CompTIA Security+ Exam SY0-201

Download SY0-201 Exam Questions&Answers for FREE!

 After you pass the exam and thus become Security+ certified, there are a number of career options available to you in general network support and administration as well as the specific information security field. In addition, Security+ certification can be used as credit in some institutions of higher learning and towards additional certifications such as the MCSE Security specialization.
Here are a list of some career paths or certification paths that you may elect to take upon completion of the Security+ certification process (including, of course, passing the exam with flying colors):

1. General Network Support and Administration: The Security+ certification, while being a well-recognized and vendor-neutral examination on information security expertise, is not as difficult as the all-inclusive and exhaustively comprehensive ISC2 CISSP exam. It does, however, provide you with a great deal of expertise in information security that would be useful to the network admin as a supplementary knowledge base. Holding this certification will allow you to make your own recommendations based on your own knowledge of information security rather than relying on the knowledge of an outside expert.

2. Information Security Professional: An information security professional is distinguished from his or her network administration counterparts in that he or she deals specifically with matters regarding information security. A great deal of information security is not managed through the high-tech realm but through education of users and demonstration of good practices. An information security professional also must keep up with the latest developments in information security, including new exploits and attacks, patches, and cracking techniques. Though being an information security professional can be a rewarding and exciting career, it will take the Security+ certified professional more than a simple certification to become a true specialist in the area.

3. Credit: Some technical colleges and universities accept Security+ in place of a course credit for advanced standing or early graduation. In addition, the MCSE with Security accepts the Security+ exam in place of a Microsoft elective exam. So, there are some credit opportunities associated with the Security+ certification.

4 .Personal Knowledge and Expertise: As an information security professional circulate the various message boards and mailing lists associated with the latest and greatest security happenings. It is always good to be well-informed on the issues of the day no matter what field you decide to pursue, and the Security+ exam should help you to stay informed.

It will take more than the Security+ exam alone to advance your career. However, it will give you insight into the basics of information security and cryptography and help you to think in terms of security as a goal of design. Many releases of software today are plagued with security holes and flaws that arise from a lack of awareness by the designers of the software in the process. It is, therefore, essential that any IT professional should have some background in information security.
We hope that you will take this information "to the bank" in the form of registering and studying for the Security+ exam. You can pass the exam and advance your knowledge base, career, and depth of opportunities in the future. We highly encourage you to use all of our resources and the resources available across the web to ace the Security+!

As computer security threats continue to rise, the need for qualified computer security professionals also increases. In an effort to prove their competency, many IT professionals choose to obtain the internationally accepted CompTIA Security+ certification. In order to become certified, CompTIA Security+ candidates must first pass a certification exam. With proper preparation and the use of several training techniques, passing the CompTIA Security+ exam is easily attainable. By completing the following steps, you should be able to combat the emergence of increased computer security threats by passing the CompTIA Security+ exam with confidence.

Difficulty: Moderate

Instructions

Step 1

Enroll in a CompTIA Learning Alliance training center. There are numerous CompTIA Learning Alliance training centers across the United States. Go to the CompTIA website for a list of approved training centers in your area. Such training centers provide the best Security+ certification exam preparation available.

Step 2

Download Security+ exam objectives from the CompTIA website. Under the Certifications & Exams section of the CompTIA website, you will find a section devoted to exam preparation. There you can download the exam objectives for any CompTIA exam, including the Security+ exam.

Step 3

Answer sample questions. The CompTIA website also provides a number of sample questions for each certification exam it offers. After filling out a form on the CompTIA website, you will have access to a list of sample test questions for the Security+ exam.

Step 4

Purchase access to CompTIA's eLearning Center. By purchasing access to this CompTIA learning tool, you will have 24/7 access to unique learning tools designed to help you prepare for the Security+ exam for a period of six months. Features include in-depth lessons, virtual labs and audio help, as well as access to various other exam preparation resources.

Step 5

Study Security+ textbooks that carry the Authorized Quality Curriculum seal. Some good examples

While the overview of the Security+ Exam can provide you with the most basic facts regarding the exam, here are some analysis and perspective of the exam.

The exam is entirely multiple-choice, which some also call "multiple guess." The reason: the answer is actually given to you in the form of a choice! Multiple choice (guess) tests can be considerably easier for the test taker when appropriate test strategies are employed. In the Study Guide, we cover some of these strategies, but just for example: One of the most common techniques in test-taking, especially on CompTIA exams, is to learn word association. In any given question, one or two of the answer choices will be almost entirely unassociated with the question. By utilizing word association, you can ensure that your choice is at least associated with what may be the correct answer.

Even beyond the test format, however, there is much to know about the exam. One of the questions we get all the time is: "Should I guess?" Absolutely! The test does not penalize the test taker for guessing and so you should never, under any circumstances, leave a test answer blank. It is always statistically to your benefit to guess on a given question. Another common question is: "How hard is the exam?" Actually, the passing score for Security+ is relatively higher than that for the A+ or Network+ exams; this however doesn't imply that the Security+ exam is any harder. In fact, many students find the Security+ exam the least difficult of the CompTIA exams because it is straightforward and usually only covers material specifically noted in the syllabus.

Why become Security+ certified?
There are several reasons to become Security+ certified, including:

An array of exciting and rewarding careers in information security
To supplement an existing career in networking or administration
Expansion of your own personal knowledge and expertise
See more about the career options available to the CompTIA Security+ certified professional in the next article on career paths.

A quick note on vouchers Some tips on vouchers:

Much like coupons, vouchers expire and cannot be extended beyond expiration date. Be sure to check the expiry date of the voucher before making a purchase. In general, the closer the expiry date on the voucher, the larger is the discount offered. These high discount vouchers are sometimes also described as "early expiry vouchers" or "short term vouchers". You MUST register for the exam before the expiry of the voucher to get the discount.
Refund or exchange is typically not permitted, so be sure when you make the purchase.
Typical saving through a voucher can be 10%-45% of the exam price.
Do I really need to be A+ or Network+ certified as CompTIA suggests?
While it never hurts to have more certifications, the truth of the matter is that A+ and Network+ certification have little to do with Security+ and the test is not cumulative over material covered in the A+ or Network+ examinations.

That being said, there is much information that is covered on both the A+ and Network+ exams. For example, the Network+ exam does cover remote access protocols in great detail. However, the wealth of information that is covered on the Network+ exam is not particularly applicable to the Security+ exam. It is therefore probably not worth your time to review this information.

Some final thoughts
The decision to pursue the Security+ certification is a major one that requires an investment of some money and a lot of time. However, the return on that investment - certification, expertise, and insight - is invaluable. Therefore we would encourage anyone who believes that the Security+ certification may benefit them to go ahead and learn the information that is necessary to do well on the exam. While it won't be necessarily easy to pass the Security+ exam, the end result is quite rewarding.

Security+ Concepts
The Security+ exam is well-known to test heavily on concepts rather than on purely technical knowledge. Security+ concepts relate to the ideas that govern good information security practices. You can think of these core concepts as a sort of “constitution” or even a “charter” of information security. Any organization or practice will inevitably have some sort of governing ideology; for the Security+ exam (for information security), this ideology is always related to the acronym: CIA.

What’s CIA?
CIA stands for Confidentiality, Integrity, and Availability. These are the three tenets or cornerstones of information security objectives. Virtually all practices within the umbrella called “Information Security” are designed to provide these objectives. They are relatively simple to understand and common-sense notions, yet the Security+ exam writers love to test on CIA concepts. So, you should understand CIA very well in order to understand the reasoning behind later practices as well as to ace this portion of the exam.

Confidentiality
Confidentiality refers to the idea that information should only be accessible to its intended recipients and those authorized to receive the information. All other parties should not be able to access the information. This is a pretty common and straight-forward idea; the US government for example marks certain items “Top Secret,” which means that only those who are cleared to see that information can actually view it. In this way, the government is achieving information confidentiality. Another common example is the sharing of a secret between two friends. When the friends tell each other the secret, they usually whisper so that nobody else can hear what they are saying. The friends are also achieving confidentiality.

Integrity
Integrity is the idea that information should arrive at a destination as it was sent. In other words, the information should not be tampered with or otherwise altered. Sometimes, secret information may be sent in a locked box. This is to ensure both confidentiality and integrity: it ensures confidentiality by assuring that only those with a key can open it; it ensures integrity by assuring that the information is not able to be altered during delivery. Similarly, government documents are often sealed with some sort of special stamp that is unique to an office or branch of government. In this way, the government ensures that the people reading the documents know that the document is in fact a government document and not a phony.

Availability
Imagine that a terrorist blocks the entrance to the Library of Congress. Though he did not necessarily destroy the integrity of the books inside nor did he breach confidentiality, he did do something to negatively affect the security of the Library. We deem his actions a “denial of service,” or more appropriately, a denial of availability. Availability refers to the idea that information should be available to those authorized to use it. When a hacker floods a web server with erroneous requests and the web server goes down as a result of it, he denied availability to the users of the server, and thus, one of the major tenets of information security have been compromised.

Wrap Up
Well, you’ve completed your first Security+ lesson! That wasn’t so bad, now was it? As you can see, a lot of what is covered on the Security+ exam is actually commonsense. However, don’t take CIA lightly – it is heavily tested! Below are a few questions that should help you review what you’ve learned today.

•Kerberos is an industry standard authentication protocol used to verify user or host identity.

•Role-based access control (RBAC) is an access control model. In this model, a user can access resources according to his role in the organization.

•Mandatory Access Control (MAC) is a model that uses a predefined set of access privileges for an object of the system.

•Authentication is a process of verifying the identity of a person, network host, or system process. The authentication process compares the provided credentials with the credentials stored in the database of an authentication server.

•Certificate-based authentication is the most secure method of authentication. It provides stronger key for encryption as compared to Digest authentication and sends encrypted passwords across the network. This prevents unauthorized users from intercepting the passwords.

•Anonymous authentication is generally used for public Internet Web sites. Using this method, a user can establish a connection with a Web server without providing username and password.

•Authentication is a process of verifying the identity of a person, network host, or system process. The authentication process compares the provided credentials with the credentials stored in the database of an authentication server.

•Password Authentication Protocol (PAP) transmits user credentials as plaintext.

•A certificate is a digital representation of information that identifies authorized users on the Internet and intranets.

•Biometrics is a method of authentication that uses physical characteristics, such as fingerprints, scars, retinal patterns, and other forms of biophysical qualities to identify a user.

•Mutual authentication is a process in which a client process and server are required to prove their identities to each other before performing any application function.

•User accounts can be disabled, rather than being deleted, as a security measure to prevent a particular user from logging on.

•Multi-factor authentication involves a combination of multiple methods of authentication. For example, an authentication method that uses smart cards as well as usernames and passwords can be referred to as multi-factor authentication.

•Anonymous authentication is an authentication method used for Internet communication. It provides limited access to specific public folders and directory information or public areas of a Web site.

•Biometrics is the most secure method of authentication.

•The distributed denial-of-service (DDoS) attack involves multiple compromised systems to attack a single target.

•Eavesdropping is the process of listening in private conversations.

•Spoofing refers to the emulation of the identity of a network computer by an attacking computer.

•SYN attack refers to a condition in which a hacker sends a bunch of packets that leave TCP ports half open.

•PING is a utility that sends Internet Control Message Protocol (ICMP) request packets to a specified destination host.

•A Denial-of-Service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network.

•A denial-of-service (DoS) attack is mounted with the objective of causing a negative impact on the performance of a computer or network.

•Brute force attack is the most likely cause of the account lockouts. In this attack, unauthorized users attempt to log on to a network or a computer by using multiple possible user names and passwords.

•A strong encryption provides the best protection against a man-in-the-middle attack.
•Back door is a program or account that allows access to a system by skipping the security checks.

•Brute force attack and Dictionary attack are the types of password guessing attacks.

•War driving is the most common method used by attackers to identify wireless networks.
•Smurf is an ICMP attack that involves spoofing and flooding.

•Replay attack used by attackers to obtain an authenticated connection on a network.
•Teardrop is an attack with IP fragments that cannot be reassembled.

•Snooping is an activity of observing the content that appears on a computer
monitor or watching what a user is typing.

•Phishing is a type of scam that entice a user to disclose personal information such as social security number, bank account details, or credit card number.

•Dictionary attack is specially used for cracking a password.

•Sniffing is a process of monitoring data packets that travel across a network. The software used for packet sniffing is known as sniffer.

•Sudden reduction in system resources and corrupted or missing files are symptoms of a virus attack.

•Boot sector, network files, and system files are vulnerable to virus attacks.

•International Computer Security Association (ICSA) is an independent organization that defines standards for anti-virus software.

•To minimize potential virus attacks, a virus protection program should be installed on each workstation on a network.

•Updating the anti-virus software regularly is the best way of protecting important data against virus attack.

•The main difference between worms and Trojan horses is that worms replicate itself from one computer to another, while Trojan horses do not.

•Worm and Trojan horse are based on malicious code.

•A logic bomb is a malicious program that executes when a predetermined event occurs.

•Stealth virus masks itself from applications or utilities to hide itself by detection of anti-virus software.

•The following methods can be helpful to eliminate social engineering threat:
•Password policies
•Vulnerability assessments
•Data classification

•Auditing is used to secure a network and the computers on a network. It is also used to track user accounts for file and object access, logon attempts, etc.

•The following types of activities can be audited:
•Network logons and logoffs
•File access
•Printer access
•Remote access service
•Application usage
•Network services

Communication Security

•Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication.

•Virtual private network (VPN) uses a tunneling protocol to span public networks, such as the Internet, without security risk. VPN enables remote users to access corporate networks securely by using a tunneling protocol such as PPTP or L2TP.

•PPP is a remote access protocol that supports encryption.

•UDP port 49 is the default port for TACACS.

•Internet Protocol Security (IPSec) is a standard-based protocol that provides the highest level of VPN security. IPSec uses Authentication Header (AH) for data integrity and Encapsulating Security Payload (ESP) for data confidentiality.

•IPSEC is used with a tunneling protocol to provide security.

•Point-to-Point Protocol (PPP) works on the OSI model’s data-link layer.

•Secure Shell (SSH) is a protocol that provides strong authentication and secure communications over unsecured channels.

•UDP port 1701 is the default port for L2TP.

•IPSec operates at the network layer of the Open Systems Interconnect (OSI) model.

•Secure Shell (SSH) is a protocol. It uses public key encryption as the main method for user authentication.

•PPTP an L2TP are tunneling protocols.

•Tunneling is a process used by remote users to make a secure connection to internal resources after establishing an Internet connection.

•PPTP is used to securely connect to a private network by a remote client using a public data network, such as the Internet.

•IEEE 802.1X standard provides an authentication framework for wireless LANs. It uses the Extensible Authentication Protocol (EAP) that works on Ethernet, Token Ring, or wireless LANs to exchange messages for the authentication process.

•Extensible Authentication Protocol (EAP) is an authentication protocol that provides support for a wide range of authentication methods, such as smart cards, certificates, one-time passwords, public keys, etc.

•The Secure Shell (SSH) protocol is used to establish a secure TELNET session over TCP/IP.

•The two most commonly used methods for providing e-mail security are Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME).

•Hoax is a false warning about a virus. It is commonly spread through e-mail messages.

•E-mail filtering should be implemented to protect an organization from spam.

•Pretty Good Privacy (PGP) is an encryption method that uses public-key encryption to encrypt and digitally sign e-mail messages during communication between e-mail clients.

•Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME) are two ways of sending secure e-mail messages over the Internet.

•Spam is a term that refers to the unsolicited e-mails sent to a large number of e-mail users.

•Simple Mail Transfer Protocol (SMTP) is a protocol for sending e-mail messages between servers.

•Post Office Protocol version 3 (POP3) is a protocol used to retrieve e-mails from a remote mail server.

•Internet Message Access Protocol (IMAP) is a protocol that allows an e-mail client to access and manipulate a remote e-mail file without downloading it to the local computer.

•If no expiration date is set for a cookie, it expires when the session ends.

•Simple Mail Transfer Protocol (SMTP) is a common protocol for sending e-mails over the Internet.

•The Common Gateway Interface (CGI) specification is used for creating executable programs that run on a Web server.

•Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. Secure Sockets Layer (SSL) uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity.

•Secure Sockets Layer (SSL) session keys are available in 40-bit and 128-bit lengths.
•SNMP uses UDP port 161 by default.

•TCP port 143 is the default port for Internet Message Access Protocol 4 (IMAP4).

•Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. Secure Sockets Layer (SSL) uses a combination of public key and symmetric encryption to provide communication privacy, authentication, and message integrity.

•IEEE 802.11b is an extension of the 802.11 standard. It is used in wireless local area networks (WLANs) and provides 11 Mbps transmission speeds in the bandwidth of 2.4 GHz.

•SSL and TLS protocols are used to provide secure communication between a client and a server over the Internet.

•Buffer overflow is a situation in which an application receives more data than it is configured to accept. This usually occurs due to programming errors in the application. Buffer overflow can terminate or crash the application.

•Hypertext Transfer Protocol Secure (HTTPS) is a protocol used in the Universal Resource Locater (URL) address line to connect to a secure site.

•Common Gateway Interface (CGI) defines the communication link between a Web server and Web applications.

•Cookie contains information that is read by a Web application, whenever a user visits a site. Cookies are stored in the memory or hard disk of client computers. A Web site stores information, such as user preferences and settings in a cookie.

•JavaScript and Perl can be used to create and store cookies on client computers.

•Packet filtering is a process of monitoring data packets that travel across a network.
•HTTP protocol is responsible for requesting Web pages from a Web server and sending back the responses to a Web browser.

•Encryption is a method of securing data while it travels over the Internet. The encryption software encodes information from plain text to encrypted text, using specific algorithms with a string of numbers known as a key.

•Lightweight Directory Access Protocol (LDAP) is used to query and modify information stored within the directory services.

•The Lightweight Directory Access Protocol (LDAP) is a protocol for clients to query and manage information in a directory service over a TCP connection.

•The following attributes are used by Lightweight Directory Access Protocol (LDAP) to notify the names of active directory elements:
•DC: It is the Domain Component tag that identifies a part of the DNS name of a domain such as COM.
•OU: It is the Organizational Unit tag that identifies an OU container.
•CN: It is the Common Name tag that identifies the common name configured for an Active Directory object.

•Secure Socket Layer (SSL) is a technology built-in the Web server and browser to encrypt data traveling over the Internet. The Secure Socket Layer (SSL) protocol provides communication privacy, authentication, and message integrity by using a combination of public-key and symmetric encryption.

•Packet filtering is a method that allows or restricts the flow of specific types of packets to provide security.

•Passive detection is a type of intruder detection that involves logging network events to a file for an administrator to review later.

•In order to configure a wireless LAN to provide security, set the authentication type for the wireless LAN to Shared Key, disable SSID Broadcast, and enable MAC address filtering on all the wireless access points. On each client computer, add the SSID for the wireless LAN as the preferred network.

•In order to secure wireless networks, use techniques such as closed network, SSID spoofing, and MAC address filtering.
•Only users with the correct WEP key can authenticate from the access point of the network.
•Wired Equivalent Privacy (WEP) is a security protocol for wireless local area networks (WLANs).
Infrastructure Security
•Firewall is used to protect the network against unauthorized access.

•The Web browser’s Security setting controls the way in which a Web browser receives information and downloads content from Web sites.

•Routers prevent broadcasts from crossing over subnets.

•Firewall should be installed between the LAN and the Internet to protect a LAN against external access and misuse.

•Firewall is available both as software and hardware. You can implement hardware-based firewall for security with minimum administrative effort.

•NSLOOKUP utility queries the DNS server to check whether or not the zone database contains the correct information.

•Blocking all the packets, unless they are explicitly permitted, is the most secure policy for a firewall.

•Switch reads the destination’s MAC address or hardware address from each incoming data packet and forwards the data packet to its destination. This reduces the network traffic.

•Firewall performs packet screening for security on the basis of port numbers.

•Smart card is a device that contains a microprocessor and permanent memory. It is used to securely store public and private keys for log on, e-mail signing and encryption, and file encryption.

•A fibre optic cable provides maximum security against electronic eavesdropping on a network.

•Fiber-optic cable is used for high-speed, high-capacity data transmission. It uses optical fibers to carry digital data signals in the form of modulated pulses of light.

•RG-59 type of coaxial cable is used for cable TV and cable modems.

•Fiber-optic cables use light as a transmission media.

•The extranet will be used to specify the nature of access to the Web site. The extranet is an area on a Web site that is available only to a set of registered visitors.

•VPN is an example of extranet.

•Demilitarized zone (DMZ) or perimeter network is a small network that lies in between the Internet and a private network.

•A perimeter network is also known as a demilitarized zone or DMZ. It has a connection to the Internet through an external firewall and a connection to the internal network through an interior firewall. It protects a network from unauthorized traffic.

•Network Address Translation (NAT) is a technique that hides internal network hosts from the public network.

•Bastion host is a computer that must be made secure because it is accessible from the Internet and hence is more vulnerable to attacks.

•Extranet is an area of a company’s Web site, which is available only to selected customers, suppliers, and business partners. It allows users limited access to a company’s Intranet.

•The DMZ is an IP network segment that contains resources available to Internet users such as Web servers, FTP servers, e-mail servers, and DNS servers.

•Rogue employees and dial-up connections are threats to network security.

•A honey pot is a computer that is used to attract potential intruders or attackers. It is for this reason that a honey pot has low security permissions. A honey pot is used to gain information about the intruders and their attack strategies.

•NSLOOKUP is a tool for diagnosing and troubleshooting Domain Name System (DNS) resolution problems.

•In case users are unable to access a Web site by entering the Web site address while able to access the Web site by using the IP address. This is because the DNS server has no entry for the host name of the Web site.

•Start of Authority (SOA) record is the first record in any DNS database file.

•FTP uses port 20 and 21 by default.

•IIS provides the FTP, SMTP, and NNTP services with HTTP.

•NTFS supports security features, such as encryption using Encrypting File System (EFS) and file and folder level permissions.

•Port 53 is the default port for DNS zone transfer.

•UDP port 137 is the default port for the NetBIOS name service.

•Malicious e-mails can be prevented from entering the network from the non-existing domains by enabling DNS reverse lookup on the e-mail server. DNS reverse lookup enhances the security of a network by confirming the identity of incoming e-mails.

•System hardening is a term used for securing an operating system.

•Hotfix is a collection of files used by Microsoft for software updates that are released between major service pack releases. It is generally related to security problems.

•Access control list (ACL) is a rule list containing access control entries. It is used to allow or deny access to network resources.

•NTFS file system provides file-level security.

•Dynamic Host Configuration Protocol (DHCP) is a TCP/IP standard used to dynamically assign IP addresses to computers, so that they can communicate with other network services. It reduces the complexity of managing network client IP address configuration.

•System hardening is a term used for securing an operating system. It can be achieved by installing the latest service packs, removing unused protocols and services, and limiting the number of users with administrative privileges.

•Directory service is a network service that stores and organizes information about a computer network’s users and network resources, and that allows network administrators to manage users’ access to the resources.

•Service pack is a medium by which product updates are distributed. It is a collection of Fixes and Patches in a single product. It contains updates for system reliability, program compatibility, and security.

•It is responsible for the resolution of IP addresses to media access control (MAC) addresses of a network interface card (NIC).

•Internet Group Management Protocol (IGMP) is a communication protocol that multicasts messages and information among all member devices in an IP multicast group.

•Internet Control Message Protocol (ICMP) protocol provides maintenance and error reporting function.

•TFS has all the basic capabilities of FAT and it provides better file security, improved disk compression and support for larger hard disks.
Basics of Cryptography
•Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data. Symmetric encryption algorithms are faster than public key encryption.

•Public key and private key re used in asymmetric encryption.

•NTLM version 2 uses 128-bit encryption. It is the most secure form of challenge/response authentication.

•Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data.

•Asymmetric encryption is a type of encryption that uses two keys, namely a public key and a private key pair for data encryption.

•Symmetric encryption algorithms are faster than public key encryption. Therefore, it is commonly used when a message sender needs to encrypt a large amount of data. Data Encryption Standard (DES) uses symmetric encryption key algorithm to encrypt data.

•Digital signature is a personal authentication method based on encryption and authorization codes.

•Message authentication code (MAC) is a mechanism that applies an authentication scheme and a secret key to a message, so that the message can only be verified by the intended recipient. It provides integrity checks based on a secret key.

•Digital signature is a personal authentication method based on encryption and authorization codes. It is created by implementing a public-key encryption.

•Confidentiality is a term that refers to the protection of data against unauthorized access.

•Non-repudiation is a mechanism which proves that the sender really sent a message.

•Integrity ensures that no intentional or unintentional unauthorized modification is made to data.

•Layer 2 Tunneling Protocol (L2TP) is a more secure version of Point-to-Point Tunneling Protocol (PPTP). It provides tunneling, address assignment, and authentication.

•Public Key Infrastructure (PKI) provides security through data encryption and digital signature.

•Certification authority (CA) is an entity in a network, which manages security credentials and public keys for message encryption. It issues certificates that confirm the identity and other attributes of a certificate in relation to other entities.

•Certificate Enrollment Protocol (CEP) allows Cisco devices to acquire and utilize digital certificates from Certification Authorities (CAs).

•Certificate Management Protocol (CMP) provides functionalities for advanced management associated with the use of digital certificates such as certificate issuance, exchange, revocation, invalidation, etc.

•Online Certificate Status Protocol (OCSP) is used to verify the status of a certificate.

•International Data Encryption Algorithm (IDEA) operates on 64-bit blocks using a 128-bit key.

•Twofish symmetric key block cipher operates on 128-bits block size using key sizes up to 256 bits.

•Certificate server is a standards-based, highly customizable server program for managing the creation, issuance, and renewal of digital certificates.

•In a decentralized privilege management environment, user accounts and passwords are stored on each server.
Operational / Organizational Security
•Shielding is a way of preventing electronic emissions that are generated from a computer or network from being used by unauthorized users for gathering confidential information.

•Incremental backup backs up files that are created or changed since the last full or incremental backup.

•Sanitization is the process of removing the content from the media so that it is difficult to restore.

•Declassification is the process of assessing the risk involved in discarding particular information.

•Incremental backup is the fastest backup process. It backs up files that are created or changed since the last full or incremental backup, and clears the archive bit.

•RAID provides high availability of data.

•A minimum of three disks are required for RAID-5 volumes.

•Due Care policy identifies the level of confidentiality of information on a computer. It specifies how the information is to be handled.

•A backup policy is a documentation of guidelines that are used to create archival copies of important data.

•A chain of custody is a documentation that shows who has collected and accessed each piece of evidence. It is a documentation of guidelines that computer forensics experts use to handle evidences.

•A retention policy is a company policy, which is set by a network administrator to allow users to retain their e-mails and documents for a fixed period of time.

Adding security certifications and experience to your IT skill set is an undeniable way to significantly increase your worth. Even during the downturn of the IT employment market of the past couple years, those with security experience and skills were often able to stay in demand. Several security certifications exist. There are certifications that range from entry-level to advanced in their content and experience requirements. Some of the upper-level security certifications that one might look into include the CISSP, SANS Institute certifications, and Cisco security exams. If you are just beginning in the IT security world, one of the better recognized entry-level security certifications is the Security+ certification offered by the widely recognized CompTIA.

The Security+ Certification
The Security+ Certification is increasingly becoming the standard for entry-level security certification. It is an elective or prerequisite for more advanced security certifications and Microsoft's MCSA credential. The exam tests a broad range of security knowledge expected of entry-level security professionals. The exam has been written and reviewed by IT security experts from the corporate world, government, and academia to ensure that it is a valid exam.

It is critical to understand that this is not an entry-level exam for someone just beginning in the IT field. The Security+ certification is intended for someone who has two years of networking experience plus some experience with network security experience. This is only "entry-level" in the sense of someone new to the IT security field. CompTIA recommends that the Security+ candidate have a Network+ certification or equivalent experience.

What the Security+ Examines
As mentioned earlier, the Security+ exam covers a wide range of topics. Some of the major items you will encounter include communication security, infrastructure security, cryptography, access control, authentication, external attack, and operational and organization security. The following table breaks down the major domains of the Security+ exam and the percentage each domain makes up of the entire exam.

Domain % of Exam
1.0 General Security Concepts 30%
2.0 Communication Security 20%
3.0 Infrastructure Security 20%
4.0 Basics of Cryptography 15%
5.0 Operational/Organizational Security 15%

For a detailed listing of the specific items each domain examines, visit www.comptia.com. Check CompTIA's Web site to stay current on any changes to the domains that may occur. Exam objectives can change quickly without much notice, so, as you study, make sure you periodically check the site for your exam to stay current on exam objectives.

Security+ Facts
The following list contains important facts related to the Security+ exam:

*The exam is 100 questions long with 90 minutes allowed for completion.
*A score of 764 on a scale of 100-900 is required for passing.
*Pearson VUE and Prometric testing centers offer the Security+ exam.
*The test code for the Security+ exam is SY0 - 101.
*The price for the Security+ exam is $175 for corporate members with CompTIA (see if your corporation is in this partnership with CompTIA) and $225 for non-corporate members.
*You will be required to pay one of the previous fees each time you take the exam, should you not pass.
*The exam is only offered in English at this point.
*Those with disabilities need to contact their testing center within 30 days of their exam date, with disability documentation, and any reasonable accommodations will be made.

IT security is a growing and dynamic field. The need for trained and experienced IT security professionals provides a fantastic career path that can lead to great responsibilities and rewards. Becoming an IT security professional will certainly require education, certification, and time on the job. To begin this journey, practicing network technicians will find the Security+ certification a good foundation to begin with. Passing this exam demonstrates that the candidate possess the foundational security knowledge that the industry recognizes as suitable for work as an IT security professional.

The SY0-201 exam is an entry-level security exam and candidates seeking to acquire this certification are expected to understand a variety of security topics from an overview perspective, rather than implementation. With that said, practical experience in IT Security or networking concepts is a huge plus, but not required.

The latest version of the exam was launched in 2008, consists of 100 multiple choice questions, and the time limit of the exam is 90 minutes.

Note: For the Security+ certificate holders of the previous exam, CompTIA offers a bridge exam, BR0-001, which contains 50 questions and requires 60 minutes to complete.

Once you pass the exam, a Security+ certificate and a CompTIA ID card will be sent to you in the mail. The certificate is stated to be good for life, but that is subject to change in 2011 once the new Certification Renewal Policy goes into effect.
Suggestion: get your Security+ cert before the end of 2010.

CompTIA Security+ Key Objectives
The SY0-201 exam requires the exam candidate to understand several topics or key objectives related to IT Security. These key objectives are viewed to be the core components in the development of an IT Security professional and they consist of the following:

*Systems Security
*Network Infrastructure
*Access Control
*Assessment and Audits
*Cryptography
*Organizational Security
 
SY0-201: Systems Security
Systems security is an important topic in the battle to protect information and prevent intrusion. The SY0-201 exam will test the candidate’s knowledge of threats, which are typically characterized as: viruses, worms, spyware, spam, botnets, and privilege escalation.

Candidates will need to know the difference between a threat and a risk or vulnerability. Questions will pertain to vulnerabilities and risks with hardware and peripherals such as: USB devices, removable storage, network attached storage (NAS0, cell phones (especially smart-phones or blackberries), and system BIOS.

The exam will also cover ways to prevent attacks though the implementation of hardening procedures and practices, particularly for workstations and servers. The exam will also include questions on procedures for application security and how they apply to items like: ActiveX, Java, Simple Mail Transfer Protocol (SMTP), instant messaging, cookies, buffer overflows, and web browsers.

Lastly, this topic addresses the implementation of security applications like firewalls, anti-virus, and pop-up blockers and will cover the purpose and use of virtualization technology.

SY0-201: Network Infrastructure
The next key objective in the SY0-201 exam is network infrastructure.

Candidates need to have a good grasp of some key network topics, particularly network ports and protocols. Understanding threats and the proper mitigation practices is needed, as these topics will be covered for issues like: TCP/IP hijacking, spoofing, man-in-the-middle, and denial of service attacks.

Candidates need to be prepared for threat and mitigation questions related to network design components like VLANs, DMZs, and wireless networking. Additional questions will also concentrate on areas related to Network Address Translation (NAT), telephony, and subnetting.

Finally, this key objective covers the use and implementation of key network tools often seen in the defense of your networks. These tools include: Network Intrusion Devices (NIDS), proxy servers, and protocol analyzers.

SY0-201: Access Control
Controlling access to systems and data is extremely important and covered well in the SY0-201 exam. Best practices need to be understood for the following methods: implicit deny, least privilege, separation of duties, and job rotation. Candidates will also be asked questions related common access control methods and what are their differences.

Logical access to services and data is important in the workplace and adequately covered in this objective. Security controls for files, printers, and appropriate policies for user names, passwords, Access Control Lists (ACL), and time of day restrictions need to be understood.

Access to systems and data requires in today’s IT environments requires some form of authentication. Understanding the method of identity proofing, or authentication is vital in this exam and should not be overlooked. Candidates need to know the differences between one, two, and three factor authentication or single sign-on. Additional authentication models that need to be understood include: RADIUS, LDAP, TACACS, Kerberos, and VPN.

The last issue to be concerned with in this objective is physical security. Restricting physical access to IT equipment is crucial not only for preventing equipment theft, but also controlling access to data and system control. Having physical access to a system can provide a person with access to consoles or management interfaces not available to the outside. The exam covers topics related to different policies and procedures for the prevention of physical intrusion such as: ID badges, hardware locks, video surveillance, and physical access lists and policies.

SY0-201: Assessments and Audits
Proper review and assessment of the secure nature of your system, network, and data are required to maintaining a healthy and secure infrastructure. Keeping up to date on the latest vulnerabilities and threats is inherent in the IT Security professional’s job, but so is the use of tools for detecting them.

The SY0-201 covers the proper use of many vulnerability assessment tools such as: port scanners, vulnerability scanners, system performance monitors, and protocol analyzers.

The exam also is concerned with the differences between monitoring methodologies and logging procedures. The monitoring methodologies that are covered include behavior-based, signature- based, and anomaly-based. Candidates need to be prepared to contrast them to each other. Logging procedures for systems logs and key applications like DNS, firewalls, and anti-virus software will also be addressed.

SY0-201: Cryptography
Confidentiality of data is extremely important in the world of IT Security and as I had mentioned in the previous article on IT Security, confidentiality is the defining principle of cryptography or data encryption. The SY0-201 exam includes questions related to several topics related to this objective.

Candidates need to understand several general cryptography concepts including: key management, symmetric and asymmetric keys, steganography, strength of algorithms, disk encryption, and digital signatures.

In addition, the exam covers hashing concepts such as SHA and MD5, but candidates must also understand basic encryption concepts like DES, 3DES, PGP, AES, and RSA. Candidates will need to prepare to explain protocols that utilize the encryption algorithms including: SSL/TLS, PPTP, HTTP (web browser), HTTPS, IPSec, and secure shell (SSH).

One of the more prominent cryptography methods today is public key cryptography (PKI). The SY0-201 exam covers many of the core concepts, but candidates must be ready to answer questions related to its implementation and certificate management.

SY0-201: Organizational Security
The final key objective that the SY0-201 exam covers is organizational security. This topic is very rich in policy and understanding how organizations function or continue to function after an incident.

Exam candidates need to understand redundancy planning concepts for the IT facility including the use of backup generators, Uninterruptable Power Supplies (UPS), redundant connections, redundant servers, disk RAID, and the planning definitions for hot, cold, and warm sites. The elimination of single points of failure is critical in redundancy planning and this concept is stressed throughout this objective.

This exam includes questions concerning incident response procedures, but has a strong focus on disaster recovery planning and recovery procedures. Companies that have effective disaster recovery plans and protect their data are the ones that survive major incidents to their corporate IT infrastructure.

Also included in this objective are important policies related to organizational function and training. These policies involve issues of equipment disposal, change management, user education, information assurance training, classification of information, and Personally Identifiable Information (PII). These policies typically raise awareness to methods of information gathering by potentially hostile sources and include preventative measures. These methods are referred to as social engineering and common examples include: hoaxes, phishing, and yes, even dumpster diving.

CompTIA Security+: Certification with Strong Core Security Concepts
As you can see from the key objectives, the Security+ exam is a very well rounded exam that focuses on the core concepts of IT Security and how those concepts mesh with an organizations’ infrastructure.

Exam candidates often take the CompTIA A+ or Network+ exam before they attempt Security+, but this is not required.

Understanding the topics and definitions of many of the security terms listed above is imperative for passing this exam, but also for practical application of IT Security for your network, computer system, or organization.

As computer security threats continue to rise, the need for qualified computer security professionals also increases. In an effort to prove their competency, many IT professionals choose to obtain the internationally accepted CompTIA Security+ certification. In order to become certified, CompTIA Security+ candidates must first pass a certification exam. With proper preparation and the use of several training techniques, passing the CompTIA Security+ exam is easily attainable. By completing the following steps, you should be able to combat the emergence of increased computer security threats by passing the CompTIA Security+ exam with confidence.

Instructions
Step 1
Enroll in a CompTIA Learning Alliance training center. There are numerous CompTIA Learning Alliance training centers across the United States. Go to the CompTIA website for a list of approved training centers in your area. Such training centers provide the best Security+ certification exam preparation available.

Step 2
Download Security+ exam objectives from the CompTIA website. Under the Certifications & Exams section of the CompTIA website, you will find a section devoted to exam preparation. There you can download the exam objectives for any CompTIA exam, including the Security+ exam.

Step 3
Answer sample questions. The CompTIA website also provides a number of sample questions for each certification exam it offers. After filling out a form on the CompTIA website, you will have access to a list of sample test questions for the Security+ exam.

Step 4
Purchase access to CompTIA's eLearning Center. By purchasing access to this CompTIA learning tool, you will have 24/7 access to unique learning tools designed to help you prepare for the Security+ exam for a period of six months. Features include in-depth lessons, virtual labs and audio help, as well as ac

SY0-201 examination is also said as CompTIA security+ practice test (2008) edition. This certification is designed for the candidates who are able to configure, troubleshoot and implement all security issues. It also helps the professionals to gain knowledge about networking and security. After certifying with this certification, candidates are eligible to certify with higher level certifications such as MCSA security, CCNP, SSCP and CISSP etc.

To start with the training sessions, it is recommended for the candidates to get details about the SY0-201 examination such as topic outlines, reputed training centers etc. The following are the topic outlines for the SY0-201 exam and they are:

1) System security
2) Access control
3) Audits and assessments
4) Organizational security
5) Networking infrastructure
6) Cryptography

How to prepare for SY0-201 examination?

By following the tips mentioned below, candidates can easily pass the SY0-201 examination and the tips are as follows:

1) As mentioned before, it is recommended to know about complete details about the exam before starting with the practice sessions.
2) After knowing about the exam objective, selecting of updated training materials are mandatory. It is candidate's responsibility to find a reputed training center and collect updated study materials. Various study materials are available for this exam and some of the available study materials are: Audio exam, classroom training, offline/ online training, questions and answers, practice exams and guides. Candidates can select any of these materials that suit them best.
3) Classroom training shall be considered as one of the best ways for practice. Through classroom training, effective knowledge about the exam is assured to the candidates where training will be provided by experienced trainers.
4) Apart from classroom training, candidates can attempt practice tests that are available in the internet. Free practice tests are available in various websites and candidates can easily find out through search engines such as Google, Yahoo etc.
5) After getting complete knowledge about the exam, register for the examination.

CompTIA's Security+ certification is aimed at IT professionals who have two years on-the-job networking experience, with an emphasis on security. It is an entry-level, vendor-neutral certification which makes a great stepping stone to more advanced certifications, such as the ISC2 SSCP and CISSP, and the SANS
GIAC. It also may be used in some Microsoft certification tracks.

This certification is well suited to network and security administrators independent of what industry they workin. The Security+ designation is achieved by passing one conventional format exam that covers topics such as communication security, infrastructure security, cryptography, access control,

authentication, external attack and operational and organization security. The Security+ certification thus demonstrates the candidate's knowledge of information security and will help equip the candidate with the skills necessary to withstand hackers and decrease costs associated with security breaches.

Like other CompTIA offerings, once a person achieves the Security+, the certification will not expire.

The CompTIA Security+ certification designates knowledgeable professionals in the field of security, one of the fastest-growing fields in IT. Security threats are increasing in number and severity, and the gap between the need for security professionals and qualified IT personnel is the largest of any IT
specialty, according to a 2008 CompTIA study. Even in a troubled economy, most businesses plan to maintain or increase their investment in security.

CompTIA Security+ is an international, vendor-neutral certification that proves competency in system security, network infrastructure, access control and organizational security. Major organizations that employ CompTIA Security+ certified staff include Booz Allen Hamilton, Hewlett-Packard, IBM, Motorola,
Symantec, Telstra, Hitachi, Ricoh, Lockheed Martin, Unisys, Hilton Hotels Corp., General Mills, the U.S. Navy, Army, Air Force and Marines.

Although not a prerequisite, it is recommended that CompTIA Security+ candidates have at least two years of technical networking experience, with an emphasis on security. The CompTIA Network+ certification is also recommended.