The Security+ certification program was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of computer service technicians in basics of computer security. The Security+ certification is granted to those who have attained the level of knowledge and security skills that show a basic competency with security needs of both personal and corporate computing environments.
CompTIA's exam objectives are periodically updated to keep their exams applicable to the most recent developments. However, this isn't a regular occurrence since the foundational elements remain constant even as the higher-end technology advances. The Security+ objectives themselves haven't been altered since the exam came out in 2002.
The Security+ certification was created to offer an introductory step into the complex word of IT security. You only need to pass a single exam to become Security+ certified. However, obtaining this certification doesn't mean you can provide realistic security services to a company. In fact, this is just the first step toward true security knowledge and experience. By obtaining Security+ certification, you should be able to acquire more security experience in order to pursue more complex and in-depth security knowledge and certification.
For the latest pricing on the exam and updates to the registration procedures, call Prometric at (866) 776-6387 or (800) 776-4276. You can also go to either www.2test.com
or www.prometric.com
for additional information or to register online. If you have further questions about the scope of the exams or related CompTIA programs, refer to the CompTIA website at www.comptia.org
.
Security+ Fast Pass is designed to be a succinct, portable exam review guide that can be used either in conjunction with a more complete study program (Sybex's Security+ Study Guide, 2nd Edition (Sybex, 2004), CBT courseware, classroom/lab environment) or as an exam review for those who don't feel the need for more extensive test preparation. It isn't our goal to give away the answers, but rather to identify those topics on which you can expect to be tested and to provide sufficient coverage of these topics.
Perhaps you've been working with information technologies for years. The thought of paying lots of money for a specialized IT exam-preparation course probably doesn't sound appealing. What can they teach you that you don't already know, right? Be careful, though—many experienced network administrators have walked confidently into the test center only to walk sheepishly out of it after failing an IT exam. After you've finished reading this book, you should have a clear idea of how your understanding of the technologies involved matches up with the expectations of the Security+ test makers.
Or perhaps you're relatively new to the world of IT, drawn to it by the promise of challenging work and higher salaries. You've just waded through an 800-page study guide or taken a class at a local training center. Lots of information to keep track of, isn't it? Well, by organizing the Fast Pass book according to CompTIA's exam objectives, and by breaking up the information into concise, manageable pieces, we've created what we think is the handiest exam review guide available. Throw it in your briefcase and carry it to work with you. As you read the book, you'll be able to quickly identify those areas you know best and those that require a more in-depth review.
The goal of the Fast Pass series is to help certification candidates brush up on the subjects on which they can expect to be tested in the exams. For complete in-depth coverage of the technologies and topics involved in the Security+ exam, we recommend the Security+ Study Guide, Second Edition, by Sybex.
This book is organized according to the official objectives list prepared by CompTIA for the Security+ exam. The chapters correspond to the five major domains of objective and topic groupings. The exam is weighted across these five domains as follows:
Domain 1.0—General Security Concepts (30%)
Domain 2.0—Communication Security (20%)
Domain 3.0—Infrastructure Security (20%)
Domain 4.0—Basics of Cryptography (15%)
Domain 5.0—Operational/Organizational Security (15%)
Within each chapter, the top-level exam objective from each domain are addressed in turn. Each objective's section is further divided into Critical Information, Exam Essentials, and Review Questions:
The Critical Information section presents the greatest level of detail about information relevant to the objective. This is the place to start if you're unfamiliar with or uncertain about the technical issues related to the objective.
Here you're given a short list of topics that you should explore fully before taking the test. Included in the Exam Essentials areas are notations of the key information you should have taken from the Critical Information section of this chapter or the corresponding content from the Security+ Study Guide, Second Edition.
This section ends every chapter and provides 10 questions to help you gauge your mastery of the chapter.
The following are the areas (referred to as domains by CompTIA) in which you must be proficient in order to pass the Security+ exam:
This content area deals with basics of access control, methods of authentication, removing non-essential components, recognizing vulnerabilities and risks, dealing with malicious code, and auditing.
This content area deals with the various types of remote access technologies, e-mail security, Internet security, directory security, file transfer security, and wireless security.
This content area deals with network devices, storage media, security topologies, intrusion detection systems, and hardening servers.
This content area deals with hashing, symmetric cryptography, asymmetric cryptography, PKI, key management, and certificates.
This content area deals with physical security, disaster recovery, business continuity, security policy, privilege management, forensics, risk management, user training, and security documentation.
Throughout this book, we've used abridged versions of the Security+ objectives. For easy reference and clarification, the following is a complete listing of Security+ objectives.
Exam objectives are subject to change at any time without prior notice and at CompTIA's sole discretion. Please visit the Security+ Certification page of CompTIA's website (http://www.comptia.org/certification/security/default.aspx
) for the most current listing of exam objectives.
General Security Concepts
1.1 Recognize and be able to differentiate and explain the following access control models
MAC (Mandatory Access Control)
DAC (Discretionary Access Control)
RBAC (Role Based Access Control)
1.2 Recognize and be able to differentiate and explain the following methods of authentication
Kerberos
CHAP (Challenge Handshake Authentication Protocol)
Certificates
Username/Password
Tokens
Multi-factor
Mutual
Biometrics
1.3 Identify non-essential services and protocols and know what actions to take to reduce the risks of those services and protocols
1.4 Recognize the following attacks and specify the appropriate actions to take to mitigate vulnerability and risk
DOS/DDOS (Denial of Service/Distributed Denial of Service)
Back Door
Spoofing
Man in the Middle
Replay
TCP/IP Hijacking
Weak Keys
Mathematical
Social Engineering
Birthday
Password Guessing
Brute Force
Dictionary
Software Exploitation
1.5 Recognize the following types of malicious code and specify the appropriate actions to take to mitigate vulnerability and risk
Viruses
Trojan Horses
Logic Bombs
Worms
1.6 Understand the concept of and know how reduce the risks of social engineering
1.7 Understand the concept and significance of auditing, logging and system scanning
2.1 Recognize and understand the administration of the following types of remote access technologies
802.1x
VPN (Virtual Private Network)
RADIUS (Remote Authentication Dial-In User Service)
TACACS (Terminal Access Controller Access Control System)
L2TP/PPTP (Layer Two Tunneling Protocol/Point to Point Tunneling Protocol)
SSH (Secure Shell)
IPSEC (Internet Protocol Security)
Vulnerabilities
2.2 Recognize and understand the administration of the following email security concepts
S/MIME (Secure Multipurpose Internet Mail Extensions)
PGP (Pretty Good Privacy) like technologies
Vulnerabilities
SPAM
Hoaxes
2.3 Recognize and understand the administration of the following Internet security concepts
SSL/TLS (Secure Sockets Layer/Transport Layer Security)
HTTP/S (Hypertext Transfer Protocol/Hypertext Transfer Protocol over Secure Sockets Layer)
Instant Messaging
Vulnerabilities
Packet Sniffing
Privacy
Vulnerabilities
Java Script
ActiveX
Buffer Overflows
Cookies
Signed Applets
CGI (Common Gateway Interface)
SMTP (Simple Mail Transfer Protocol) Relay
2.4 Recognize and understand the administration of the following directory security concepts
SSL/TLS (Secure Sockets Layer/Transport Layer Security)
LDAP (Lightweight Directory Access Protocol)
2.5 Recognize and understand the administration of the following file transfer protocols and concepts
S/FTP (File Transfer Protocol)
Blind FTP (File Transfer Protocol)/Anonymous
File Sharing
Vulnerabilities
Packet Sniffing
Naming Conventions
2.6 Recognize and understand the administration of the following wireless technologies and concepts
WTLS (Wireless Transport Layer Security)
802.11 and 802.11x
WEP/WAP (Wired Equivalent Privacy/Wireless Application Protocol)
Vulnerabilities
Site Surveys
3.1 Understand security concerns and concepts of the following types of devices
Firewalls
Routers
Switches
Wireless
Modems
RAS (Remote Access Server)
Telecom/PBX (Private Branch Exchange)
VPN (Virtual Private Network)
IDS (Intrusion Detection System)
Network Monitoring/Diagnostics
Workstations
Servers
Mobile Devices
3.2 Understand the security concerns for the following types of media
Coaxial Cable
UTP/STP (Unshielded Twisted Pair/Shielded Twisted Pair)
Fiber Optic Cable
Removable Media
Tape
CD-R (Recordable Compact Disks)
Hard Drives
Diskettes
Flashcards
Smartcards
3.3 Understand the concepts behind the following kinds of Security Topologies
Security Zones
DMZ (Demilitarized Zone)
Intranet
Extranet
VLANs (Virtual Local Area Network)
NAT (Network Address Translation)
Tunneling
3.4 Differentiate the following types of intrusion detection, be able to explain the concepts of each type, and understand the implementation and configuration of each kind of intrusion detection system
Network Based
Active Detection
Passive Detection
Host Based
Active Detection
Passive Detection
Honey Pots
Incident Response
3.5 Understand the following concepts of Security Baselines, be able to explain what a Security Baseline is, and understand the implementation and configuration of each kind of intrusion detection system
OS/NOS (Operating System/Network Operating System) Hardening
File System
Updates (Hotfixes, Service Packs, Patches)
Network Hardening
Updates (Firmware)
Configuration
Enabling and Disabling Services and Protocols
Access Control Lists
Application Hardening
Updates (Hotfixes, Service Packs, Patches)
Web Servers
E-mail Servers
FTP (File Transfer Protocol) Servers
DNS (Domain Name Service) Servers
NNTP (Network News Transfer Protocol) Servers
File/Print Servers
DHCP (Dynamic Host Configuration Protocol) Servers
Data Repositories
Directory Services
Databases
4.1 Be able to identify and explain the following different kinds of cryptographic algorithms
Hashing
Symmetric
Asymmetric
4.2 Understand how cryptography addresses the following security concepts
Confidentiality
Integrity
Digital Signatures
Authentication
Non-Repudiation
Digital Signatures
Access Control
4.3 Understand and be able to explain the following concepts of PKI (Public Key Infrastructure)
Certificates
Certificate Policies
Certificate Practice Statements
Revocation
Trust Models
4.4 Identify and be able to differentiate different cryptographic standards and protocols
4.5 Understand and be able to explain the following concepts of Key Management and Certificate Lifecycles
Centralized vs. Decentralized
Storage
Hardware vs. Software
Private Key Protection
Escrow
Expiration
Revocation
Status Checking
Suspension
Status Checking
Recovery
M of N Control (Of M appropriate individuals, N must be present to authorize recovery)
Renewal
Destruction
Key Usage
Multiple Key Pairs (Single, Dual)
5.1 Understand the application of the following concepts of physical security
Access Control
Physical Barriers
Biometrics
Social Engineering
Environment
Wireless Cells
Location
Shielding
Fire Suppression
5.2 Understand the security implications of the following topics of disaster recovery
Backups
Off Site Storage
Secure Recovery
Alternate Sites
Disaster Recovery Plan
5.3 Understand the security implications of the following topics of business continuity
Utilities
High Availability/Fault Tolerance
Backups
5.4 Understand the concepts and uses of the following types of policies and procedures
Security Policy
Acceptable Use
Due Care
Privacy
Separation of Duties
Need to Know
Password Management
SLAs (Service Level Agreements)
Disposal/Destruction
HR (Human Resources) Policy
Termination (Adding and revoking passwords and privileges, etc.)
Hiring (Adding and revoking passwords and privileges, etc.)
Code of Ethics
Incident Response Policy
5.5 Explain the following concepts of privilege management
User/Group/Role Management
Single Sign-on
Centralized vs. Decentralized
Auditing (Privilege, Usage, Escalation)
MAC/DAC/RBAC (Mandatory Access Control/Discretionary Access Control/Role Based Access Control)
5.6 Understand the concepts of the following topics of forensics
Chain of Custody
Preservation of Evidence
Collection of Evidence
5.7 Understand and be able to explain the following concepts of risk identification
Asset Identification
Risk Assessment
Threat Identification
Vulnerabilities
5.8 Understand the security relevance of the education and training of end users, executives and human resources
Communication
User Awareness
Education
On-line Resources
5.9 Understand and explain the following documentation concepts
Standards and Guidelines
Systems Architecture
Change Documentation
Logs and Inventories
Classification
Notification
Retention/Storage
Destruction
18.191.240.249