CISSP Practice question #136

If we have no degasser or disk crusher in our organization what can we do with our old hard disks?
A: Since we have no means of destroying them, we have done our due care and we can recycle them with the rest of the electronic waste.
B: We can pay another company to do it.
C: We can overwrite all the functional disks and the rest we can ignore since they are damaged anyways.
D: We can throw them in a lake or the ocean.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


B: If we do not have the means for proper data destruction, we can pay another company to do so. They obviously have to be licensed to do so and adhere to all our security policies.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #135

In software testing a black box test would have how much information?
A: Just the software, no source code.
B: The software, source code, data structures and variables.
C: User logs, access entries and project plan.
D: A version of the software, but only the cripple ware version.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


A: Black box software testing: The tester has no details, just the software, they then test for functionality and security flaws.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

Cybersecurity Unemployment Rate Drops To Zero Percent

Cybersecurity Unemployment Rate Drops To Zero Percent

There’s a job for everyone with cybersecurity experience.

– Steve Morgan, Editor-In-Chief

The demand for cybersecurity professionals will increase to approximately 6 million globally by 2019, according to some industry experts cited by the Palo Alto Networks Research Center.

Earlier this year, Cybersecurity Ventures predicted there will be 3.5 million unfilled cybersecurity jobs by 2021, up from an estimate of 1 million by Cisco in 2014.

Almost anyone with cybersecurity experience and realistic salary expectations can find immediate employment. There may be a small percentage of the cyber workforce who are in between jobs, some who have resigned to explore new opportunities, and others who are unrealistic about which positions they qualify for (and the compensation commensurate with their experience) — but there’s an abundance of positions available for cybersecurity pros.

Cybercrime damages are predicted to cost the world $6 trillion annually by 2021, up from $3 trillion in 2015… and the world will spend $1 trillion cumulatively over the next five years from 2017 to 2021 on cybersecurity products and services to combat cybercrime. These figures suggest the cyber employment problem will get worse before it gets better.

We interviewed several industry experts who corroborate the unemployment rate, and share the recruiting challenges that come with it.

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #134

How many backup tapes would we use to restore all the data if we do weekly full backups Sunday at midnight and daily incrementals at midnight and the system fails Wednesday afternoon?
A: 2
B: 3
C: 1
D: 4

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


B: We would need the Sunday full tape, the incremental tapes from Monday and Tuesday night so 3 tapes total.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #133

What would not be part of our server hardening before we promote a new server to production.
A: Apply all patches.
B: Disable unused ports.
C: Disable non-required services.
D: Open all ports.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


“D: Leaving ports open is the opposite of server hardening. When we receive or build new systems they often are completely open, before we introduce them to our environment we harden them. We develop a long list of ports to close, services to disable, accounts to delete, missing patches and many other things.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #132

Smurf attacks happen on which OSI layer?
A: 1
B: 2
C: 3
D: 4

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


C: The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. ICMP is a layer 3 protocol.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #131

Data owner should:
A: Make the policies, procedures and standards that govern our data security.
B: Perform the backups and restores.
C: Be trained in the policies, procedures and standards.
D: Assign the sensitivity labels and backup frequency of the data.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: Data/Information Owner: Management level, they assign sensitivity labels and backup frequency. This could be you or a Data Owner from HR, Payroll or other departments.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #130

CASE software is classified into 3 categories, which are they?
A: Tools, workbenches and environments.
B: Tools, environments and scenarios.
C: Workbenches, environments and scenarios.
D: Workbenches, use cases and tools.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: CASE (Computer-Aided Software Engineering) software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

The 13 most valuable IT certifications today

The 13 most valuable IT certifications today

Looking for a leg up in your IT career? IT certifications remain a proven way to quickly gain valuable skills and demonstrate deeper interest and know-how in a domain that will further your career.

Certifications and skills can help boost your salary, set you apart from the competition and help you land promotions in your current role. A survey from Global Knowledge found that 83 percent of IT professionals in the U.S. and Canada hold an IT certification — and in the U.S. the average salary for a certified IT professional is on average $8,400 (or 11.7 percent) higher.

Hiring certified professionals is also beneficial for employers. Of those surveyed, 44 percent of IT decision-makers say certifications result in employees performing work faster, 33 percent said it results in more efficiency when implementing systems and 23 percent say it helps deploy products and services faster with fewer errors.

Here are the 13 trending skills and certifications for tech workers in the new year.

The 13 top-paying certifications of 2018

  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)
  • AWS Certified Solutions Architect – Associate
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Project Management Professional (PMP)
  • Citrix Certified Professional – Virtualization (CCP-V)
  • Citrix Certified Associate – Networking (CCA-N)
  • VMware Certified Professional 6 – Data Center Virtualization (VCP6-DCV)
  • Citrix Certified Associate – Virtualization (CCA-V)
  • ITIL v3 Foundation
  • CompTIA Project +
  • Cisco Certified Network Professional (CCNP) Routing and Switching

Source: www.cio.com/article/2392856/it-skills-training/careers-staffing-12-it-certifications-that-deliver-career-advancement.html

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #129

Using type 3 authentication we talk about all of these terms except which?
A: FAR.
B: CER.
C: FRR.
D: CRR.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


D: Something you are – Type 3 Authentication (Biometrics), uses Errors for Biometric Authentication: FRR (False rejection rate), FAR (False accept rate) and CER (Crossover Error Rate).

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading