@Stewart-Moore , I hope all is well. YES... you should be using the new 2022 course that was recently released, as it is 100% updated and aligned with the most recent ISC@ SSCP Exam outline.

Good luck !!

Cheers,

Adam

@Adam-Gordon Thank you for the response,& that makes sense that it is widely used, but to answer the question being asked on the test.

Very strange indeed, but honestly this stuff happens from time to time.

You could try generating a meterpreter exe with msfvenom and then copying it to the WinXP machine so that you can test whether or not a meterpreter session CAN work, but ultimately all that matters is that you are able to exploit the box in some way.

I also would try using a stageless payload.

So instead of the payload...

windows/meterpreter/reverse_tcp

try setting the payload to...

windows/meterpreter_reverse_tcp

@Fatima-Bernardo , I hope all is well. Yes, it would be an example of a static token.

Cheers,

Adam

@Frankie-Zingaropoli , I hope all is well. First of all, welcome to IT !! we are happy you are here... :)

The basic answer to your question is that a firewall is a system that is designed to inspect traffic and allow/deny it based on a series of rules that are programmed into it.

Windows Defender is the anti-malware scanner that is included with Windows.

They do different things, & typically you would use both / have both turned on & running in a system.

You could replace / find alternate vendors' products that do both of these things & could decide to use those instead if you wanted to.

I hope that helps.

Cheers,

Adam

@Cody-Bilings said in CISSP Concentration?:

CISSP conentrations (ISSAP, ISSEP, ISSMP)

Hello all,

is there an update on this? 2018 was thought about it :) ... is a CISSP conentrations (ISSAP, ISSEP, ISSMP) meanwhile on the roadmap?

@Fatima-Bernardo said in What is the differences in GDPR between the right to object, and the right to withdraw consent?:

Are they not the same? If a data subject withdraws consent, does it not imply objecting to processing of the data subject's data?

Fatima,

They are not exactly the same. Under the GDPR, consent must be obtained in a relatively unambiguous manner, in plain language. This means that consent is not assumed if you simply put a checkbox or don't put a checkbox somewhere.

Additionally, consent can be withdrawn at any time, consent cannot be granted by a child under 13 without parental consent and the Organisation must be able to produce such clear unambiguous consent.

Reading the GDPR articles involved Art. 21 and ARt.7(3), respectively. Give us an idea of how they work together under the arch of consent.

GDPR Art 21(2)

Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

GDPR Art 7(3)

1The data subject shall have the right to withdraw his or her consent at any time. 2The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 3Prior to giving consent, the data subject shall be informed thereof. 4It shall be as easy to withdraw as to give consent.

So are they the same or different? They are part of the same process as the overarching idea of obtaining consent.

(1) Let's say that I provide consent to an organization to use my image in marketing. But they decided to use it to market something I would clearly object too--e.g., from the TV series Friends -- Joey did some photos for a campaign that would be on billboards around NYC. When it came out, he saw his face advertising some treatment for an STD...if I remember correctly. Well in this case GDPR says that I have a right to object to that and have my image not used that way...but I may allow my image to be used some other way that I wouldn't mind. So in this way, I can object without necessarily withdrawing my consent.

(2) Let's say that after dealing with an organization you give your consent. The organization doesn't just get to say "too bad, you gave your consent." They must provide a solution to that. Art. 7(3) provides that solution. You can withdraw consent without necessarily objecting.

I hope this helps.

Hello Team,

When posting my first question, I did reach out to the support through chat first but I was advised to post it on the forum.

Please advise.

Thanks,

Will do, Cheers Ronnie :)

@Akiiki-Brown,

We will be covering the newer CEH v12 once we get a hold of the objectives and see what and when we can schedule it. We have it on our schedule for 2023.

@patrick-lathrop,

Not exactly sure how to be helpful here. For our community to be more helpful, what job role are you interviewing for would help. It is an administrator or support role? is it a management role? is it a project management role? or an analyst position?

Technical interviews usually are scenario based. They want to to know if you understand the process to handle situations with the topics they provide. Do you have the technical "chops" to do the role or do you have "affinity" to the the role...depending on what level (e.g., entry or more advanced positions).

Sorry, can't be very helpful besides very generically.

@Brian-Turney Hi Brian. Just to be clear, the practice exam that you are referring to, was it the one included in the ITPRO.TV course? or the one from SANS? Thank you.

@Morgan-Terveer thank you for the kind words, you can reach out to me at any time!

Sure do @Zachary-Mayers. Lab for PenTest+ is in progress; tracking to release in early September.
-Aima R, Product Team

@SRR said in Cisco security:

I need to find a way out of this help desk job. I am to old to begin on a degree so what should I do? When listening to the news I hear there is a lack of security people here in Norway but again the CompTIA certifications does not seem to be that attractive for some reason. They prefer a degree but may consider certifications in some cases. If they consider certifications it is mostly the vendor specific ones like Cisco, Microsoft, AWS and so on. Is it a good idea to go the route of Cisco CCNA then CCNP Security? I have watched videos on "how to get into the security field" here on ITProTV but they sell the CompTIA hard and I feel that is not an option for me.

So, path that we recommend is normally for people that do not have much experience beyond studying for the exam. CompTIA is an industry recognized vendor neutral certification.

If you already have a solid foundation in network technologies and TCP/IP networking. You can probably begin start with CCNA. There will be some network fundamentals for review but then it will be very Cisco technology and terminology centric.

Technically, you do not have to do the CCNA before you do the SCOR exam but I do recommend it but it is not a prerequisite you do so. But it may be a very steep learning curve for you.

Ah, nice to hear someone passing an exam, I never seem to get Cisco so here I am. What's the plan ahead?

If given the opportunity for a new, free certification, I would recommend it. The other certifications you listed are good to get, but why not do the free one first? Sounds like it will be an entry into (ISC)2 world. CCSP is more like the CISSP with a cloud focus.

Thanks @Adam-Gordon , I will start on your CASP+ course and look at SSCP once I am done with that. Or when I am back from work in January.