when studying for your security plus you're going to want to make sure that you do a lot of practice questions in order to really see if you understand the concept now when I took this exam the Sy yo 71 it was a lot of scenario based questions in fact almost all of them were scenario-based questions so in this video we're going to be doing 50 of these practice questions now I try to model it after what the actual exam will look like if you can score an 80% on this you're probably going to be good on studying for your exam but I want to just remind you that this is just 50 questions and it doesn't cover every single thing in the exam objectives now the exam objectives is pretty vast and you can download it from comy it's absolutely free make sure you know everything in there if you enjoy these 50 questions and you like the way I'm presenting it please consider clicking on the links below check out my my Security Plus course on Udi or other platforms and also I have a whole bunch of practice questions about 550 of them and this is just going to be 50 of them that you can also check out check the links in description below also if you like this video give it a like subscribe to the channel let's get started on our practice questions so the first thing up we have now I'm going to be reading the question for you and then I'm going to be answering the question now I want to point out that I'm not going to stop the video to read the questions as you guys can see that I have this uh questions over here now what I do want to point out is you should pause the video as soon as I come to the question go ahead and pause the video so you could see the question like the way I'm seeing it here so pause it answer it and then let me read it and give you an explanation on it so let's go ahead and get started all right it says a security technician observes that the data centers racks are all accessible to all employees posing a risk to critical infrastructure what is the most appropriate physical control to mitigate this risk so first of all you got to understand this is some kind of a physical problem notice it says the data center server rack so this is the physical racks that holds the servers are accessible to all employees so that's no that's no good what is the most appropriate now notice it says physical control so in the exam objectives there's different categories and types of control make sure you know what physical controls are a implement the network intrusion detection system install locks on the server rack C update the antivirus software on the server conduct a risk assessment now let's go through this the an answer here is basically going to be uh B why is it B well pretty easy to understand here's why because notice it says physical control Network intrusion detection system that is a technical control that's a piece of hardware and software antivirus is also a technical control why because that's also hardware and software basically a piece of software conducting a risk assessment this is more of an administrative operational control this is more like policy based things so that is not considered a physical controls so for your exam make sure you know different kinds of controls different types of controls this is one of the first things in your exam objectives practice question number two a security professional notices an unusual pattern of outgoing traffic from a server hosting sensitive data the traffic suggest potential data exfiltration what technical control should be implemented in immediately to best address this issue so once again it's a question about controls now what is the problem here well the problem here is that they're stealing data data is leaving the organization so what can we do to stop this data and in particularly make sure to read the question they want a technical control install a firewall to Monitor and control incoming and outgoing narrow traffic that would actually solve the problem the reason is because a firewall is a technical control conducted a security awareness train this is more of an administrative control control so it's probably not that implement the biometric access to control a server room this is more physical now because they're actually stopping someone to physically entering the server room and it wouldn't stop data from leaving the organization outgoing traffic so this one wouldn't even solve the problem review and update the company security policy is more of administrative control best answer here once again is going to be where is that where's where's that pen right there best answer here is going to be firewalls because firewall is considered a technical type control practice question number three the company has faced several instances of tailg in where unauthorized individuals gain access by following employees into restricted area which the torrent keep in mind the torrent control would be effective in reducing the occurrence of tailgating so remember what tailgating is tailgating is when you walk through a door and the door doesn't shut behind you and somebody walks in with you let's say you have to go through a door and you have to use your company badge to get in because it's a restricted area so you put your you you place your badge maybe it beeps you in and it opens then you walk in and before the door locks somebody walks in behind you that's a form of tailgating now notice it doesn't really want them to stop the tailgating right notice the question is about DET torrent you have to understand what the torrent controls are the torrent controls are things that we're going to implement basically to scare people off from ruing the bad task or the illegal task or illegal activity install more surveillance cameras at all entry points okay that's good Implement stricter password policies that's not going to help you here the reason is because notice it's a deterent control and this is a physical problem this is more of a technical thing conduct a security regular security audits of the access control system that that's okay set up a software based IPS this is not going to work this is a technical control and this is more a physical problem so we can eliminate two we can eliminate B and C I'm sorry B and D but what about a and C now notice which one would scare people off that's what you have to ask yourself which one of these choices would scare people off and the best answer here that would scare people off is going to be a you see if you notice that this camera let's say you're a bad person and you're trying to break into the building and you notice that when you try to get in behind someone you're on camera all the time it may scare you off or quote unquote detour you but things that conducting regular security audits of the access control you probably wouldn't even know that they're doing that let's say you're a bad person you wouldn't even know they're doing that so this probably wouldn't scare you off practice question number four a smartphone user wants to access features not available in the standard operating system what method would enable this so in this particular one let's say you have your cell phone and you want to install software you want to manipulate the Opera system but the manufacturer restricting you like you would see on an iPhone well what can we do to ensure that we could gain access to all the administrative functions and install software maybe we shouldn't be installing exploiting database vulnerabilities probably not as this would be something very difficult to do and this would probably give you access more to data than it is the actual entire operating system U utilizing scripting vulnerabilities you really can't run money scripts on these phones jailbreaking is definitely the end answer so jailbreaking is basically a process where you overwrite or change the operating system on your mobile device in order to gain administrator functions on the device and this is very popular in iPhones and generally generally iPhone is very restricted you can't install uh applications that Apple doesn't want you to install but when you jailbreak it you basically have full control over the phone and you could do whatever you like with it direct software installation this here would be restricted as most I phone would restrict you from doing this so best answer here is jailbreaking now when I took this exam I had quite a few questions on this topic so make sure you know it for your T practice question number five a security professional is reviewing the security measures of a financial firm's data storage data storage system to ensure it aligns with the c and I of the CIA Triad which of the following actions would best ensure adherence to the cni now you have to know CIA what exactly is that now before I start this I want to mention that this exam is full of acronyms make sure you know your acronyms for your exam so CIA stands for confidentiality integrity and availability so in this one they're asking confidentiality and integrity so C and the no availability here so what can help us with basically confidentiality and integrity okay so en Crypton store data okay that works implementing a fire firewall that could probably help you with the c regularly updating software that could probably help you with the c and sometimes the OD conducting background checks on employees data on background checks on employees I'm not sure this is going to help you I'm going to eliminate that regularly updated software might stop your machines from getting hacked but I'm not sure how it's going to really affect CND it could sometimes or sometimes it cannot so I put this I put this question because I want to show you guys something sometimes you have choices that may answer the question somewhat and then you have choices that is a better answer so sometimes you're stuck between choices that are good and some choices are very good go with the very good answer data encryption in its native form is about confidentiality when you encrypt data only authorized people should be able to decrypt the data so that's encrypting data that serves the eye encryption also deals with hashen hashen is how we B basically do data Integrity for all systems how do you track if data has been modified make a hash of the data Mak an a the best of these answers practice question number six a security professional is Task would identify the discrepancies between the current security posture and the desired state of the security in their organization which process should the security professional undertake to identify these discrepancies we're analysis Gap analysis penetration testing or compliance auditing now you notice the question basically tedu once because you notice they say current security posture this could be known as the current state and you're trying to get to a desired state right so you want to go from current state to desired State how do we get there the best answer here is going to be Gap analysis now Gap analysis is when you look at well I'm here and I want to go here what's the gap between going here and here so I'm I'm 210 lbs right now and I want to be 180 lb so what's the Gap the Gap is 30 pounds a security professional looks at we want to right now our systems are here and we want to be here that's the you know how do we fill this Gap so that's exactly what this is risk assessment is going to identify all the things that can affect your system generally negative penetration testing will tell you is your security controls working as they should and compliance is basically going to tell you basically are you in compliance with certain laws and regulations practice question number seven a security professional is enhancing the physical security measures of a corporate building located in a busy downtown area with a focus on mitigating vehicle based threats which physical security measure is most suitable for protecting the building against potential vehicle raming attack while allowing pedestrian access so basically you have a building and you're scared that vehicles are just going to run into the building right Ram the building but what can we do when installing video surveillance cameras around the building it's not going to help you you can put all the cameras you want cameras don't cameras are detor and detective controls cameras are not preventive controls they can't prevent an attack if there's a camera here watching me right now nothing it can't stop me from stealing the microphone above me or taking this camera away from here cameras can't prevent me but they could scare me so this is more of a deterrent it's not going to you know stop the vehicle from Ram in the building implemented an access control vestibule Access Control vestibules are done basically to stop people from tailgating or piggy back in into a building Access Control vestibule is when you walk it's basically a twodo access let's say you want to get into a building there going to be two doors you're going to open one you're going to walk in and you're probably going to have to authenticate somehow generally somebody's going to have to watch you you have to show a badge you have to put in an ID code and then if you do it right then another door opens up so this is going to stop tailgate this is not for vehicle Ram in a build it erecting Bard so bards is what the answer here is because what this is is these are going to be those really really big and sometimes they come up to about 4 feet 5 feet tall sometimes 3 feet tall I said about 3 to four five ft and these come out of the ground sometimes you see them in front of big buildings sometime they put flowers in them so these are these big circular uh like cylinders that they put into the ground that'll stop the vehicle from ramming into the building enhancing the lighting around the building lighting is not going to stop it could be daylight and the vehicle is still going to run into the building practice question number eight a security technician is is proposing the implementation of a new firewall system in the organization The Proposal includes significant changes to the current current Network infrastructure before implementing a new firewall what is the first step the technicians should do before installing the new system so you're trying to get a new firewall system what's the first thing you're going to do conduct an impact analysis of the new system on current operations okay obtaining formal approval of the project from Senior Management okay scheduling a maintenance window for the implementation no you probably want to probably get approval or check the impact before that one preparing back out plan you would need approval before you even get to this one so the best answer here is going to be obtain an approval for the project from Senior Management generally for projects to work before you actually before you conduct things uh such as coming up with a maintenance window or backout plan or anything you need to get approval from management because management needs to say well yeah that makes sense to us or it doesn't make sense to us so the best answer here is obtain aining uh approval for management then doing a c and d practice question number nine which of the following team comb combined does both offensive and defense testing of a company's Network red teams white teams purple team and uh blue teams and purple teams so when you go work in security you're going to find that if you working in pure security not like your job is like helped us and system administration but if for security generally you work in blue or you work in Red so blue teams are teams that secure your networks if you work security analyst firewall administrator you are part of the blue team if you work as a pentester you're part of the red team combine them both and maybe you have a small organization where most people does many things if you're if you're one security guy that doesn't both testing and securing then you are known as part of the purple team so the purple team is the guys that does red and blue notice if you combine red and blue you get purple practice question 10 what should the security analyst do to ensure evidence is handled correctly chain of custody collection Handover and storage so when you collect evidence right you're working as a Security administrator there's been some kind of hack within the business something illegal that happened and you have to preserve that evidence right you want to make sure that that evidence is collected correctly you want to make sure it's stored correctly you want to make sure that it is analyzed correctly you want to make sure that there's no quote unquote changes the Integrity of the evidence the best way to do this is with the chain of custody so while collecting the evidence storing the evidence and even hand over the evidence is important this one here will do all of these this is the better answer of all of these things remember the chain of cust is basically a document that documents when the evidence was collected how it was collected who collected it what they did with it where where they put it how they analyzed it who analyzed it when they analyzed it when they put it back when it was presented to court and so on it basically keeps it's the chain of everything that happened to the evidence ever watch a law show when they say something like well the evidence was tempered with and now the evidence is thrown out the chain of custody ensures is's no tempering or illegal kind of modification or modifications that shouldn't be done to the evidence question 11 two Security Professionals are setting up a secure Communication channel between the organizations they need a secure way to establish a shared secret key for symmetric encryption what method should they use to securely exchange the symmetric key now I covered this extensively when I cover cryptography and in cryptography we talk about symmetric encryption even though symmetric encryption is incredibly secure and hard to crack if not impossible one of the problem is actually transfering that symmetric key because it is a shared key so we do discuss this solution so public key infrastructure for key exchange is not going to be the answer here the reason is because this does more than just transfer a symmetric key digitally send in the symmetric key over email you don't want that send in a symmetric key over email is going to expose it as email is generally sent in clear text using a asymmetric algorithm such as Dey Hamlin is going to be the best answer here asymmetric encryption is actually invented to pass symmetric keys and one of the first one was the Dey helmet algorithm make sure you know your different kind of algorithms for your exam such as RSA ECC Dey Helman are asymmetric things like uh AES is going to be symmetric so make sure you know your algorithms and know the pros and cons of symmetric versus symmetric versus hashen encrypting the key the the key using symmetric encryption and then sending it well the the whole point of it is they're trying to send the symmetric Keys encrypting it with another symmetric key is going to give you a problem how do you send that key now question 12 a security professional is responsible for securely storing user passwords in the database they need a method to protect the password from being exposed in case of a breach what technique should the security professional use to safeguard user passwords in the database digital signatures hashen file permissions and blockchain now we cover this also an encryption almost all passwords in today's world should never be stored in clear text in fact those things are going to be stored in a hashen format so basically all passwords are basically hashed remember what hashen it's a basically it's a one-way encryption basically you're going to take data create a cryptographic hash and then that hash represents the data the data change the hash will change all passwords in today's world is hashed learn more in the course now a digital signature here is not going to help even though a digital signature contains a hash it is encrypted with a sender's private key so there's nothing here but send in data it's just about password file permission file permission is not going to help as noticed it says store in the passwords in a database the database will then need access not a user generally file permission is going to be for user access a blockchain doesn't hide anything everything on a blockchain is actually exposed even though it does use hashen to keep track of the blockchain question 13 a security professional is managing a network with multiple SSL L TLS secured devices they need a mechanism to promptly revoke the trust of of a compromise certificate across all devices what technology should the professional use to maintain a list of revoked certificates that can be checked by clients now this one here is a pretty simple one because the answer is basically going to be certificate revocation list notice it does say that is revoked certificates now sometimes the exam is not going to be as clearcut as this I left this in here to show you guys that some sometimes the questions are very easy but sometimes they'll say the certificate would compromise what technology should be used well a certificate revocation list a revocation list is basically going to be a list of all compromise certificates that a certificate Authority has issued so if your certificate of a compromise it's going to appear on this list so people know not to use it a self sign certificate is not a compromised certificate it's a certificate generated in inside of an organization infer generally that organization usage a Certificate signning request is what you send to a CA to get your certificate signed and a third party certificate will come from places such as God that it's a third- party certificate not an internal certificate such as a self sign practice question 14 a security technician has noticed unusual behavior from an employee who has access to sensitive customer data the employee actions are suspicious indicated po potential malicious intent what type of threat actor is the employee most likely categorized as now in the exam objective for this course there is a list of different kinds of threats that you can have make sure you know them and this is the list these are the list of some of them notice this one this one here the employee actions so that tells me right away that this is going to be somebody inside of the organization which is an Insider threat organized crime is going to be groups of people that are organized think of the mobster here that tries to break in create malware create chaos or steal data from businesses nation states for example Russia having problems with United States Russia would be considered a nation state trying to hack the United States activist is basically an activist somebody who has a strong political belief but then using hackin in order to push their beliefs so that's a activist question 15 what type of Cyber attack occurs when employees of a company is tricked by a fake website that looks legitimate identity theft misinformation water and hole or spear fishion now notice in the question it says employees that means many of the employees is probably visiting a particular website and the website is trying to trick them to steal their information or steal some kind of data from them or do something malicious to them this basically describes what is known as a water and hole attack water and hole attack basically comes from literally the word water and Watering Hole think of a a desert where they have alligators inside of a of of like a little trench and the alligators live there when the animals comes to drink water the alligator bites them and kills them this is the same kind of concept with a water and hole attack attacker sets up a website that looks good that targets a set of particular folks or a set of employees from a company anytime the employees visit there to get information or to collaborate with each other they basically steal the information or have them click on links to install malicious Mal H the term water and Hool so notice it's basically people are coming and then they're getting bitten by the alligators just like like the uh other animals that would come to drink water from a watering hole this is not about identity theft there's nothing in a question it says they're stealing people's personal information there's no misinformation there's nothing here but them getting false information and spear fishing is basically them sending you emails that is targeted just to you vers that's not going to be this because this here says employees so they're targeting a large group of people 16 to quickly address the security vulnerability found in the firmware of an iot device what is the most effective action conduct the risk analysis patching Network restructuring or device upgraded now you want to make sure that you understand that what is iot device iot devices are anything that basically connects to the internet think of your your TV your fridge your coffee maker your watch any device that basically connects to a network is considered some form of an iot device anytime there's a vulnerability found on these devices the best thing to do is of course to patch the device patching the device is going to remove the vulnerability hopefully the manufacturer knows about this particular vulnerability conducting a risk assessment is going to help identify all the things that could affect it Network restructuring should not help this because if you leave the vulnerability it can still be affected you restructuring your network and not fixing the vulnerability leaves it vulnerable device upgrading I'm not sure how that's going to help you Chang the device or upgrading device May remove the vulnerability but the best thing here to do is just to patch it to remove that vulnerability right away not just change the device question 17 a security professional has noticed an increase in phone calls to employee where the caller poses as it support staff and request sensitive information such as login credentials some employees have unknown provided this information what technique is most likely being used use to deceive employees through phone calls now keep in mind this is something actually very common things these what attackers would do this is considered a former social engineer to steal your credential now it gives you a large part of what the answer is by right at the bottom where it says phone calls so if it's a phone call it's something you have to pick up the phone and speak so things like typo Squad in water and whole attacks is not going to work typo Squad in is when you mistype someone's domain name and it takes you to a bad website in other words they register mistype domain names and create malicious websites when you mistype it you're going to go to a bad website water and whole attackers when you set up a website that a lot of companies or a lot of particular people from a company go to or a group of people go to and then you infect their machines or you steal your data whaling is when you go after the CEO or the big fish in the business you're basically fishing the big fish in the business it's considered whaling vision is voice fish this is the only choice that deals with phone calls making this the best answer and just like fishing when they send you an email to steal your data vision is basically them calling you to steal your information question 18 to identify the Creator and creation date of a suspicious file found on a server what should a security analyst check the files hash value network activity log server access logs files metadata now first thing up we can eliminate the hash hash values is only going to show you if the file has been modified or changed network activity logs is going to show you network traffic across the network server access log is going to say who accessed the server none of these things would say who created the file the files metadata would would say who the Creator was when it was created you can access file metadata by just right clicking a file on your computer go to properties and you see all the different tabs there whenever was created when it was modified and some of them have additional properties saying who the Creator was making D the best answer question 19 a security profession is responsible for managing the virtualized infrastructure of a large organization they have heard about the concept of virtual machine escape and its potential security imp problem what term what does the term virtual machine Escape refer to in the context of virtual ization so they're basically asking what is VM escape the process of migrating a virtual machine from one host to another no that's literally called virtual machine migration or movement that's all that is a security Beach where malicious attacker gains control of the whole system from within a virtual machine correct so virtual machine Escape is when they execute a code in the VM to get over to the host machine for example let's say you have virtual box installed on your computer let's you have Windows box and you install a virtual box now imagine a malicious code executes in one of your VMS that code that you execute a malicious code that executed in the VM is now able to infect the host machine and take control of the host machine that's what VM Escape is that's what it describing our practice of cloning virtual machines no it's nothing used for backups the deployment of virtual machines across multiple physical Hol for that's called L balance so the best thing here this is a kind of malicious attack make sure you go through your exam objectives all those attacks you need to know what they are now don't forget I also in the description below I have a link to a quick study guide It's only 99 cents on Amazon that goes through gives you a brief description of all the exam objectives so you can check that out also it's only 99 Cents less than the price of a coffee nowadays question 20 an organization wants to enhance its security measures to prevent employees from inadvertently installing harmful application what is the most effective strategy regular malware scans vpm implementations implementing an application allow lless and user access list best answer here is going to be an application allow list now this is something that organizations should have basically it's what it says it is it's a list of application that these are the only apps that you can have allow that you can have installed on your computer everything else is disallowed so this would ensure that if somebody wants to install an application a they're going to check the list is that on the list no okay I can't do that regular malware scan is not going to work on this one the reason is because if the application is not malware wouldn't detect it a VPN is used to connect to remote sites user access control basically is to control what people have access to not what they can really install question 21 a security technician notices that a piece of malware is rapidly spreading through the organization Network creating copies of itself notice creating copies of itself and consuming network resources what type of malware is described in this scenario now the scenario describes a worm attack KNN for its ability to replicate correct so worms are basically self-replicating that's different than a virus most viruses need you to do something to make it replicate the scenario describ a troan attack knowns for a deceptive appearance Trojans when you get a troan it basically looks like legitimate M like a legitimate piece of software like you may go to a website and say Here's a free antivirus software and it looks like free antivirus and it may come with a company name that sounds good but it's not it's basically a virus but in this one notice it says creating copies of itself so it's basically replicating itself this crabs spy for its rapid SP spy does not rapid L spread generally in fixs one machine and it just watches all your activity a logic bomb KNN for consuming logic bomb may or may not consume large network resources logic bomb needs a detonation point it's a software you D it's a malicious software on a computer that after a certain time it it detonates and blows up it has some kind of generally like a timer like you download it you you get infected not downloaded so let's say you get infected and then like six month months later that's going to be a time one 6 months later it do it it detonates and wipes out all your data another thing a logic bomb could do it after if you go to a particular website that can activate it and can steal your data like you going to a banking website so this doesn't describe that this is more of a worm attack make sure you know the difference between these things such as troan worm virus logic bomb spyware for your exam as these are write out of those exam objectives a security engineer notices that several logs from a critical network devices such as firewalls and intrusion detection systems are missing for a period of several hours that's not good during which during which a security incident may have occurred what should the security engineer do to address it see if you have Missin log files that's generally not a good thing Missin log indicate that the devices were not generating any data you always generate data on a network Miss unlock be a sign of security incidents or potential uh breach of the login system the security engineer should investigate the cause of the missing logs yes now let me let me explain something to you anytime an attacker comes into an organization and steals data one of the things they want to do is to not get caught and one of the ways for them to clear their tracks is to delete the log files if you have gaps in your log files that can indicate that something malicious was going on and nobody wants you to the the attacker of bad people don't want you to see what they were doing the missing logs are result of log rotation not really you log rotation you should still archive them the published documentation regarding log storage is accurate and no action no you need to take action if you are missing log files practice question 23 as Security administrator responsible for securing servers and a data center they implement the security measure to control incoming and outgoing Network traffic on each server to protect against unauthorized access and network based attacks what hardening technique is a Security administrator primly implemented default password changes host based firewall encryption removal of unnecessary software or necessary software features now you got to read this one carefully you notice it says traffic on each server to protect against unauthorized access and network attacks so what can prevent Network attacks on each machine best answer is a host-based firewall now in the world of firewall you have what's called network-based firewall and host based firewall you probably have that at home if you have like your router that your ISP sent you that's going to be your network-based firewall but then if you use like a Windows box and you have Windows Firewall turned on that's going to be your host based firewall that protects the individual computer against attacks within the network there's nothing here about password changes or data needed to be encrypted and there's nothing here but software being removed so best answer host based firewall practice question 24 what is the primary characteristics of an on premises architectural model for hosting servers and data now on-prem basically means that you're storing data on your physical premises in the world of security or it there's what we call offprem and on-prem offprem is generally when you store data in the cloud and on-prem is when you store data in your local physical data centers so it's not relies on a third party that would be Cloud it's not Distributing the data it's about hosting data on servers within a physical facility generally within your data center serverless Computing is when you generally get cloud services where the cloud provider maintains the server for you and you just need to use it it's called serverless question 25 a security technician is responsible for implementing a threat detection mechanism in an IC use for managing a city's Water Treatment Plant stop right here what is IC you need to know acronyms for your exam the on the exam they're going to acronym Galore you they're going to kill you with acronyms you need to know them they're in the exam objective the study guide my course all goes through all the acronyms if you don't want to get my course check the exam objective IC means industrial Control Systems industrial control systems are things like power plant plant water supply systems gas supply systems and so on so this one they're talking water treatment what threat detection mechanism is essential for monitoring and alerting on suspicious activities in the IC environment so which one here is going to tell us there's a problem going on email filtering well there's nothing here about email we're not talking about removing viruses here we're talking about monitoring and alerting the best thing here that's going to tell us that something is going on is going to be an IDs system IDs systems if there's an intrusion it'll send you an alert that says hey this machine over here is being has a potential intrusion MDM mobile device management this is only for like cell phones mobile device is not a water treatment plant now on the exam they might not give you they might not spell out the word IDs they may just say IDs and MDM and you have to know what they mean all right we're at the halfway point and I just want to give you guys a quick reminder if you're really enjoying this video if you can give me a like would be absolutely amazing subscribe to the channel for more content like this to help you guys pass your exam we do lots of times we do giveaways of all of our coma classes that we have on all of our different platforms including all the practice questions and stuff like that and if you really enjoy the way I'm teaching check out my Security Plus class in the description below I think it's a great class comes with tons of resources check it out see if you like it let's get back to the questions question 26 an organization requires a way to monitor changes in its Network environment what system should be implemented firewall intrusion prevention network access control and file Integrity monitoring now this one here is pretty simple if you understand the part here that says monitoring changes because anytime you want to check if something change the best thing to do is to see its Integrity remember Integrity by its definition is what has changed a firewall would stop act basically access into a machine bad access like like Network attacks prevention will stop bad things from happening to your machine network access control will stop computers that don't meet a certain criteria such as not being updated joining your network file Integrity if there's anything that changes on a computer any kind of file that changes especially in applications file Integrity monitoring will actually tell you what has changed and notice they they require a way to mon monitor any changes so best answer is D question 27 to enhance network security what change should a security analyst recommend if a remote desktop service is accessible from the internet now remote desktop is great I use it a lot especially when I'm home or even when I'm away I want to be able to access my desktop and work like I'm sitting at my desktop never open remote desktop to the public at any point never do that Implement implementing stronger encryption against remote desktop would still make it accessible throughout the world don't do that the best thing here to do is to set up a VPN to your network and then remote desktop over that VPN that way the remote desktop is not accessible to anyone unless they have a VPN connection changing the default port a port scanner can still find the ports and then they can try all the different ports that you change it to so that's not going to help you making a password complex still opens up remote desktop and a good password cracker it'll probably still be able to crack it so get a VPN going not only is this going to encrypt it but it's going to give it much more security question 28 a large e-commerce platform wants to ensure uninterrupted service even during Peak shopping Seasons which approach should a security professional recommend to achieve High availability load balancing hotsite Geographic spreading contu of operation so couple quick things notice they say during Peak shopping season that means you're getting a lot of traffic if you're getting a lot of traffic you're going to bog down one machine you want to be able to have multiple machines so they could load balance they can disperse the traffic across multiple computers load balance and a hot site is if your main site goes down a hot site within a few hours can come back up but there's going to be somewhat of a downtime not the best answer Geographic disperson or spreading is when you spread when you when you have multiple data center just want all your data centers in one location you may want a data center in New York one in Middle the country one in California so if there is any attack against major environmental attack or problem in one section of the country doesn't affect all your all your data centers contu of operation is document how you would get a how you would continue to work in case there's a major disaster but in this one here they're trying to look at Peak traffic load balancing best option question 29 a company wants to ensure that only authorized devices can connect to switch ports what security measures should they deploy in a switch to achieve this intrusion detection network access control uh SSL or VLAN best answer here guys is going to be in this scenario network access control so here's what this is let's say you come to my house and I have this thing in in uh enabl and you plug your computer into my switch the switch will then pass it off to radio server and you utiliz a protocol 80 21x and it's going to check your computer to see if you have updates if you have antivirus and if you meet my security policy quote unquote security policy uh I'm going to allow you to join my network that's what network access control is intrusion prevention system would only stop an intrusion it doesn't stop you from joining a network SSL used to encrypt data across the network it wouldn't stop you from joining the network vlans it wouldn't stop you from joining the network but whatever Port you're in would restrict what data you can access to what segment of the network you're in practice question number 30 a security technician is conducting a code review for a software development project they want to identify and mitigate potential vulnerabilities in the application source code what technique should the security technician employ to identify and mitigate security vulnerabilities in the source code so notice they're looking at problems in the source code itself Implement input validation input validation would stop things from coming into the application this would stop things like SQL injection or buffer overflows cross-site scripting this is when people type malicious codes into the application field it's not going to look at the source code secure uh cookies secure cookies is going to pass data around the application or within the application more securely if you want to look at the application source code do static analysis static code analysis is reviewing the actual source code itself for vulnerabilities now static analysis is its opposite is going to be dynamic Cod testin a dynamic Co Dynamic analysis in which case you run the code and you run the application code signning is just seen if the code has been modified where it came from that's answer C question 30 a security profession is responsible for maintaining an accurate inventory of software licenses within the organization they discover that some software licenses had expire but the software is still in use what action should the security professional take to address the issue of expired software licenses Implement data retention policies uh schedule the destruction of the software with the expired license initiate the acquisition procurement process for new software license disable the software okay if you if you're if you're an organization and you see that some of the software the license has laps right hopefully they're not illegal right that you just laps you didn't renew them the best thing to do is to get them renewed right so initiate the acquisition procurement process for the new software license implementing data retention for this is not going to this is not going to help to fix the license issue schedule the destruction of the software well if you destroy the software it might destroy data and interrupt the entire organization's uh working disable a software is basically B if you stop the software might disable the way the company Works question 32 in a penetration test and engagement what document typically outlines the estimated time required for the test this is exactly what your exam looks like when I took this particular test these were the type of choices I would get there would just be a whole bunch of acronyms so NDA non-disclosure agreement service level agreement business partnership agreement statement of work so you need to know these acronyms answer here the statement of work basically what are we going to get done how long is it going to take things like that are going to be in the statement of work Business Partnership is when companies combine together what who's going to do what in order to accomplish a specific Endeavor service level agreement is going to be like they need to have a 99.99% uptime this is a heavy just is generally a performance thing ndas don't give away information if I work with you and you sign NDA whatever we do you can't tell the public about it question 33 a security technician is tasked with identifying a responding to security alerts generated by the organization systems and applications what tool or technology should the security technician rely on to receive realtime security alerts from systems security content automation protocol antivirus seam systems a security information event keep in mind once again guys The Exam May just give you the acronym they probably wouldn't spell it out archiving tool now in this particular one security content automation antivirus And archiving tool is not going to give you these real time security alerts the best thing for that is going to be a seam system what exactly is this this is like Splunk very famous software what this does it basically is a log capturing software basically what it does is that it's going to capture all the logs within the business in a real-time fashion and if there's any kind of malicious problems with these logs it then tells you that it sends you an alert in real time it says there's a problem in this particular system Mak can see best answer question 34 what are the best ways to ensure only authorized Personnel can access a secure research facility now keep in way keep in mind that you got to select two you are going to have questions on the exam where they're going to tell you to select two or three you do have quite a few choices let's see what the answer here is is now it's going to be C and D notice can access a secure research facility perimeter fencing perimeter fencing is the out interior fence of the actual facility this is going to stop them from even entering the grounds not just the facility CCT monitoring is camera monitoring CCT monitoring cameras really is not going to stop you from accessing a particular facility motion detectors can detect movement this is going to alert somebody's coming in visitors sign in logs this is people just sign in on a piece of paper the best thing here is a badge access system in other words to get into this particular door you need to have a particular badge maybe you beep it in with an RFID uh control access vestibule or Access Control vestibule what these are these are going to be double doors they used to be called man traps a long time ago so you may see this in like a prison some of those prison movies in order to get into the actual prison you got to you go through one door the door locks security guard checks your ID uh or sometimes you may have to put in sometimes they have codes that you got to type in there or some kind of biometric that you have to think that you have to authenticate to and then the second door opens up so in this one nobody can get in unless their IDs are checked or or maybe their bad system is checked making these two best answer question 35 a security technician needs to ensure that privileged users have temporary and limited access to sensitive data when needed what privilege access management tool or concept should security technician Implement to Grant privilege users temporary limited access tokenization biometric password managers just in time permission now notice it says in the question have temporary and limited access temporary limited access so something is temporary and Li limited this is called just in time in other words the permission is just in time for when they need it after they don't need it it goes right away tokenization tokenization replaces data with tokens and then that data that token then represents the data hide in the data biometric is used to loging in there's nothing here about logging in anything password managers is used to manage passwords there's nothing here about a password issue question 36 a security technician is implementing automation to scale the organization's infrastructure in a secure manager and Peak usage period what benefit what benefit of automations on orchestration standard infrastructure configuration cost reduction scaling in a secure manner employee reduction this is more of a management question because why would you want to do Automation and orchestration so here's what this is automation orchestration is when there's a security incident there's an automated and fast basically a quick automated response what does a security incident the faster we respond to them the less bad they are to us the less data is stolen the less systems go down the faster systems can come up the faster we respond the whole point of doing this is basically cost reduction one of the main reasons we automate things here is to reduce overall cost making that the best answer question 37 a security profession is investigating a suspicious is suspected security breach in the organization's web application what type of data source is most likely to contain information about user actions errors and events related to web application so notice they're saying what type of a log data source so is it application log inpoint logs dashboards or vulnerability scans first thing up I can tell is that vulnerability scan is going to show you problems or errors or vulnerabilities on an application it's not going to say who access what a dashboard is basically an interface to something so is it an application or endpoint logs answer application logs endpoint logs is basically the log F from your endpoint software endpoint software is things like semantics endpoint macafee endpoint these are basically anti virus and firewalls intrusion prevention and detection systems all packaged into one so that's not going to say who accessed what application what they did with it what was their action but an application log is going to say Bob access it at this time from this time making B best answer question 38 what is most likely to be used in a company to document risk assign responsibilities and define threshold definition of risk tolerance process of risk transfer maintenance of a risk register conducting a risk analysis now in the exam objective we specifically talk of something we call a risk register a risk register holds all the documented risk it's basically register basically means lists so when you think register think list so how do you document risk list the risk that's why risk register it also can say what are we going to do about it who's responsible to fix it and so on risk tolerance is the maximum risk you're willing to take for a um for a reward risk transfer is just a response there's nothing here about that being a response and conducting a risk anal say how you analyze it this is not about analysis this this is documented risk where are we going to start at question 39 a security professional notices that an unauthorized device has been used to copy the signals from legitimate RFID tags allowing unauthorized access to a secure area what type of physical attack is described in the scenario and how does it work environmental attack Brute Force attack cloning attack social engineer best answer here guys notice it says copy the signal from an RFID tag this is called RFID colon RFID cloning is when they come up to you let's say you have an RFID tag or or card in your wallet they come up to you they use a device to steal the RFID signal from your device and then they can then put that onto another card or attack and then utilize that to impersonate you that's what that is it's not a Brute Force attack this is a multiple tries this environmental attacks are going to be things like within the physical environment this is against RFID tags social engineering is people it's people trying to hack you this is literally a hardware based thing question number 40 we got 10 more to go by it a security technician discovers that an attacker has gained access to a network and positioned himself in a way that allows them to intercept and manipulate Network traffic what type of attack is described in this scenar how is the attacker position so this particular one the attacker is in a position that they're intercepting all the traffic and then they can manipulate it and then send it back out so they're in the middle between somebody maybe sending and somebody receiving the data this is known used to be known as man- in the middle for your exam it's now known as an on path attack this is the exact what it is an on paath attack is when an attacker sits between the communication between senders and receivers getting the data manipula in the data and then sending it over to the receiver the receiver of the data believes it's coming from a particular sender but it's not it's coming from the attacker this describes a malicious code attack no it's basically somebody sitting in between it this describes a rootkit root kits are installed on a machine to give normal user accounts a higher level of privilege it basically takes a normal user accounts and turn them into root accounts or administrator keep in mind root accounts a root is the administrator on Linux a scenario describe the security professional conduct this is not a pentest this is literally an attacker doing something once again if you're finding value in this video I would really appreciate a like subscribe to the video we have much more content like this coming out let's get back to the questions an organization enforces mobile device management uh policies to secure secure and manage employee own smartphones and tablets in the context of mobile device what is the organization primary achieving when enforcing MDM for employee owned smartphones secure Data Destruction data encryption endpoint security risk acceptance this is kind of a tricky question I also want to point out that once again I know I'm a broken record but the the exam may not tell you that MDM stands for mobile device management so in this particular when you install MDM MDM is considered a kind of an endpoint security software remember endpoint is any endpoint is all devices in a network any device in a network can get hacked so when you install something to secure that it's considered a kind of an endpoint there's nothing here about Data Destruction even though mdms have the ability to remotely wipe data they're not talking about that in this one there's nothing here about that data encryption MDM does allow data to be encrypted on the device but that falls into endpoint security risk acceptance they're not accepting any risk that's why they are basically installing MDM question 42 what type of reconnaissance activities a security professional primary engaged in when gathering information with potential vulnerabilities on the organizations on the organization's external network by reviewing job postings or message boards about the company passive reconnaissance active reconnaissance def defend defensive penetration testing know Environmental Testing best answer here pretty simple notice they're going looking at job post posting or message boards about the company they're not actually engaging with the company they're mostly grabbing and learning about the company this is called passive reconnaissance so reconnaissance is finding information about a an a Target that you're trying to hack let's say you're a pentester and you got to pentest my business and you're going to go and look at maybe my latest job posting to see what technology I use maybe you're going to look at all my LinkedIn profile maybe you might browse my website and things like that that's active passive that's a passive reconnaissance active reconnaissance when maybe you call my company and actively engage with me to try to find out more information this is defensive penetration testing really not a thing there is such a thing as defensive uh defensive methods KN environmental testing this is when you're testing against particularly knowing threats there's nothing here but testing they're literally just gathering information question 43 an organization implements MFA for its employees access to sensitive systems and resources what security measure is the organization primary implemented when implementing MFA threat analysis user authentication security awareness training access control so I didn't put in the uh what MFA stands for in this one I wanted to see if you guys know if you know the answer is pretty obvious MFA stands for multiactor authentication can this the best answer MF is when you're going to use more than one factor remember there's multiple factors that you can use to log into a machine something you know which is a Capac sword something you have which can be like a bank card or a smart card and something you are such as a biometric you can also do some where you are and a few others so in this one you're going to use multiple factors maybe you're going to use a a Thum print and a password so that would be two factors that falls into the fact to the realm of multiactor Authentication a there's nothing here but threats or security trainer or Access Control question 44 a security technician analyzes Network traffic logs to identify patterns indicative of potential key word distributed Den not a service in the context of threat detection and Analysis what action is the security technician primally taken when analyzing traffic logs identify patterns indicative of potential intrusion prevention threat hunting risk analysis risk mitigation now notice they're going through the logs to see was there any kind of attack against your network what are they doing they're hunting for threats that may have attacked your network or is going to be attacking your network that's called threat hunting intrusion prevention is doing something to stop an intrusion risk analysis is identifying risk and this is how you respond mitigation respond to risk there's nothing here about risk they're just basically reviewing log files here question 45 an organization enforces mobile device encryption policies to ensure that data stored on the employee smartphones and tablets is protected from unauthorized access case of loss what security measure is the organization primly implemented data Integrity confidential availability and authentication so this is the whole CIA plus authentication so you need to know that notice it says in case of device loss or theft so if device is lost and they're able to get the hard drive what must you have done to the hard drive well I hope you encrypted that hard drive with data confidentiality hopefully you have good user login such as a good password data Integrity is going to see the data has been manipulated availability this is going to make sure the data is available when people need it authentication is people logging in although that can help encryption is a form of confidentiality question 46 a security technician is responsible for Designing the network infrastructure of a critical government agency they're required to ensure that sensitive systems are physically isolated from the rest of the network to prevent unauthorized access which network design technique should the security technician Implement to achieve physical isolation So Physical isolation is when you break it off the actual Network so things like logical segmentation which is what you would do if you implement vlans across the switch sdn may or may not segment the network but sdn basically is managing Network traffic using software based controllers this optimizes network traffic virtualization is all software based if you want to physically break a network off you would air gaping air gaping let's say you have your entire network set up you have switches connected to switches and you VL landed but you got a really particular secure system that only PE certain people should have access to you you would air gap it basically you would set up another Network and there would be no physical connection between your new secure network or your air gap system and your other network literally there is air Like Oxygen between your the switch on your main Network on the switch on your air gap system in the term air gap because it's literally ear there's no physical connection between them and to get data on an air gap system you actually have to walk over to it and connect to it question 47 a bank requires all of its vendors to implement measures to prevent data loss on a stolen laptop what strategies is the bank demanded dis encryption data permission uh information categorization access right limitation so if you lose your laptop which I've done once lost a really important laptop it's some really important data but it didn't bother me too much the reason is because my laptop had bit Locker disc base encryption so here's what this is let's say say you have important data on your laptop and you lose it they don't need to have your password which is what access right limitation is or it doesn't matter what type of permission is on that data so that would be a and d and it doesn't matter how it's classified if they can just open up the laptop take out the hard drive and mount the hard drive onto another machine they can access all your data on your C drive D drive and whatever without ever logging in but if the data is in encrypted this based encryption when they take out the hard drive and they mount it they would still need the decryption key to access your data Mak an a the best answer and if you have a laptop that you walk around with make sure that you have this basic encryption enabled on your laptop 48 to ensure software code uh authenticity in a in a development environment what method should a software development software development manager Implement so remember authenticity is like do we know it actually does this code actually come from Microsoft does does this script come from Cisco how do we know that the best way to know that is is the code sign code signning uses a digital signature we cover that in the course digital signatures in order to determine who it came from so the sender of the coder and makeer the code with digitally sign it if I digitally signed something you're 100% sure it came from me and was never modified regularly code wouldn't verify where it came from Dynamic application testing would test if the code is good but it wouldn't say who it came from Adon methodology is how is a methodology to make and then write codes 49 in a corporate Network the IT department wants to implement a solution that divides the network based on security requirements what mitigation technique is the IT department planning to implement Le privileges patching segmentation encryption in this one here notice they're dividing the network if you're dividing your network you are segmenting it the best way to segment your network is the utilization of VLAN naming the VLAN things like Finance accounting management and so on lease privileges this you should follow the principles of lease privileges on a per user basis in other words this user should only have access to this data based on what they need to do their job patching is keeping your machine updated encryption hiding data from people that don't need to see it all right before we get to the last question one more time if you guys can please click on the like button my legs are killing me standing here talking for what's going on near the two hours yeah I did mess up some of those questions I didn't have to reim them please click on the like button subscribe to the channel would be amazing and also check out my courses all right last question security protocols in a cloud data center are under review to guarantee the protection of the safety of the data data center staff which of the following best illustrates the appropriate uh setup for these security controls now notice is look at the terms look at the keywords when you do your exam read carefully security of the data center staff okay data center staff so notice the data Cent is Staff things I can eliminate right away user authentication systems external gateways this is all like firewalls data access logs this is not going to help me when it comes to the security thinking more of a physical thing the answer here is going to be I'm going to explain this one fire safety mechanism should fail open you guys want to understand what is fail close versus fail open this is on the exam objective now what is that fail open is when a system fails it unlocks and allows anything in and out fail close is when a system fails or crashes it locks up for example an external Gateway access point should fail Clos yes here's why if a firewall ever fails the firewall should lock nothing comes in nothing comes out that's known as a fail close if the firewall fails open when the firewall crashes not if when it crashes it allows all traffic in and out which one would you want which you think is more secure but when it comes to human safety notice the safety fire safety mechanism should fail open that way if there's any kind of fire mechanism specific door locks and all this kinds of stuff when the system fails all the doors in the data center should open up that doesn't sound good right because then anybody can get in and out correct because there's a fire in the data center if there's a fire in the data center all the security mechanisms should just open up so people can get in and out the fire department can get in and out so make sure you notice definition of fail fail close and fail open for your exam all right that was my 50 question hopefully you guys enjoyed it once again if you can please click on the the like button subscribe to the channel we have a lot more content we're going to be doing a ton of giveaways uh in the in the months that are coming up so subscribe to get all the giveaways that we're going to be giving out they're not unlimited giveaways so make sure you subscribe and the moment you see the videos come out click on it now also if you're interested in passing your Security Plus if you like the way I explained things hopefully you did check out my courses I do have 600 of these practice questions in the link below check those out uh for my Security Plus practice questions I have a full end course it's nearly 30 hours of content we're explain every single one of those exam objectives to you and also I wrote a study guide that I wanted to give away I put it on Amazon and I made it exclusive to them and then I they charge 99 Cents if you just if you don't want to buy my course you don't want to buy anybody's course you're a security professional and all you want to do is just pass your exam uh then get that book it's a quick book it's like 130 pages or something goes through every single one of the exam objective and it's going to actually go to all the acronyms so check that out the links are on description below and I'll see you in the next video