just cause the new net+ is out is that why your not making practice questions cause there are currently 2 our right now? theres alot of people who will just want to take the old one before it expires. you should really make 008 questions. 009 after the expire of 8.
Hey man, I just wanted to say thank you for your videos. I just passed my Security+ 701 Certification with a 768 with the help of your videos and am currently finishing up my Bachelor's Degree in Cyber Security this December so thank you so much for the videos !
That makes me happy to hear. If you go to the school I think you go to that means you still have cyst+ and pentest+ left. If that’s the case good luck! And congrats!
Passed with a 754 today after 4 months of studying. ( an insane sweat session btw ) I watched your videos so much that I read the questions in your voice. Thank you for truly breaking down the questions
It was easy to me. Whey they mention "input" right away it becomes SQL injection. and Code instead of script leans me toward SQL injection. SQL injection uses code. XSS uses script.
In the last question you state that its obviously an SQL injection, not so obvious bcuz it can also be an XSS right? I mean if a web application doesnt sanitize the inputs what stops the atacker from inserting a script? Why does it specifically have to be an SQL injection?
Great set of questions, thank you! I really like your style of doing videos. I have my exam today and had some more time. While I feel fairly confident, there were 2-3 questions I got wrong and I'm happy to go with that knowledge into the exam. Also looking forward to some more CYSA+.
For #7, I'd personally disagree and choose C. If it has a patch readily available, that should be done immediately, then triage the remaining... But I suppose that could be a hot take 😂
Looking to test in about two weeks now in person! Kinda nervous as I’m scoring in the mid 70% on all the pretest material I have but I have a couple more chapters I have to get through so sitting at 70% for my test is kinda good imo since I haven’t completed all the material yet. Was just curious where I actually sat before I finished my course.
I have barely studied and i have gotten 80% of these and the first video right. I dont mean to brag, but do you guys think ill be fine if i sit through messers videos and take his practice exams?
For this question it's important to note the possible answers when the scenario/question doesn't give you that much information to go off of. "Isolate any infected devices on the network" would be the best answer to do NEXT because it indicates the best next steps as if you were following along CompTIA's IRP which is to isolate any infected devices on the network, if any. Right now, it's technically detection and analysis phase. After that would be isolate/containment, if needed. We technically don't know if that's needed, but that should be the first thing the team implements when it comes to next steps. In this scenario, which I agree doesn't give a whole lot of information, it directly addresses the question of "Which security operation procedures should the team implement first?" as a preventative procedure.
I feel like I have the right answer and then over complicate it and change my mind. Anyone else doing this? For example question 7 “A” seemed so obvious but then I was also thinking if a patch is available that would be a quick solution to knock out some known vulnerabilities.
the reason it is not C is cause in fixing easily patchable vulnerabilities, risk is still very high if you are leaving the high/critical vulnerabilities unpatched in the time you are doing the lower priority ones first. rather if you do it the other way around (patching criticals then highs then mediums etc), the risk will be greatly reduced. that’s why the answer is A. hope this helps
i forgot to mention why my statement leads to answer A. the priority levels of vulnerabilities are based off of CVSS ratings. to put simply, CVSS ratings are based off of ease of exploitation and some other things.
Just started watching the Video and already having problems. Q3 never says that the email came from within the company. How can I isolate the machine if I haven't even confirmed a machine is infected. I assumed the email came from the outside .
Q6 I got right because it was the only answer that had some possibility of validity but your the country the person is in needs to be taken into considerations.
Here's part 2! Make sure to subscribe if you don't want to miss part 3. Who's taking their exam this month?
I am!
just cause the new net+ is out is that why your not making practice questions cause there are currently 2 our right now? theres alot of people who will just want to take the old one before it expires. you should really make 008 questions. 009 after the expire of 8.
I am
Hey man, I just wanted to say thank you for your videos. I just passed my Security+ 701 Certification with a 768 with the help of your videos and am currently finishing up my Bachelor's Degree in Cyber Security this December so thank you so much for the videos !
That makes me happy to hear. If you go to the school I think you go to that means you still have cyst+ and pentest+ left. If that’s the case good luck! And congrats!
Passed with a 754 today after 4 months of studying. ( an insane sweat session btw )
I watched your videos so much that I read the questions in your voice.
Thank you for truly breaking down the questions
Just passed my 701! Thanks for the walkthroughs, they really helped a lot!
Congrats! That’s awesome. What’s next?
Just passed with a 770. Thanks for making this type of content, it’s greatly appreciated.
Thank you! Well paced and I appreciate you putting this info out! Looking to study for another month before attempting the exam.
good shit james! need more of this man
Thanks!
#20 can also be XSS. The question wasn't specific enough. Other than that, great practice test. Keep doing them
It was easy to me. Whey they mention "input" right away it becomes SQL injection. and Code instead of script leans me toward SQL injection. SQL injection uses code. XSS uses script.
Keeping it true to CompTIA fashion honestly 😅
Thank you James! My exam is next Thursday these have been a big help!
Let me know when you pass! Good luck!
did you pass?
@@caiqsoc I did pass!!
@@ImCyberJames the videos were a big help I was able to score a 775! I really appreciate the videos!!
@@iamneptune2345 That's amazing! Congratulations!
This is helpful, thanks for sharing
In the last question you state that its obviously an SQL injection, not so obvious bcuz it can also be an XSS right? I mean if a web application doesnt sanitize the inputs what stops the atacker from inserting a script? Why does it specifically have to be an SQL injection?
good question. SQl injection mostly deals with databases and the question doesnt mention database. It could be both.
good observations, but pay attention when talking about Xss, it means attacker steal other user credentials (cookies , authentication tookens , etc )
Great set of questions, thank you! I really like your style of doing videos.
I have my exam today and had some more time. While I feel fairly confident, there were 2-3 questions I got wrong and I'm happy to go with that knowledge into the exam.
Also looking forward to some more CYSA+.
How did it go?!
@@ImCyberJames 780, so not all that great, but I've passed. :)
@@Reflekt0r Congrats!!!! And hey, a pass is a pass! Passing is a great accomplishment!
would u say questions on the actual exam are similar to those?
@@sdfwegwewr2455 Yeah, pretty much, though none was the same 😎
Thanks so much James.
For #7, I'd personally disagree and choose C.
If it has a patch readily available, that should be done immediately, then triage the remaining...
But I suppose that could be a hot take 😂
Looking to test in about two weeks now in person! Kinda nervous as I’m scoring in the mid 70% on all the pretest material I have but I have a couple more chapters I have to get through so sitting at 70% for my test is kinda good imo since I haven’t completed all the material yet. Was just curious where I actually sat before I finished my course.
Subbed, Video liked, looking forward to part 3!~
Thank you!!
Thank you very much for your hard work.
i hope you have one for CySa+ too!! you explain things well
There are two on the channel already with plans for 2 more in the next few months!
I have barely studied and i have gotten 80% of these and the first video right. I dont mean to brag, but do you guys think ill be fine if i sit through messers videos and take his practice exams?
another great video James!
Thanks man!
I wish I get all these questions in my exam
thanks James!
love it!THANKS
Thank you so much.
Absolutely!
My exam is today, hope I pass 🙏 this is the last video I'm using to study
How’d it go?!
@ImCyberJames I just passed, thank you for the content 🫡
@@caiqueazzari Congrats!!!!
Any PBQs hints from the 701? Thanks.
I wouldn't agree with Q3, since there was no information, that someone clicked the malicious link and infects devices. I would go with C.
For this question it's important to note the possible answers when the scenario/question doesn't give you that much information to go off of. "Isolate any infected devices on the network" would be the best answer to do NEXT because it indicates the best next steps as if you were following along CompTIA's IRP which is to isolate any infected devices on the network, if any. Right now, it's technically detection and analysis phase. After that would be isolate/containment, if needed. We technically don't know if that's needed, but that should be the first thing the team implements when it comes to next steps. In this scenario, which I agree doesn't give a whole lot of information, it directly addresses the question of "Which security operation procedures should the team implement first?" as a preventative procedure.
@@ImCyberJames Thanks a lot for this clarification!
@@ImCyberJames just passed today at first attempt the sec+. now wondering, if I could go straight to CC or SSCP (isc2)?
I feel like I have the right answer and then over complicate it and change my mind. Anyone else doing this? For example question 7 “A” seemed so obvious but then I was also thinking if a patch is available that would be a quick solution to knock out some known vulnerabilities.
the reason it is not C is cause in fixing easily patchable vulnerabilities, risk is still very high if you are leaving the high/critical vulnerabilities unpatched in the time you are doing the lower priority ones first. rather if you do it the other way around (patching criticals then highs then mediums etc), the risk will be greatly reduced. that’s why the answer is A. hope this helps
i forgot to mention why my statement leads to answer A. the priority levels of vulnerabilities are based off of CVSS ratings. to put simply, CVSS ratings are based off of ease of exploitation and some other things.
in the question 20 why the answer is not XSS
Someone help me understand, Q 20 could easily be either sql injection or xss. Not sure how it can state it as a fact.
I think it would more likely be XSS because the question doesn't mention about database which is usually related to SQL injection.
Just started watching the Video and already having problems. Q3 never says that the email came from within the company. How can I isolate the machine if I haven't even confirmed a machine is infected. I assumed the email came from the outside .
Q6 I got right because it was the only answer that had some possibility of validity but your the country the person is in needs to be taken into considerations.
Anybody want to study with me in the ridgeland ms area???