify the IPv6 address of gcgapremium.com

C. To identify the mail server for gcgapremium.com

D. To identify any aliases used by gcgapremium.com

See if you are correct and view the full explanation here.

Access Control Models and Security+

Are you planning to take the Security+ exam? See if you can you answer this Security+ practice test question:

Q. An organization has implemented an access control model that enforces permissions based on data labels assigned at different levels. What type of model is this?

A. DAC

B. MAC

C. Role-BAC

D. Rule-BAC

See if you're correct here?