Sponsor Voice (12:48)

If you need three new reasons to love Jack Wraps at Jack in the Box even more, here they are. Chicken fajita, Chicken Caesar and delicious starting at $3. Coincidentally, those are the same three reasons you should come to Jack in the Box right now at Jack. Every bite's a big deal.

Sponsor Voice (13:12)

And now a word from our sponsor. Know before it's all connected and we're not talking conspiracy theories when it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBeFor, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBe4's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco 35. Vendor integrations and Counting Security Coach analyzes your Security Stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity or web security vendors. Then coach your users. At the moment, the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbe4.com SecurityCoach that's knowbe4.com SecurityCoach and we thank knowbe4 for sponsoring our show.

Chris Hare (14:38)

Foreign.

Dave Bittner (14:45)

Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off it's time for our recurring Certbyte segment and in today's edition, N2K's Chris Hare teams up with Stephen Burnley to unpack a question from N2K's ISC2 certified in Cybersecurity Practice Test.

Steven Burnley (16:11)

Hi everyone, it's Chris. I'm a content developer and project management specialist here at N2K Networks. I'm also your host for this week's edition of Certbyte, where I share a practice test question from our suite of industry leading content and a study tip to help you achieve the professional certifications you need to fast track your career growth in IT, cybersecurity and project management. Today's question targets the ISE2 Certified in Cybersecurity or CC exam, which launched on August 31, 2022. This exam is targeted for those candidates who are college students or grads, IT professionals or career changers wanting to pivot to the cybersecurity industry. ISC2 also reports that their members earn 35% higher salaries than non members. I have a new guest host here to help us out today, Stephen, who is our resident ISE2 expert. Welcome Stephen. How are you today?

Chris Hare (17:10)

I'm doing great Chris. Thanks for inviting me. I feel like I spent my entire life either taking practice exams for certification exams or now writing certification exam questions. So I'm really happy to be here.

Steven Burnley (17:22)

We are happy to have you. So if you've been listening to our episodes, you know that we are going to be turning the tables. And Steven, you're going to be asking me today's question. But first, while I corral some courage, I understand you have a 10 second study bit for this test. So what do you have for us today, Stephen?

Chris Hare (17:41)

Well, I want to remind everyone that when you're practicing to take a certification exam that the practice tests are not the actual questions. So one of the things that we do at N2k in our practice exams is make sure all of the incorrect answers are also plausible answers on the real exam for other types of questions. So make sure you study the wrong answers and read those descriptive links in the bottom of practice exam tips.

Steven Burnley (18:06)

That is a really great tip. So Steven, what do you have for me today?

Chris Hare (18:11)

All right, this is networking, Chris, so prepare yourself. So here we go. Okay, you use a computer on a TCP IP network and you transfer data through well known TCP port 80. Which protocol is most likely being used to transfer data. Now this is a multiple choice question. You don't have to have these memorized. So let me tell you what your four choices are. Your choices are FTP, POP3, SMTP or HTTP.

Steven Burnley (18:43)

All right, Steven, so this falls under the network security objective and understand computer networking sub objective. Is that correct?

Chris Hare (18:53)

That's correct. And it's a good idea for you to place these exam in the appropriate objectives so you know you've studied all parts of the exam.

Steven Burnley (19:00)

That's right. So not my strong suit. But I admit I have studied for, taken and passed this CC test and it was no easy feat even though it's targeted for beginners. So it was a tough test. And for our listeners out there, it's 100 multiple choice questions and you get two hours. It sounds like I'm stalling, which I am. So I should know this. And I do recall this answer as I did a memorization technique for this, which I will discuss in a bit. So my answer is D. HTTP.

Chris Hare (19:30)

All right, we're off to a good start. That is correct. The Hypertext Transfer Protocol HTTP is assigned to port 80 and that is a well known port number that you do need to know for the CC exam. HTTP is used to transfer data between browsers and servers on the web. HTTP is a stateless protocol, which means the server and the client do not collect any information about each other. Now, in terms of studying the incorrect answers, those may be plausible correct answers on other questions. So let's make sure we know those as well. The FTP stands for the file transfer protocol and that uses the well known TCP ports 20 and 21. FTP is used to transfer files or data between FTP clients and servers on a TCP IP network. Now the next one is related to email. It is the POP3 or Post Office Protocol 3 and that uses TCP port 110. POP3 is used to transfer email messages from email servers to clients. And there's another final option there that was smtp, which is also related to mail. It's called the Simple Mail Transfer Protocol that uses well known TCP Port 25. SMTP is used to transfer email messages between email servers and then sometimes transfer messages from clients to servers in older environments. So I'm curious now you used a memorization technique to remember these ports. What is your trick?

Steven Burnley (21:02)

So there are a lot of mnemonics out there that you can use, as you very well know, Stephen. And for port 80 I've seen everything from mapping port 80 to the part acronym part phrase. Hold the phone, I see a ghost since the number 80 looks like a sideways ghost face I guess, which is foreboding since it's a non encrypted port. But I just associated 80 with the HTTP protocol coming out in 1989, so that's what I used. And there are so many techniques. Can you share some of what you've heard that have been helpful?

Chris Hare (21:36)

Well, when you take a certification exam related to technology concepts like this, it can be acronym soup. So one of my tips is I don't try to remember all of the words in the acronym. For example HTTP I would just think of that one as H. The SMTP I would think of as simple. And then that way I'm only trying to remember one word that's easily pronounced rather than an acronym or the whole thing pronounced all the way out.

Steven Burnley (22:03)

That is very helpful. So I'd love to hear from our listeners what techniques they've used as well, so leave us a comment. Also, Steven, this is one of those tests where you are not allowed to mark items for review, which makes the exam even more challenging. Is that due to the fact that it's adaptive, which means it supplies subsequent questions based on your previous answers?

Chris Hare (22:25)

Actually, no. On this particular exam, the exam questions will be balanced according to the percentage of the questions that are stated in the exam summary. So it's a really good idea as a student to make sure that you study all the parts of the exam and those percentage weighting will give you an idea about how many questions you'll get on each topic.

Steven Burnley (22:45)

Excellent. Great question. Appreciate your being here today Steven. Are there any upcoming ISE2 or other practice tests you'd like to promote here.

Chris Hare (22:54)

We do actually. We have an update coming for the CISSP Exam in early 2025 and just recently updated the framework for the Cisco Certified Network Associate or CCNA exam this past September. We also have a ton more Microsoft, Comptia and Amazon exam updates coming, so keep a lookout for those on our website.

Steven Burnley (23:15)

Excellent. Thank you so much, Steven.

Chris Hare (23:18)

Thank you for having me, Chris.

Steven Burnley (23:20)

Absolutely. And thank you for joining me for this week's Circ Bite. If you're actively studying for this certification and have any questions about study tips or even future certification questions you'd like to see, please feel free to email me at certbite2k.com that's C-E-R-T B Y T E2K.com if you'd like to learn more about N2K's practice test, visit our website at n2k.com certify for more resources, including our N2K Pro offerings. Check out thecyberwire.com pro for sources and citations for this question, please check out our show Notes. Happy certifying.

Dave Bittner (24:09)

And of course we will have links to N2K's ISE2 certified in cybersecurity practice test in our show notes. And finally, Motorola's automated license plate readers are unintentionally moonlighting as live streaming surveillance tools, thanks to misconfigurations exposing them to the unsecured Internet. Security researcher Matt Brown found that some of these cameras, intended for private networks, are accidentally broadcasting video and license plate data online for anyone with the right tools to access. Using the IoT search engine census, Brown located streams showing color and infrared footage along with real time plate data. No login required. Privacy advocate Will Freeman turned this oversight into a proof of concept nightmare, crafting a tool that decodes and timestamps car movements into spreadsheets. Want to track a stranger's daily commute? There's an app for that. Theoretically, Freeman warns, this exposure underscores how risky automatic license plate readers are to privacy. Despite claims they're harmless unless you're a criminal, Motorola promises a firmware update to address these issues. Until then, some cameras remain accidental live streamers mapping our every move. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Karp. Simone Petrella is our president. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.