CompTIA PBQ Practice Question - Password Policies - Security+, CySA+, CASP+ Network+

Рет қаралды 2,601

Күн бұрын

Пікірлер: 18

@derekarmstrong1408 3 ай бұрын

You're the 10th or 11th KZbinr I've followed, and the most easy to follow along with. You're doing a great job of demystifying this stuff. Thank you.

@AJ-pq9mn 3 ай бұрын

Thank you for your videos, I passed my sec+ 701 today thanks to some of your PBQ’s.

@cristianyepez1507 3 ай бұрын

On my way to take the sec+ exam!

@cyberkraft1 3 ай бұрын

Good luck!

@cristianyepez1507 3 ай бұрын

@@cyberkraft1 passed!!! Thank you so muchhh

@MLH8789 2 ай бұрын

@@cristianyepez1507 Congrats! Taking mine in 3 weeks!

@cristianyepez1507 2 ай бұрын

@@MLH8789 you got this!! Mine had a lot of acronyms

@VinTagebeats 2 ай бұрын

Thank you for this !

@zrproductions6469 Ай бұрын

For the first question, wouldn’t passwords one and two be swapped because password 1 contains a common phrase while password two has a bunch of random characters despite being a bit shorter and not starting with a special character?

@ironsilk6634 4 ай бұрын

Good 1 bro

@RockMusicFanNo1 4 ай бұрын

I disagree with the false option (SMS OTP). Sim swapping is incredibly difficult as of 2024, unless you are a high ranking person in the organization or political landscape. For 99% of employees, SMS OTP should be fine. Similarly, it might be the only non costly method to provide free 2FA to a user, as most TOTP software is offered for free when you have already purchased or paid for paid solutions or services. Is SMS 2FA bad, and if so, should banks up their game in their customers’ account security and abolish it?

@williamh7 4 ай бұрын

Some phone carriers, still allow user verification with last four of social security number. For some reason they won't change the policy and basically all of our socials, names, addresses have been leaked by multiple companies. Also, a bad phone carrier employee can easily do malicious activities.

@RG_spc 4 ай бұрын

Bank example is for public hence very difficult to have all install authenticator app. That's done easily with employees, which is the exact use-case here. Nothing is probably 100% secure all the time for all cases. However, on balance of factors, I tend to agree with the authors of the video. From multiple experiences, employers commonly use Authenticators (Google, Microsoft, some even their own), whereas Banks use SMS. Is there a risk with banks using SMS? Yes. How do they address it? Multiple ways. Some banks also send email, some may even call up on suspected transactions (and ask security questions). That ssid, I've also seen banks use TOTP through their own mobile apps.

@ancleasai 4 ай бұрын

SMS is vulnerable to SS7 attacks and it's use is deprecated in place of more secure alternatives. Sending SMS though low cost is not free

@Euruzilys 3 ай бұрын

Singapore announced a ban on using SMS OTP for banking app. And if I remember correctly, Malaysia also has it banned too. So SMS OTP being considered insecure here is probably the right choice, and an up to date. Still, this is a CompTIA exam, so it’s gonna depend on them.

@SamadAli-rf1un 4 ай бұрын

Hi Dennis thanks for the PBQ content related to password policies for Security+ exams, currently I have security+ certification, and would like to know what is the difference between CompTIA Security+ and CompTIA SecurityX.

@cyberkraft1 4 ай бұрын

The SecurityX is the new version of the CompTIA CASP+.

@SamadAli-rf1un 4 ай бұрын

@@cyberkraft1 Thanks :)