CompTIA Security+ SY0-301 Practice Questions Exam Cram
by Barrett, DianeEdition: 3rd
Format: Paperback
Pub. Date: 2011-12-12
Publisher(s): Pearson IT Certification
Other versions by this Author
List Price: $34.99
Rent Book
Select for Price
Digital
$40.79*
New Book
We're Sorry
Sold Out
Used Book
We're Sorry
Sold Out
Summary
Even in challenging times, the field of information security continues to expand. To gain a foothold in this growing field, more than 60,000 people have earned CompTIA's Security+ certification - and thousands more take the Security+ exam every month. CompTIA Security+ Practice Questions Exam Cramoffers all the realistic exam practice you'll need to systematically prepare, identify and fix areas of weakness - and pass your exams the first time. This book and CD package complements any Security+ study plan with more than 800 practice test questions - all supported with complete explanations of every correct and incorrect answer. The questions cover every Security+ exam objective, including systems security, network infrastructure, access control, security assessment and auditing, cryptography, and organizational security. The book contains relevant Exam Notes designed to help you earn higher scores - plus the popular Cram Sheet tearcard for last-minute cramming. All 800 questions and explanations are also provided on the accompanying CD-ROM, where they are delivered by a powerful, flexible test engine that offers instant feedback and helps you pinpoint the areas you need to focus on.
Author Biography
Diane Barrett is the director of training for Paraben Corporation and an adjunct professor for American Military University. She has done contract forensic and security assessment work for several years and has authored other security and forensic books. She is a regular committee member for ADFSL’s Conference on Digital Forensics, Security and Law, as well as an academy director for Edvancement Solutions. She holds many industry certifications, including CISSP, ISSMP, DFCP, PCME, along with many CompTIA certifications, including the Security+ (2011 objectives). Diane’s education includes a MS in Information Technology with a specialization in Information Security. She expects to complete a PhD in business administration with a specialization in Information Security shortly.
Table of Contents
Introduction . 5
Who This Book Is For 5
What You Will Find in This Book 5
Hints for Using This Book 6
Need Further Study? . 7
Chapter One Domain 1.0: Network Security 9
Practice Questions 10
Objective 1.1: Explain the security function and purpose of network devices and technologies 10
Objective 1.2: Apply and implement secure network administration principles . 16
Objective 1.3: Distinguish and differentiate network design elements and compounds . 23
Objective 1.4: Implement and use common protocols 32
Objective 1.5: Identify commonly used ports . 36
Objective 1.6: Implement wireless network in a secure manner 40
Quick-Check Answer Key 44
Objective 1.1: Explain the security function and purpose of network devices and technologies 44
Objective 1.2: Apply and implement secure network administration principles . 44
Objective 1.3: Distinguish and differentiate network design elements and compounds . 45
Objective 1.4: Implement and use common protocols 45
Objective 1.5: Identify commonly used ports . 46
Objective 1.6: Implement wireless network in a secure manner 46
Answers and Explanations 47
Objective 1.1: Explain the security function and purpose of network devices and technologies 47
Objective 1.2: Apply and implement secure network administration principles . 52
Objective 1.3: Distinguish and differentiate network design elements and compounds 58
Objective 1.4: Implement and use common protocols 65
Objective 1.5: Identify commonly used ports . 70
Objective 1.6: Implement wireless network in a secure manner 71
Chapter Two Domain 2.0: Compliance and Operational Security . 75
Practice Questions 76
Objective 2.1: Explain risk related concepts. 76
Objective 2.2: Carry out appropriate risk mitigation strategies . 83
Objective 2.3: Execute appropriate incident response procedures . 85
Objective 2.4: Explain the importance of security related awareness and training . 87
Objective 2.5: Compare and contrast aspects of business continuity 92
Objective 2.6: Explain the impact and proper use of environmental controls . 94
Objective 2.7: Execute disaster recovery plans and procedures . 98
Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability. 105
Quick-Check Answer Key . 108
Objective 2.1: Explain risk related concepts . 108
Objective 2.2: Carry out appropriate risk mitigation strategies 108
Objective 2.3: Execute appropriate incident response procedures 108
Objective 2.4: Explain the importance of security related awareness and training 109
Objective 2.5: Compare and contrast aspects of business continuity . 109
Objective 2.6: Explain the impact and proper use of environmental controls. . 109
Objective 2.7: Execute disaster recovery plans and procedures 110
Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability. 110
Answers and Explanations . 111
Objective 2.1: Explain risk related concepts . 111
Objective 2.2: Carry out appropriate risk mitigation strategies 117
Objective 2.3: Execute appropriate incident response procedures 118
Objective 2.4: Explain the importance of security related awareness and training 120
Objective 2.5: Compare and contrast aspects of business continuity . 123
Objective 2.6: Explain the impact and proper use of environmental controls. . 125
Objective 2.7: Execute disaster recovery plans and procedures 128
Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability. 133
Chapter Three Domain 3.0: Threats and Vulnerabilities . 135
Practice Questions . 136
Objective 3.1: Analyze and differentiate among types of malware. 136
Objective 3.2: Analyze and differentiate among types of attacks 144
Objective 3.3: Analyze and differentiate among types of social engineering attacks 154
Objective 3.4: Analyze and differentiate among types of wireless attacks. 156
Objective 3.5: Analyze and differentiate among types of application attacks 160
CompTIA Security+ SY0-301 Practice Questions Exam Cram
Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques. 165
Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities 174
Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus
vulnerability scanning . 177
Quick-Check Answer Key . 180
Objective 3.1: Analyze and differentiate among types of malware. 180
Objective 3.2: Analyze and differentiate among types of attacks. . 180
Objective 3.3: Analyze and differentiate among types of social engineering attacks 181
Objective 3.4: Analyze and differentiate among types of wireless attacks. 181
Objective 3.5: Analyze and differentiate among types of application attacks 181
Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques. 182
Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities 182
Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus
vulnerability scanning. 183
Answers and Explanations . 184
Objective 3.1: Analyze and differentiate among types of malware 184
Objective 3.2: Analyze and differentiate among types of attacks. . 191
Objective 3.3: Analyze and differentiate among types of social engineering attacks . 200
Objective 3.4: Analyze and differentiate among types of wireless attacks 202
Objective 3.5: Analyze and differentiate among types of application attacks. . 206
Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques 210
Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities 216
Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning. 219
Chapter Four Domain 4.0: Application, Data, and Host Security . 223
Practice Questions . 224
Objective 4.1: Explain the importance of application security . 224
Objective 4.2: Carry out appropriate procedures to establish host security. 232
Objective 4.3: Explain the importance of data security 239
Quick-Check Answer Key . 248
Objective 4.1: Explain the importance of application security . 248
Objective 4.2: Carry out appropriate procedures to establish host security. 248
Objective 4.3: Explain the importance of data security 249
Answers and Explanations . 250
Objective 4.1: Explain the importance of application security . 250
Objective 4.2: Carry out appropriate procedures to establish host security . 257
Objective 4.3: Explain the importance of data security 262
Chapter Five Domain 5.0: Access Control and Identity Management . 269
Practice Questions . 270
Objective 5.1: Explain the function and purpose of authentication services 270
Objective 5.2: Explain the fundamental concepts and best practices related to authorization and access control . 275
Objective 5.3: Implement appropriate security controls when performing account management 285
Quick-Check Answer Key . 293
Objective 5.1: Explain the function and purpose of authentication services 293
Objective 5.2: Explain the fundamental concepts and best practices related to authorization and access control . 293
Objective 5.3: Implement appropriate security controls when performing account management . 294
Answers and Explanations . 295
Objective 5.1: Explain the function and purpose of authentication services 295
Objective 5.2: Explain the fundamental concepts and best practices related to authorization and access control . 299
Objective 5.3: Implement appropriate security controls when performing account management 309
Chapter Six Domain 6.0: Cryptography . 317
Practice Questions . 318
Objective 6.1: Summarize general cryptography concepts . 318
Objective 6.2: Use and apply appropriate cryptographic tools and products 323
Objective 6.3: Explain core concepts of public key infrastructure 329
Objective 6.4: Implement PKI, certificate management, and associated components 333
Quick-Check Answer Key . 338
Objective 6.1: Summarize general cryptography concepts . 338
Objective 6.2: Use and apply appropriate cryptographic tools and products 338
Objective 6.3: Explain core concepts of public key infrastructure 339
Objective 6.4: Implement PKI, certificate management, and associated components 339
Answers and Explanations . 340
Objective 6.1: Summarize general cryptography concepts . 340
Objective 6.2: Use and apply appropriate cryptographic tools and products 343
Objective 6.3: Explain core concepts of public key infrastructure 348
Objective 6.4: Implement PKI, certificate management, and associated components 351
9780789748287, TOC, 11/09/2011
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.