security Archives

Home » security » Page 60

A cloud computing-related Security+ question

Dave Farquhar security February 29, 2012August 12, 2018CISM, cissp, datacenter, DBA, SSCP

Someone tossed a Security+ study question my way this week. This is an example of Security+ trying to be CISSP Lite, but it’s still a valid question–probably for either test, and for SSCP and CISM too.

A small not-for-profit organization needs to invest in a new expensive database. There is no budget for additional servers or personnel. Which of the following solutions would allow it to save money by avoiding hiring additional personnel and minimize the footprint in their current datacenter?
A. Linux
B. Software as a Service (SaaS)
C. Infrastructure as a Service (IaaS)
D. Platform as a Service (PaaS)

Let’s take it one at a time.

Dave Farquhar

David Farquhar is a computer security professional, entrepreneur, and author. He has written professionally about computers since 1991, so he was writing about retro computers when they were still new. He has been working in IT professionally since 1994 and has specialized in vulnerability management since 2013. He holds Security+ and CISSP certifications. Today he blogs five times a week, mostly about retro computers and retro gaming covering the time period from 1975 to 2000.

dfarq.homeip.net

How to pass CISSP: Test taking strategies

Dave Farquhar security February 26, 2012September 28, 2016cissp, isc, ISO, OSI, osi model

The CISSP is a 250-question, multiple-choice test. You have six hours to complete it. It’s not like any college final I ever took, though cramming all of finals week into a six-hour session is almost a fair comparison. If you’re wondering how to pass CISSP, I can’t guarantee my method, but I’m glad to share what worked for me.

Dave Farquhar

dfarq.homeip.net

How to study for CISSP

Dave Farquhar security February 25, 2012August 6, 2018CBK, christmas, cissp, isc, New Year, reference book, trenches

I got the letter this week. The one from (ISC)². If the first word is “congratulations,” it means you passed. But if the first two words are “thank you,” you didn’t. If you want the letter that says “congratulations” in your future, it helps to know how to study for CISSP. Here’s how I studied for mine. Hopefully it will help you. It’s a long road. But it’s doable.

Dave Farquhar

dfarq.homeip.net

Studying for a certification?

Dave Farquhar security February 8, 2012

Studying for a certification? Here’s a useful site: http://www.techterms.com/quiz/

They post a new tech term every day. You may not necessarily see questions just like them on any given certification, but they’ll help you keep your vocabulary current. Understanding the questions is more than half the battle.

Dave Farquhar

dfarq.homeip.net

Open-source licenses, the CISSP, and the real world

Dave Farquhar Copyright, security February 4, 2012July 14, 2017BSD, buffer overflow, cissp, cissp exam, debian, demonstration, firewall, project management, vulnerability

You may have a question about open-source licenses on your CISSP exam. I don’t remember the specifics and wouldn’t be able to repeat them anyway, but I had a question on my exam where knowing the differences was helpful in finding the right answer.

And I had to deal with an issue this past week involving open-source technologies where the licenses made a big difference.

Dave Farquhar

dfarq.homeip.net

CISSP melted my brain

Dave Farquhar security January 28, 2012December 5, 2015cissp, OSI, osi model, UDP

Five and a half hours ago, I turned in my test and departed the CISSP test site. It took me four hours to answer the nastiest 250 test questions I’ve ever seen in my life.

I felt better about it than the other guys milling around the lobby, but….

Dave Farquhar

dfarq.homeip.net

The contractor who built systems via P2P

Dave Farquhar security January 20, 2012January 23, 2022firewall, wi-fi

Today I was helping one of my coworkers study for the Security+ exam, and one of his study questions reminded me of a story.

I wrote a few days ago about spending some time in an unhealthy IT shop. One of my cohorts supported one of the departments that decided to outsource its IT to a contractor, rather than use the internal IT department. It was a form of shadow IT on a large scale. The hand-off didn’t exactly go as it should.

Dave Farquhar

dfarq.homeip.net

Don’t reuse your Zappos.com password

Dave Farquhar security January 16, 2012passwords, spam

Online shoestore Zappos.com got hacked. Among other things, the hackers got names, addresses, e-mail addresses, and encrypted passwords. That’s not as bad as getting unencrypted passwords, but there are some things you need to do immediately if you shop at Zappos.com.

Dave Farquhar

dfarq.homeip.net

The upside of the brave new Windows Server GUI-less world

Dave Farquhar security, Windows January 16, 2012turnkey, Turnkey Linux, unix, vulnerability, windows 2000, windows 8, Windows Server

So the server version of Windows 8 is losing the GUI. And some people aren’t happy about it.

Let’s talk about upside.
Read more

Dave Farquhar

dfarq.homeip.net

UEFI on ARM illustrates why we still have to watch Microsoft

Dave Farquhar security, Software January 14, 2012March 25, 2025android, apple, Bill Gates, cisco, IOS, Steve Ballmer, UEFI

UEFI is a technology that forces a computer to only load a digitally signed operating system. This has some security benefits, as it makes parts of the operating system unbootable if they become infected, since the viruses won’t be digitally signed by a reputable vendor.

Great idea, right? From a security perspective, absolutely. The more attack vectors for viruses we can eliminate, the better off we’ll be. But Microsoft’s policy on ARM systems shows how it can be abused.

Dave Farquhar

dfarq.homeip.net