Russian Hacking Exposed

Russian hacking was exposed in a detailed indictment of 12 Russians by the US Department of Justice (DoJ). While reading through it I was intrigued at how the indictment laid out methods that the Russians used in clear and simple English.

Reading through the indictment, it gave all the classic indications of an advanced persistent threat (APT), the indictment never said so. Instead it indicated the attacks came from Units 26165 and 74455, which are part of a Russian military agency called the Main Intelligence Directorate of the General Staff. This is commonly abbreviated as GRU (which is not the same Gru of Despicable Me fame).

Two departments within Unit 26165 have been previously identified as Fancy Bear or APT 28. Apparently these hackers took April 15, 2016 off as a holiday. It is a Russia holiday in honor of the Russian military’s electronic ware services.

Russian Spear Phishing for Credentials

In one of the attacks outlined in the indictment, they sent spear phishing emails (targeting staffers of an election campaign). The email mimicked a security notification from Google and looked something like this according to The Smoking Gun.

Spoofing (or impersonation) is a common method used to trick users. In this example, attackers impersonated The Gmail Team.

Admittedly, this does look rather legitimate and would alarm anyone working on a campaign that someone from the Ukraine was logging onto their account. Looking at the links in the email wouldn’t have helped. Attackers used a URL-shortening service to mask the actual URL

Apparently, some staffers (including volunteers all the way up the chairman of the campaign) clicked the link. They were prompted to enter their current credentials and then they were able to change their passwords. At least that’s what they thought they were doing.

If you know about phishing and spear phishing attacks, you probably guessed that the link was bogus. It allowed the attackers to gather the users’ credentials and access their Google gmail accounts. Immediately after the users “changed” their passwords on the bogus site, the attackers changed their actual passwords to what the users through they were changing it to. Users typically didn’t give this another thought.

Russian Spear Phishing to Install Malware

Attackers also sent spear phishing emails to users with a malicious document. It looked like it was an Excel spreadsheet with a name that made users think it was valid. However, when users clicked on it, it redirected them to a malicious website that attempted to download malware. This is also known as a drive-by download and is a common method used by APTs and other attackers.

The attackers used multiple versions of malware used by GRU known as X-Agent. This gave them remote access to infected computers, allowing them to monitor users’ computer activity, capture keystrokes and screenshots to steal passwords, and maintain extended access to targeted networks.

Data Exfiltration

The indictment outlines how the attackers used the stolen credentials to steal the contents of email accounts, including over 50,000 emails from the chairman’s email account. It also outlines how the attackers used the stolen credentials along with open-source information to learn about networks used by the targeted campaign.

They used other known GRU malware, called X-Tunnel to send the data to servers controlled by the attackers. X-Tunnel compressed gigabytes of stolen data and then sent it with X-Tunnel via encrypted channels to the attackers servers.

They hacked into the computers of people involved in the 2016 U.S. presidential election and installed malware on dozens of these systems. This allowed them to remotely access the systems, monitor key strokes, take screenshots, and access internal network. Ultimately, they stole tens of thousands of emails and other documents from these computers and networks.

Hacked into State Board of Elections

Defendants are also accused of hacking into “the computers U.S. persons and entities responsible for the administration of 2016 U.S. elections, such as state boards of elections, secretaries of state, and U.S. companies that supplied software and other technology related to the administration of U.S. elections.”

In at least one of these attempts, they accessed the website of a state board of elections, and exfiltrated privacy information of approximately 500,000 voters. This included names, addresses, partial social security numbers, driver’s license numbers, and birth dates.

Guccifer 2.0 and DCLeaks

In an attempt to hide their identity, the attackers created online personas such as Guccifer 2.0 and DCLeaks, which they used to release these stolen emails and documents. They hid these identities by spreading falsehoods about them. As an example, Guccifer 2.0 said he was Romanian in interviews that occurred during the attacks and repeatedly said he was not Russian.

They created a variety of sites and social media accounts for DCLeaks and Guccifer 2.0. The DCLeaks and Guccifer 2.0 Twitter accounts were suspended on July 14. They also had Facebook accounts for both DCLeaks and Guccifer 2.0, which they regularly used to spread disinformation. Their website, dcleaks.com, was also used to publish many of these stolen emails and other documents. It has since been taken down.

Russian Hacking Summary

In very clear English, the US DoJ outlined how Russian hackers used sophisticated APT tactics to attack US entities involved in the US election. Attackers started with sophisticated spear phishing attacks to steal credentials and infect dozens of computers. They later stole hundreds of thousands of emails and several gigabytes of data.

This provides another clear example of the importance of educating all users about common cyber security practices. All it takes is one user to click on the wrong link to cause devastation for an organization.

In 2016, it was an attack on a US election campaign.

What will 2019 bring?

Some people predict an attack on our power infrastructure crippling major portions of our country. Indeed, The US-CERT has already published a joint Technical Alert outlining Russian government actions against US “energy, nuclear, commercial facilities, water, aviation,” and other critical manufacturing sectors.

Read More

Using Defense-In-Depth Strategy

It’s common to implement several controls using a defense-in-depth strategy. If you’re planning to take the SY0-501 version of the Security+ exam, you should have a good understanding of frameworks, best practices, and secure configuration guides. This includes implementing defense-in-depth/layered security to protect assets.

For example, can you answer this question?

Q. After a recent attack on your organization’s network, the CTO is insisting that the DMZ uses two firewalls and they are purchased from different companies. Which of the following BEST describes this practice?

A. Single-layer security

B. Vendor diversity

C. Control diversity

D. Redundancy

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

Get Certified Get Ahead

Implementing Defense in Depth

Defense in depth (also known as layered security) refers to the security practice of implementing several layers of protection. You can’t simply take a single action, such as implementing a firewall or installing antivirus software, and consider yourself protected. You must implement security at several different layers. This way, if one layer fails, you still have additional layers to protect you.

If you drive your car to a local Walmart, put a five-dollar bill on the dash, and leave the keys in the car and the car running, there is a very good chance the car won’t be there when you come out of the store. On the other hand, if you ensure nothing of value is visible from the windows, the car is locked, it has an alarm system, and it has stickers on the windows advertising the alarm system, it’s less likely that someone will steal it. Not impossible, but less likely.

 

Using Defense-In-Depth Strategy

You’ve probably heard this as “there is no silver bullet.” If you want to kill a werewolf, you can load your gun with a single silver bullet and it will find its mark. The truth is that there is no such thing as a silver bullet. (Of course, there is no such thing as a werewolf either.)

Applied to computers, it’s important to implement security at every step, every phase, and every layer. Information technology (IT) professionals can never rest on their laurels with the thought they have done enough and no longer need to worry about security.

Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Control diversity is the use of different security control types, such as technical controls, administrative controls, and physical controls. For example, technical security controls such as firewalls, intrusion detection systems (IDSs), and proxy servers help protect a network. Physical security controls can provide extra protection for the server room or other areas where these devices are located. Administrative controls such as vulnerability assessments and penetration tests can help verify that these controls are working as expected.

Vendor diversity is the practice of implementing security controls from different vendors to increase security. Many DMZs use two firewalls and vendor diversity dictates the use of firewalls from different vendors. For example, one firewall could be a Cisco firewall and the other one could be a Check Point firewall. If a vulnerability is discovered in one of these firewalls, an attacker might be able to exploit it. However, it’s unlikely that both firewalls would develop a vulnerability at the same time.


CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Q. After a recent attack on your organization’s network, the CTO is insisting that the DMZ uses two firewalls and they are purchased from different companies. Which of the following BEST describes this practice?

A. Single-layer security

B. Vendor diversity

C. Control diversity

D. Redundancy

Answers is B. The chief technology officer (CTO) is recommending vendor diversity for the demilitarized zone (DMZ). Firewalls from different companies (vendors) provide vendor diversity. This also provides defense in depth or layered security, but not single-layer security.

Control diversity is the use of different controls such as technical, administrative, and physical.

Redundancy is the use of duplicate components for fault tolerance, but the two firewalls work together in the DMZ.

See Chapter 9 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on implementing controls to protect assets.

Read More

Identifying Threat Actors

When considering attacks, it’s important to realize that there are several different types of threat actors, and they each have different attributes. If you’re planning to take the SY0-501 version of the Security+ exam, you should have a basic understanding of threat actor types and attributes.

For example, can you answer this question?

Q. The Marvin Monroe Memorial Hospital recently suffered a serious attack. The attackers notified management personnel that they encrypted a significant amount of data on the hospital’s servers and it would remain encrypted until the management paid a hefty sum to the attackers. Which of the following identifies the MOST likely threat actor in this attack?

A. Organized crime

B. Ransomware

C. Competitors

D. Hacktivist

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Don’t let the phrase threat actors confuse you. It’s just a fancier name given to attackers—anyone who launches a cyber attack on others.

One common method that attackers often use before launching an attack is to gather information from open-source intelligence. This includes any information that is available via web sites and social media. For example, if attackers want to get the name of the chief executive officer (CEO) of a company, they can probably find it on the company’s web site. Similarly, many organizations post information on social media sites such as Facebook and Twitter.

Types of Threat Actors

A script kiddie is an attacker who uses existing computer scripts or code to launch attacks. Script kiddies typically have very little expertise or sophistication, and very little funding. Many people joke about the bored teenager as the script kiddie, attacking sites or organizations for the fun of it. However, there isn’t any age limit for a script kiddie. More important, they can still get their hands on powerful scripts and launch dangerous attacks. Their motivations vary, but they are typically launching attacks out of boredom, or just to see what they can do.

Get Certified Get Ahead

 

A hacktivist launches attacks as part of an activist movement or to further a cause. Hacktivists typically aren’t launching these attacks for their own benefit, but instead to increase awareness about a cause. As an example, Deric Lostutter (known online as KYAnonymous) was upset about the rape of a Steubenville, Ohio, high school girl, and what he perceived as a lack of justice. He later admitted to participating in several efforts to raise awareness of the case, including targeting a web site ran by one of the high school’s football players. Eventually, two high school football players were convicted of the rape. One was sentenced to a year in juvenile detention and served about 10 months. The other one was sentenced to two years and served about 20 months. Lostutter was ultimately sentenced to two years in federal prison.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

An insider is anyone who has legitimate access to an organization’s internal resources. Common security issues caused by insider threats include loss of confidentiality, integrity, and availability of the organization’s assets. The extent of the threat depends on how much access the insider has. For example, an administrator would have access to many more IT systems than a regular user.

Malicious insiders have a diverse set of motivations. For example, some malicious insiders are driven by greed and simply want to enhance their finances, while others want to exact revenge on the organization. They may steal files that include valuable data, install or run malicious scripts, or redirect funds to their personal accounts.

Competitors can also engage in attacks. Their motivation is typically to gain proprietary information about another company. Although it’s legal to gather information using open- source intelligence, greed sometimes causes competitors to cross the line into illegal activity. This can be as simple as rummaging through a competitor’s trash bin, which is known as dumpster diving. In some cases, competitors hire employees from other companies and then get these new employees to provide proprietary information about their previous employer.

Identifying Threat Actors

Organized crime is an enterprise that employs a group of individuals working together in criminal activities. This group is organized with a hierarchy with a leader and workers, like a normal business. Depending on how large the enterprise is, it can have several layers of management. However, unlike a legitimate business, the enterprise is focused on criminal activity. As an example, Symantec reported on Butterfly, a group of well-organized and highly capable attackers who steal market-sensitive information on companies and sell that information to the highest bidder. They have compromised some large U.S. companies, including Apple, Microsoft, and Facebook. Additionally, they have steadily increased their targets to include pharmaceutical and commodities-based organizations.

The primary motivation of criminals in organized crime is money. Almost all their efforts can be traced back to greed with the goal of getting more money, regardless of how they get it. However, because there isn’t a defined size for organized crime, their sophistication, resources, and motivations can vary widely. Imagine a group of 10 individuals decides to target a single company. They will probably have significantly less sophistication and resources than the criminals within Butterfly.

Some attackers are organized and sponsored by a nation-state or government. An advanced persistent threat (APT) is a targeted attack against a network. The attacks are typically launched by a group that has both the capability and intent to launch sophisticated and targeted attacks. They often have a significant amount of resources and funding. Additionally, individuals within an APT group typically have very specific targets, such as a specific company, organization, or government agency. Successful attacks often allow unauthorized access for long periods of time, allowing attacks to exfiltrate a significant amount of data.

Remember this

Organized crime elements are typically motivated by greed and money but often use sophisticated techniques. Advanced persistent threats (APTs) are sponsored by governments and they launch sophisticated, targeted attacks.


Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Q. The Marvin Monroe Memorial Hospital recently suffered a serious attack. The attackers notified management personnel that they encrypted a significant amount of data on the hospital’s servers and it would remain encrypted until the management paid a hefty sum to the attackers. Which of the following identifies the MOST likely threat actor in this attack?

A. Organized crime

B. Ransomware

C. Competitors

D. Hacktivist

Answer is A. This attack was most likely launched by an organized crime group because their motivation is primarily money.

While the scenario describes ransomware, ransomware is the malware, not the threat actor.

Competitors often want to obtain proprietary information and it would be very rare for a hospital competitor to extort money from another hospital.

A hacktivist typically launches attacks to further a cause, not to extort money.

See Chapter 6 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on threats, vulnerabilities, and common attacks. The SY0-401 Study Guide also covers attacks in Chapters 6 and 7.

Read More

CertNexus CIoTP Beta Exam Now Available

CertNexus CIoTP Beta Exam Now Available

CertNexus, an IT certification company, is thrilled to announce the availability of both the Certified Internet of Things Practitioner (CIoTP) and CyberSec First Responder™ (CFR) beta exams. CertNexus is committed to providing certifications that validate the skills and knowledge needed for cyber security and IoT emerging technology. Our flagship exam, CIoTP, will ensure that candidates have a foundational, vendor-neutral knowledge of concepts within an Internet of Things (IoT) eco-system. CFR validates a candidate’s ability to assess, analyze, and respond to cybersecurity incidents. Both high-stakes exams are offered online through our partnership with Assessment Systems, allowing the convenience of 24/7 scheduling at one’s home or office.

Intended for professionals in IT, engineering, data, and project management whose organizations are embarking on IoT initiatives, CIoTP candidates will be able to efficiently identify the applications for IoT within a market and identify the benefits and challenges that IoT would present. The CIoTP exam covers risk management for IoT as well as IoT safety concerns. CertNexus ensures that candidates will have a proficient understanding of the characteristics of an IoT ecosystem such as end-point devices, edge/fog computing, networks, and the cloud. For more information on the ITP-110 exam, view the ITP-10 Blueprint.

“Rolling out the beta versions of the exam is a valuable step in our exam development,” says Megan Smith Branch, Vice President for CertNexus. “It allows us to collect feedback on the exam and comply with our high standards as we seek ANSI (American National Standards Institute) accreditation. It is highly unusual for a certification body to launch two exams at once, but it allows us to be relevant to changing technologies.”

The CIoTP beta exam is now available on the CertNexus store for $40 ($250 MSRP) through August 6. The new online delivery provides remote proctoring allowing the candidate to take the exam from home. Upon passing the exam, the candidate will become CIoTP certified. The new CertNexus CyberSec First Responder (CFR-310) beta exam is available through July 17th.

 

About CertNexus

CertNexus CIoTP Beta Exam Now Available

CertNexus focuses on providing certifications specifically for IT professionals. Through training and certifications, we address the massive skills shortage throughout information technology. CertNexus certifications have been developed to meet the growing demand for skills validation and personal growth, and designed to ultimately narrow the widening skills gap within cybersecurity and the IT industry.

 

Note: This information is derived directly from a CertNexus press release in June 2018.

Read More

What’s in a Digital Certificate?

Digital certificates have a lot of data within them, and you should have a good understanding of what they contain, especially if you plan to take the SY0-501 version or the SY0-401 version of the Security+ exam.

As an example, see if you can answer this sample Security+ question I recently added to the Extras SY0-501 test banks on the gcgapremium.com site.

Q. You are examining a certificate received from a web server used for secure transport encryption. Which of the following items will you be able to see in the certificate? (Choose TWO.)

A. The server’s private key
B. The CAs public key
C. The OID
D. The server’s public key
E. The CSR

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

Viewing a Digital Certificate

One easy way to see what is in a certificate is to view one.  You can use the following steps to view a certificate using Google Chrome.

  1. Go to https:/gcgapremium.com.
    You’ll see a lock icon and the word Secure to the left of the URL.
  2. Click on the word Secure and select Certificate.
    You’ll see the certificate open with the General tab selected.

General Tab of the Digital Certificate

The following graphic shows the General tab of a certificate. Notice that this tab shows the purposes of the certificate.

While it doesn’t say it, the certificate is also used to create secure Hypertext Transfer Protocol Secure (HTTPS) sessions with Transport Layer Security (TLS).

The third bullet is a cryptic set of numbers separated by dots (2.23.140.1.2.1). This is the object identifier (OID) for the certificate and provides information on the certificate using the OID format. The 2.23.140.1.2.1 OID indicates it is a domain validated certificate. A domain validated certificate is a server security certificate. It provides assurances that the certificate has been validated to be used with a specific server.

This tab also shows that the certificate was issued to www.gcgapremium.com, the certificate authority (CA) that issued the certificate, and the validity dates.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Details Tab of the Digital Certificate

The Details tab of the certificate has the most information.

It identifies the version (V3), various algorithms used by the certificate, who issued it, validity dates, and more. The following graphic shows the Details tab with the public key selected.

This public key is distributed with the certificate and matches the private key held on the server. The private key is always kept private and never shared. This public/private pair is used for asymmetric encryption.

Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Certification Path Tab of the Digital Certificate

The Certification Path tab (shown in the following graphic) of the certificate shows the certification path or trust chain of the certificate.


GlobalSign Root CA – R3 is the root CA. The root CA issues certificates to child CAs (and in some cases intermediate CAs).

In the trust chain shown in the graphic, the root CA issued a certificate to GlobalSign Domain Validation CA – SHA256 – G2. This child CA issues certificates used by others on the Internet, including the site located on the gcgapremium.com server.

Your computer decides to trust this certificate if it trusts the root CA.

Windows systems have a Trusted Root Certification Authority Store with certificates from multiple CAs. The following graphic shows that this system trusts the GlobalSign Root CA. Because it trusts the root CA, it trusts all certificates issued or used by systems in the certification trust path.

The child CA issues certificates for routine use, such as the certificate for www.gcgapremium.com.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions


Q. You are examining a certificate received from a web server used for secure transport encryption. Which of the following items will you be able to see in the certificate. (Choose TWO.)

A. The server’s private key
B. The CAs public key
C. The OID
D. The server’s public key
E. The CSR

C and D are correct. The object identifier (OID) is a dot-separated series of numbers such as 2.23.140.1.2.1. It is viewable on the General tab of the certificate. The server’s public key is also viewable in the certificate on the Details tab of the certificate.

A server’s private key is always kept private.

The Certification Path tab of the certificate shows the certificate authority (CA) that issued the certificate, but not the CAs public key.

A certificate signing request (CSR) is used to request a certificate, but it is not contained in the issued certificate.

See Chapter 10 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide for more information on certificates. The SY0-401 Study Guide also covers certificates in Chapter 10.

SY0-501 objective 6.4 Given a scenario, implement public key infrastructure.

You might like to check out these blog posts on certificates too:

Submitting CSR and CA

and

Certificate, Certificate Revocation List, and Certificate Authority

 

Read More

Security+ Multiple Choice Answers

Apparently, the CompTIA SY0-501 Security+ exam is including as many as 6 or 8 multiple choice answers in multiple choice questions. Several readers have recently told me they were surprised to see so many questions requiring them to select multiple answers.

Analyzing their feedback and looking at the Security+ objectives, it looks like one more example where CompTIA is requiring test takers to apply critical thinking skills when answering the questions. As an example, see if you can answer this practice test question that I recently added to the online Extras test bank for the SY0-501 exam.

Q. You suspect that an attacker is performing a reconnaissance attack against servers in your organization’s DMZ. The attacker is attempting to gather as much information as possible on these servers. You decide to check the logs of these servers to determine if the attacker is attempting a banner grabbing attack. Which of the following commands MOST likely indicate that the attacker is launching a banner grabbing attack? (Select FOUR.)

A. netcat
B. ipconfig
D. ping
E. arp
F. grep
G. tcpdump
H. nmap
I. telnet

Do you know the correct answers? More, do you know why the correct answers are correct, and why the incorrect answers are incorrect? Check out the answer with the full explanation here.

Banner Grabbing & Security+ Multiple Choice Answers

Banner grabbing is a technique used to gain information about a remote server and is often used as part of a reconnaissance attack. It is one of several methods that can uniquely identify a server by fingerprinting it.

As an example, imagine you issued the following command:

telnet nonexistentdomain.netorg 80

If this was a valid domain name and Telnet was enabled on the server, you would likely see something like this:

<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head><title>501 Method Not Implemented</title>
</head><body>
<h1>Method Not Implemented</h1>
<p>GET to /index.html not supported.<br /></p>
<p>Additionally, a 404 Not Found error was encountered.</p><hr>
<p><address>Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips <br /></p>
<p>mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at <br /></p>
<p>72.52.230.233 Port 80</address><br /></p>
<p></body></html><br /></p>

Check out the Banner Grabbing post for more details on what this response tells you.

You can also check out a Banner Grabbing Exercise here.

Security+ Objectives and Multiple Choice Answers

Take a look at the SY0-501 objectives. They are in the introduction of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide, and you can also download them from the CompTIA site.

Objective 2.2 “Given a scenario, use appropriate software tools to assess the security posture of an organization” includes a section titled “Command line tools.” It then lists the following tools.

  • ping
  • netstat
  • tracert
  • nslookup/dig
  • arp
  • ipconfig/ip/ifconfig
  • tcpdump
  • nmap
  • netcat

Which of these tools can be used for banner grabbing?

Netcat, Nmap, and Ping

Netcat and nmap are two obvious tools. Chapter 8 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide mentions netcat specifically in the Banner Grabbing section. Additionally, one of the free online labs for Chapter 8  the Study Guide, shows the steps you’d use with both netcat and nmap.

Ping isn’t such an obvious answer. However, if you do the banner grabbing lab, you’ll see that netcat doesn’t resolve the hostname, but instead needs an IP address.

Which of the answers can resolve the hostname to an IP address? Ping.

While ping is typically used to test connectivity with a remote system, it can also resolve hostnames to IP addresses. Chapter 1 of the study guide includes a section titled “Using Ping to Check Name Resolution” and shows you how.

The last part of this lab shows you how to use nmap for banner grabbing.

Incorrect Answers

So at this point, you know that telnet, netcat, nmap, and ping can be used in a successful banner grabbing attack.

Telnet is often disabled on Internet facing systems, so it may not be available as a choice.

What about the other answers? If you understand their usage (and what banner grabbing is), you’ll know that they cannot be used for banner grabbing.

The ipconfig command (short for Internet Protocol configuration) shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for the local system.

The arp command is used to resolve the IP address of a computer to its media access control (MAC) address, also known as its physical address.

The grep command (short for global regular expression in print) is used to search plain text files for words or phrases. While grep isn’t in the objectives, it is used so often in Linux, it’s a good distractor.

The tcpdump command is a command-line packet analyzer (sometimes called a protocol analyzer). It can capture live traffic, but not traffic that occurred in the past.


Answer to Security+ Multiple Answer Question

Q. You suspect that an attacker is performing a reconnaissance attack against servers in your organization’s DMZ. The attacker is attempting to gather as much information as possible on these servers. You decide to check the logs of these servers to determine if the attacker is attempting a banner grabbing attack. Which of the following commands MOST likely indicate that the attacker is launching a banner grabbing attack? (Select FOUR.)

A. netcat
B. ipconfig
D. ping
E. arp
F. grep
G. tcpdump
H. nmap
I. telnet

Some tools used for banner grabbing are ping, netcat, nmap, and telnet.

The ping command resolves the hostname to an IP address. If you already know the IP address, you wouldn’t need to use the ping command.

Netcat (often abbreviated as nc), nmap, and telnet can use the IP address to grab a banner from a system.

Due to its vulnerabilities, telnet is often disabled on servers so it may not work.

The ipconfig command (short for Internet Protocol configuration) shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for the local system.

The arp command is used to resolve the IP address of a computer to its media access control (MAC) address, also known as its physical address.

The grep command (short for global regular expression in print) is used to search plain text files for words or phrases.

The tcpdump command is a command-line packet analyzer (sometimes called a protocol analyzer). It can capture live traffic, but not traffic that occurred in the past.

Two other tools that can perform banner grabbing are Zenmap and ZMap. Zenmap is the windows-based version of nmap. ZMap is a completely different scanning tool.

Chapter 1 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers various commands. Chapter 8 covers banner grabbing. The “Banner Grabbing with NetCat and Nmap” lab shows the steps to grab a banner from a remote system.

Objective 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.

Read More
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.