A penetration tester has performed a security assessment for a startup firm. The report lists a total of ten vulnerabilities, with five identified as critical. The client does not have the resources to immediately remediate all vulnerabilities. Under such circumstances, which of the following would be the BEST suggestion for the client?
A. Apply easy compensating controls for critical vulnerabilities to minimize the risk, and then reprioritize remediation.
B. Identify the issues that can be remediated most quickly and address them first.
C. Implement the least impactful of the critical vulnerabilities' remediations first, and then address other critical vulnerabilities
D. Fix the most critical vulnerability first, even if it means fixing the other vulnerabilities may take a very long lime.
Answer: D
Which of the following is the reason why a penetration tester would run the chkconfig --del servicename command at the end of an engagement?
A. To remove the persistence
B. To enable persistence
C. To report persistence
D. To check for persistence
Answer: A
Sunday 15 March 2020
Thursday 3 October 2019
CompTIA PT0-001 Questions Answers
DRAG DROP
Place each of the following passwords in order of complexity from least complex (1) to most complex
(4), based on the character sets represented Each password may be used only once
Answer:
Zverlory
Zverl0ry
zv3rlory
Zv3r!0ry
Place each of the following passwords in order of complexity from least complex (1) to most complex
(4), based on the character sets represented Each password may be used only once
Answer:
Zverlory
Zverl0ry
zv3rlory
Zv3r!0ry
Sunday 18 November 2018
CompTIA PT0-001 Question Answer
DRAG DROP
A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = "Administrator"
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all
Answer:
Nsrt
Snma
Trat
Imda
A manager calls upon a tester to assist with diagnosing an issue within the following Python script:
#!/usr/bin/python
s = "Administrator"
The tester suspects it is an issue with string slicing and manipulation Analyze the following code segment and drag and drop the correct output for each string manipulation to its corresponding code segment Options may be used once or not at all
Answer:
Nsrt
Snma
Trat
Imda
Friday 12 October 2018
CompTIA Security Experts Share Their Advice on What it Takes to Become a Cybersecurity Pro
Individuals with strong communication skills, a penchant for teamwork and a natural curiosity are prime candidates to join the ranks of the nation's cybersecurity workforce, according to cybersecurity experts from CompTIA's IT Security Community. , the leading technology association in the world.
Along with the 15th National Cybersecurity Awareness Month, CompTIA asked some of its members who are leaders in the field of cybersecurity to advise on what it takes to become a cybersecurity professional.
Across the United States, there were more than 300,000 job openings for cybersecurity workers from April 2017 through March 2018. That's according to CyberSeek ™, a free career cybersecurity and workforce resources supported by the National Initiative for Cybersecurity Education, a program of the National Institute of Standards and Technology.
So far this year, employers in the US UU They have published more than 103,000 jobs for engineers and cybersecurity analysts, representing a 30 percent increase compared to the same period in 2017.
"Arguably, the most important trait is the love of learning and curiosity," said Lysa Myers, security researcher at ESET®, an industry-leading developer of IT security software and services for businesses and consumers around the globe. the world.
"The pace of information is really fast," explained Myers. "There are always some new problems to solve, being able to communicate what you learn and speak persuasively, whether to a boss, to the board of directors or to a conference, is also incredibly useful."
"Cybersec is constantly changing and evolving, so it needs the ability to obtain information and be a self-learning," agreed Victor Johnston, CEO of Inspired Business Innovations. "This is not the career path for someone who wants to get a degree and never touch continuing education."
Johnston pointed out that there are high-quality and well-paid jobs in the cybersecurity workforce that do not require a college degree.
"The titles are becoming increasingly 'nice to have', while industry certifications are becoming the mandatory standard," he said. "Certifications will absolutely get a professional hired in one grade."
"There's also a misconception that security people are hooded types in a dark room or a gloomy cubicle, looking at a computer all day," said Myers. "There is a wide variety of careers in cybersecurity, there is a great need for security people who are good at interacting with people, or who are good at explaining things clearly, in short, there is a great need for educators." .
There are many resources available to anyone interested in a cybersecurity career, but he is not sure how to start, according to Myers.
"Go out and go to events, be it local meetings, BSides events or full-blown conferences," he said. "It's good to know what is being discussed and, more importantly, how it's being discussed, and you can meet people who are already working in the industry."
CompTIA is committed to raising awareness of the critical importance of cybersecurity; to develop competences and skills among cybersecurity professionals around the world; and attract new candidates to the cybersecurity workforce.
About CompTIA
The Computing Technology Industry Association (CompTIA) is a leading voice and advocate for the global information technology ecosystem of $ 4.8 billion; and the more than 35 million industry and technology professionals who design, implement, manage and safeguard the technology that drives the global economy. Through education, training, certifications, promotion, philanthropy and market research, CompTIA is the center for the advancement of the technology industry and its workforce.
Wednesday 12 September 2018
CompTIA PT0-001 Question Answer
DRAG DROP
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
Answer:
Performance based
You are a penetration Inter reviewing a client's website through a web browser.
Instructions:
Review all components of the website through the browser to determine if vulnerabilities are present.
Remediate ONLY the highest vulnerability from either the certificate source or cookies.
Subscribe to:
Posts (Atom)