Every PrepLogic Practice Exam question includes a “Feedback Link” that allows you to provide feedback or alert us to items you believe may be in error. From time to time we like to address some of your remarks here in our blog. Let’s take a look at some of our recent Practice Exam Feedback.

Our first comment is in regards to a question in our Certified Ethical Hacker (CEH) (312-50) Practice Exam. The question is:

You are a security consultant hired to perform a wireless penetration test. Which of the following would be considered part of the test? Select the best answers.

A.) Application Testing and Code Review
B.) Cordless Communications Testing
C.) Privacy Review
D.) Infrared Systems Testing
E.) PBX Testing
F.) Intrusion Detection System Testing

The correct answers are B, C and D.

Vincent writes in to say that “IDS testing should be a part of any Pen Testing for WAN or LAN.”  This is an excellent point for discussion. It’s true that IDS, in theory, can be used in the testing of wireless network vulnerabilities, but it isn’t a standard practice according to the CEH exam. IDS testing is essentially meant for wired communications. This journal article notes the need for improvements to IDS systems in order to account for the inherent vulnerabilities in wireless networks, but at this time, IDS systems are not used in this way. In the wireless penetration test example given, Cordless Communications Testing, Privacy Review and Infrared Systems Testing would be considered part of the test.

Our next comment comes from the feedback for our CISSP® Practice Exam. The question is:

Which of the following is NOT a preventative physical access control? Select the best answer.

A.) Biometrics
B.) Fences
C.) Call back systems
D.) CCTV (Closed-Circuit TV)

The correct answer is C, Call back systems, which is a preventative technical access control.

Our commenter asks “Isn’t biometrics considered more of a technical control than a physical control?” While it is true that Biometrics is a technical control, it is also a physical control.  Consider that a technical access control mechanism is one that prevents access to systems with the intention of protecting information. Laptops with built-in fingerprint scanners would be an example of biometrics used as a technical access control mechanism.  Physical access control mechanisms are distinguished from technical access control mechanisms, in that they restrict you from physically entering a space you don’t belong.  A finger print scanner at a secure entryway would be a biometric physical access control mechanism. Of the choices listed, Call back systems are not a preventative physical access control.

The final comment we will address today is from PrepLogic’s A+ Practical Application (220-702) Practice Exam. The question is:

You upgrade a system that contains a layered service provider from a previous version of Windows Vista.  The system loses network connectivity when configured for dynamic address assignment. How would you verify that this upgrade is the probable issue? Select the best answer.

A.) Open a command prompt with administrator rights, issue netsh winsock reset and check the listings.
B.) Open a command prompt, issue ipconfig and check for a “169.254.x.x” IPv4 address.
C.) Unplug and reinsert the network card, check for a loose cable and try to ping a nearby host.
D.) Call the Internet Service Provider and contact a network administrator.

The correct answer is B.  The 169.254.x.x is an APIPA address, signifying that the computer has no current network visibility.

An A+ candidate writes that “an APIPA does not verify an upgrade issue. There are many possible reasons for an APIPA. The only thing it verifies is that there is no network connectivity.” One of the biggest problems with Layered Service Providers is corruption of the TCP/IP stack, usually as a result of improper or incomplete removal of the service.  This is a widely known issue.  If the TCP/IP stack does become corrupted, the computer no longer can access the network and, thus, the computer pulls an APIPA address rather than one assigned by DHCP.  We can verify that the upgrade is the problem on the simple notion of causality.  Before the upgrade, my computer had access to the network.  After the upgrade, my computer pulls an APIPA address, leaving me to believe the TCP/IP stack is corrupted, since the question includes no additional information regarding improper DHCP configuration is included in the stem.

Remember, if you have any comments or questions about a practice question, simply submit your comment and our editorial team will review it. If we made a mistake (we’re only human!) we’ll correct it in a practice exam update. Thanks for your feedback, and good luck on your exams.

As most of our customers know, each of our practice exam questions feature a little blue link at the top of the engine that enables you to issue feedback for that question.  This is a great benefit for us for a couple of reasons. First,  it helps us identify and correct the rare spelling/content errors that appear.  It also helps us keep in touch with customers and take the pulse of the people who are using our training to get ready for the exam .  We felt like this would be a neat opportunity to take some of the feedback people have sent us recently and use our blog as a way for us to answer those questions, personally.  So, let’s start it off with a good question regarding the Certified Ethical Hacker exam.  Specifically, question number 249, which reads:

What are some common ways to prevent password guessing on a Windows Machine?  Select the best answers:

A.) Block ports 135-139

B.) Enforce Complex passwords

C.) Log security events 529 and 539

D.) Use NTInfoScan (now CIS)

E.) Use L0phtcrack

Obviously we can eliminate answer choice D as it’s a vulnerability scanner.  The latter is eliminated because, while it is an password auditing tool, it would only help us—at best—identify weak passwords.  The correct answers, then, are A, B and C.  The feedback we received from the customer is as follows:

“The Question is asking for ‘ways to prevent’ but logging does not prevent anything.  It is a detective control.”

Allow us to elaborate, a bit.  It’s true that logging is a detective control, but remember that the question is asking for ways to prevent a very specific kind of network attack: password guessing.  Logging security events 529 and 539—the log on and log off events, respectively—will allow us to see where on the system someone might be attempting to gain access through password guessing.  Without the logs, we’d be hard pressed to identify and counteract the threat.

Ok, our next comment comes from question number 114 of the CompTIA A+ IT Technician (220-602) practice exam.  The question reads:

You are configuring an email application on a laptop for a new user. The user is a salesperson and will be traveling most of the time. The email client and the email server both support the IMAP and POP3 protocols for receiving mail and you need to determine which to use. Which of the following characteristics about the users’ needs would be most important in determining which protocol to use? Select the best answer.

A.) The user has a significant amount of disk space available.

B.) The user requires that all email delivery be encrypted.

C.) The user needs to access her email from multiple machines or email clients.

D.) The user requires access to existing email messages, even while offline.

The correct answer is C.  Here’s the feedback we got from the customer:

“This question clearly states ‘You are configuring an email application on a laptop for a new user. The user is a salesperson and will be traveling most of the time….’ Yet, the answer to the question implies the user will not be using the laptop. The correct answer according to the test is ‘The user needs to access her email from multiple machines or email clients.’ If that is the case, why state that a laptop is being configured for the user. The answer is B, or is this a trick question?”

You’re right, technically it is a trick question. But it is similar to the type of question you’ll find on the actual A+ exam.  The question relies on your assumption that because we opened with a laptop that means the salesperson will necessarily use the laptop.  This question is less about the hard, technical knowledge required to be a PC tech and more about preparing you for the kinds of questions you’ll encounter on CompTIA’s tests .  A+ may be an entry-level certification, but the test is no joke (one of the most gifted technicians I’ve known failed the 600 series A+ three times).  They will try to trick you.  You have to be able to see through distracters, like the laptop in this question, and get to the meat of what they’re looking for.

Alright, that’s all for now.  Keep the feedback coming in, folks!