Same domain?
* Build the new server and point the AutodiscoverInternalURI to the same setting as the existing server
* test connectivity to internet and other points in the domain
* when you’re ready to cut over point your internal DNS, external DNS, to the new server and run the hybrid configuration wizard – add the new server, remove the old one.
* test outlook connectivity and autodiscover
Done.
AWS Console Down for me or does it hate me today?
Amazon Web Services AWS has a console that appears down right now.
But you can check in your region by visiting following link: Test AWS Console
How to check Linux Server Load?
find the user to kill it or restart http daemon
While this was something I was taught and did at the start of my career, I have since learnt that waiting for a load spike and responding to it in this way is something of an anti-pattern.
My house keeps catching fire – should I install a sprinkler system or try to find out why it keeps happening?
The SOP for load arising from a web server is different from the SOP for an application server is different from the SOP for a database server. If you are running (say) a LAMP server then you have all those problems on the same box.
check for spamming
Erk! If people can use your host for a purpose you didn’t intend, then you’ve failed regardless of the load.
or brute force attacks
There are lots of tools to prevent that. I use fail2ban on my edge for HTTP[S] traffic.
Sometimes I would see mysql user causing the load spikes
Then you need to start by analyzing the query performance, optimizing the database and the IO paths.
How to identify version of Redhat Enterprise Linux? Root & No root – Explained
This post is about identifying to know which version of RedHat Enterprise Linux commonly known as RHEL in the system administration and linux work.
Here is the root guide:
If you have root on a shell just run
cat /etc/redhat-release
That will show you definitively what version you have.
Here is the non root version:
That looks like a classic GNOME desktop. It’s still available in current versions of RHEL.
If you look at the screenshot for Classic GNOME you will see the same downward arrows next to the menus, which aren’t present in other versions of the RedHat desktop.
So, my guess is that this is either a customized GNOME desktop with a RedHat theme, or Classic GNOME running on RHEL 7 or 8. It could be older than that, as GNOME themes are easily changed.
If it wasn’t just a picture you could easily check the contents of /etc/*release or run “lsb_release -a”, which are the standard ways to identify an OS which complies with the Linux Standards Base. Sadly, you can’t do that with a screenshot.
Certification in Best Artificial Hair Integration Free Training
Whether you’re looking to set up a beauty business that offers Best Artificial Hair Integration, or you are looking into Certification in hair extension choice for you, it’s good to know everything that there is to know about this increasingly popular extension choice.
Below, we discuss the most important features and benefits of the Certification in Best Artificial Hair Integration system, how it can benefit you or your clients and why this choice is breathing fresh life into the hair extension industry.
What is Certification in Best Artificial Hair Integration?
Initially designed to help men and women who suffer with moderate to severe hair loss, mesh integration uses a form of netting (or mesh), which is placed at the root of the hair, above the scalp. This mesh is completely breathable and there is no need to shave or cut the hair, meaning you can make the most of your current hair.
Once the mesh has been fitted and cut to size, new hair- usually made from real, European strands- is then interlocked with your natural hair. The result is a new head of hair that is thicker, stronger and healthier looking than ever before.
Things to consider before opting for FREE Training in mesh integration
It’s no secret that lying on your extensions means they’re more likely to wear down faster, which can mean your extensions are more likely to snap and become thinner when not cared for appropriately. If you’ve opted for longer extensions, you can negate this by plaiting your hair before your go to sleep, which can minimise the movement and increase the longevity of the mesh integration system.
Leave-in conditioners are a great add-on that can help keep hair shiny and healthy, as all extensions can become a little dry over time. A huge benefit to mesh extensions is that they lie closer to the scalp and therefore are more likely to use the natural oils the body provides to keep your new hair at optimal conditions.
You will also need to have mesh integrated hair extensions refitted on a regular basis- usually between 3 and 6 weeks. Being fully trained in this system means you will be able to offer this service, so the right hair extensionist should be able to comfortably refit and reposition the hair mesh system on a regular basis.
Frequently Asked Questions:
Q. Will anyone be able to see the mesh?
A. When fitted correctly, the mesh integration hair extensions should not be visible to the naked eye. We train our clients to fit the mesh so that it is comfortable for users and holds a snug fit to the scalp. The mesh is then covered by synthetic or real hair, which means that nobody will able to see your new system and the hair will be styled in a way that means- even at the parting- nobody will be able to spot the mesh.
Q. Is the mesh integration system suitable for alopecia sufferers?
A. Absolutely. Whether you are only losing a little hair around the crown or need a full hair loss integration system placement, we offer training to ensure that every one of our clients leaves with the full knowledge of how to add volume and length to those with thinning hair. Whether you’re looking for a little extra volume around the parting or want the full mesh hair extensions, this is a system that will leave you with fresh, healthy-looking hair in the long-term.
Q. I want to be able to offer my customers the best – will training with Maxwell Melia provide me with everything I need to know?
A. Without a doubt. Maxwell Melia ensures that every client who passes through our training system is given all the information they could possibly need to confidently fit their customers with the mesh integration hair extension system. We take our time to ensure you understand what you’re doing and why- and even offer you manuals to help you on your way, as well as being readily available for any questions or queries you might have, even after you’ve received your certificates and kit.
[All Qs Solved] Google Cloud Professional Cloud Architect Exam Answers Solution Guide
Immediately after the Google Cloud Professional Cloud Architect exam I do a memory dump as notes. Hence it is also quite unordered. This is a sanitized list that gives general topics and questions I encountered. The intention is not to give you the questions, but to give you topics that you can be prepared for. I was often stumped by some questions; hopefully you can be more prepared based on my experience. Wish you the very best!
This was the exam I originally planned to take first, but then I completed the Associate Cloud Engineer first. The notes I have on this seem to be fairly thin. So it’s kind of automatically sanitized and doesn’t divulge much details.
- Datastore. Indexes — creating them, updating them. Which file do you update for this? Can you do this only using gcloud or also from the console?
https://cloud.google.com/datastore/docs/concepts/indexes - Datastore. Data retrieval using identifiers, batch. I was glad I’d covered the entire spectrum of GCP products as part of my learning.
https://cloud.google.com/datastore/docs/best-practices - Deployment Manager . How do you templatize a repeatable infrastructure setup?
- GKE. When is gcloud used as opposed to kubectl. When is Deployment Manager used and when is Kubernetes deployment.
https://cloud.google.com/kubernetes-engine/docs/quickstart - PCI compliance. Payment Card Industry Data Security Standards. Are GCP products compliant? Are all of them? What additional work do you need to do to make it compliant?
https://cloud.google.com/security/compliance/pci-dss/ - GDPR. You don’t have to know the GDPR law thoroughly, but know what implications there are to be compliant with it and therefore which products/services should be used and in what way. I would also suggest you gather high level information on HIPAA, COPPA, and GDPR.
- Networking. Networking is a topic in all certifications. Definitely useful to brush up your networking knowledge — CIDR, primary and secondary networks, how VPNs work, OSI layer, netstat, etc.
- As with other exams, remember that as a Professional on GCP you are also expected to know solutions, products, and project processes outside GCP also.
- MountKirk, Dress4Win, TerramEarth. Know the case studies thoroughly. The case studies are there during the exam and you can go through it. But you’d be better off studying it prior and making notes during your practice/learning. But don’t by-heart the solutions.
- BigQuery. Various types of partitioning. And retention/expiration rules.
https://cloud.google.com/bigquery/docs/best-practices-storage - BigTable. For time series data. What are the best practices for BigTable time series data?
https://cloud.google.com/bigtable/docs/schema-design-time-series - Know the speeds possible on VPN. Know how to calculate the amount of time it will take to transfer, say 100TB, of data. So, if large transfers were required, should you be using VPN or Direct Interconnect. I’ve got a more detailed note on this in the overall notes, which is linked below.
- Data Rehydration.
https://cloud.google.com/transfer-appliance/docs/2.0/data-rehydration - GCE vs GKE. Which do you choose and for what kind of workloads?
- Snapshots, Images, Disks. Learn the difference between them. How they are created and shared? What is the recommended process of creating them? Do they cross over zones, regions, projects?
https://cloud.google.com/compute/docs/images/sharing-images-across-projects - Cloud SQL. Note that it is regional. It can span zones in a region but not regions.
https://cloud.google.com/sql/docs/mysql/locations - Cloud Functions. A serverless option that can be used to absorb very large workloads. Know the ways in which they can be triggered.
https://cloud.google.com/functions/docs/concepts/overview - Cloud Armor. In general, know where this is used and how. You don’t have to go into the details.
https://cloud.google.com/armor/ - Cloud Directory Sync. How do you bring on users onto GCP from their current LDAP/Active Directory setup?
https://support.google.com/a/answer/106368?hl=en - IAM. Again, don’t by-heart. Figure out the patterns and nomenclature and then apply them.
- Cloud Transfer Service == Storage Transfer service. I was mostly used to this being called Storage Transfer Service in the Linux Academy course but in the exam it was called Cloud Transfer Service and I was unsure if it was the same thing or not.I̶t̶ ̶i̶s̶ ̶t̶h̶e̶ ̶s̶a̶m̶e̶ ̶t̶h̶i̶n̶g̶.̶ (Editing in Roman’s comment: Its actually not exactly the same thing — Cloud Data Transfer Service is a collection of different transfer services of which, Cloud Storage Transfer is one… https://cloud.google.com/products/data-transfer/. So there’s clearly more to it, but I’m leaving my original comment as it is.)
- Cloud Storage. Life cycle management policies. All courses cover this.
https://cloud.google.com/storage/docs/lifecycle - VPC, VPN, Peer Gateways. In general, brush up your general networking knowledge.
- IAM. In answering IAM related questions, a suggestion … Given all the possible predefined/curated roles, it is difficult to know whether a particular role actually exists or is made up. My assumption usually was that if they have mentioned it, it probably exists and now figure out if it seems right. There is no guarantee that a policy/role they mention in the options actually exist, but I assumed it to simplify my life.
- Networking. Various options to connect between cloud and on-premises.
- Data Loss Prevention API. Is there a way to automatically scrub/sanitize private customer data in, say, logs.
https://cloud.google.com/dlp/ - Stackdriver. Know this well. Including the custom installed monitoring agent.
https://cloud.google.com/stackdriver/ - Cloud Armor, Security Scanning, Jenkins, Spinnaker, cloud identity aware proxy, cloud sql proxy, cloud launcher (vs deployment manager), etc. Would be good to know in general what these are even if you don’t go in-depth.
- Networking. Firewall, network tags. This is taught in the various courses.
https://cloud.google.com/vpc/docs/add-remove-network-tags - Data prep vs Datalab. Which is used for what? Doing just one lab on Qwiklabs will give you enough knowledge.
- Cloud Spanner.
- Cloud SQL. K̶n̶o̶w̶ ̶t̶h̶a̶t̶ ̶C̶l̶o̶u̶d̶ ̶S̶Q̶L̶ ̶o̶n̶l̶y̶ ̶s̶u̶p̶p̶o̶r̶t̶s̶ ̶M̶y̶S̶Q̶L̶ ̶a̶n̶d̶ ̶P̶o̶s̶t̶g̶r̶e̶S̶Q̶L̶.̶ ̶O̶t̶h̶e̶r̶ ̶S̶Q̶L̶ ̶d̶a̶t̶a̶b̶a̶s̶e̶s̶ ̶w̶i̶l̶l̶ ̶r̶e̶q̶u̶i̶r̶e̶ ̶c̶u̶s̶t̶o̶m̶ ̶i̶n̶s̶t̶a̶l̶l̶a̶t̶i̶o̶n̶.̶ This has changed — https://cloud.google.com/sql-server/. Cloud SQL supports MySQL, Postgres, and SQLServer. GCP is constantly updating their solutions and offerings, so check the docs when you are preparing.
https://cloud.google.com/sql/docs/ - Cloud Storage. Know the storage class options — standard (regional and multiregional), nearline, coldline. T̶h̶e̶r̶e̶ ̶a̶r̶e̶ ̶n̶o̶ ̶o̶t̶h̶e̶r̶s̶.̶ (There is also an ice cold storage now — https://cloud.google.com/blog/products/storage-data-transfer/whats-cooler-than-being-cool-ice-cold-archive-storage)https://cloud.google.com/storage/docs/storage-classes
- Questions on the exam are much longer than in the coursera or linux academy courses. You need to practice taking the exam for 2 full hours and reading the longwinded questions and answer options. Don’t get bored or distracted because you’ve been practising with the shorter straightforward questions in some of the courses or practice tests.
CompTIA free certification COVID-19
Coronavirus (COVID-19) and Tech: Free Resources for IT Pros
CompTIA is committed to our members, certification holders and the IT community at large. If you’re already in IT and keeping your organization in operation during this crisis, please enjoy these free resources on computer networking, cloud computing and cybersecurity. You can also find information about changes we’re making to the certification exam process during this time.
From CompTIA
The coronavirus pandemic has disrupted all facets of life – including certification exams. Whether you’re unable to test because of facility closures or you’re practicing social distancing, CompTIA would like to alleviate some of your possible concerns. We’ve extended deadlines for exam vouchers and are also working on remote testing options to ensure you have all the necessary resources and test taking options available to you.
Network Troubleshooting
A fully remote workforce requires computer networks that have the bandwidth, speed and capacity to keep users working in the manner to which they’ve become accustomed. Here are some troubleshooting resources to help you keep things business as usual (at least, as much as possible).
- Remote Network Checklist: Use this checklist to make sure your network can handle the increase of remote workers
- Network Troubleshooting Guide: This free guide walks you through the steps of network troubleshooting to figure out the issue
- Network Segmentation: If your network isn’t segmented, this article covers the basics and how to get started
Cloud Computing
Going remote likely requires cloud computing solutions. Whether your organization has these in place or you’re new to the cloud, here are some resources that will support your efforts.
- Cloud Basics: New to the cloud? Learn about cloud types, solutions and vendors
- Cloud Networking Guide: Learn the basics of how to set up a cloud network
- Cloud Security Tips: Make sure you’ve got security covered when you’re working with cloud vendors
Cybersecurity
Having a remote network increases your vulnerability to hackers and cyberattacks. Make sure your network, data and workforce are secure with these cybersecurity resources.
- Security Awareness Training: Our tips, in a video series, on how to make your workforce cybersecure
- Network Security: A quick tutorial on what network security is, why it matters and how to make your network more secure
- DDoS Guide for IT Pros: A comprehensive handbook on the who, why, what and how of DDoS attacks
All Solved Qs Scrum Foundations Professional Certificate (SFPC) – (English)
Scrum Foundations Professional Certificate (SFPC) – (English) all questions solved. The sequence in the online test exam may vary for question on SFPC website but all questions are here.
We do not ensure a 100% result, but 70% just to keep the competition fair and easy.
PLEASE SEARCH QUESTION BELOW:
Scrum Foundations Professional Certificate (SFPC) – (English) SOLVED!!
- Which of the following are events in Scrum? CLICK FOR ANSWER
- Which of the following statements is TRUE about the definition of Done? CLICK FOR ANSWER
- __________ constitute the Spring Backlog and are often estimated in hours. Tasks
- The Scrum Master serves Product Owner in several ways, including: TRUE
- Sprint Planning is time-boxed to a maximum of eight hours for a one-month Sprint. TRUE
- During the sprint review the project is assessed against the ___________. CLICK FOR ANSWER
- Which of the following statements about a sprint are TRUE ____________ CLICK FOR ANSWER
- The ___________ control model requires that every piece of work is completely understood. Empirical Process
- Which Scrum meeting is focussed on getting feedback on the product from users and other stakeholders? Sprint Retrospective
- A line in Agile Manifesto reads “____________ over following a plan” Click for Answer
- _________ is responsible for the Scrum process? CLICK FOR ANSWER
- What is defined by the Scrum Framework? Rules & Roles + Artifacts and Events
- Scrum is based on the theory of constraints. FALSE
- Scrum Team is self-empowered to do whatever is necessary…? TRUE
- A ________ Chart is a graphical representation of work left to do versus time. Gantt
- The Scrum Team consists of a Product Owner, the Development Team and the Scrum Master. TRUE
- The Scrum Master is most like: Click for Answer
- When should estimation happen in Scrum? Sprint Planning
- Which topics should be discussed in the Sprint Review? CLICK FOR ANSWER
- The Scrum Teams are self-organizing and cross-functional? TRUE
- The daily Scrum is 30-minute time-boxed event: FALSE
- The term Agile Development was first introduced in: Click for Answer
- Scrum is not a process or a technique for building products. TRUE
- Scrum defines 3 roles, 5 events and 3 artifacts. TRUE
- What is the maximum time that Scrum recommends the team spends in daily scrum? CLICK FOR ANSWER
- Which meeting defines the start of a sprint? Sprint Planning
- Which of the following is not a Scrum Role? Agile Project Manager
- The heart of a Scrum is a Sprint? TRUE
- The Scrum Master serves the Product Owner in several ways: TRUE
- The Scrum Master is a servant-leader for the Scrum Team: TRUE
- Scrum users should frequently inspect artifacts and progress? TRUE
- At the end of the planning, the Development Team should not … FALSE
- Which of the following is the main purpose of the Daily Scrum: Click for Answer
- The ______________is responsible for delivering potentially shippable? Development Team
- Which of the following statements about the retrospective are true: Safety is important, in the meeting team discuss, the team should come up.
- Scrum is a collaborative effort involving developers and customers? FALSE
- Which system provides an evolutionary framework for incremental process improvement? Kaban
- What is the purpose of backlog refinement? To understand requirements
- Each new sprint starts immediately after the completion of the previous sprint. TRUE
- Which of the following are the artifacts in Scrum? Click for Answer
ICSI | CNSS Certified Network Security Specialist Exam Questions Answers
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!ICSI | CNSS Certified Network Security Specialist Exam Questions Answers
ALL MODULES INCLUDED. USE Ctrl+F or Cmd+F TO FIND QUESTION ANSWER
Which of the following is the best definition for non-repudiation?
The process to Verify Which user performs the action.
What is the acronym of URL.
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
Subnetting is used to split a network into smaller portions.
True
Class A IPs with range 0-126 are reserved for multicasting.
False
Server Message Block (SMB) protocol runs on which port?
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
Which of the following is NOT one of the three major classes of threats?
Online auction fraud
Trivial File Transfer Protocol (TFTP) runs on which port?
69
Blocking attacks seek to accomplish what?
Prevent legitimate users from accessing a system
Malware is NOT a common threat for systems.
False
The most desirable approach to security is one which is:
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
What is the danger inherent in IP spoofing attacks?
Many firewalls do not examine packets that seem to come from within the network
What is a Trojan horse? (2 Answers)
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
The most common session-hijacking is man in the middle attack
True
Which of the following best describes session hacking?
Taking control of a target machine remotely
Which of the following is the best definition of a virus?
Software that self-replicates
To be protected against Ping of death attacks ensure that all operating systems are patched.
True
The point of hijacking a connection is to exploit trust and gain access to a system.
True
Which of the following is the best definition for IP spoofing?
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
Smurf attack is a popular DoS attack
True
Why might a proxy gateway be susceptible to a flood attack?
It allows multiple simultaneous connections
What is the most important security advantage to NAT
It hides internal network addresses
Why a stateful packet inspection firewall is less susceptible to spoofing attacks?
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
Which type of firewall is considered the most secure?
Stateful packet inspection
Which of the following can be shipped preconfigured?
Router-based firewalls
A device that hides its internal IP addresses is called?
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
Which of the following is an advantage of the network host based configuration?
It is inexpensive or free
Which of the following is a combination of firewalls?
Bastion host firewalls
What type of firewall requires client applications to be authorised to connect?
Application gateway
Which of the following are four basic types of Firewalls?
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
What is another term for preemptive blocking?
Banishment vigilance
Specter is an advanced IDS system
False
A system that is setup for attracting and monitoring intruders is called?
Honeypot
A series of ICMP packets sent to your ports in sequence might indicate what?
A ping flood
Attempting to attract intruders to a system setup for monitoring them is called?
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
Which of the following is NOT a profiling strategy used in anomaly detection?
System monitoring
IDS is an acronym for:
Intrusion-detection system
What type of IDS is Snort?
CLICK TO SKIP AD AND GET ANSWER. SUPPORT US!
A profiling technique that monitors how applications use resources is called?
Executable profiling
- Which of the following is the symmetric key system using blocks?
Answer- DES
- Blowfish is an asymmetric stream cipher
Answer- False
- Which encryption algorithm uses a variable length symmetric key?
Answer-Blowfish
- Which of the following is an encryption method developed by three mathematicians?
Answer-RSA
- Which hashing algorithm do modern windows system use?
Answer-NTLM
- What is a digital signature?
Answer- A piece of encrypted data added to other data to verify the sender
- What is the purpose of a certificate?
Answer- To validate the sender of a digital signature or software
- Which of the following encryption algorithms is a block cipher and uses the Rijndael algorithm?
Answer- AES
- Which of the following uses key sizes equal to 128, 192 and 256 bits?
Answer-AES
- Secure Multipurpose Internet Mail Extensions (S/MIME) use X.509 certificates to secure e-mail communication
Answer-True
- The ESP Protocol provides data confidentiality and authentication.
Answer- True
- Which of the following is an important security feature in CHAP
Answer- It periodically re-authenticates
- Which authentication protocols are available under PPTP?
Answer- EAP,CHAP
- Which of the following is generally considered the least secure?
Answer- PAP
- What is the purpose of IKE?
Answer- Key exchange
- Which of the following is a weakness in PPTP?
Answer- No encryption
- Openswan is a VPN solution provided by CISCO.
Answer- False
- PPTP is based on which protocol?
Answer- PPP
- PPTP is an acronym for which of the following?
Answer- Point-to-Point Tunneling Protocol
- What does L2TP stand for?
Answer- Layer 2 Tuneling Protocol
- Which of the following best describes the registry
Answer- A database containing system settings
- What account lockout threshold does the NSA recommends?
Answer- 3 tries
- The command sudo find/-perm -4000 checks for the location of suid binaries
Answer- True
- What minimum password length does the NSA recommends?
Answer- 12
- What level of privileges all users must have?
Answer- Least possible
- What maximum password age does Microsoft recommend?
Answer- 42 days
- What type of encryption does EFS utilize?
Answer-Public key encryption
- What is the rule for unused services on any computer?
Answer- Turn them off
- A Linux system has a repository of packages available to be installed on the system
Answer- True
- What operating system requires periodic patches?
Answer- All
What is active code scanning?
Actively scanning for malicious code
The unfortunate side effect of heuristic scanning is that it can easily lead to false positives
True
What is the most common method of virus propagation?
Through e-mail attachments
In the context of viruses what is a .dat file?
A file with virus definitions
The first known ransomware was the 1995 PC Trojan
False
In the event of a virus infection, the first priority is to contact the IT department.
False
What is heuristic scanning?
Scanning using a rules-based approach
Which of the below are famous Trojan Horses? (Choose two)
Netbus
FinFisher
What malicious activity did the Rombertik virus attempt?
Which of the following should be the least important consideration when purchasing antivirus software?
Cost of the software
Which of the following should be recommended as acceptable e-mail attachments?
Text attachments
What is the best rule of thumb in access control?
Allow the least access job requirements allow
Instant messaging can be used not only for business communication but also for personall communication.
False
Always open email attachments coming from unknown sources.
False
Passwords must always be shared with any person for any reason.
False
Which of the following is NOT an example of a user password policy?
Users may share passwords only with their assistants
What should an employee do if she believes her password has been revealed to another party?
Change her password immediately
Which of the following is the best reason users should be prohibited from installing software?
They may install software that disables existing security programs on your machine
Which of the following is NOT an area user policies need to cover.
If and when to share passwords
Logon accounts, VPN, network and any other resources should NOT be disabled for leaving employees.
False
All visitors to the building must be logged in and escorted by an employee at all times.
True
Which of the following is the most fundamental aspect of security?
Implementing an IDS
All employees within a company must have access to the server room.
False
Which of the following best describes risk assessment.
Evaluating the security of a network
Which of the following is the least necessary security device/software
Encryption for all internal transmissions
Virus attacks utilize uncommon ports to gain access to a system.
True
You should have a document that lists physical security is in place
True
Ports 1 through 1024 are NOT assigned and used for well-known protocols
False
What is NOT a primary reason for documenting your security activity and audits?
To demonstrate how much work the network administrators usually do
Open Web Application Security Project is the standard for risk assessment.
False
Which U.S. standard should you consult to guide you in developing security policies?
NIST SP 800-14
ISO 27035 describes incident management.
True
Which standard defines Management System Auditing?
ISO 27007
PCI DSS is a proprietary information security standard for organisations that handle cardholder data.
tRUE
Which U.S. standard covers risk assessment?
NIST SP 800-30
NIST SP 800-30 Rev.1 is a standard for conducting risk assessments.
True
What is the acronym of GDPR?
General Data Protection Regulation
What standard should you consult for managing incident response?
ISO 27035
What does the Step 3 in NIST 800-30 Rev.1 clarifies?
Threat Identification
Which of the following describes ISO 27003?
ISMS Implementation
How should a company test the integrity of its backup data
Restoring the backup
What is a mantrap?
A double door facility used for physical access control
Cameras must be placed so that they have an unobstructed view of the areas you want to monitor.
True
Which of the following is NOT considered a disaster?
Server Maintenance
A common method of securing building access is to have a locked door or barrier requiring employee ID.
True
The disaster recovery plan has as a major goal to get the organisation back to full functionality.
True
Which RAID level offers dual parity
6
The plan for recovering from an IT disaster and having the IT infrastructure back in operation is called?
DRP
Which RAID level uses mirroring?
1
RAID 0 does not offer fault tolerance
True
From a port scanning you identified that port 88 is open. What does this tell you?
The target system uses Kerberos authentication
If you send a SYN to an open port what is the correct response?
SYN/ACK
Which of the following is the most reliable type of scan?
SYN
Trying to identify machines on a target network is called?
Enumeration
Julie has been hired to perform a penetration test on xyz.com.
Passive Information Gathering