Thanks for being patient everyone, I've been very busy with life lately so I've been slacking on the uploads. I've gotten a lot of comments and messages from people who have said these videos helped them pass their exam. I'm glad people are enjoying these videos. Here is part 1 of the SYO-701 Security+ Series. I really hope you enjoy it!
I passed the sy0-701 a few hours ago! I've been watching your Security+ videos along with Professor Messer for about 2 weeks now, and it feels like your questions are a bit harder than what was on my real exam. I usually miss 3-4 questions from each of your five most recent Security+ videos I've watched from you, which had me worried, but I passed with a 775 so you helped me a lot. Thank you again!
Good morning! I just took it Saturday and made a 710. I had 1 PBQ I did not recognize at all and had to guess.. it was the Encrypting VPN concentrators one. I have booked again for July 5th and wanted to ask if you had any guidance on it bc I’m afraid I could get the same PBQ again. Thanks in advanced.
@@dawsonearhart7445 Hey! I don't recall getting a PB question for specifically encryption related to VPN concentrators, however, I did get a PB question for setting up two VPN concentrators for two hosts across the internet. To be honest, I didn't really study/care about the PBQs since you can pass without getting any of them right, so I mainly focused on the multiple choice questions. However, I've noticed that the knowledge required to correctly answer these PB questions is quite broad, meaning that there are multiple topics that you would need to understand in order to get one of the PB questions correct. I'm not a study expert, but given that you have about 2 weeks left until your next exam, depending on your dedication to passing the exam, it might be worth trying to practice setting up a VPN concentrator in a virtual environment or something related to hands-on practice if you want to specifically get that question right. I can't guarantee that my advice will help you, but hopefully I was able to help a bit. P.S. I hope I am not overstepping my boundaries by saying this, but seeing that you got a 710, I think it might help if you also get more practice on the multiple choice questions, as I doubt one PBQ would be the difference between you passing or not at your current score. I was a bit cheap on searching for practice questions, so I didn't use any paid services or products for practice questions. Here's a list of all the questions I practiced with: Cyber James' Security+ videos, Professor Messer's SY0-701 Study Group livestreams (on his youtube channel), Professor Messer's weekly quizzes on his website (www.professormesser.com/category/security-plus/sy0-701/sy0-701-pop-quiz/), and a few other 1-3 hour youtube videos on sy0-701 practice questions (preferably the ones that give explanations for all answer choices, as it's important to know why the other choices in a question might be wrong).
Just finished taking and PASSING the 701 exam! Your breakdowns of seeing what the questions were asking for, and going through each answer right or wrong really helped changed the way I studied and attacked the exam. Appreciate you and keep up the good work!
Haha I hear you dude. I've almost given up like 5 times now. About to take the exam in like 3 weeks, i'm on my 5th practice exam and just now starting to gain some confidence.
the questions on the exam are a lot harder. While most practice exams give you a obvious answer by doing process of elimination the exam tries to trick you by giving answers that are very similar. Sometimes they are all acronyms and sometimes they are rephrased differently. At the end of the day, memorizing all the acronyms and understanding the concept will help so much more in the long run.
I've gone through two of your security+ videos and found myself answering wrong a lot in the beginning until you kept going back and saying, "Well, WHAT are they asking?". Ever since that has clicked in my head, I've been choosing the correct answer like 8-9/10 times now. My main issue is just remembering some definitions and the acronyms. Huge emphasis on acronyms, though. I'm a little over halfway through my associates in cybersecurity, and these videos are preparing me better for the CompTIA Sec+ more than my classes have. However, my associates is helping me build an understanding of the concepts for everything. Just to clarify, I am not saying my classes aren't worth it for me. They are, but this is way better for the Sec+ certification. TLDR: Good vids. Am improving. 👍
Question 2, nahh, it says you're walking by the cubicle, at that exact moment. The logical step to take immediately at that exact moment would be to warn the user about the POTENTIAL phishing attempt since you are walking past them at that time. By not warning the user and reporting to the IT department, you essentially risk the user clicking on the phishing link as you go and report.
For question 9, the question says to minimize the risk not get rid of risk which is what answer A would be. We also don't know if the confidential information is backed up or not. It my head D makes the most sense to MINIMIZE the risk. Any help on clarification? Edit: Also great video and content, keep them coming!
Changing the user’s logon credentials doesn’t stop the data from being accessed. It doesn’t mention the hard drive being encrypted so you have to assume it isn’t, and whether the data is backed up is irrelevant to the question.
I understand why the answer to question 7 is to quarantine the machine on it's own network but I disagree with that. If a machine is actively encrypting files, turning it off will make sure that stops happening. You can always pull the SSD from the system later to run it in a sandbox. The ransom note will remain one of the few unencrypted files so you don't even need the full-screen message. If you leave the computer turned on and quarantined, you risk losing local files that haven't yet been encrypted. You also mitigate the risk of further infection from a hijacked bluetooth radio or similar wireless commination.
I took a practice test from another guy on youtube and got 45/50, took this and got 14/20... much better questions I think. Remembering all of the acronyms is gonna be hard.
Ok question 16 has to be challenged cuz it's not fair to test takers. If I'm calling help desk then that means it's work related. The bank doesn't send email to your work email, they send it to your personal email and if that's the case I'm not calling help desk for a personal problem, in that scenario the answer would be D but given the scenario it def should be C!
No, SSL. This is a bit of a trick question, because yes SSL is considered insecure compared to TLS. However, the question asks which is most appropriate to secure the communication. Communication is key here. AES alone does not encrypt communication, but SSL can use AES as part of secure communications. If TLS was an option, the answer would be TLS. SSL is still on the 701 exam objectives.
@@ImCyberJames Hi! I learned that SSL is no longer used due to known vulnerabilities and it has been replaced by TLS. Do you confirm/agree with this? If so, can you explain how SSL can be the correct answer then? Thanks!
@@zannimo1 Correct, TLS replaced SSL. Even though the word SSL is still used today, 99% of the time they are referring to TLS. CompTIA still wants you to know what SSL is. Out of all the given answers for question 3, SSL, although technically not considered secure, is still the best answer for secure communication out of the possible answers.
Q2 driving me nuts. The order of operations is different for me. At my job I'm well trusted. I'd always have a conversation with the worker right away and then follow up with alerting I.T. as I can catch a problem early.
Anytime I've had a user not able to reach an internal website, it was in issue with their laptop either not being connected to the company's network or vpn being turned on while being onsite. I thought the answer was C too
Question 7: Why would powering down the PC worsen the issue? Also, most of these questions are not focused on the objectives of the SY0-701. Looks more like the SY0-601. Thx for the effort..
The two main reasons why you should not immediately power down an endpoint suspected of ransomware is because 1. It could lead to permanent data loss and 2. You would not be able to continue analyzing the ransomware (if necessary) and volatile memory would be erased.
@@ImCyberJames It makes sense but could they not have written a program to automatically encrypt once you disconnect or isolate from the network? Some viruses will actually delete once they are no longer connected to the network? By powering off could you not boot in safe mode and start the scan after you isolate? I feel like that if the ransom was embedded in certain processes that would not run during the boot, you would be able to quarantine in a safe environment after the reboot and scan. If it is a active ransom attack they have already encrypted and gained the key before they reached out to you anyway..
I have beef with no 9. You cant access the computer if it isnt connect to any network. Which a thief/ hacker would not do. I would remove the storage from it. Which should be encrypted at rest or full disk encryption.
B isn't a bad answer, the symptoms are similar. The reason why I went with A was because the scenario mentioned a web application. Web applications are connected to a database, and web applications are *often* targeted by SQL attacks. In my mind the specially crafted code was SQL code, and without input sanitation it left the database that connects the finance processes vulnerable.
u mean question 3. SSL is right because MD5 is hashing technique, DSA is primarily used for Digital Signatures, AES is encryption technique used to encrypt data at rest and is used in protocols like SSL or TLS to enrypt data in transit so we select SSL as whole.