study guide · 2013. 7. 23. · study guide emmett dulaney completely updated for the sy0-201 exam!...

Study Guide

Emmett Dulaney

Completely Updated for the SY0-201 Exam!

Includes Real-World Scenarios, Hands-On Exercises, and Leading-Edge Exam Prep Software Featuring:

• Custom Test Engine

• Hundreds of Sample Questions

• Electronic Flashcards for PCs, Pocket PCs, and Palm Handhelds

• Entire Book in PDF

Exam SY0-201Fourth Edition

APPRO V E D Q U A L I T Y C O N TEN

T

72975ffirs.indd 2 9/21/08 11:44:51 AM

CompTIA Security+™

Study GuideFourth Edition

72975ffirs.indd 1 9/21/08 11:44:51 AM

72975ffirs.indd 2 9/21/08 11:44:51 AM

CompTIA Security+™

Study GuideFourth Edition

Emmett Dulaney

72975ffirs.indd 3 9/21/08 11:44:51 AM

Acquisitions Editor: Jeff KellumDevelopment Editor: Jennifer LelandTechnical Editors: Michael Gregg and Bill FergusonProduction Editor: Christine O’ConnorCopy Editor: Judy FlynnProduction Manager: Tim TateVice President and Executive Group Publisher: Richard SwadleyVice President and Executive Publisher: Joseph B. WikertVice President and Publisher: Neil EddeMedia Project Supervisor: Laura Moss-HollisterAssociate Producer: Josh Frank Media Quality Assurance: Shawn PatrickBook Designer: Judy Fung, Bill GibsonCompositor: Craig Woods, Happenstance Type-O-RamaProofreader: Kathy Pope, Word OneIndexer: Nancy GuentherProject Coordinator, Cover: Lynsey Stanford

Copyright © 2009 by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-0-470-37297-5

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional ser-vices. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the pub-lisher endorses the information the organization or website may provide or recommendations it may make. Further, readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Library of Congress Cataloging-in-Publication Data Dulaney, Emmett A. CompTIA security+ study guide / Emmett Dulaney. — 4th ed. p. cm. ISBN 978-0-470-37297-5 (paper/cd-rom) 1. Electronic data processing personnel—Certification. 2. Computer security—Examinations—Study guides. 3. Computer networks—Security measures—Examinations—Study guides. I. Title. QA76.3.D8228 2009 005.8—dc22 2008032265

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CompTIA Security+ is a trademark of The Computing Technology Industry Association, Inc. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.

10 9 8 7 6 5 4 3 2 1

72975ffirs.indd 4 9/21/08 11:44:51 AM

Sybex is an independent entity from CompTIA and is not affiliated with CompTIA in any manner. Neither CompTIA nor Sybex warrants that use of this publication will ensure passing the relevant exam. Security+ is either a registered trademark or trademark of CompTIA in the United States and/or other countries.

The logo of the CompTIA Authorized Quality Curriculum (CAQC) program and the status of this or other training material as “Authorized” under the CompTIA Authorized Quality Curriculum program signifies that, in CompTIA’s opinion, such training material covers the content of CompTIA’s related certification exam. CompTIA has not reviewed or approved the accuracy of the contents of this training material and specifically disclaims any warranties of merchantability or fitness for a particular purpose. CompTIA makes no guarantee concerning the success of persons using any such “Authorized” or other training material in order to prepare for any CompTIA certification exam.

The contents of this training material were created for the CompTIA Security+ exam covering CompTIA certification objectives that were current as of 2008.

How to Become CompTIA Certified:This training material can help you prepare for and pass a related CompTIA certification exam or

exams. In order to achieve CompTIA certification, you must register for and pass a CompTIA certification exam or exams.

In order to become CompTIA certified, you must take the following steps:

1 Select a certification exam provider. For more information please visit http://www.comptia.org/ certification/general_information/exam_locations.aspx.

2 Register for and schedule a time to take the CompTIA certification exam(s) at a convenient location.

3 Read and sign the Candidate Agreement, which will be presented at the time of the exam(s). The text of the Candidate Agreement can be found at http://www.comptia.org/certification/ general_information/candidate_agreement.aspx.

4 Take and pass the CompTIA certification exam(s).

For more information about CompTIA’s certifications, such as their industry acceptance, benefits, or program news, please visit http://www.comptia.org/certification.

CompTIA is a nonprofit information technology (IT) trade association. CompTIA’s certifications are designed by subject matter experts from across the IT industry. Each CompTIA certification is vendor neutral, covers multiple technologies, and requires demonstration of skills and knowledge widely sought after by the IT industry.

To contact CompTIA with any questions or comments, please call: + 1 630-678-8300.

[email protected]

Sybex is an independent entity from CompTIA and is not affiliated with CompTIA in any manner. Neither CompTIA nor Sybex warrants that use of this publication will ensure passing the relevant exam. Security+ is either a registered trademark or trademark of CompTIA in the United States and/or other countries.

72975ffirs.indd 5 9/21/08 11:44:52 AM

Dear Reader,

Thank you for choosing CompTIA Security+ Study Guide, Fourth Edition. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.

Sybex was founded in 1976. More than 30 years later, we’re still committed to producing consistently exceptional books. With each of our titles, we’re working hard to set a new standard for the industry. From the paper we print on to the authors we work with, our goal is to bring you the best books available.

I hope you see all that reflected in these pages. I’d be very interested to hear your comments and get your feedback on how we’re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an email at [email protected], or if you think you’ve found a technical error in this book, please visit http://sybex.custhelp.com. Customer feedback is critical to our efforts at Sybex.

Best regards,

Neil Edde Vice President and Publisher Sybex, an Imprint of Wiley

72975ffirs.indd 6 9/21/08 11:44:52 AM

For Karen, Kristin, Evan, and Spencer

72975ffirs.indd 7 9/21/08 11:44:52 AM

AcknowledgmentsThis book would not exist were it not for Mike Pastore, the author of the first edition. He took a set of convoluted objectives for a broad exam and wrote the foundation of the study guide you now hold in your hands. This, the fourth edition, is indebted to his hard work and brilliance so early on.

Thanks are also due to Jeff Kellum, one of the best acquisitions editors in the business, and all of those at Wiley Publishing who worked on this title.

72975ffirs.indd 8 9/21/08 11:44:52 AM

About the AuthorEmmett Dulaney is a professor at Anderson University and the former director of train-ing for Mercury Technical Solutions. He is a columnist for CertCities and the author of over 30 books on certification and cross-platform integration. Emmett can be reached at [email protected].

72975ffirs.indd 9 9/21/08 11:44:52 AM

72975ffirs.indd 10 9/21/08 11:44:52 AM

Contents at a Glance

Introduction xxiii

Assessment Test xxxix

Chapter 1 General Security Concepts 1

Chapter 2 Identifying Potential Risks 51

Chapter 3 Infrastructure and Connectivity 107

Chapter 4 Monitoring Activity and Intrusion Detection 171

Chapter 5 Implementing and Maintaining a Secure Network 219

Chapter 6 Securing the Network and Environment 261

Chapter 7 Cryptography Basics, Methods, and Standards 311

Chapter 8 Security Policies and Procedures 381

Chapter 9 Security Administration 435

Appendix About the Companion CD 467

Glossary 471

Index 517

72975ffirs.indd 11 9/21/08 11:44:52 AM

72975ffirs.indd 12 9/21/08 11:44:52 AM

ContentsIntroduction xxiii

Assessment Test xxxix

Chapter 1 General Security Concepts 1

Understanding Information Security 3Securing the Physical Environment 4Examining Operational Security 5Working with Management and Policies 7

Understanding the Goals of Information Security 12Comprehending the Security Process 13

Appreciating Antivirus Software 13Implementing Access Control 14Understanding Authentication 15

Authentication Issues to Consider 21Distinguishing between Security Topologies 22

Setting Design Goals 23Creating Security Zones 26Working with Newer Technologies 29Addressing Business Concerns 33Dealing with Telephony Issues 38

Summary 39Exam Essentials 40Hands-On Labs 43

Lab 1.1: Update a Linux System 43Lab 1.2: Update a Windows-Based System 43

Review Questions 44Answers to Review Questions 48

Chapter 2 Identifying Potential Risks 51

Calculating Attack Strategies 53Understanding Access Attack Types 54Recognizing Modification and Repudiation Attacks 55Identifying Denial-of-Service and Distributed

Denial-of-Service Attacks 56Recognizing Common Attacks 58

Back Door Attacks 59Spoofing Attacks 60Man-in-the-Middle Attacks 60Replay Attacks 62

72975book.indb 13 9/18/08 4:50:35 PM

xiv Contents

Password-Guessing Attacks 62Privilege Escalation 63

Identifying TCP/IP Security Concerns 64Working with the TCP/IP Suite 65Understanding Encapsulation 68Working with Protocols and Services 69Recognizing TCP/IP Attacks 72

Understanding Software Exploitation 78Understanding OVAL 81Surviving Malicious Code 81

Viruses 81Trojan Horses 88Logic Bombs 88Worms 89Antivirus Software 89

Understanding Social Engineering 91Introducing Auditing Processes and Files 93Summary 94Exam Essentials 95Hands-On Labs 98

Lab 2.1: Identify Running Processes on a Windows-Based Machine 98

Lab 2.2: Identify Running Processes on a Linux-Based Machine 98


Chapter 3 Infrastructure and Connectivity 107

Understanding Infrastructure Security 109Working with Hardware Components 110Working with Software Components 112

Understanding the Different Network Infrastructure Devices 113Firewalls 113Hubs 118Modems 118Remote Access Services 119Routers 120Switches 122Telecom/PBX Systems 122Virtual Private Networks 124Wireless Access Points 125

Monitoring and Diagnosing Networks 127Network Monitors 127Intrusion Detection Systems 128

72975book.indb 14 9/18/08 4:50:35 PM

Contents xv

Securing Workstations and Servers 129Understanding Mobile Devices 130Understanding Remote Access 132

Using Point-to-Point Protocol 132Working with Tunneling Protocols 133Using 802.1x Wireless Protocols 135Working with RADIUS 135TACACS/+ 136

Securing Internet Connections 136Working with Ports and Sockets 136Working with E-Mail 137Working with the Web 139Working with File Transfer Protocol 144

Understanding Network Protocols 146The Basics of Cabling, Wires, and Communications 147

Coax 148Unshielded Twisted Pair and Shielded Twisted Pair 150Fiber Optic 152Infrared 154Radio Frequencies 154Microwave Systems 154

Employing Removable Storage 156CD-R/DVD-R 157Diskettes 157Flash Cards 158Hard Drives 158Network Attached Storage 158Smart Cards 159Tape 159Thumb Drives 161


Lab 3.1: Examine the Windows Routing Table 164Lab 3.2: Examine the Linux Routing Table 164


Chapter 4 Monitoring Activity and Intrusion Detection 171

Monitoring the Network 173Recognizing the Different Types of Network Traffic 174Monitoring Network Systems 178

Understanding Intrusion Detection Systems 179Working with a Network-Based IDS 184Working with a Host-Based IDS 189

72975book.indb 15 9/18/08 4:50:35 PM

xvi Contents

Working with NIPS 190Utilizing Honeypots 191Understanding Incident Response 192

Working with Wireless Systems 198Wireless Transport Layer Security 198IEEE 802.11x Wireless Protocols 199WEP/WAP 200Wireless Vulnerabilities to Know 201

Understanding Instant Messaging’s Features 202Understanding IM Vulnerabilities 203Controlling Privacy 204

Working with 8.3 File Naming 204Understanding Protocol Analyzers 205Understanding Signal Analysis and Intelligence 205

Footprinting 206Scanning 206


Lab 4.1: View the Active TCP and UDP Ports 210Lab 4.2: Run Windows Network Monitor 210Lab 4.3: Install snort in Linux 211Lab 4.4: Make File Extensions Visible in Windows XP 211Lab 4.5: Monitor Network Traffic in Linux 211


Chapter 5 Implementing and Maintaining a Secure Network 219

Overview of Network Security Threats 221Defining Security Baselines 222Hardening the OS and NOS 224

Configuring Network Protocols 225Hardening Microsoft Windows Vista 227Hardening Microsoft Windows XP 228Hardening Windows Server 2003 229Hardening Microsoft Windows 2000 230Hardening Unix/Linux 231Hardening Novell NetWare 232Hardening Apple Macintosh 233Hardening Filesystems 234Updating Your Operating System 237

Hardening Network Devices 238Updating Network Devices 238Configuring Routers and Firewalls 239

72975book.indb 16 9/18/08 4:50:35 PM

Contents xvii

Hardening Applications 240Hardening Web Servers 240Hardening E-Mail Servers 241Hardening FTP Servers 242Hardening DNS Servers 243Hardening NNTP Servers 244Hardening File and Print Servers and Services 245Hardening DHCP Services 246Working with Data Repositories 246


Lab 5.1: Install OpenLDAP on a SuSE Server 254Lab 5.2: Work with Performance Monitor and Windows 254Lab 5.3: Work with Unix/Linux Networking 255


Chapter 6 Securing the Network and Environment 261

Understanding Physical and Network Security 262Implementing Access Control 262Understanding Social Engineering 270Scanning the Environment 272

Understanding Business Continuity Planning 281Undertaking Business Impact Analysis 281Assessing Risk 282

Developing Policies, Standards, and Guidelines 285Implementing Policies 285Incorporating Standards 286Following Guidelines 287

Working with Security Standards and ISO 17799 288Classifying Information 290

Public Information 290Private Information 292Roles in the Security Process 294Information Access Controls 295

Summary 299Exam Essentials 301Hands-On Lab 303

Lab 6.1: Test Social Engineering 303Review Questions 304Answers to Review Questions 308

72975book.indb 17 9/18/08 4:50:35 PM

xviii Contents

Chapter 7 Cryptography Basics, Methods, and Standards 311

An Overview of Cryptography 313Understanding Physical Cryptography 314Understanding Mathematical Cryptography 316Working with Passwords 318Understanding Quantum Cryptography 318Uncovering the Myth of Unbreakable Codes 319

Understanding Cryptographic Algorithms 321The Science of Hashing 321Working with Symmetric Algorithms 323Working with Asymmetric Algorithms 324

Using Cryptographic Systems 326Confidentiality 326Integrity 327Digital Signatures 328Authentication 329Nonrepudiation 330Access Control 330

Using Public Key Infrastructure 331Using a Certificate Authority 332Working with Registration Authorities and

Local Registration Authorities 333Implementing Certificates 335Understanding Certificate Revocation 336Implementing Trust Models 337

Preparing for Cryptographic Attacks 341Understanding Cryptography Standards and Protocols 343

The Origins of Encryption Standards 344Public-Key Infrastructure X.509/Public-Key

Cryptography Standards 348X.509 348SSL and TLS 349Certificate Management Protocols 351Secure Multipurpose Internet Mail Extensions 351Secure Electronic Transaction 351Secure Shell 352Pretty Good Privacy 354HTTP Secure 354Secure HTTP 355IP Security 355Tunneling Protocols 356Federal Information Processing Standard 357Common Criteria 357

72975book.indb 18 9/18/08 4:50:36 PM

Contents xix

Wireless Transport Layer Security 357Wired Equivalent Privacy 357ISO 17799 358

Understanding Key Management and the Key Life Cycle 358Comparing Centralized and Decentralized Key Generation 359Storing and Distributing Keys 361Using Key Escrow 363Identifying Key Expiration 363Revoking Keys 364Suspending Keys 364Recovering and Archiving Keys 365Renewing Keys 366Destroying Keys 367Identifying Key Usage 367


Lab 7.1: Hash Rules in Windows Server 2003 373Lab 7.2: SSL Settings in Windows Server 2003 373Lab 7.3: Encrypting a File System in Linux 374Lab 7.4: Look for Errors in IPSec Performance Statistics 374


Chapter 8 Security Policies and Procedures 381

Understanding Business Continuity 383Utilities 384High Availability 385Disaster Recovery 391

Reinforcing Vendor Support 404Service-Level Agreements 404Code Escrow Agreements 406

Generating Policies and Procedures 406Human Resource Policies 406Business Policies 410Certificate Policies 412Incident-Response Policies 413

Enforcing Privilege Management 414User and Group Role Management 415Privilege Escalation 416Single Sign-On Initiatives 416Privilege Decision Making 418Auditing 418Access Control 422

72975book.indb 19 9/18/08 4:50:36 PM

xx Contents


Lab 8.1: Use Automated System Recovery in Windows Server 2003 427

Lab 8.2: Create a Rescue Disk in Linux 427Lab 8.3: Create a Backup with SuSE Linux 428


Chapter 9 Security Administration 435

Understanding Security Management 436Drafting Best Practices and Documentation 436

Simplifying Security Administration 444Understanding Security Awareness and Education 446

Using Communication and Awareness 447Providing Education 447

Staying on Top of Security 449Websites 451Trade Publications 452

Regulating Privacy and Security 454The Health Insurance Portability and Accountability Act 454The Gramm-Leach-Bliley Act of 1999 454The Computer Fraud and Abuse Act 455The Family Educational Rights and Privacy Act 455The Computer Security Act of 1987 456The Cyberspace Electronic Security Act 456The Cyber Security Enhancement Act 456The Patriot Act 457Familiarizing Yourself with International Efforts 457


Lab 9.1: Configure Windows Automatic Updates 459Lab 9.2: Run the Microsoft Baseline Security Analyzer 459


Appendix About the Companion CD 467

What You’ll Find on the CD 468Sybex Test Engine 468PDF of the Book 468Adobe Reader 468Electronic Flashcards 469

72975book.indb 20 9/18/08 4:50:36 PM

Contents xxi

System Requirements 469Using the CD 469Troubleshooting 469

Customer Care 470

Glossary 471

Index 517

72975book.indb 21 9/18/08 4:50:36 PM

72975flast.indd 22 9/18/08 5:31:09 PM

IntroductionIf you’re preparing to take the Security+ exam, you’ll undoubtedly want to find as much information as you can concerning computer and physical security. The more information you have at your disposal and the more hands-on experience you gain, the better off you’ll be when attempting the exam. This study guide was written with that in mind. The goal was to provide enough information to prepare you for the test, but not so much that you’ll be overloaded with information that’s outside the scope of the exam.

This book presents the material at an intermediate technical level. Experience with and understanding of security concepts, operating systems, and application systems will help you get a full understanding of the challenges you face as a security professional.

I’ve included review questions at the end of each chapter to give you a taste of what it’s like to take the exam. If you’re already working in the security field, I recommend that you check out these questions first to gauge your level of expertise. You can then use the book mainly to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam.

If you can answer 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you’re unable to answer that many cor-rectly, reread the chapter and try the questions again. Your score should improve.

Don’t just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book and on the CD. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions.

Before You BeginBefore you begin studying for the exam, it’s imperative that you understand a few things about the Security+ certification. Security+ is a certification for life from CompTIA (an industry association responsible for many entry-level certifications) granted to those who obtain a passing score on a single entry-level exam. In addition to adding Security+ to your resume as a stand-alone certification, you can use it as an elective in many vendor-certification tracks.

When you’re studying for any exam, the first step in preparation should always be to find out as much as possible about the test; the more you know up front, the better you can plan your course of study. The current exam, and the one this book is written for, is the 2008 update. While all variables are subject to change, as this book is being written, the exam con-sists of 100 questions. You have 90 minutes to take the exam, and the passing score is based on a scale from 100 to 900. Both Pearson VUE and Prometric testing centers administer the exam throughout the United States and several other countries.

72975flast.indd 23 9/18/08 5:31:09 PM

xxiv Introduction

The exam is multiple choice with short, terse questions followed by four possible answers. Don’t expect lengthy scenarios and complex solutions. This is an entry-level exam of knowl-edge-level topics; you’re expected to know a great deal about security topics from an overview perspective rather than implementation. In many books, the glossary is filler added to the back of the text; this book’s glossary should be considered necessary reading. You’re likely to see a question on the exam about what a Trojan horse is, not how to identify it at the code level. Spend your study time learning the different security solutions and identifying potential security vulnerabilities and where they would be applicable. Don’t get bogged down in step-by-step details; those are saved for certification exams beyond the scope of Security+.

You should also know that CompTIA is notorious for including vague questions on all its exams. You might see a question for which two of the possible four answers are correct—but you can only choose one. Use your knowledge, logic, and intuition to choose the best answer, and then move on. Sometimes the questions are worded in ways that would make English majors cringe—a typo here, an incorrect verb there. Don’t let this frustrate you; answer the question, and go to the next. Although we haven’t intentionally added typos or other grammatical errors, the questions throughout this book make every attempt to re-create the structure and appearance of the real exam questions. CompTIA offers a page on study tips for their exams at http://certification.comptia.org/resources/test_tips.aspx, and it is worth skimming.

CompTIA frequently does what is called item seeding, which is the practice of including unscored questions on exams. It does that to gather psychometric data, which is then used when developing new versions of the exam. Before you take it, you are told that your exam may include unscored questions. So if you come across a question that does not appear to map to any of the exam objectives—or for that matter, does not appear to belong in the exam—it is likely a seeded question.

As you study, you need to know that the exam you’ll take was created at a certain point in time. You won’t see a question about the new virus that hit your systems last week, but you’ll see questions about concepts that existed when this exam was created. Updating the exam is a difficult process and results in an increment in the exam number.

Why Become Security+ Certified?There are a number of reasons for obtaining a Security+ certification:

It provides proof of professional achievement. Specialized certifications are the best way to stand out from the crowd. In this age of technology certifications, you’ll find hundreds of thousands of administrators who have successfully completed the Microsoft and Cisco certification tracks. To set yourself apart from the crowd, you need a little bit more. The Security+ exam is part of the CompTIA certification track that includes A+, Network+, and other vendor-neutral certifications such as RFID+, Convergence+, and more. This exam

72975flast.indd 24 9/18/08 5:31:10 PM

Introduction xxv

will help you prepare for more advanced certifications because it provides a solid grounding in security concepts and will give you the recognition you deserve.

It increases your marketability. Almost anyone can bluff their way through an interview. Once you’re security certified, you’ll have the credentials to prove your competency. And, certifications can’t be taken from you when you change jobs—you can take that certification with you to any position you accept.

It provides opportunity for advancement. Individuals who prove themselves to be competent and dedicated are the ones who will most likely be promoted. Becoming certified is a great way to prove your skill level and show your employer that you’re committed to improving your skill set. Look around you at those who are certified: They are probably the people who receive good pay raises and promotions.

It fulfills training requirements. Many companies have set training requirements for their staff so that they stay up-to-date on the latest technologies. Having a certification program in security provides administrators with another certification path to follow when they have exhausted some of the other industry-standard certifications.

It raises customer confidence. As companies discover the CompTIA advantage, they will undoubtedly require qualified staff to achieve these certifications. Many companies outsource their work to consulting firms with experience working with security. Firms that have certified staff have a definite advantage over firms that don’t.

How to Become a Security+ Certified ProfessionalAs this book goes to press, there are two Security+ exam providers: Prometric and Pearson VUE. The following table contains all the necessary contact information and exam-specific details for registering. Exam pricing might vary by country or by CompTIA membership.

Vendor Website Phone Number

Prometric securereg3.prometric.com U.S. and Canada: 800-977-3926

Pearson VUE www.vue.com/comptia U.S. and Canada: 877-551-PLUS (7587)

When you schedule the exam, you’ll receive instructions regarding appointment and cancellation procedures, ID requirements, and information about the testing center loca-tion. In addition, you’ll receive a registration and payment confirmation letter. Exams can be scheduled up to six weeks out or as late as the next day (or, in some cases, even the same day).

Exam prices and codes may vary based on the country in which the exam is administered. For detailed pricing and exam registration procedures, refer to CompTIA’s website at www.comptia.com.

72975flast.indd 25 9/18/08 5:31:10 PM

xxvi Introduction

After you’ve successfully passed your Security+ exam, CompTIA will award you a cer-tification that is good for life. Within four to six weeks of passing the exam, you’ll receive your official CompTIA Security+ certificate and ID card. (If you don’t receive these within eight weeks of taking the test, contact CompTIA directly using the information found in your registration packet.)

Who Should Buy This Book?If you want to acquire a solid foundation in computer security and your goal is to prepare for the exam by learning how to develop and improve security, this book is for you. You’ll find clear explanations of the concepts you need to grasp and plenty of help to achieve the high level of professional competency you need in order to succeed in your chosen field.

If you want to become certified as a certification holder, this book is definitely what you need. However, if you just want to attempt to pass the exam without really understanding security, this study guide isn’t for you. It’s written for people who want to acquire hands-on skills and in-depth knowledge of computer security.

If you purchased the deluxe edition of this book, we’ve included a special appendix, “Security+ Practical Application.” It is designed to give those new to the field of security administration a practical look at how many of the exam objectives relate to the real world.

In addition to reading this book, you might consider downloading and reading the white papers on security that are scattered throughout the Internet.

How to Use This Book and the CDWe’ve included several testing features in the book and on the CD-ROM. These tools will help you retain vital exam content as well as prepare you to sit for the actual exam:

Before you begin At the end of this introduction is an assessment test that you can use to check your readiness for the exam. Take this test before you start reading the book; it will help you determine the areas you might need to brush up on. The answers to the assessment test questions appear on a separate page after the last question of the test. Each answer includes an explanation and a note telling you the chapter in which the material appears.

Chapter review questions To test your knowledge as you progress through the book, there are review questions at the end of each chapter. As you finish each chapter, answer the review questions and then check your answers—the correct answers appear on the page following the last review question. You can go back to reread the section that deals with each question you got wrong to ensure that you answer correctly the next time you’re tested on the material.

Electronic flashcards You’ll find flashcard questions on the CD for on-the-go review. These are short questions and answers. You can answer them on your PC or download them onto a Palm device for quick and convenient reviewing.

72975flast.indd 26 9/18/08 5:31:10 PM

Introduction xxvii

Sybex Test Engine The CD also contains the Sybex Test Engine. Using this custom soft-ware, you can identify up front the areas in which you are weak and then develop a solid studying strategy using each of these robust testing features. The ReadMe file walks you through the installation process.

In addition to taking the assessment test and the chapter review questions in the test engine, you’ll find practice exams, one if you purchased the standard edition, four if you purchased the deluxe edition. Take these practice exams just as if you were taking the actual exam (without any reference material). When you’ve finished the first exam, move on to the next one to solidify your test-taking skills. If you get more than 90 percent of the answers cor-rect, you’re ready to take the certification exam.

Full text of the book in PDF The CD-ROM contains this book in PDF so you can easily read it on any computer. If you have to travel but still need to study for the exam, and you have a laptop with a CD-ROM drive, you can carry this entire book with you.

What’s Included in the Deluxe Edition?

If you purchased the deluxe edition of this Study Guide, you will notice the two additional appendixes: the security administrator’s troubleshooting guide and workbook exercises. Together, these two elements add an additional hands-on component to your studies and can be useful resources long after you’ve passed the exam and earned your Security+ certification.

Not only is there a difference within the spine of the deluxe edition with the inclusion of the additional chapters, but the CD has been enhanced as well. The deluxe edition con-tains an additional bonus exam to help you gauge your readiness for the real exam at your closest testing center.

Exam ObjectivesCompTIA goes to great lengths to ensure that its certification programs accurately reflect the IT industry’s best practices. The company does this by establishing cornerstone committees for each of its exam programs. Each committee comprises a small group of IT professionals, train-ing providers, and publishers who are responsible for establishing the exam’s baseline compe-tency level and who determine the appropriate target-audience level. Once these factors are determined, CompTIA shares this information with a group of hand-selected Subject Matter Experts (SMEs). These folks are the true brainpower behind the certification program. In the case of this exam, they are IT-seasoned pros from the likes of Microsoft, Sun Microsystems, VeriSign, and RSA Security, to name just a few. They review the committee’s findings, refine them, and shape them into the objectives you see before you. CompTIA calls this process a job task analysis (JTA). Finally, CompTIA conducts a survey to ensure that the objectives and

72975flast.indd 27 9/18/08 5:31:11 PM

xxviii Introduction

weightings truly reflect the job requirements. Only then can the SMEs go to work writing the hundreds of questions needed for the exam. And in many cases, they have to go back to the drawing board for further refinements before the exam is ready to go live in its final state. So, rest assured the content you’re about to learn will serve you long after you take the exam.

Exam objectives are subject to change at any time without prior notice and at CompTIA’s sole discretion. Visit the certification page of CompTIA’s web-site at www.comptia.org for the most current listing of exam objectives.

CompTIA also publishes relative weightings for each of the exam’s objectives. The fol-lowing table lists the six Security+ objective domains and the extent to which they are rep-resented on the exam. As you use this study guide, you’ll find that I have administered just the right dosage of objective knowledge by tailoring coverage to mirror the percentages that CompTIA uses.

As part of the Department of Defense (DoD) Directive 8570.1—which requires certain DoD technicians and managers to get trained and certified in certain areas, including Security+—CompTIA will release a Security+ Bridge exam. The Bridge exam will test on topics that are new since the previous version of the exam. Individuals required to get recertified can take the Bridge exam to meet the recertification policy. It should be noted that CompTIA does not require individuals to get recertified. Refer to the objective tear out card at the beginning of this book. All objectives that are new to the Security (2008 Edition) are in bold. For more information on Directive 8570.1, visit http://certification.comptia.org/resources/US_Gov.aspx.

Domain % of Exam

1.0 Systems Security 21%

2.0 Network Infrastructure 20%

3.0 Access Control 17%

4.0 Assessments & Audits 15%

5.0 Cryptography 15%

6.0 Organizational Security 12%

Total 100%

72975flast.indd 28 9/18/08 5:31:11 PM

study guide · 2013. 7. 23. · study guide emmett dulaney completely updated for the sy0-201 exam!...

Documents