CISSP Practice question #63

A surge is when:
A: We have a long loss of power.
B: We have a short loss of power.
C: We have a long low voltage period.
D: We have a long high voltage period.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


D: Power Fluctuation Terms: Surge – Long high voltage.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #62

We are blocking unused ports on our servers as part of our server hardening, when we block TCP port 23, what are we blocking?
A: FTP data transfer.
B: FTP control.
C: SSH.
D: Telnet.

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


D: Telnet: Remote access over a network. Uses TCP port 23, all data is plaintext including usernames and passwords, should not be used. Attackers with network access can easily sniff credentials and alter data and take controls of telnet sessions.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #61

In our access control implementations and looking at the IAAA model what could we use for authentication?
A: Their username.
B: A password.
C: Role based access control.
D: Non-repudiation.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


B: Authentication: Something you know – Type 1 Authentication (passwords, pass phrase, PIN etc.). Something you have – Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.). Something you are – Type 3 Authentication (and Biometrics) (Fingerprint, Iris Scan, Facial geometry etc.).

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security from TechBeacon: “Why we need more women in cybersecurity”

Why we need more women in cybersecurity

Why we need more women in cybersecurity

It has been estimated that more than 1 million security jobs worldwide are unfilled. Further, (ISC)2 reports that of the currently employed cybersecurity professionals, women represent only 11 percent of the workforce. The unfilled cybersecurity jobs aren’t just a staffing issue; they’re a matter of national security, and women can help us solve the problem quickly.

Source: techbeacon.com/why-we-need-more-women-cybersecurity

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

From (ISC)² Endorsement Demystified

(ISC)² Endorsement Demystified

Following the jubilant moment of finding out you have achieved a passing score on your (ISC)² exam, you’re now ready for the endorsement process – but what does that actually mean? First, believe us when we say that the hard part is over! You’ve already passed the exam, and there’s no reason to be anxious or delay your endorsement. Especially if you’ve heard any of the endorsement myths below we are about to bust. Endorsement isn’t important It sure is! Becoming a certified member of (ISC)² is more than simply passing an exam, no matter how rigorous and challenging that…

Source: blog.isc2.org/isc2_blog/2017/11/isc²-endorsement-demystified.html

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #60

If we plan to use what we find in our digital forensics in a court of law, what should the evidence not be?
A: Accurate.
B: Authentic.
C: Admissible.
D: Altered.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


D: The evidence we collect must be accurate, complete, authentic, convincing, admissible.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

IT Security from Forbes: “Cybersecurity skills shortage creating hiring chaos”

Cybersecurity skills shortage creating hiring chaos

Here’s a quick review of some of the cybersecurity skills shortage data I’ve cited about in recent blogs:

  1. According to ESG research from early 2017, 45 percent of organizations claim to have a problematic shortage of cybersecurity skills.
  2. In a recent research project conducted by ESG and the information systems security association (ISSA), 70 percent of cybersecurity professionals say the cybersecurity skills shortage has had an impact on their organization. The skills shortage has led to an increasing workload on existing staff, the need to hire and train junior employees due to the lack of experienced talent, and a situation where the cybersecurity staff spends most of its time on emergency issues and very little time on proactive strategic planning or training.
  3. When asked to identify factors that contributed to past security incidents, 22 percent said their cybersecurity team was not large enough for the size of their organization, while 18 percent stated that the cybersecurity team cannot keep up with the workload.
  4. More than two-thirds (67 percent) of cybersecurity professionals claim they are too busy with their jobs to keep up with skills development and training.

So, in aggregate, many organizations are understaffed, many lack some (or many) types of advanced cybersecurity skills, and the staff is too busy to invest time in continuing education to keep up with the latest threats. Yikes!

Huge demand for cybersecurity talent

CISOs recognize these issues and many organizations are actively hanging a “help wanted” sign to find cybersecurity talent. Unfortunately, it is exceedingly difficult to bring new people onboard. Why? Experienced cybersecurity professionals are in high demand, so organizations are engaged in a battle royale to coax them away from their present employers and outbid others for their services.

Source: www.csoonline.com/article/3238745/security/cybersecurity-skills-shortage-creating-recruitment-chaos.html

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #59

Which type of ATSM standard gate would you have at your house?
A: Class I.
B: Class III.
C: Class IV.
D: Class XI.

CBK 3: Security Engineering
Source: ThorTeaches.com practice tests

Answer


A: Gate ATSM Standards: Class I Residential (your house).

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #58

Which of these indicates the average time between hardware failures?
A: MTBF.
B: MTTR.
C: MOR.
D: MTD.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: MTBF (Mean Time Between Failures): How long a new or repaired system or component will function on average before failing, this can help us plan for spares and give us an idea of how often we can expect hardware to fail.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading

CISSP Practice question #57

Which low tech or no tech attack can often be just as successful at very technical attacks?
A: DDOS.
B: Social engineering.
C: Trojan.
D: Worm.

CBK 6: Security Assessment and Testing
Source: ThorTeaches.com practice tests

Answer


B: Social engineering can often be just as successful as more technical attacks, people want to be helpful.

show less

IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

Continue Reading