Introduction
If you're preparing to take the Security+ exam, you'll undoubtedly want to find as much information as you can concerning computer and physical security. The more information you have at your disposal and the more hands-on experience you gain, the better off you'll be when attempting the exam. This study guide was written with that in mind. The goal was to provide enough information to prepare you for the test, but not so much that you'll be overloaded with information that's outside the scope of the exam.
This book presents the material at an intermediate technical level. Experience with and understanding of security concepts, operating systems, and application systems will help you get a full understanding of the challenges you face as a security professional.
I've included review questions at the end of each chapter to give you a taste of what it's like to take the exam. If you're already working in the security field, I recommend that you check out these questions first to gauge your level of expertise. You can then use the book mainly to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam.
If you can answer 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you're unable to answer that many correctly, reread the chapter and try the questions again. Your score should improve.
|
Before You Begin
Before you begin studying for the exam, it's imperative that you understand a few things about the Security+ certification. Security+ is a certification for life from CompTIA (an industry association responsible for many entry-level certifications) granted to those who obtain a passing score on a single entry-level exam. In addition to adding Security+ to your resume as a stand-alone certification, you can use it as an elective in many vendor-certification tracks.
When you're studying for any exam, the first step in preparation should always be to find out as much as possible about the test; the more you know up front, the better you can plan your course of study. The current exam, and the one this book is written for, is the 2008 update. While all variables are subject to change, as this book is being written, the exam consists of 100 questions. You have 90 minutes to take the exam, and the passing score is based on a scale from 100 to 900. Both Pearson VUE and Prometric testing centers administer the exam throughout the United States and several other countries.
The exam is multiple choice with short, terse questions followed by four possible answers. Don't expect lengthy scenarios and complex solutions. This is an entry-level exam of knowledge-level topics; you're expected to know a great deal about security topics from an overview perspective rather than implementation. In many books, the glossary is filler added to the back of the text; this book's glossary should be considered necessary reading. You're likely to see a question on the exam about what a Trojan horse is, not how to identify it at the code level. Spend your study time learning the different security solutions and identifying potential security vulnerabilities and where they would be applicable. Don't get bogged down in step-by-step details; those are saved for certification exams beyond the scope of Security+.
You should also know that CompTIA is notorious for including vague questions on all its exams. You might see a question for which two of the possible four answers are correct—but you can only choose one. Use your knowledge, logic, and intuition to choose the best answer, and then move on. Sometimes the questions are worded in ways that would make English majors cringe—a typo here, an incorrect verb there. Don't let this frustrate you; answer the question, and go to the next. Although we haven't intentionally added typos or other grammatical errors, the questions throughout this book make every attempt to re-create the structure and appearance of the real exam questions. CompTIA offers a page on study tips for their exams at http://certification.comptia.org/resources/test_tips.aspx, and it is worth skimming.
NOTE
CompTIA frequently does what is called item seeding, which is the practice of including unscored questions on exams. It does that to gather psychometric data, which is then used when developing new versions of the exam. Before you take it, you are told that your exam may include unscored questions. So if you come across a question that does not appear to map to any of the exam objectives—or for that matter, does not appear to belong in the exam—it is likely a seeded question.
As you study, you need to know that the exam you'll take was created at a certain point in time. You won't see a question about the new virus that hit your systems last week, but you'll see questions about concepts that existed when this exam was created. Updating the exam is a difficult process and results in an increment in the exam number.
Why Become Security+ Certified?
There are a number of reasons for obtaining a Security+ certification:
It provides proof of professional achievement.
Specialized certifications are the best way to stand out from the crowd. In this age of technology certifications, you'll find hundreds of thousands of administrators who have successfully completed the Microsoft and Cisco certification tracks. To set yourself apart from the crowd, you need a little bit more. The Security+ exam is part of the CompTIA certification track that includes A+, Network+, and other vendor-neutral certifications such as RFID+, Convergence+, and more. This exam will help you prepare for more advanced certifications because it provides a solid grounding in security concepts and will give you the recognition you deserve.
It increases your marketability.
Almost anyone can bluff their way through an interview. Once you're security certified, you'll have the credentials to prove your competency. And, certifications can't be taken from you when you change jobs—you can take that certification with you to any position you accept.
It provides opportunity for advancement.
Individuals who prove themselves to be competent and dedicated are the ones who will most likely be promoted. Becoming certified is a great way to prove your skill level and show your employer that you're committed to improving your skill set. Look around you at those who are certified: They are probably the people who receive good pay raises and promotions.
It fulfills training requirements.
Many companies have set training requirements for their staff so that they stay up-to-date on the latest technologies. Having a certification program in security provides administrators with another certification path to follow when they have exhausted some of the other industry-standard certifications.
It raises customer confidence.
As companies discover the CompTIA advantage, they will undoubtedly require qualified staff to achieve these certifications. Many companies outsource their work to consulting firms with experience working with security. Firms that have certified staff have a definite advantage over firms that don't.
How to Become a Security+ Certified Professional
As this book goes to press, there are two Security+ exam providers: Prometric and Pearson VUE. The following table contains all the necessary contact information and exam-specific details for registering. Exam pricing might vary by country or by CompTIA membership.
| Vendor | Website | Phone Number |
|---|---|---|
| Prometric | securereg3.prometric.com | U.S. and Canada: 800-977-3926 |
| Pearson VUE | www.vue.com/comptia | U.S. and Canada: 877-551-PLUS (7587) |
When you schedule the exam, you'll receive instructions regarding appointment and cancellation procedures, ID requirements, and information about the testing center location. In addition, you'll receive a registration and payment confirmation letter. Exams can be scheduled up to six weeks out or as late as the next day (or, in some cases, even the same day).
NOTE
Exam prices and codes may vary based on the country in which the exam is administered. For detailed pricing and exam registration procedures, refer to CompTIA's website at www.comptia.com.
After you've successfully passed your Security+ exam, CompTIA will award you a certification that is good for life. Within four to six weeks of passing the exam, you'll receive your official CompTIA Security+ certificate and ID card. (If you don't receive these within eight weeks of taking the test, contact CompTIA directly using the information found in your registration packet.)
Who Should Buy This Book?
If you want to acquire a solid foundation in computer security and your goal is to prepare for the exam by learning how to develop and improve security, this book is for you. You'll find clear explanations of the concepts you need to grasp and plenty of help to achieve the high level of professional competency you need in order to succeed in your chosen field.
If you want to become certified as a certification holder, this book is definitely what you need. However, if you just want to attempt to pass the exam without really understanding security, this study guide isn't for you. It's written for people who want to acquire hands-on skills and in-depth knowledge of computer security.
If you purchased the deluxe edition of this book, we've included a special appendix, "Security+ Practical Application." It is designed to give those new to the field of security administration a practical look at how many of the exam objectives relate to the real world.
NOTE
In addition to reading this book, you might consider downloading and reading the white papers on security that are scattered throughout the Internet.
How to Use This Book and the CD
We've included several testing features in the book and on the CD-ROM. These tools will help you retain vital exam content as well as prepare you to sit for the actual exam:
Before you begin.
At the end of this introduction is an assessment test that you can use to check your readiness for the exam. Take this test before you start reading the book; it will help you determine the areas you might need to brush up on. The answers to the assessment test questions appear on a separate page after the last question of the test. Each answer includes an explanation and a note telling you the chapter in which the material appears.
Chapter review questions.
To test your knowledge as you progress through the book, there are review questions at the end of each chapter. As you finish each chapter, answer the review questions and then check your answers—the correct answers appear on the page following the last review question. You can go back to reread the section that deals with each question you got wrong to ensure that you answer correctly the next time you're tested on the material.
Electronic flashcards.
You'll find flashcard questions on the CD for on-the-go review. These are short questions and answers. You can answer them on your PC or download them onto a Palm device for quick and convenient reviewing.
Sybex Test Engine.
The CD also contains the Sybex Test Engine. Using this custom software, you can identify up front the areas in which you are weak and then develop a solid studying strategy using each of these robust testing features. The ReadMe file walks you through the installation process.
In addition to taking the assessment test and the chapter review questions in the test engine, you'll find practice exams, one if you purchased the standard edition, four if you purchased the deluxe edition. Take these practice exams just as if you were taking the actual exam (without any reference material). When you've finished the first exam, move on to the next one to solidify your test-taking skills. If you get more than 90 percent of the answers correct, you're ready to take the certification exam.
Full text of the book in PDF.
The CD-ROM contains this book in PDF so you can easily read it on any computer. If you have to travel but still need to study for the exam, and you have a laptop with a CD-ROM drive, you can carry this entire book with you.
Real World Scenario: What's Included in the Deluxe Edition?If you purchased the deluxe edition of this Study Guide, you will notice the two additional appendixes: the security administrator's troubleshooting guide and workbook exercises. Together, these two elements add an additional hands-on component to your studies and can be useful resources long after you've passed the exam and earned your Security+ certification. Not only is there a difference within the spine of the deluxe edition with the inclusion of the additional chapters, but the CD has been enhanced as well. The deluxe edition contains an additional bonus exam to help you gauge your readiness for the real exam at your closest testing center. |
Exam Objectives
CompTIA goes to great lengths to ensure that its certification programs accurately reflect the IT industry's best practices. The company does this by establishing cornerstone committees for each of its exam programs. Each committee comprises a small group of IT professionals, training providers, and publishers who are responsible for establishing the exam's baseline competency level and who determine the appropriate target-audience level. Once these factors are determined, CompTIA shares this information with a group of hand-selected Subject Matter Experts (SMEs). These folks are the true brainpower behind the certification program. In the case of this exam, they are IT-seasoned pros from the likes of Microsoft, Sun Microsystems, VeriSign, and RSA Security, to name just a few. They review the committee's findings, refine them, and shape them into the objectives you see before you. CompTIA calls this process a job task analysis (JTA). Finally, CompTIA conducts a survey to ensure that the objectives and weightings truly reflect the job requirements. Only then can the SMEs go to work writing the hundreds of questions needed for the exam. And in many cases, they have to go back to the drawing board for further refinements before the exam is ready to go live in its final state. So, rest assured the content you're about to learn will serve you long after you take the exam.
NOTE
Exam objectives are subject to change at any time without prior notice and at CompTIA's sole discretion. Visit the certification page of CompTIA's website at www.comptia.org for the most current listing of exam objectives.
CompTIA also publishes relative weightings for each of the exam's objectives. The following table lists the six Security+ objective domains and the extent to which they are represented on the exam. As you use this study guide, you'll find that I have administered just the right dosage of objective knowledge by tailoring coverage to mirror the percentages that CompTIA uses.
NOTE
As part of the Department of Defense (DoD) Directive 8570.1—which requires certain DoD technicians and managers to get trained and certified in certain areas, including Security+—CompTIA will release a Security+ Bridge exam. The Bridge exam will test on topics that are new since the previous version of the exam. Individuals required to get recertified can take the Bridge exam to meet the recertification policy. It should be noted that CompTIA does not require individuals to get recertified. Refer to the objective tear out card at the beginning of this book. All objectives that are new to the Security (2008 Edition) are in bold. For more information on Directive 8570.1, visit http://certification.comptia.org/resources/US_Gov.aspx.
| Domain | % of Exam |
|---|---|
| 1.0 Systems Security | 21% |
| 2.0 Network Infrastructure | 20% |
| 3.0 Access Control | 17% |
| 4.0 Assessments & Audits | 15% |
| 5.0 Cryptography | 15% |
| 6.0 Organizational Security | 12% |
| Total | 100% |
1.0 Systems Security
1.1
Differentiate among various systems security threats.
Privilege escalation
Virus
Worm
Trojan
Spyware
Spam
Adware
Rootkits
Botnets
Logic bomb
1.2
Explain the security risks pertaining to system hardware and peripherals.
BIOS
USB devices
Cell phones
Removable storage
Network attached storage
1.3
Implement OS hardening practices and procedures to achieve workstation and server security.
Hot fixes
Service packs
Patches
Patch management
Group policies
Security templates
Configuration baselines
1.4
Carry out the appropriate procedures to establish application security.
ActiveX
Java
Scripting
Browser
Buffer overflows
Cookies
SMTP open relays
Instant messaging
P2P
Input validation
Cross-site scripting (XSS)
1.5
Implement security applications.
HIDS
Personal software firewalls
Antivirus
Anti-spam
Popup blockers
1.6
Explain the purpose and application of virtualization technology.
2.0 Network Infrastructure
2.1
Differentiate between the different1 ports & protocols, their respective threats and mitigation techniques.
Antiquated protocols
TCP/IP hijacking
Null sessions
Spoofing
Man-in-the-middle
Replay
DoS
DDoS
Domain Name Kiting
DNS poisoning
ARP Poisoning
2.2
Distinguish between network design elements and components.
DMZ
VLAN
NAT
Network interconnections
NAC
Subnetting
Telephony
2.3
Determine the appropriate use of network security tools to facilitate network security.
NIDS
NIPS
Firewalls
Proxy servers
Honeypot
Internet content filters
Protocol analyzers
2.4
Apply the appropriate network tools to facilitate network security.
NIDS
Firewalls
Proxy servers
Internet content filters
Protocol analyzers
2.5
Explain the vulnerabilities and mitigations associated with network devices.
Privilege escalation
Weak passwords
Back doors
Default accounts
DoS
2.6
Explain the vulnerabilities and mitigations associated with various transmission media.
Vampire taps
2.7
Explain the vulnerabilities and implement mitigations associated with wireless networking.
Data emanation
War driving
SSID broadcast
Blue jacking
Bluesnarfing
Rogue access points
Weak encryption
3.0 Access Control
3.1
Identify and apply industry best practices for access control methods.
Implicit deny
Least privilege
Separation of duties
Job rotation
3.2
Explain common access control models and the differences between each.
MAC
DAC
Role & Rule based access control
3.3
Organize users and computers into appropriate security groups and roles while distinguishing between appropriate rights and privileges.
3.4
Apply appropriate security controls to file and print resources.
3.5
Compare and implement logical access control methods.
ACL
Group policies
Password policy
Domain password policy
User names and passwords
Time of day restrictions
Account expiration
Logical tokens
3.6
Summarize the various authentication models and identify the components of each.
One, two and three-factor authentication
Single sign-on
3.7
Deploy various authentication models and identify the components of each.
Biometric reader
RADIUS
RAS
LDAP
Remote access policies
Remote authentication
VPN
Kerberos
CHAP
PAP
Mutual
802.1x
TACACS
3.8
Explain the difference between identification and authentication (identity proofing).
3.9
Explain and apply physical access security methods.
Physical access logs/lists
Hardware locks
Physical access control—ID badges
Door access systems
Man-trap
Physical tokens
Video surveillance—camera types and positioning
4.0 Assessments & Audits
4.1
Conduct risk assessments and implement risk mitigation.
4.2
Carry out vulnerability assessments using common tools.
Port scanners
Vulnerability scanners
Protocol analyzers
OVAL
Password crackers
Network mappers
4.3
Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.
4.4
Use monitoring tools on systems and networks, and detect security-related anomalies.
Performance monitor
Systems monitor
Performance baseline
Protocol analyzers
4.5
Compare and contrast various types of monitoring methodologies.
Behavior-based
Signature-based
Anomaly-based
4.6
Executer proper logging procedures and evaluate the results.
Security application
DNS
System
Performance
Access
Firewall
Antivirus
4.7
Conduct periodic audits of system security settings.
User access and rights review
Storage and retention policies
Group policies
5.0 Cryptography
5.1
Explain general cryptography concepts.
Key management
Steganography
Symmetric key
Asymmetric key
Confidentiality
Integrity and availability
Non-repudiation
Comparative strength of algorithms
Digital signatures
Whole disk encryption
Trusted Platform Module (TPM)
Single vs. Dual sided certificates
Use of proven technologies
5.2
Explain basic hashing concepts and map various algorithms to appropriate applications.
SHA
MD5
LANMAN
NTLM
5.3
Explain basic encryption concepts and map various algorithms to appropriate applications.
DES
3DES
RSA
PGP
Elliptic curve
AES
AES256
One time pad
Transmission encryption (WEP TKIP, and so forth)
5.4
Explain and implement protocols.
SSL/TLS
S/MIME
PPTP
HTTP vs. HTTPS vs. SHTTP
L2TP
IPSEC
SSH
5.5
Explain core concepts of public key cryptography.
Public Key Infrastructure (PKI)
Recovery agent
Public key
Private keys
Certificate Authority (CA)
Registration
Key escrow
Certificate Revocation List (CRL)
Trust models
5.6
Implement PKI and certificate management.
Public Key Infrastructure (PKI)
Recovery agent
Public key
Private keys
Certificate Authority (CA)
Registration
Key escrow
Certificate Revocation List (CRL)
6.0 Organizational Security
6.1
Explain redundancy planning and its components.
Hot site
Cold site
Warm site
Backup generator
Single point of failure
RAID
Spare parts
Redundant servers
Redundant ISP
UPS
Redundant connections
6.2
Implement disaster recovery procedures.
Planning
Disaster exercises
Backup techniques and practices—storage
Schemes
Restoration
6.3
Differentiate between and execute appropriate incident response procedures.
Forensics
Chain of custody
First responders
Damage and loss control
Reporting—disclosure of
6.4
Identify and explain applicable legislation and organizational policies.
Secure disposal of computers
Acceptable use policies
Password complexity
Change management
Classification of information
Mandatory vacations
Personally Identifiable Information (PII)
Due care
Due diligence
Due process
SLA
Security-related HR policy
User education and awareness training
6.5
Explain the importance of environmental controls.
Fire suppression
HVAC
Shielding
6.6
Explain the concept of and how to reduce the risks of social engineering.
Phishing
Hoaxes
Shoulder surfing
Dumpster diving
User education and awareness training
Tips for Taking the Security+ Exam
Here are some general tips for taking your exam successfully:
Bring two forms of ID with you. One must be a photo ID, such as a driver's license. The other can be a major credit card or a passport. Both forms must include a signature.
Arrive early at the exam center so you can relax and review your study materials, particularly tables and lists of exam-related information. After you are ready to enter the testing room, you will need to leave everything outside; you won't be able to bring any materials into the testing area.
Read the questions carefully. Don't be tempted to jump to an early conclusion. Make sure you know exactly what each question is asking.
Don't leave any unanswered questions. Unanswered questions are scored against you.
There will be questions with multiple correct responses. When there is more than one correct answer, a message at the bottom of the screen will prompt you to either "Choose two" or "Choose all that apply." Be sure to read the messages displayed to know how many correct answers you must choose.
When answering multiple-choice questions you're not sure about, use a process of elimination to get rid of the obviously incorrect answers first. Doing so will improve your odds if you need to make an educated guess.
On form-based tests (nonadaptive), because the hard questions will take the most time, save them for last. You can move forward and backward through the exam.
For the latest pricing on the exams and updates to the registration procedures, visit CompTIA's website at www.comptia.org.
Assessment Test
Which type of audit can be used to determine whether accounts have been established properly and verify that privilege creep isn't occurring?
Privilege audit
Usage audit
Escalation audit
Report audit
What kind of physical access device restricts access to a small number of individuals at one time?
Checkpoint
Perimeter security
Security zones
Mantrap
Which of the following is a set of voluntary standards governing encryption?
PKI
PKCS
ISA
SSL
Which protocol is used to create a secure environment in a wireless network?
WAP
WEP
WTLS
WML
An Internet server interfaces with TCP/IP at which layer of the DOD model?
Transport layer
Network layer
Process layer
Internet layer
You want to establish a network connection between two LANs using the Internet. Which technology would best accomplish that for you?
IPSec
L2TP
PPP
SLIP
Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?
DMZ
VLAN
I&A
Router
In the key recovery process, which key must be recoverable?
Rollover key
Secret key
Previous key
Escrow key
Which kind of attack is designed to overload a particular protocol or service?
Spoofing
Back door
Man in the middle
Flood
Which component of an IDS collects data?
Data source
Sensor
Event
Analyzer
What is the process of making an operating system secure from attack called?
Hardening
Tuning
Sealing
Locking down
The integrity objective addresses which characteristic of information security?
Verification that information is accurate
Verification that ethics are properly maintained
Establishment of clear access control of data
Verification that data is kept private and secure
Which mechanism is used by PKI to allow immediate verification of a certificate's validity?
CRL
MD5
SSHA
OCSP
Which of the following is the equivalent of a VLAN from a physical security perspective?
Perimeter security
Partitioning
Security zones
Physical barrier
A user has just reported that he downloaded a file from a prospective client using IM. The user indicates that the file was called account.doc. The system has been behaving unusually since he downloaded the file. What is the most likely event that occurred?
Your user inadvertently downloaded a virus using IM.
Your user may have a defective hard drive.
Your user is hallucinating and should increase his medication.
The system is suffering from power surges.
Which mechanism or process is used to enable or disable access to a network resource based on an IP address?
NDS
ACL
Hardening
Port blocking
Which of the following would provide additional security to an Internet web server?
Changing the port address to 80.
Changing the port address to 1019.
Adding a firewall to block port 80.
Web servers can't be secured.
What type of program exists primarily to propagate and spread itself to other systems?
Virus
Trojan horse
Logic bomb
Worm
An individual presents herself at your office claiming to be a service technician. She wants to discuss your current server configuration. This may be an example of what type of attack?
Social engineering
Access control
Perimeter screening
Behavioral engineering
Which of the following is a major security problem with FTP servers?
Password files are stored in an unsecure area on disk.
Memory traces can corrupt file access.
User IDs and passwords are unencrypted.
FTP sites are unregistered.
Which system would you install to provide active protection and notification of security problems in a network connected to the Internet?
IDS
Network monitoring
Router
VPN
The process of verifying the steps taken to maintain the integrity of evidence is called what?
Security investigation
Chain of custody
Three A's of investigation
Security policy
What encryption process uses one message to hide another?
Steganography
Hashing
MDA
Cryptointelligence
Which policy dictates how computers are used in an organization?
Security policy
User policy
Use policy
Enforcement policy
Which algorithm is used to create a temporary secure session for the exchange of key information?
KDC
KEA
SSL
RSA
You've been hired as a security consultant for a company that's beginning to implement handheld devices, such as PDAs. You're told that the company must use an asymmetric system. Which security standard would you recommend it implement?
ECC
PKI
SHA
MD
Which of the following backup methods will generally provide the fastest backup times?
Full backup
Incremental backup
Differential backup
Archival backup
You want to grant access to network resources based on authenticating an individual's retina during a scan. Which security method uses a physical characteristic as a method of determining identity?
Smart card
I&A
Biometrics
CHAP
Which access control method is primarily concerned with the role that individuals have in the organization?
MAC
DAC
RBAC
STAC
The process of investigating a computer system for clues into an event is called what?
Computer forensics
Virus scanning
Security policy
Evidence gathering
Answers to Assessment Test
A. A privilege audit is used to determine that all groups, users, and other accounts have the appropriate privileges assigned according to the policies of an organization. For more information, see Chapter 8.
D. A mantrap limits access to a small number of individuals. It could be, for example, a small room. Mantraps typically use electronic locks and other methods to control access. For more information, see Chapter 6.
B. Public-Key Cryptography Standards is a set of voluntary standards for public-key cryptography. This set of standards is coordinated by RSA. For more information, see Chapter 7.
B. Wired Equivalent Privacy (WEP) is designed to provide security equivalent to that of a wired network. WEP has vulnerabilities and isn't considered highly secure. For additional information, see Chapter 7.
C. The Process layer interfaces with applications and encapsulates traffic through the Host-to-Host or Transport layer, the Internet layer, and the Network Access layer. For more information, see Chapter 2.
B. L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that can be used between LANs. L2TP isn't secure, and you should use IPSec with it to provide data security. For more information, see Chapter 3.
A. A DMZ (demilitarized zone) is an area in a network that allows restrictive access to untrusted users and isolates the internal network from access by external users and systems. It does so by using routers and firewalls to limit access to sensitive network resources. For more information, see Chapter 1.
C. A key recovery process must be able to recover a previous key. If the previous key can't be recovered, then all the information for which the key was used will be irrecoverably lost. For more information, see Chapter 7.
A. A flood attack is designed to overload a protocol or service by repeatedly initiating a request for service. This type of attack usually results in a DoS (denial of service) situation occurring because the protocol freezes or excessive bandwidth is used in the network as a result of the requests. For more information, see Chapter 2.
B. A sensor collects data from the data source and passes it on to the analyzer. If the analyzer determines that unusual activity has occurred, an alert may be generated. For additional information, see Chapter 4.
A. Hardening is the term used to describe the process of securing a system. This is accomplished in many ways, including disabling unneeded protocols. For additional information on hardening, see Chapter 5.
A. To meet the goal of integrity, you must verify that information being used is accurate and hasn't been tampered with. Integrity is coupled with accountability to ensure that data is accurate and that a final authority exists to verify this, if needed. For more information, see Chapter 1.
D. Online Certificate Status Protocol (OCSP) is the mechanism used to immediately verify whether a certificate is valid. The Certificate Revocation List (CRL) is published on a regular basis, but it isn't current once it's published. For additional information, see Chapter 7.
B. Partitioning is the process of breaking a network into smaller components that can each be individually protected. The concept is the same as building walls in an office building. For additional information, see Chapter 6.
A. IM and other systems allow unsuspecting users to download files that may contain viruses. Due to a weakness in the file extension naming conventions, a file that appears to have one extension may actually have another extension. For example, the file account.doc.vbs would appear in many applications as account.doc, but it's actually a Visual Basic script and could contain malicious code. For additional information, see Chapter 4.
B. Access control lists (ACLs) are used to allow or deny an IP address access to a network. ACL mechanisms are implemented in many routers, firewalls, and other network devices. For additional information, see Chapter 5.
B. The default port for a web server is port 80. By changing the port to 1019, you force users to specify this port when they are using a browser. This action provides a little additional security for your website. Adding a firewall to block port 80 would secure your website so much that no one would be able to access it. For more information, see Chapter 3.
D. A worm is designed to multiply and propagate. Worms may carry viruses that cause system destruction, but that isn't their primary mission. For more information, see Chapter 2.
A. Social engineering is using human intelligence methods to gain access or information about your organization. For additional information, see Chapter 6.
C. In most environments, FTP sends account and password information unencrypted. This makes these accounts vulnerable to network sniffing. For additional information, see Chapter 5.
A. An intrusion detection system (IDS) provides active monitoring and rule-based responses to unusual activities on a network. A firewall provides passive security by preventing access from unauthorized traffic. If the firewall were compromised, the IDS would notify you based on rules it's designed to implement. For more information, see Chapter 3.
B. The chain of custody ensures that each step taken with evidence is documented and accounted for from the point of collection. Chain of custody is the Who, What, When, Where, and Why of evidence storage. For additional information, see Chapter 8.
A. Steganography is the process of hiding one message in another. Steganography may also be referred to as electronic watermarking. For additional information, see Chapter 7.
C. The use policy is also referred to as the usage policy. It should state acceptable uses of computer and organizational resources by employees. This policy should outline consequences of noncompliance. For additional information, see Chapter 8.
B. The Key Exchange Algorithm (KEA) is used to create a temporary session to exchange key information. This session creates a secret key. When the key has been exchanged, the regular session begins. For more information, see Chapter 7.
A. Elliptic Curve Cryptography (ECC) would probably be your best choice for a PDA. ECC is designed to work with smaller processors. The other systems may be options, but they require more computing power than ECC. For additional information, see Chapter 7.
B. An incremental backup will generally be the fastest of the backup methods because it backs up only the files that have changed since the last incremental or full backup. See Chapter 8 for more information.
C. Biometrics is the authentication process that uses physical characteristics, such as a palm print or retinal pattern, to establish identification. For more information, see Chapter 1.
C. Role-Based Access Control (RBAC) is primarily concerned with providing access to systems that a user needs based on the user's role in the organization. For more information, see Chapter 8.
A. Computer forensics is the process of investigating a computer system to determine the cause of an incident. Part of this process would be gathering evidence. For additional information, see Chapter 8.