Prem spoke at the Nutanix Event

Posted in General | Leave a comment

MeetUp on Nutanix – 07/25/2017

Our monthly Meetup (https://www.meetup.com/NoVA-IT-Cyber-Security-Group/) for July was informative with all the great minds participating to make it even better! We thank everybody who attended and joined our community to share knowledge.

The session covered a powerful tool- “Nutanix” and also touched upon various emerging technologies in the public sector including Software Defined Data Center (SDCC) / Software Defined Networking (SDN), Third Platform Solutions, Biometric and Perimeter Security Solutions.

Speaker: Prem Jadhwani, CEO & President (Intellectual Point) and CTO (GAI) shared his subject matter expertise on data centers, cyber security, cloud computing, data analytics, mobile and wireless, IoT, SDN and other emerging technologies.

Posted in General | Leave a comment

Big Data Analytics: Tableau + Splunk

Splunk is a real-time data processing tool for logs generated by IoT devices.

Splunk converts unreadable machine data to visual friendly dashboards. All the processing is performed in real-time from all the IoT (Internet of Things) devices that have multiple sources of data like censors, cameras, records, etc.

All the data from IoT devices comes in various formats which could become an issue for any other tool but splunk accepts data in any format and it is not restricted to the way data in inserted. Unlike databases that have tables and columns and rows to hold data, splunk is extremely flexible and turns all the data into something called “events”.

The dashboards are user friendly so they save a lot of time that is otherwise used in understanding the data generated by IoT devices. It makes log processing highly efficient by saving time of employees and in return saving money of the companies

 

We provide hands-on certification training for Big Data Analytics: Tableau + Splunk

Average Annual Salary of a Splunk Engineer: $155K (source: Paysa)

Splunk Quiz: 10 Questions Quiz

Splunk Interview Questions: 30 Interview Questions & Answers

Splunk Job openings:

  • Splunk Software Engineer
  • Splunk Senior Sales Engineer
  • Splunk Senior Software Engineer
  • Splunk Sales Engineer
  • Splunk Technical Support Engineer
  • Splunk Engineering Manager
  • Splunk Senior Product Manager
  • Splunk Director of Product Management
  • Splunk Cloud Operations Engineer
  • Splunk Product Manager
  • Splunk Software Engineer In Test
  • Splunk Principal Software Engineer
  • Splunk Senior UX Designer
  • Splunk Director of Engineering
  • Splunk Senior Systems Engineer
  • Splunk Software QA Engineer
  • Splunk Senior Engineering Manager
  • Splunk Software Engineer
  • Splunk Principal Product Manager
  • Splunk Senior Technical Writer
  • Splunk Security Engineer
  • Splunk Senior Solutions Engineer
  • Splunk UX Designer Salaries
  • Splunk Technical Writer
  • Splunk Senior Cloud Operations Engineer
  • Splunk Senior Security Engineer
  • Splunk Senior Web Developer
  • Splunk Staff Sales Engineer
  • Splunk Senior Technical Support Engineer
  • Splunk Chief Technology Officer
  • Splunk UX Designer Lead
  • Splunk Technical Operations Manager
  • Splunk Application Engineer
  • Splunk Front End Developer
  • Splunk Advisory Software Engineer
  • Splunk Principal UX Designer
  • Splunk Solutions Engineer
  • Splunk Principal Engineer
  • Splunk Senior Director of Engineering
  • Splunk Senior Principal Software Engineer

Posted in General | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

Courses offered at Intellectual Point

Course Title Description Hours Location
Amazon Web Services Certified Solutions Architect AWS 32 IP
Certified Authorization Professional CAP 40 IP
Certified Ethical Hacking CEH 32 IP
Certified in Risk and Information Systems Control CRISC 32 ISACA
Certified Information Security Manager CISM 32 ISACA
Certified Information Systems Auditor CISA 32 ISACA
Certified Network Defender CND 32 IP
Certified Scrum Master CSM 16 Lithespeed
Certified Secure Computer User CSCU 16 IP
Cisco Certified Network Associate CCNA 32 IP
Cisco Certified Network Professional CCNP 32 IP
Certified Information Systems Security Professional CISSP 32/40 IP
Certified Cloud Security Professional CCSP 16 IP
CompTIA A+ A+ 40 IP
CompTIA Advanced Security Practitioner CASP 32 IP
CompTIA Cloud Essentials Cloud Ess N/A N/A
CompTIA Cloud+ Cloud+ 16 IP
CompTIA Cybersecurity Analyst CSA+ 32 IP
CompTIA Linux+ Linux+ 40 IP
CompTIA Mobility+ Mob+ N/A N/A
CompTIA Network+ Network+ 32 IP
CompTIA Security+ Security+ 32 IP
CompTIA Server+ Server+ N/A N/A
Computer Hacking Forensic Investigator CHFI 32 IP
DevOPs (Database Administration) DevOps 32 IP
IBM COGNOS 8 BI IBM N/A N/A
Information Power Center 8.6 Certification Prep Informatica N/A N/A
ITIL V3 Foundation ITIL 16 IP
Microsoft C+ & ASP.net Developer Certification Prep C+ N/A N/A
Microsoft Certified Solutions Expert MCSE 32 IP
Microsoft Cloud Platform & Certified Solutions Associate MCSA 32 IP
Microsoft Office Word, Excel, Power Point, Project, Access 80 IP
Microsoft Share Point Certification Prep Sharepoint N/A N/A
Microsoft Technology Associate MTA 16 IP
Oracle OCA Certification Prep Oracle N/A N/A
Professional Business Analysis PBA 40 IP
Project Management Professional PMP 40 IP
Python Programming for CyberSecurity Professionals Python 32 IP
Splunk Architect Splunk 32 IP
Tableau Desktop Associate Tableau 32 IP
Posted in General | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a comment

CompTIA A+ 220-902 Practice Answers

Question 1) ​A. Social engineering

Question 2) D. gpupdate

Question 3) A. Use compressed air to free the dust from the components and remove it with an ESD vacuum.

Question 4) B. Event Viewer

Question 5) B. Digitizer

Question 6) B. offer different repair/replacement options, if applicable.

Question 7) B. Antivirus

Question 8) ​C. Close all running apps.

Question 9) ​​B. Scheduled nightly backups

Question 10) ​D. 64-bit

Posted in General | Leave a comment

CompTIA A+ 220-902 Practice Questions

Question 1
Objective: Identify common security threats and vulnerabilities.
Ann, an executive, reports that she received a call from someone asking for information about her email account. Which of the following type of potential security threats does this scenario describe?

A. Social engineering
​B. Spoofing
​C. Zero-day
D. Man-in-the-middle


Question 2
Objective: Given a scenario, apply appropriate Microsoft command line tools.
A computer on a Windows domain has been identified as not having the most current policy. Which of the following tools would a technician run on the local machine to rectify this?

A. gpresult
​B. msconfig
​C. ipconfig
D. gpupdate


Question 3
Objective: Given a scenario with potential environmental impacts, apply the appropriate controls.
A technician opens a customer’s computer and sees large amounts of accumulated dust. Which of the following is the BEST method of removing the dust from the computer?

A. Use compressed air to free the dust from the components and remove it with an ESD vacuum.
​B. Dampen an ESD cloth with denatured alcohol and use it to gently wipe the dust away.
​C. Use a shop vacuum with enough power to ensure all dust has been removed.
D. Remove as much dust as possible by hand and use compressed air to blow the rest out.


Question 4
Objective: Given a scenario, troubleshoot common PC security issues with appropriate tools and best practices.
A month ago a technician installed a new application on a Windows workstation. Recently, a user opened a help ticket reporting that the workstation is intermittently crashing. The user is unsure if the crashing started before or after the application was installed. Which of the following is the BEST tool for the technician to use to determine if the crashes are caused by the application?

A. Application Monitor
​B. Event Viewer
​C. Performance Monitor
D. Component Services


Question 5
Objective: Identify basic features of mobile operating systems.
Which of the following features of a mobile device operates the touch screen?

A. Gyroscope
​B. Digitizer
​C. Accelerometer
D. Geotracking


Question 6
Objective: Demonstrate proper communication techniques and professionalism.
To demonstrate good communication techniques while resolving an issue, the technician should:

A. utilize as much technical jargon as possible when speaking.
​B. offer different repair/replacement options, if applicable.
​C. review all personal materials found on the computer.
​D. provide immediate solutions as the customer is explaining the issues.


Question 7
Objective: Compare and contrast common preventive methods.
Which of the following types of digital security requires regular and frequent updates to remain effective?

A. Smart card
​B. Antivirus
​C. ID badges
D. VPN


Question 8
Objective: Given a scenario, troubleshoot common mobile OS and application issues with appropriate tools.
A user’s smartphone runs very slowly at the end of the day. When the user restarts the phone in the morning, it runs at its normal speed. Which of the following should be done throughout the day to BEST resolve this issue?

A. Reset to the smartphone to factory default.
​B. Uninstall any unused apps.
​C. Close all running apps.
​D. Charge the smartphone.


Question 9
Objective: Perform common preventive maintenance procedures using the appropriate Windows OS tools.
The leadership team of an organization has set an RPO of 24 hours for data loss. Which of the following should the system administrator implement to ensure the leadership team’s requirements are met?

A. Scheduled antivirus updates
​B. Scheduled nightly backups
​C. Scheduled patch management
​D. Scheduled disk maintenance


Question 10
Objective: Compare and contrast various features and requirements of Microsoft Operating Systems (Windows Vista, Windows 7, Windows 8, Windows 8.1).
A technician is loading an OS on a workstation that will support an application that requires 8GB of RAM. Which of the following types of OS will be supported?

​A. 8-bit
​B. 16-bit
​C. 32-bit
​D. 64-bit

Posted in General | Leave a comment

The Story of Prem Jadhwani, President & CEO at Intellectual Point

Getting a job in the field you want is easier dreamed than achieved. Prem Jadhwani was no exception to that axiom. He grew up in India and was exceptionally good at academics. For higher education, he decided to move to America. It was not hard to continue the same straight “A” streak even though he was an international student. But one thing he loved to do was teach his peers. He believed in helping everybody grow so the more he learned, the more he shared his knowledge.
Discovering his potential, Prem strongly believed that he would reach great heights. Like all his peers, he started building hopes of getting his dream job. Although he was smart and skilled, he realized soon that the job market was not like college. His academic achievements were not valued by the companies who preferred practical experience. Ironically, to get his first job, he was expected to have hands on experience.
And so his streak came to a screeching halt. How was he supposed to prove his potential? He didn’t understand how to demonstrate his skills outside the academic environment. Eventually, he discovered certifications that could enable him to further his IT goals. He realized that that was the perfect way to convince companies of his capabilities. He worked day and night, and started helping and mentoring students for hands-on practice.
During his first interview, the majority of questions concerned his certifications. The simple addition of that certificate resulted in multiple job offers. He started teaching at University level while simultaneously mentoring his peers as a hobby.
Now Prem is the President and CEO of a successful IT Training company and has 144 certifications himself. He is among the top tech leaders and enjoys hosting free meetups to help students who are in the same position that he was years ago.
Posted in General | Tagged , , , , , , , , , , , | Leave a comment

Protected: CompTIA Security+ Answers to Practice Questions

This content is password protected. To view it please enter your password below:

Posted in General | Enter your password to view comments.

CompTIA Security+ Practice Questions

Question 1
During a recent audit, it was discovered that many servers and desktops were missing security patches. Which of the following BEST describes the assessment that was performed to discover this issue?

A. Network mapping
​B. Vulnerability scan
​C. Port scan
D. Protocol analysis


Question 2
A system administrator must configure the company’s authentication system to ensure that users will be unable to reuse the last ten passwords within a six months period. Which of the following settings must be configured? (Select TWO).

A. Minimum password age
​B. Password complexity
​C. Password history
D. Minimum password length
E. Multi-factor authentication
F. Do not store passwords with reversible encryption


Question 3
Which of the following helps to establish an accurate timeline for a network intrusion?

A. Hashing images of compromised systems
​B. Reviewing the date of the antivirus definition files
​C. Analyzing network traffic and device logs
D. Enforcing DLP controls at the perimeter


Question 4
Which of the following internal security controls is aimed at preventing two system administrators from completing the same tasks?

A. Least Privilege
​B. Separation of Duties
​C. Mandatory Vacation
D. Security Policy


Question 5
Which of the following is the BEST reason for placing a password lock on a mobile device?

A. Prevents an unauthorized user from accessing owner’s data
​B. Enables remote wipe capabilities
​C. Stops an unauthorized user from using the device again
D. Prevents an unauthorized user from making phone calls


Question 6
A company would like to take electronic orders from a partner; however, they are concerned that a non-authorized person may send an order. The legal department asks if there is a solution that provides non-repudiation. Which of the following would meet the requirements of this scenario?

A. Encryption
​B. Digital signatures
​C. Steganography
D. Hashing
E. Perfect forward secrecy


Question 7
A company has had their web application become unavailable several times in the past few months due to increased demand. Which of the following should the company perform to increase availability?

A. Implement a web application firewall to prevent DDoS attacks
​B. Configure the firewall to work with the IPS to rate limit customer requests
​C. Implement a load balancer to distribute traffic based on back end server utilization
D. Configure the web server to detect race conditions and automatically restart the web services


Question 8
A security administrator is auditing a database server to ensure the correct security measures are in place to protect the data. Some of the fields consist of people’s first name, last name, home address, date of birth and mothers last name. Which of the following describes this type of data?

A. PII
​B. PCI
​C. Low
D. Public


Question 9
Which of the following would be MOST appropriate if an organization’s requirements mandate complete control over the data and applications stored in the cloud?

A. Hybrid cloud
​B. Community cloud
​C. Private cloud
D. Public cloud


Question 10
Ann is an employee in the accounting department and would like to work on files from her home computer. She recently heard about a new personal cloud storage service with an easy web interface. Before uploading her work related files into the cloud for access, which of the following is the MOST important security concern Ann should be aware of?

A. Size of the files
​B. Availability of the files
​C. Accessibility of the files from her mobile device
D. Sensitivity of the files


Question 11
Which of the following attacks involves the use of previously captured network traffic?

A. Replay
​B. Smurf
​C. Vishing
D. DDoS


Question 12
A company has recently allowed employees to take advantage of BYOD by installing WAPs throughout the corporate office. An employee, Joe, has recently begun to view inappropriate material at work using his personal laptop. When confronted, Joe indicated that he was never told that he could not view that type of material on his personal laptop. Which of the following should the company have employees acknowledge before allowing them to access the corporate WLAN with their personal devices?

A. Privacy Policy
​B. Security Policy
​C. Consent to Monitoring Policy
D. Acceptable Use Policy


Question 13
Which of the following solutions provides the most flexibility when testing new security controls prior to implementation?

A. Trusted OS
​B. Host software baselining
​C. OS hardening
D. Virtualization


Question 14
Ann, a college professor, was recently reprimanded for posting disparaging remarks regarding her coworkers on a web site. Ann stated that she was not aware that the public was able to view her remarks. Which of the following security-related trainings could have made Ann aware of the repercussions of her actions?

A. Data labeling and disposal
​B. Use of social networking
​C. Use of P2P networking
D. Role-based training


Question 15
Given the following set of firewall rules:

From inside to outside allow source any destination any port any
From inside to dmz allow source any destination any port tcp-80
From inside to dmz allow source any destination any port tcp-443

Which of the following would prevent FTP traffic from reaching a server in the DMZ from the inside network?

A. Implicit deny
​B. Policy routing
​C. Port forwarding
D. Fowarding proxy


Question 16
In order to gain an understanding of the latest attack tools being used in the wild, an administrator puts a Unix server on the network with the “root” user’s password set to “root.” Which of the following BEST describes this technique?

A. Pharming
​B. Honeypot
​C. Gray box testing
D. Phishing


Question 17
A user is unable to login after 5 p.m. to complete a financial report. The user calls the help desk to report the issue. A technician verifies that the user’s credentials are valid, and the user account is enabled. Which of the following is causing this issue?

A. Separation of duties
​B. Multifactor authentication
​C. Rule-based access control
D. Least privilege


Question 18
A wireless site survey has been performed at a company. One of the results of the report is that the wireless signal extends too far outside of the building. Which of the following security issues could occur as a result of this finding?

A. Excessive wireless access coverage
​B. Interference with nearby access points
​C. Exhaustion of DHCP address pool
D. Unauthorized wireless access


Question 19
During a code review, a software developer discovers a security risk that may result in hundreds of hours of rework. The security team has classified this issue as low risk. Executive management has decided that the code will not be rewritten. This is an example of:

A. risk avoidance.
​B. risk transference.
​C. risk mitigation.
​D. risk acceptance.


Question 20
A security architect is designing an enterprise solution for the sales force of a corporation which handles sensitive customer data. The solution must allow users to work from remote offices and support traveling users. Which of the following is the MOST appropriate control for the architect to focus on to ensure confidentiality of data stored on laptops?

A. Full-disk encryption
​B. Digital signatures
​C. Federated identity management
D. Cable locks


Question 21
Which of the following works by implanting software on systems but delays execution until a specific set of conditions is met?

A. Logic bomb
​B. Trojan
​C. Scareware
D. Ransomware


Question 22
An attacker wearing a building maintenance uniform approached a company’s receptionist asking for access to a secure area. The receptionist asks for identification, a building access badge, and checks the company’s list of approved maintenance personnel prior to granting physical access to the secure area. The controls used by the receptionist are in place to prevent which of the following types of attacks?

A. Tailgating
​B. Shoulder surfing
​C. Impersonation
D. Hoax


Question 23
During a recent audit, it was discovered that several user accounts belonging to former employees were still active and had valid VPN permissions. Which of the following would help reduce the amount of risk the organization incurs in this situation in the future?

A. Time-of-day restrictions
​B. User access reviews
​C. Group-based privileges
D. Change management policies


Question 24
A technician reports a suspicious individual is seen walking around the corporate campus. The individual is holding a smartphone and pointing a small antenna, in order to collect SSIDs. Which of the following attacks is occurring?

A. Rogue AP
​B. Evil twin
​C. Man-in-the-middle
D. War driving


Question 25
A security director has contracted an outside testing company to evaluate the security of a newly developed application. None of the parameters or internal workings of the application have been provided to the testing company prior to the start of testing. The testing company will be using:

A. gray box testing.
​B. active control testing.
​C. white box testing.

ANSWERS (Password: i<3iPoint)

Posted in General | Leave a comment

Five tips to avoid becoming a ransomware victim

Ransomware is one of the major threats computer users now face, even though recent reports suggest that many people don’t actually know what it is.

Delivered via spam or phishing emails that trick users into clicking on malicious links, ransomware renders computer systems, devices or files inaccessible and holds the victim hostage until payment is made, usually in the form of bitcoins.

“Victims are faced with the choice of paying up or losing all their valuable data forever. Unfortunately, this approach works for cybercriminals, because consumers and businesses are unprepared for their data — whether it’s a business’ intellectual property or family photos — to be taken from them with no hope of retrieval unless they pay,” says Usman Choudhary, chief product officer at ThreatTrack Security. “Understandably, nearly 1 in 3 security professionals at companies say they’d be willing to pay for the safe recovery of stolen or encrypted data, and that number jumps to 55 percent at organizations that have already been targeted. Meanwhile, your average home user feels as if they have no choice but to pay”.

To help IT pros ensure their organizations don’t fall prey to ransomware, the VIPRE antivirus team at ThreatTrack has issued five essential safety tips as follows:

1 Back up your data — External hard drives keep dropping in price and growing in capacity, so they provide an easy and affordable way to back up your data. There are also numerous cloud-based ‘set it and forget it’ options for automatically backing up your data to an offsite server. Backing up is by far the best do-it-yourself tactic you can take to protect yourself from being blackmailed.

2 Start a schedule — It’s good to back up your data but it needs to be done regularly to be effective. ThreatTrack recommends backing up your data at least once a week and, ideally, once a day.

3 Be aware of phishing emails — Employees need to be aware of the latest social engineering tactics being used to lure people into clicking on malicious links and attachments. There are many resources available that can help, including online tutorials and security awareness training services. Just sending out regular communications about the various tactics and terms used — spam, malware, spear-phishing, etc — will help employees become more vigilant about identifying phishing attempts.

4 Update your software — Ransomware authors often seek to exploit vulnerabilities in popular software applications. If you’re diligent about keeping applications up to date, you’ll minimize your exposure to potential attacks. Better yet, make sure that any applications that can be set to update themselves automatically have that feature turned on.

5 Keep work and personal data separate — A recent survey showed that nearly a third of IT security staff were asked to remove malware from an executive’s computer/device because they had let a family member use it. With so many people working from home it can be hard to separate work from personal life, but keeping these two worlds apart can go a long way toward protecting data and minimizing the impact of an attack.

If you are struck by ransomware, ThreatTrack recommends you immediately cut off any connections, shutting down your computer and disconnecting it from the network. While the damage to that system has already been done, you can help stop the spread of malware to other systems or devices.

Author: Ian Barker
Beta News
Original Publication Date: June 2, 2016
Intellectual Point is a Global Information Technology, Training, Consulting and Software Development Company. Intellectual Point provides professional hands-on computer and IT training as well as certifications to prepare you with the marketable skills and knowledge needed for today’s competitive job market.
  
Posted in General | Leave a comment
Posted in General | Leave a comment