CISSP Practice question #133

What would not be part of our server hardening before we promote a new server to production.
A: Apply all patches.
B: Disable unused ports.
C: Disable non-required services.
D: Open all ports.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


“D: Leaving ports open is the opposite of server hardening. When we receive or build new systems they often are completely open, before we introduce them to our environment we harden them. We develop a long list of ports to close, services to disable, accounts to delete, missing patches and many other things.

show less

Continue Reading

CISSP Practice question #132

Smurf attacks happen on which OSI layer?
A: 1
B: 2
C: 3
D: 4

CBK 4: Communication and Network Security
Source: ThorTeaches.com practice tests

Answer


C: The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. ICMP is a layer 3 protocol.

show less

Continue Reading

CISSP Practice question #131

Data owner should:
A: Make the policies, procedures and standards that govern our data security.
B: Perform the backups and restores.
C: Be trained in the policies, procedures and standards.
D: Assign the sensitivity labels and backup frequency of the data.

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: Data/Information Owner: Management level, they assign sensitivity labels and backup frequency. This could be you or a Data Owner from HR, Payroll or other departments.

show less

Continue Reading

CISSP Practice question #130

CASE software is classified into 3 categories, which are they?
A: Tools, workbenches and environments.
B: Tools, environments and scenarios.
C: Workbenches, environments and scenarios.
D: Workbenches, use cases and tools.

CBK 8: Software Development Security
Source: ThorTeaches.com practice tests

Answer


A: CASE (Computer-Aided Software Engineering) software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process.

show less

Continue Reading

The 13 most valuable IT certifications today

The 13 most valuable IT certifications today

Looking for a leg up in your IT career? IT certifications remain a proven way to quickly gain valuable skills and demonstrate deeper interest and know-how in a domain that will further your career.

Certifications and skills can help boost your salary, set you apart from the competition and help you land promotions in your current role. A survey from Global Knowledge found that 83 percent of IT professionals in the U.S. and Canada hold an IT certification — and in the U.S. the average salary for a certified IT professional is on average $8,400 (or 11.7 percent) higher.

Hiring certified professionals is also beneficial for employers. Of those surveyed, 44 percent of IT decision-makers say certifications result in employees performing work faster, 33 percent said it results in more efficiency when implementing systems and 23 percent say it helps deploy products and services faster with fewer errors.

Here are the 13 trending skills and certifications for tech workers in the new year.

The 13 top-paying certifications of 2018

  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)
  • AWS Certified Solutions Architect – Associate
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Project Management Professional (PMP)
  • Citrix Certified Professional – Virtualization (CCP-V)
  • Citrix Certified Associate – Networking (CCA-N)
  • VMware Certified Professional 6 – Data Center Virtualization (VCP6-DCV)
  • Citrix Certified Associate – Virtualization (CCA-V)
  • ITIL v3 Foundation
  • CompTIA Project +
  • Cisco Certified Network Professional (CCNP) Routing and Switching

Source: www.cio.com/article/2392856/it-skills-training/careers-staffing-12-it-certifications-that-deliver-career-advancement.html

Continue Reading

CISSP Practice question #129

Using type 3 authentication we talk about all of these terms except which?
A: FAR.
B: CER.
C: FRR.
D: CRR.

CBK 5: Identity and Access Management
Source: ThorTeaches.com practice tests

Answer


D: Something you are – Type 3 Authentication (Biometrics), uses Errors for Biometric Authentication: FRR (False rejection rate), FAR (False accept rate) and CER (Crossover Error Rate).

show less

Continue Reading

CISSP Practice question #128

In our BCP which team is defined as responsible for the dealing with the disaster when it happens?
A: Rescue.
B: Recovery.
C: Salvage.
D: All of these.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Rescue team (activation/notification): Responsible for dealing with the disaster as it happens. Evacuate employees, notifies the appropriate personnel (call trees) pull the network from the infected server or shut down systems, and initial damage assessment.

show less

Continue Reading

CISSP Practice question #127

An attacker is using fragmentation to avoid our IPS, what is that?
A: Breaking the data into segments.
B: Sending traffic on a well-known TCP port, where we would not expect the malicious traffic.
C: Have many different agents use different IPs and ports.
D: Change the attack signature.

CBK 7: Security Operations
Source: ThorTeaches.com practice tests

Answer


A: Fragmentation: Sending fragmented packets, the attack can avoid the detection system’s ability to detect the attack signature.

show less

Continue Reading

IT Scholarships for Women | Center for Cyber Security and Education

IT Scholarships for Women | Center for Cyber Security and Education

(ISC)² WOMEN’S SCHOLARSHIPS NOW OPEN!

Applications will close at 11:59 PM on March 1, 2018

Award notifications will be made the week of April 16th 2018

Scholarships to inspire women to join the ever-growing field of Information Security   

The application period for the (ISC)² Women’s and Raytheon’s Women in Cybersecurity Scholarships is now open. Applications will be accepted for Undergraduate Scholarships beginning February 1, 2018, and Graduate Scholarships on March 1, 2018. For details on the Raytheon’s Women in Cyber Security Scholarship click here

BOTH CENTER WOMEN’S AND RAYTHEON SCHOLARSHIP APPLICANTS: CLICK HERE TO APPLY

You will need to submit an application for the Undergraduate or Graduate Scholarships in order to be considered for one of those awards, applications will NOT be automatically transferred. You will be able to import your Women’s/Raytheon application information and documents directly into the Undergraduate or Graduate application. Just click on the link for the appropriate scholarship and look for the import button on the top right of your dashboard.   Learn how to apply

Source: iamcybersafe.org/scholarships/womens-scholarships/

Continue Reading

(ISC)² Cybersecurity Workforce Shortage Continues to Grow Worldwide, to 1.8 Million in Five Years

(ISC)² Cybersecurity Workforce Shortage Continues to Grow Worldwide, to 1.8 Million in Five Years

Attracting and Retaining Millennial Workers Vital to Closing the Gap

Clearwater FL, February 13, 2017 — According to new research from the Center for Cyber Safety and Education™ (the Center) — part of its eighth Global Information Security Workforce Study (GISWS) – sponsored by (ISC)²® and Booz Allen Hamilton, a serious talent shortage looms in the information security workforce. The survey and analysis, which includes feedback from over 19,000 information security professionals worldwide, indicates that employers must look to millennials to fill the projected 1.8 million information security workforce gap that is estimated to exist by 2022.  This is an increase of 20 percent from the 1.5 million worker shortfall forecast by the 2015 GISWS.

Source: www.isc2.org/News-and-Events/Press-Room/Posts/2017/02/13/Cybersecurity-Workforce-Shortage-Continues-to-Grow-Worldwide

The 2017 GISWS Millennial analysis can be viewed here: https://iamcybersafe.org/research_millennials/

Continue Reading