Introduction
If you're preparing to take the Security+ exam, you'll undoubtedly want to find as much information as you can concerning computer and physical security. The more information you have at your disposal and the more hands-on experience you gain, the better off you'll be when attempting the exam. This study guide was written with that in mind. The goal was to provide enough information to prepare you for the test, but not so much that you'll be overloaded with information that's outside the scope of the exam.
This book presents the material at an intermediate technical level. Experience with and understanding of security concepts, operating systems, and application systems will help you get a full understanding of the challenges you face as a security professional.
I've included review questions at the end of each chapter to give you a taste of what it's like to take the exam. If you're already working in the security field, I recommend that you check out these questions first to gauge your level of expertise. You can then use the book mainly to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam.
If you can answer 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you're unable to answer that many correctly, reread the chapter and try the questions again. Your score should improve.
|
Before You Begin
Before you begin studying for the exam, it's imperative that you understand a few things about the Security+ certification. Security+ is a certification for life from CompTIA (an industry association responsible for many entry-level certifications) granted to those who obtain a passing score on a single entry-level exam. In addition to adding Security+ to your resume as a stand-alone certification, you can use it as an elective in many vendor-certification tracks.
When you're studying for any exam, the first step in preparation should always be to find out as much as possible about the test; the more you know up front, the better you can plan your course of study. The current exam, and the one this book is written for, is the 2008 update. While all variables are subject to change, as this book is being written, the exam consists of 100 questions. You have 90 minutes to take the exam, and the passing score is based on a scale from 100 to 900. Both Pearson VUE and Prometric testing centers administer the exam throughout the United States and several other countries.
The exam is multiple choice with short, terse questions followed by four possible answers. Don't expect lengthy scenarios and complex solutions. This is an entry-level exam of knowledge-level topics; you're expected to know a great deal about security topics from an overview perspective rather than implementation. In many books, the glossary is filler added to the back of the text; this book's glossary should be considered necessary reading. You're likely to see a question on the exam about what a Trojan horse is, not how to identify it at the code level. Spend your study time learning the different security solutions and identifying potential security vulnerabilities and where they would be applicable. Don't get bogged down in step-by-step details; those are saved for certification exams beyond the scope of Security+.
You should also know that CompTIA is notorious for including vague questions on all its exams. You might see a question for which two of the possible four answers are correct—but you can only choose one. Use your knowledge, logic, and intuition to choose the best answer, and then move on. Sometimes the questions are worded in ways that would make English majors cringe—a typo here, an incorrect verb there. Don't let this frustrate you; answer the question, and go to the next. Although we haven't intentionally added typos or other grammatical errors, the questions throughout this book make every attempt to re-create the structure and appearance of the real exam questions. CompTIA offers a page on study tips for their exams at http://certification.comptia.org/resources/test_tips.aspx, and it is worth skimming.
NOTE
CompTIA frequently does what is called item seeding, which is the practice of including unscored questions on exams. It does that to gather psychometric data, which is then used when developing new versions of the exam. Before you take it, you are told that your exam may include unscored questions. So if you come across a question that does not appear to map to any of the exam objectives–or for that matter, does not appear to belong in the exam–it is likely a seeded question.
As you study, you need to know that the exam you'll take was created at a certain point in time. You won't see a question about the new virus that hit your systems last week, but you'll see questions about concepts that existed when this exam was created. Updating the exam is a difficult process and results in an increment in the exam number.
Why Become Security+ Certified?
There are a number of reasons for obtaining a Security+ certification:
It provides proof of professional achievement.
Specialized certifications are the best way to stand out from the crowd. In this age of technology certifications, you'll find hundreds of thousands of administrators who have successfully completed the Microsoft and Cisco certification tracks. To set yourself apart from the crowd, you need a little bit more. The Security+ exam is part of the CompTIA certification track that includes A+, Network+, and other vendor-neutral certifications such as RFID+, Convergence+, and more. This exam will help you prepare for more advanced certifications because it provides a solid grounding in security concepts and will give you the recognition you deserve.
It increases your marketability.
Almost anyone can bluff their way through an interview. Once you're security certified, you'll have the credentials to prove your competency. And, certifications can't be taken from you when you change jobs—you can take that certification with you to any position you accept.
It provides opportunity for advancement.
Individuals who prove themselves to be competent and dedicated are the ones who will most likely be promoted. Becoming certified is a great way to prove your skill level and show your employer that you're committed to improving your skill set. Look around you at those who are certified: They are probably the people who receive good pay raises and promotions.
It fulfills training requirements.
Many companies have set training requirements for their staff so that they stay up-to-date on the latest technologies. Having a certification program in security provides administrators with another certification path to follow when they have exhausted some of the other industry-standard certifications.
It raises customer confidence.
As companies discover the CompTIA advantage, they will undoubtedly require qualified staff to achieve these certifications. Many companies outsource their work to consulting firms with experience working with security. Firms that have certified staff have a definite advantage over firms that don't.
How to Become a Security+ Certified Professional
As this book goes to press, there are two Security+ exam providers: Prometric and Pearson VUE. The following table contains all the necessary contact information and exam-specific details for registering. Exam pricing might vary by country or by CompTIA membership.
| Vendor | Website | Phone Number |
|---|---|---|
| Prometric | securereg3.prometric.com | U.S. and Canada: 800-977-3926 |
| Pearson VUE | www.vue.com/comptia | U.S. and Canada: 877-551-PLUS (7587) |
When you schedule the exam, you'll receive instructions regarding appointment and cancellation procedures, ID requirements, and information about the testing center location. In addition, you'll receive a registration and payment confirmation letter. Exams can be scheduled up to six weeks out or as late as the next day (or, in some cases, even the same day).
NOTE
Exam prices and codes may vary based on the country in which the exam is administered. For detailed pricing and exam registration procedures, refer to CompTIA's website at www.comptia.com.
After you've successfully passed your Security+ exam, CompTIA will award you a certification that is good for life. Within four to six weeks of passing the exam, you'll receive your official CompTIA Security+ certificate and ID card. (If you don't receive these within eight weeks of taking the test, contact CompTIA directly using the information found in your registration packet.)
Who Should Buy This Book?
If you want to acquire a solid foundation in computer security and your goal is to prepare for the exam by learning how to develop and improve security, this book is for you. You'll find clear explanations of the concepts you need to grasp and plenty of help to achieve the high level of professional competency you need in order to succeed in your chosen field.
If you want to become certified as a certification holder, this book is definitely what you need. However, if you just want to attempt to pass the exam without really understanding security, this study guide isn't for you. It's written for people who want to acquire hands-on skills and in-depth knowledge of computer security.
If you purchased the deluxe edition of this book, we've included a special appendix, "Security+ Practical Application." It is designed to give those new to the field of security administration a practical look at how many of the exam objectives relate to the real world.
NOTE
In addition to reading this book, you might consider downloading and reading the white papers on security that are scattered throughout the Internet.
How to Use This Book and the CD
We've included several testing features in the book and on the CD-ROM. These tools will help you retain vital exam content as well as prepare you to sit for the actual exam:
Before you begin
At the end of this introduction is an assessment test that you can use to check your readiness for the exam. Take this test before you start reading the book; it will help you determine the areas you might need to brush up on. The answers to the assessment test questions appear on a separate page after the last question of the test. Each answer includes an explanation and a note telling you the chapter in which the material appears.
Chapter review questions
To test your knowledge as you progress through the book, there are review questions at the end of each chapter. As you finish each chapter, answer the review questions and then check your answers—the correct answers appear on the page following the last review question. You can go back to reread the section that deals with each question you got wrong to ensure that you answer correctly the next time you're tested on the material.
Electronic flashcards
You'll find flashcard questions on the CD for on-the-go review. These are short questions and answers. You can answer them on your PC or download them onto a Palm device for quick and convenient reviewing.
Sybex Test Engine
The CD also contains the Sybex Test Engine. Using this custom software, you can identify up front the areas in which you are weak and then develop a solid studying strategy using each of these robust testing features. The ReadMe file walks you through the installation process.
In addition to taking the assessment test and the chapter review questions in the test engine, you'll find practice exams, one if you purchased the standard edition, four if you purchased the deluxe edition. Take these practice exams just as if you were taking the actual exam (without any reference material). When you've finished the first exam, move on to the next one to solidify your test-taking skills. If you get more than 90 percent of the answers correct, you're ready to take the certification exam.
Full text of the book in PDF
The CD-ROM contains this book in PDF so you can easily read it on any computer. If you have to travel but still need to study for the exam, and you have a laptop with a CD-ROM drive, you can carry this entire book with you.
|
What's Included in the Deluxe Edition?Exam Objectives
CompTIA goes to great lengths to ensure that its certification programs accurately reflect the IT industry's best practices. The company does this by establishing cornerstone committees for each of its exam programs. Each committee comprises a small group of IT professionals, training providers, and publishers who are responsible for establishing the exam's baseline competency level and who determine the appropriate target-audience level. Once these factors are determined, CompTIA shares this information with a group of hand-selected Subject Matter Experts (SMEs). These folks are the true brainpower behind the certification program. In the case of this exam, they are IT-seasoned pros from the likes of Microsoft, Sun Microsystems, VeriSign, and RSA Security, to name just a few. They review the committee's findings, refine them, and shape them into the objectives you see before you. CompTIA calls this process a job task analysis (JTA). Finally, CompTIA conducts a survey to ensure that the objectives and weightings truly reflect the job requirements. Only then can the SMEs go to work writing the hundreds of questions needed for the exam. And in many cases, they have to go back to the drawing board for further refinements before the exam is ready to go live in its final state. So, rest assured the content you're about to learn will serve you long after you take the exam.
NOTE
Exam objectives are subject to change at any time without prior notice and at CompTIA's sole discretion. Visit the certification page of CompTIA's website at www.comptia.org for the most current listing of exam objectives.
CompTIA also publishes relative weightings for each of the exam's objectives. The following table lists the six Security+ objective domains and the extent to which they are represented on the exam. As you use this study guide, you'll find that I have administered just the right dosage of objective knowledge by tailoring coverage to mirror the percentages that CompTIA uses.
NOTE
As part of the Department of Defense (DoD) Directive 8570.1–which requires certain DoD technicians and managers to get trained and certified in certain areas, including Security+–CompTIA will release a Security+ Bridge exam. The Bridge exam will test on topics that are new since the previous version of the exam. Individuals required to get recertified can take the Bridge exam to meet the recertification policy. It should be noted that CompTIA does not require individuals to get recertified. Refer to the objective tear out card at the beginning of this book. All objectives that are new to the Security (2008 Edition) are in bold. For more information on Directive 8570.1, visit http://certification.comptia.org/resources/US_Gov.aspx.
| Domain | % of Exam |
|---|---|
| 1.0 Systems Security | 21% |
| 2.0 Network Infrastructure | 20% |
| 3.0 Access Control | 17% |
| 4.0 Assessments & Audits | 15% |
| 5.0 Cryptography | 15% |
| 6.0 Organizational Security | 12% |
| Total | 100% |
1.0 Systems Security
1.1 Differentiate among various systems security threats.
Privilege escalation
Virus
Worm
Trojan
Spyware
Spam
Adware
Rootkits
Botnets
Logic bomb
1.2 Explain the security risks pertaining to system hardware and peripherals.
BIOS
USB devices
Cell phones
Removable storage
Network attached storage
1.3 Implement OS hardening practices and procedures to achieve workstation and server security.
Hot fixes
Service packs
Patches
Patch management
Group policies
Security templates
Configuration baselines
1.4 Carry out the appropriate procedures to establish application security.
ActiveX
Java
Scripting
Browser
Buffer overflows
Cookies
SMTP open relays
Instant messaging
P2P
Input validation
Cross-site scripting (XSS)
1.5 Implement security applications.
HIDS
Personal software firewalls
Antivirus
Anti-spam
Popup blockers
1.6 Explain the purpose and application of virtualization technology.
2.0 Network Infrastructure
2.1 Differentiate between the different ports & protocols, their respective threats and mitigation techniques.
Antiquated protocols
TCP/IP hijacking
Null sessions
Spoofing
Man-in-the-middle
Replay
DoS
DDoS
Domain Name Kiting
DNS poisoning
ARP Poisoning
2.2 Distinguish between network design elements and components.
DMZ
VLAN
NAT
Network interconnections
NAC
Subnetting
Telephony
2.3 Determine the appropriate use of network security tools to facilitate network security.
NIDS
NIPS
Firewalls
Proxy servers
Honeypot
Internet content filters
Protocol analyzers
2.4 Apply the appropriate network tools to facilitate network security.
NIDS
Firewalls
Proxy servers
Internet content filters
Protocol analyzers
2.5 Explain the vulnerabilities and mitigations associated with network devices.
Privilege escalation
Weak passwords
Back doors
Default accounts
DoS
2.6 Explain the vulnerabilities and mitigations associated with various transmission media.
Vampire taps
2.7 Explain the vulnerabilities and implement mitigations associated with wireless networking.
Data emanation
War driving
SSID broadcast
Blue jacking
Bluesnarfing
Rogue access points
Weak encryption
3.0 Access Control
3.1 Identify and apply industry best practices for access control methods.
Implicit deny
Least privilege
Separation of duties
Job rotation
3.2 Explain common access control models and the differences between each.
MAC
DAC
Role & Rule based access control
3.3 Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges.
3.4 Apply appropriate security controls to file and print resources.
3.5 Compare and implement logical access control methods.
ACL
Group policies
Password policy
Domain password policy
User names and passwords
Time of day restrictions
Account expiration
Logical tokens
3.6 Summarize the various authentication models and identify the components of each.
One, two and three-factor authentication
Single sign-on
3.7 Deploy various authentication models and identify the components of each.
Biometric reader
RADIUS
RAS
LDAP
Remote access policies
Remote authentication
VPN
Kerberos
CHAP
PAP
Mutual
802.1x
TACACS
3.8 Explain the difference between identification and authentication (identity proofing).
3.9 Explain and apply physical access security methods.
Physical access logs/lists
Hardware locks
Physical access control—ID badges
Door access systems
Man-trap
Physical tokens
Video surveillance—camera types and positioning
4.0 Assessments & Audits
4.1 Conduct risk assessments and implement risk mitigation.
4.2 Carry out vulnerability assessments using common tools.
Port scanners
Vulnerability scanners
Protocol analyzers
OVAL
Password crackers
Network mappers
4.3 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.
4.4 Use monitoring tools on systems and networks, and detect security-related anomalies.
Performance monitor
Systems monitor
Performance baseline
Protocol analyzers
4.5 Compare and contrast various types of monitoring methodologies.
Behavior-based
Signature-based
Anomaly-based
4.6 Executer proper logging procedures and evaluate the results.
Security application
DNS
System
Performance
Access
Firewall
Antivirus
4.7 Conduct periodic audits of system security settings.
User access and rights review
Storage and retention policies
Group policies
5.0 Cryptography
5.1 Explain general cryptography concepts.
Key management
Steganography
Symmetric key
Asymmetric key
Confidentiality
Integrity and availability
Non-repudiation
Comparative strength of algorithms
Digital signatures
Whole disk encryption
Trusted Platform Module (TPM)
Single vs. Dual sided certificates
Use of proven technologies
5.2 Explain basic hashing concepts and map various algorithms to appropriate applications.
SHA
MD5
LANMAN
NTLM
5.3 Explain basic encryption concepts and map various algorithms to appropriate applications.
DES
3DES
RSA
PGP
Elliptic curve
AES
AES256
One time pad
Transmission encryption (WEP TKIP, and so forth)
5.4 Explain and implement protocols.
SSL/TLS
S/MIME
PPTP
HTTP vs. HTTPS vs. SHTTP
L2TP
IPSEC
SSH
5.5 Explain core concepts of public key cryptography.
Public Key Infrastructure (PKI)
Recovery agent
Public key
Private keys
Certificate Authority (CA)
Registration
Key escrow
Certificate Revocation List (CRL)
Trust models
5.6 Implement PKI and certificate management.
Public Key Infrastructure (PKI)
Recovery agent
Public key
Private keys
Certificate Authority (CA)
Registration
Key escrow
Certificate Revocation List (CRL)
6.0 Organizational Security
6.1 Explain redundancy planning and its components.
Hot site
Cold site
Warm site
Backup generator
Single point of failure
RAID
Spare parts
Redundant servers
Redundant ISP
UPS
Redundant connections
6.2 Implement disaster recovery procedures.
Planning
Disaster exercises
Backup techniques and practices—storage
Schemes
Restoration
6.3 Differentiate between and execute appropriate incident response procedures.
Forensics
Chain of custody
First responders
Damage and loss control
Reporting—disclosure of
6.4 Identify and explain applicable legislation and organizational policies.
Secure disposal of computers
Acceptable use policies
Password complexity
Change management
Classification of information
Mandatory vacations
Personally Identifiable Information (PII)
Due care
Due diligence
Due process
SLA
Security-related HR policy
User education and awareness training
6.5 Explain the importance of environmental controls.
Fire suppression
HVAC
Shielding
6.6 Explain the concept of and how to reduce the risks of social engineering.
Phishing
Hoaxes
Shoulder surfing
Dumpster diving
User education and awareness training
Tips for Taking the Security+ Exam
Here are some general tips for taking your exam successfully:
Bring two forms of ID with you. One must be a photo ID, such as a driver's license. The other can be a major credit card or a passport. Both forms must include a signature.
Arrive early at the exam center so you can relax and review your study materials, particularly tables and lists of exam-related information. After you are ready to enter the testing room, you will need to leave everything outside; you won't be able to bring any materials into the testing area.
Read the questions carefully. Don't be tempted to jump to an early conclusion. Make sure you know exactly what each question is asking.
Don't leave any unanswered questions. Unanswered questions are scored against you.
There will be questions with multiple correct responses. When there is more than one correct answer, a message at the bottom of the screen will prompt you to either "Choose two" or "Choose all that apply." Be sure to read the messages displayed to know how many correct answers you must choose.
When answering multiple-choice questions you're not sure about, use a process of elimination to get rid of the obviously incorrect answers first. Doing so will improve your odds if you need to make an educated guess.
On form-based tests (nonadaptive), because the hard questions will take the most time, save them for last. You can move forward and backward through the exam.
For the latest pricing on the exams and updates to the registration procedures, visit CompTIA's website at www.comptia.org.