The Security+ certification program was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of computer service technicians in the basics of computer security. The Security+ certification is granted to those who have attained the level of knowledge and security skills that show a basic competency in the security needs of both personal and corporate computing environments. CompTIA’s exam objectives are periodically updated to keep their exams applicable to the most recent developments. The most recent update, labeled SY0–501, occurred in late 2017. This book focuses on these newly revised certification objectives.
The Security+ certification was created to offer an introductory step into the complex world of IT security. You need to pass only a single exam to become Security+ certified. However, obtaining this certification doesn’t mean you can provide realistic security services to a company. In fact, this is just the first step toward true security knowledge and experience. By obtaining Security+ certification, you should be able to acquire more security experience in order to pursue more complex and in-depth security knowledge and certification.
For the latest pricing on the exam and updates to the registration procedures, please visit www.vue.com. If you have further questions about the scope of the exams or related CompTIA programs, refer to the CompTIA website at www.comptia.org.
CompTIA Security+ Review Guide: SY0-501 is designed to be a succinct, portable exam review guide. It can be used in conjunction with a more typical full-sized study guide, such as Wiley’s CompTIA Security+ Study Guide: SY0-501 (ISBN: 978-1260026054), with computer-based training (CBT) courseware and a classroom/lab environment, or as an exam review for those who don’t feel the need for more extensive (and/or expensive) test preparation. It isn’t our goal to give away the answers, but rather to identify those topics on which you can expect to be tested and to provide sufficient focused coverage of these topics.
Perhaps you’ve been working with information technologies for years. The thought of paying lots of money for a specialized IT exam-preparation course probably doesn’t sound appealing. What can they teach you that you don’t already know, right? Be careful, though—many experienced network administrators have walked confidently into the test center only to walk sheepishly out of it after failing an IT exam. After you’ve finished reading this book, you should have a clear idea of how your understanding of the technologies involved matches up with the expectations of the Security+ test makers.
Or perhaps you’re relatively new to the world of IT, drawn to it by the promise of challenging work and higher salaries. You’ve just waded through an 800-page study guide or taken a weeklong class at a local training center. Lots of information to keep track of, isn’t there? Well, by organizing this book according to CompTIA’s exam objectives, and by breaking up the information into concise, manageable pieces, we’ve created what we think is the handiest exam review guide available. Throw it in your backpack and carry it to work with you. As you read the book, you’ll be able to quickly identify those areas you know best and those that require a more in-depth review.
This book is organized according to the official objectives list prepared by CompTIA for the Security+ exam. The chapters correspond to the six major domains of objective and topic groupings. The exam is weighted across these six topical areas or domains as follows:
Within each chapter, the top-level exam objectives from each domain are addressed in turn and in order according to the official exam objectives directly from CompTIA. In addition to a thorough review of each objective, every chapter includes two specific features: Exam Essentials and Review Questions.
Exam Essentials At the end of each top-level objective section, you’re given a short list of topics that you should explore fully before taking the test. Included in the Exam Essentials areas are notations of the key information you should have taken from that section, or from the corresponding content in the CompTIA Security+ Study Guide.
Review Questions This feature ends every chapter and provides 20 questions to help you gauge your mastery of the chapter.
We’ve included several additional test-preparation features on the interactive online learning environment and test bank. These tools will help you retain vital exam content as well as prepare you to sit for the actual exams:
Sample Tests In this section of the online test bank, you’ll find the chapter tests, which present all the review questions from the end of each chapter, as well as two more practice tests of 90 questions each. Use these questions to test your knowledge of the study guide material. The online test bank runs on multiple devices.
Electronic Flashcards Questions are provided in digital flashcard format (a question followed by a single correct answer). You can use the flashcards to reinforce your learning and provide last-minute test prep before the exam.
Glossary of Terms in PDF We have included a very useful glossary of terms in PDF format so you can easily read it on any computer. If you have to travel and brush up on any key terms, you can do so with this useful resource.
Here are some general tips for taking your exam successfully:
CompTIA has begun to include performance-based (scenario-based) questions on its exams. These differ from the traditional multiple-choice questions in that the candidate is expected to perform a task or series of tasks. Tasks could include filling in a blank, answering questions based on a video or an image, reorganizing a set into an order, placing labels on a diagram, filling in fields based on a given situation or set of conditions, or setting the configuration on a network security management device. Don’t be surprised if you are presented with a scenario and asked to complete a task. The performance-based questions are designed to be more challenging than standard multiple choice questions and thus are also worth more points. Take the time to answer these carefully. For an official description of performance-based questions from CompTIA, visit http://certification.comptia.org/news/2012/10/09/What_Is_A_Performance-Based_Question.aspx and https://certification.comptia.org/testing/about-testing/performance-based-questions-explained (this second link is from the CompTIA Security+ information page, so you can follow it from there instead of typing it in).
The Security+ SY0-501 exam consists of up to 90 questions with a time allotment of 90 minutes for the exam itself. Additional time is provided for the pre-exam elements, such as the NDA, and the post-exam survey. If you are assigned only multiple choice questions, then you will have the maximum of 90 questions. If you are assigned performance-based questions (which is most likely), then you will have fewer than 90 total questions. It is fairly common to have 5 or 6 performance-based questions and about 70 multiple choice questions, for a total of 75 or so questions. However, you could be assigned 8 or more performance-based questions with about 50 multiple choice questions, for a total of 55 questions. To pass, you must score at least 750 points on a scale of 100–900 (effectively 81.25%). At the completion of your test, you will receive a printout of your test results. This report will show your score and the objective topics about which you missed a question.
Sybex welcomes feedback on all of its titles. Visit the Sybex website at www.sybex.com for book updates and additional certification information. You’ll also find forms you can use to submit comments or suggestions regarding this or any other Sybex title.
For easy reference and clarification, the following is a complete listing of Security+ objectives. Also, we organized this book to correspond with the official objectives list. We use the objective list’s order and organization throughout the book. Each domain is covered in one chapter. Each subobjective is a heading within a chapter.
1.1 Given a scenario, analyze indicators of compromise and determine the type of malware.
1.2 Compare and contrast types of attacks.
1.3 Explain threat actor types and attributes.
1.4 Explain penetration testing concepts.
1.5 Explain vulnerability scanning concepts.
1.6 Explain the impact associated with types of vulnerabilities.
2.1 Install and configure network components, both hardware- and software-based, to support organizational security.
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.
2.3 Given a scenario, troubleshoot common security issues.
2.4 Given a scenario, analyze and interpret output from security technologies.
2.5 Given a scenario, deploy mobile devices securely.
2.6 Given a scenario, implement secure protocols.
3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.
3.2 Given a scenario, implement secure network architecture concepts.
3.3 Given a scenario, implement secure systems design.
3.4 Explain the importance of secure staging deployment concepts.
3.5 Explain the security implications of embedded systems.
3.6 Summarize secure application development and deployment concepts.
3.7 Summarize cloud and virtualization concepts.
3.8 Explain how resiliency and automation strategies reduce risk.
3.9 Explain the importance of physical security controls.
4.1 Compare and contrast identity and access management concepts.
4.2 Given a scenario, install and configure identity and access services.
4.3 Given a scenario, implement identity and access management controls.
4.4 Given a scenario, differentiate common account management practices.
5.1 Explain the importance of policies, plans and procedures related to organizational security.
5.2 Summarize business impact analysis concepts.
5.3 Explain risk management processes and concepts.
5.4 Given a scenario, follow incident response procedures.
5.5 Summarize basic concepts of forensics.
5.6 Explain disaster recovery and continuity of operation concepts.
5.7 Compare and contrast various types of controls.
5.8 Given a scenario, carry out data security and privacy practices.
6.1 Compare and contrast basic concepts of cryptography.
6.2 Explain cryptography algorithms and their basic characteristics.
6.3 Given a scenario, install and configure wireless security settings.
6.4 Given a scenario, implement public key infrastructure.
Here are the acronyms of security terms that CompTIA deems important enough that they’re included in the objectives list for the exam. We’ve repeated them here exactly as listed by CompTIA.
3DES | Triple Digital Encryption Standard |
AAA | Authentication, Authorization, and Accounting |
ABAC | Attribute-based Access Control |
ACL | Access Control List |
AES | Advanced Encryption Standard |
AES256 | Advanced Encryption Standards 256bit |
AH | Authentication Header |
ALE | Annualized Loss Expectancy |
AP | Access Point |
API | Application Programming Interface |
APT | Advanced Persistent Threat |
ARO | Annualized Rate of Occurrence |
ARP | Address Resolution Protocol |
ASLR | Address Space Layout Randomization |
ASP | Application Service Provider |
AUP | Acceptable Use Policy |
AV | Antivirus |
BAC | Business Availability Center |
BCP | Business Continuity Planning |
BIA | Business Impact Analysis |
BIOS | Basic Input/Output System |
BPA | Business Partners Agreement |
BPDU | Bridge Protocol Data Unit |
BYOD | Bring Your Own Device |
CA | Certificate Authority |
CAC | Common Access Card |
CAN | Controller Area Network |
CAPTCHA | Completely Automated Public Turing test to tell Computers and Humans Apart |
CAR | Corrective Action Report |
CBC | Cipher Block Chaining |
CCMP | Counter-Mode/CBC-Mac Protocol |
CCTV | Closed-circuit Television |
CER | Certificate |
CERT | Computer Emergency Response Team |
CFB | Cipher Feedback |
CHAP | Challenge Handshake Authentication Protocol |
CIO | Chief Information Officer |
CIRT | Computer Incident Response Team |
CMS | Content Management System |
COOP | Continuity of Operations Plan |
COPE | Corporate Owned, Personally Enabled |
CP | Contingency Planning |
CRC | Cyclical Redundancy Check |
CRL | Certificate Revocation List |
CSO | Chief Security Officer |
CSP | Cloud Service Provider |
CSR | Certificate Signing Request |
CSRF | Cross-site Request Forgery |
CSU | Channel Service Unit |
CTM | Counter-Mode |
CTO | Chief Technology Officer |
CYOD | Choose Your Own Device |
DAC | Discretionary Access Control |
DBA | Database Administrator |
DDoS | Distributed Denial of Service |
DEP | Data Execution Prevention |
DER | Distinguished Encoding Rules |
DES | Digital Encryption Standard |
DHCP | Dynamic Host Configuration Protocol |
DHE | Data-Handling Electronics |
DHE | Diffie-Hellman Ephemeral |
DLL | Dynamic Link Library |
DLP | Data Loss Prevention |
DMZ | Demilitarized Zone |
DNAT | Destination Network Address Transaction |
DNS | Domain Name Service (Server) |
DoS | Denial of Service |
DRP | Disaster Recovery Plan |
DSA | Digital Signature Algorithm |
DSL | Digital Subscriber Line |
DSU | Data Service Unit |
EAP | Extensible Authentication Protocol |
ECB | Electronic Code Book |
ECC | Elliptic Curve Cryptography |
ECDHE | Elliptic Curve Diffie-Hellman Ephemeral |
ECDSA | Elliptic Curve Digital Signature Algorithm |
EFS | Encrypted File System |
EMI | Electromagnetic Interference |
EMP | Electro Magnetic Pulse |
ERP | Enterprise Resource Planning |
ESN | Electronic Serial Number |
ESP | Encapsulated Security Payload |
FACL | File System Access Control List |
FDE | Full Disk Encryption |
FRR | False Rejection Rate |
FTP | File Transfer Protocol |
FTPS | Secured File Transfer Protocol |
GCM | Galois Counter Mode |
GPG | Gnu Privacy Guard |
GPO | Group Policy Object |
GPS | Global Positioning System |
GPU | Graphic Processing Unit |
GRE | Generic Routing Encapsulation |
HA | High Availability |
HDD | Hard Disk Drive |
HIDS | Host-based Intrusion Detection System |
HIPS | Host-based Intrusion Prevention System |
HMAC | Hashed Message Authentication Code |
HOTP | HMAC-based One-Time Password |
HSM | Hardware Security Module |
HTML | Hypertext Markup Language |
HTTP | Hypertext Transfer Protocol |
HTTPS | Hypertext Transfer Protocol over SSL/TLS |
HVAC | Heating, Ventilation and Air Conditioning |
IaaS | Infrastructure as a Service |
ICMP | Internet Control Message Protocol |
ICS | Industrial Control Systems |
ID | Identification |
IDEA | International Data Encryption Algorithm |
IDF | Intermediate Distribution Frame |
IdP | Identity Provider |
IDS | Intrusion Detection System |
IEEE | Institute of Electrical and Electronic Engineers |
IKE | Internet Key Exchange |
IM | Instant Messaging |
IMAP4 | Internet Message Access Protocol v4 |
IoT | Internet of Things |
IP | Internet Protocol |
IPSec | Internet Protocol Security |
IR | Incident Response |
IR | Infrared |
IRC | Internet Relay Chat |
IRP | Incident Response Plan |
ISA | Interconnection Security Agreement |
ISP | Internet Service Provider |
ISSO | Information Systems Security Officer |
ITCP | IT Contingency Plan |
IV | Initialization Vector |
KDC | Key Distribution Center |
KEK | Key Encryption Key |
L2TP | Layer 2 Tunneling Protocol |
LAN | Local Area Network |
LDAP | Lightweight Directory Access Protocol |
LEAP | Lightweight Extensible Authentication Protocol |
MaaS | Monitoring as a Service |
MAC | Mandatory Access Control |
MAC | Media Access Control |
MAC | Message Authentication Code |
MAN | Metropolitan Area Network |
MBR | Master Boot Record |
MD5 | Message Digest 5 |
MDF | Main Distribution Frame |
MFD | Multi-function Device |
MITM | Man-in-the-Middle |
MMS | Multimedia Message Service |
MOA | Memorandum of Agreement |
MOU | Memorandum of Understanding |
MPLS | Multi-protocol Label Switching |
MSCHAP | Microsoft Challenge Handshake Authentication Protocol |
MSP | Managed Service Provider |
MTBF | Mean Time Between Failures |
MTTF | Mean Time to Failure |
MTTR | Mean Time to Recover or Mean Time to Repair |
MTU | Maximum Transmission Unit |
NAC | Network Access Control |
NAT | Network Address Translation |
NDA | Non-disclosure Agreement |
NFC | Near Field Communication |
NIDS | Network-based Intrusion Detection System |
NIPS | Network-based Intrusion Prevention System |
NIST | National Institute of Standards & Technology |
NTFS | New Technology File System |
NTLM | New Technology LAN Manager |
NTP | Network Time Protocol |
OAUTH | Open Authorization |
OCSP | Online Certificate Status Protocol |
OID | Object Identifier |
OS | Operating System |
OTA | Over The Air |
OVAL | Open Vulnerability Assessment Language |
P12 | PKCS #12 |
P2P | Peer to Peer |
PaaS | Platform as a Service |
PAC | Proxy Auto Configuration |
PAM | Pluggable Authentication Modules |
PAP | Password Authentication Protocol |
PAT | Port Address Translation |
PBKDF2 | Password-based Key Derivation Function 2 |
PBX | Private Branch Exchange |
PCAP | Packet Capture |
PEAP | Protected Extensible Authentication Protocol |
PED | Personal Electronic Device |
PEM | Privacy-enhanced Electronic Mail |
PFS | Perfect Forward Secrecy |
PFX | Personal Exchange Format |
PGP | Pretty Good Privacy |
PHI | Personal Health Information |
PII | Personally Identifiable Information |
PIV | Personal Identity Verification |
PKI | Public Key Infrastructure |
POP | Post Office Protocol |
POTS | Plain Old Telephone Service |
PPP | Point-to-Point Protocol |
PPTP | Point-to-Point Tunneling Protocol |
PSK | Pre-shared Key |
PTZ | Pan-Tilt-Zoom |
RA | Recovery Agent |
RA | Registration Authority |
RAD | Rapid Application Development |
RADIUS | Remote Authentication Dial-in User Server |
RAID | Redundant Array of Inexpensive Disks |
RAS | Remote Access Server |
RAT | Remote Access Trojan |
RBAC | Role-based Access Control |
RBAC | Rule-based Access Control |
RC4 | Rivest Cipher version 4 |
RFID | Radio Frequency Identifier |
RIPEMD | RACE Integrity Primitives Evaluation Message Digest |
ROI | Return on Investment |
RPO | Recovery Point Objective |
RSA | Rivest, Shamir, & Adleman |
RTBH | Remotely Triggered Black Hole |
RTO | Recovery Time Objective |
RTOS | Real-time Operating System |
RTP | Real-time Transport Protocol |
S/MIME | Secure/Multipurpose Internet Mail Extensions |
SaaS | Software as a Service |
SAML | Security Assertions Markup Language |
SAN | Storage Area Network |
SAN | Subject Alternative Name |
SCADA | System Control and Data Acquisition |
SCAP | Security Content Automation Protocol |
SCEP | Simple Certificate Enrollment Protocol |
SCSI | Small Computer System Interface |
SDK | Software Development Kit |
SDLC | Software Development Life Cycle |
SDLM | Software Development Life Cycle Methodology |
SDN | Software Defined Network |
SED | Self-encrypting Drive |
SEH | Structured Exception Handler |
SFTP | Secured File Transfer Protocol |
SHA | Secure Hashing Algorithm |
SHTTP | Secure Hypertext Transfer Protocol |
SIEM | Security Information and Event Management |
SIM | Subscriber Identity Module |
SLA | Service Level Agreement |
SLE | Single Loss Expectancy |
SMS | Short Message Service |
SMTP | Simple Mail Transfer Protocol |
SMTPS | Simple Mail Transfer Protocol Secure |
SNMP | Simple Network Management Protocol |
SOAP | Simple Object Access Protocol |
SoC | System on Chip |
SPIM | Spam over Internet Messaging |
SQL | Structured Query Language |
SRTP | Secure Real-Time Protocol |
SSD | Solid State Drive |
SSH | Secure Shell |
SSL | Secure Sockets Layer |
SSO | Single Sign-on |
STP | Shielded Twisted Pair |
TACACS+ | Terminal Access Controller Access Control System Plus |
TCP/IP | Transmission Control Protocol/Internet Protocol |
TGT | Ticket Granting Ticket |
TKIP | Temporal Key Integrity Protocol |
TLS | Transport Layer Security |
TOTP | Time-based One-time Password |
TPM | Trusted Platform Module |
TSIG | Transaction Signature |
UAT | User Acceptance Testing |
UAV | Unmanned Aerial Vehicle |
UDP | User Datagram Protocol |
UEFI | Unified Extensible Firmware Interface |
UPS | Uninterruptable Power Supply |
URI | Uniform Resource Identifier |
URL | Universal Resource Locator |
USB | Universal Serial Bus |
USB OTG | USB On The Go |
UTM | Unified Threat Management |
UTP | Unshielded Twisted Pair |
VDE | Virtual Desktop Environment |
VDI | Virtual Desktop Infrastructure |
VLAN | Virtual Local Area Network |
VLSM | Variable Length Subnet Masking |
VM | Virtual Machine |
VoIP | Voice over IP |
VPN | Virtual Private Network |
VTC | Video Teleconferencing |
WAF | Web Application Firewall |
WAP | Wireless Access Point |
WEP | Wired Equivalent Privacy |
WIDS | Wireless Intrusion Detection System |
WIPS | Wireless Intrusion Prevention System |
WORM | Write Once Read Many |
WPA | WiFi Protected Access |
WPA2 | WiFi Protected Access 2 |
WPS | WiFi Protected Setup |
WTLS | Wireless TLS |
XML | Extensible Markup Language |
XOR | Exclusive Or |
XSRF | Cross-site Request Forgery |
XSS | Cross-site Scripting |
3.148.112.79