Featuring:

* Itineraries–List of official exam objectives covered
* ETAs–Amount of time needed to complete each lesson
* Travel Advisories–Expert advice on critical topics
* Local Lingo–Concise definitions of key terms and concepts
* Travel Assistance–Recommended resources for more information
* Exam Tips–Common exam pitfalls and solutions
* Checkpoints–End-of-chapter questions, answers, and explanations
* Career Flight Path–Career options mapped out to maximize the return from your IT journey
* Practice exam on CD powered by LearnKey

About the Author

T.J. Samuelle, CompTIA Network+, CompTIA Server+, CompTIA Security+, is an IT consultant and author of several computer books on CompTIA certifications. He served as a subject matter expert for CompTIA on the Network+ and Security+ exams.
Product Details

* Paperback: 448 pages
* Publisher: McGraw-Hill Osborne Media; 2 edition (November 6, 2008)
* Language: English
* ISBN-10: 0071601236
* ISBN-13: 978-0071601238

Download Link Updated#

McGraw-Hill is an independent entity from CompTIA. This
publication and CD may be used in assisting students to
epare for the CompTIA Security+ Exam. Neither CompTIA nor
McGraw-Hill warrants that use of this publication and CD will
ensure passing any exam. CompTIA is a registered trademark of
CompTIA in the United States and/or other countries.

http://rapidshare.com/files/284408890/mike_meyes_certificaton_passport_compita_security___second_edition.rar.html

http://rapidshare.de/files/48410609/mike_meyes_certificaton_passport_compita_security___second_edition.rar.html
http://www.4shared.com/file/135092622/608549f1/mike_meyes_certificaton_passport_compita_security__second_edition.html

http://www.2shared.com/file/8016026/db59c09b/mike_meyes_certificaton_passport_compita_security__second_edition.html

http://uploading.com/files/3a3mb45f/mike%2Bmeyes%2Bcertificaton%2Bpassport%2Bcompita%2Bsecurity%2B%252B%2Bsecond%2Bedition.rar/

http://www.2shared.com/file/8015858/6f06850d/PrepLogic_Security__SY0-201__Mega_Guide__1_.html
http://uploading.com/files/42738e98/PrepLogic_Security__SY0-201__Mega_Guide%2B%25281%2529.rar/

The exam is multiple choice with short, terse questions followed by four possible answers.
Don’t expect lengthy scenarios and complex solutions. This is an entry-level exam of knowl-
edge-level topics; you’re expected to know a great deal about security topics from an overview
perspective rather than implementation. In many books, the glossary is fller added to the
back of the text; this book’s glossary should be considered necessary reading. You’re likely
to see a question on the exam about what a Trojan horse is, not how to identify it at the code
level. Spend your study time learning the different security solutions and identifying potential
security vulnerabilities and where they would be applicable. Don’t get bogged down in step-
by-step details; those are saved for certifcation exams beyond the scope of Security+.
You should also know that CompTIA is notorious for including vague questions on all
its exams. You might see a question for which two of the possible four answers are correct—
but you can only choose one. Use your knowledge, logic, and intuition to choose the best
answer, and then move on. Sometimes the questions are worded in ways that would make
English majors cringe—a typo here, an incorrect verb there. Don’t let this frustrate you;
answer the question, and go to the next. Although we haven’t intentionally added typos
or other grammatical errors, the questions throughout this book make every attempt to
re-create the structure and appearance of the real exam questions. CompTIA offers a page
on study tips for their exams at http://certification.comptia.org/resources/test_tips.aspx,
and it is worth skimming.
CompTIA frequently does what is called item seeding, which is the practice of
including unscored questions on exams. It does that to gather psychometric
data, which is then used when developing new versions of the exam. Before
you take it, you are told that your exam may include unscored questions.
So if you come across a question that does not appear to map to any of the
exam objectives—or for that matter, does not appear to belong in the exam—
it is likely a seeded question.
As you study, you need to know that the exam you’ll take was created at a certain point
in time. You won’t see a question about the new virus that hit your systems last week, but
you’ll see questions about concepts that existed when this exam was created. Updating the
exam is a diffcult process and results in an increment in the exam number.
Why Become Security+ Certified?
There are a number of reasons for obtaining a Security+ certifcation:
It provides proof of professional achievement. Specialized certifcations are the best way
to stand out from the crowd. In this age of technology certifcations, you’ll fnd hundreds
of thousands of administrators who have successfully completed the Microsoft and Cisco
certifcation tracks. To set yourself apart from the crowd, you need a little bit more. The
Security+ exam is part of the CompTIA certifcation track that includes A+, Network+, and will help you prepare for more advanced certifcations because it provides a solid grounding
in security concepts and will give you the recognition you deserve.
It increases your marketability. Almost anyone can bluff their way through an interview.
Once you’re security certifed, you’ll have the credentials to prove your competency. And,
certifcations can’t be taken from you when you change jobs—you can take that certifcation
with you to any position you accept.
It provides opportunity for advancement. Individuals who prove themselves to be competent
and dedicated are the ones who will most likely be promoted. Becoming certifed is a great
way to prove your skill level and show your employer that you’re committed to improving
your skill set. Look around you at those who are certifed: They are probably the people who
receive good pay raises and promotions.
It fulfills training requirements. Many companies have set training requirements for their
staff so that they stay up-to-date on the latest technologies. Having a certifcation program
in security provides administrators with another certifcation path to follow when they have
exhausted some of the other industry-standard certifcations.
It raises customer confidence. As companies discover the CompTIA advantage, they
will undoubtedly require qualifed staff to achieve these certifcations. Many companies
outsource their work to consulting frms with experience working with security. Firms
that have certifed staff have a defnite advantage over frms that don’t.
How to Become a Security+ Certified Professional
As this book goes to press, there are two Security+ exam providers: Prometric and Pearson
VUE. The following table contains all the necessary contact information and exam-specifc
details for registering. Exam pricing might vary by country or by CompTIA membership.
Vendor Website Phone Number
Prometric securereg3.prometric.com U.S. and Canada: 800-977-3926
Pearson VUE www.vue.com/comptia U.S. and Canada: 877-551-PLUS (7587)
When you schedule the exam, you’ll receive instructions regarding appointment and
cancellation procedures, ID requirements, and information about the testing center loca-
tion. In addition, you’ll receive a registration and payment confrmation letter. Exams
can be scheduled up to six weeks out or as late as the next day (or, in some cases, even
the same day).
Sybex Test Engine The CD also contains the Sybex Test Engine. Using this custom soft-
ware, you can identify up front the areas in which you are weak and then develop a solid
studying strategy using each of these robust testing features. The ReadMe fle walks you
through the installation process.
In addition to taking the assessment test and the chapter review questions in the test engine,
you’ll fnd practice exams, one if you purchased the standard edition, four if you purchased
the deluxe edition. Take these practice exams just as if you were taking the actual exam
(without any reference material). When you’ve fnished the frst exam, move on to the next
one to solidify your test-taking skills. If you get more than 90 percent of the answers cor-
rect, you’re ready to take the certifcation exam.
Full text of the book in PDF The CD-ROM contains this book in PDF so you can easily
read it on any computer. If you have to travel but still need to study for the exam, and you
have a laptop with a CD-ROM drive, you can carry this entire book with you.
What’s Included in the Deluxe Edition?
If you purchased the deluxe edition of this Study Guide, you will notice the two additional
appendixes: the security administrator’s troubleshooting guide and workbook exercises.
Together, these two elements add an additional hands-on component to your studies and
can be useful resources long after you’ve passed the exam and earned your Security+
certifcation.
Not only is there a difference within the spine of the deluxe edition with the inclusion of
the additional chapters, but the CD has been enhanced as well. The deluxe edition con-
tains an additional bonus exam to help you gauge your readiness for the real exam at
your closest testing center.
Exam Objectives
CompTIA goes to great lengths to ensure that its certifcation programs accurately refect the
IT industry’s best practices. The company does this by establishing cornerstone committees for
each of its exam programs. Each committee comprises a small group of IT professionals, train-
ing providers, and publishers who are responsible for establishing the exam’s baseline compe-
tency level and who determine the appropriate target-audience level. Once these factors are
determined, CompTIA shares this information with a group of hand-selected Subject Matter
Experts (SMEs). These folks are the true brainpower behind the certifcation program. In the
case of this exam, they are IT-seasoned pros from the likes of Microsoft, Sun Microsystems,
VeriSign, and RSA Security, to name just a few. They review the committee’s fndings, refne
them, and shape them into the objectives you see before you. CompTIA calls this process a
job task analysis (JTA). Finally, CompTIA conducts a survey to ensure that the objectives and

Answers to Review Questions
1. A. The frst layer of access control is perimeter security. Perimeter security is intended to
delay or deter entrance into a facility.
2. C. Type C fre extinguishers are intended for use in electrical fres.
3. B. Electrical devices, such as motors, that generate magnetic felds cause EMI. Humidity
control won’t address EMI.
4. A. A security zone is a smaller part of a larger area. Security zones can be monitored indi-
vidually if needed. Answers B, C, and D are examples of security zones.
5. B. Partitioning is the process of breaking a network into smaller components that can
each be individually protected. This is analogous to building walls in an offce building.
6. B. Access control is the primary process of preventing access to physical systems.
7. A. Perimeter security involves creating a perimeter or outer boundary for a physical space.
Video surveillance systems wouldn’t be considered a part of perimeter security, but they can
be used to enhance physical security monitoring.
8. C. A security zone is an area that is a smaller component of the entire facility. Security
zones allow intrusions to be detected in specifc parts of the building.
9. A. Biometrics is a technology that uses personal characteristics, such as a retinal pattern
or fngerprint, to establish identity.
10. A. Social engineering uses the inherent trust in the human species, as opposed to technology,
to gain access to your environment.
11. A. Wireless cell systems are primarily line-of-site communication systems. These systems
use the microwave band for communications.
12. D. Global System for Mobile Communications (GSM) is the newest standard for cellular
communications. GSM promises to provide encryption as well as international usability.
13. A. Shielding keeps external electronic signals from disrupting operations.
14. D. TEMPEST is the certifcation given to electronic devices that emit minimal RF.
The TEMPEST certifcation is diffcult to acquire, and it signifcantly increases the
cost of systems.
15. A. Receivers tend to become desensitized when they’re exposed to strong RF signals. This
makes the receiver in the WAP seemingly go deaf to normal-strength signals.
16. A. Gas-based systems work by displacing the air around a fre. This eliminates one of the
three necessary components of a fre: oxygen.
17. C. The critical business functions are those functions that must be established as soon as
possible for a business to succeed after a catastrophic event.
18. C. Guidelines help clarify processes to maintain standards. Guidelines tend to be less
formal than policies or standards.
19. D. Limited distribution information can be released to select individuals and organizations,
such as fnancial institutions, governmental agencies, and creditors.
20. A. The Bell La-Padula model is intended to protect confdentiality of information. This
is accomplished by prohibiting users from reading above their security level and preventing
them from writing below their security level.
xxviii Introduction
weightings truly refect the job requirements. Only then can the SMEs go to work writing the
hundreds of questions needed for the exam. And in many cases, they have to go back to the
drawing board for further refnements before the exam is ready to go live in its fnal state. So,
rest assured the content you’re about to learn will serve you long after you take the exam.
Exam objectives are subject to change at any time without prior notice and
at CompTIA’s sole discretion. Visit the certification page of CompTIA’s web-
site at www.comptia.org for the most current listing of exam objectives.
CompTIA also publishes relative weightings for each of the exam’s objectives. The fol-
lowing table lists the six Security+ objective domains and the extent to which they are rep-
resented on the exam. As you use this study guide, you’ll fnd that I have administered just
the right dosage of objective knowledge by tailoring coverage to mirror the percentages that
CompTIA uses.
As part of the Department of Defense (DoD) Directive 8570.1—which requires
certain DoD technicians and managers to get trained and certified in certain
areas, including Security+—CompTIA will release a Security+ Bridge exam.
The Bridge exam will test on topics that are new since the previous version
of the exam. Individuals required to get recertified can take the Bridge exam
to meet the recertification policy. It should be noted that CompTIA does not
require individuals to get recertified. Refer to the objective tear out card at
the beginning of this book. All objectives that are new to the Security (2008
Edition) are in bold. For more information on Directive 8570.1, visit http://
certification.comptia.org/resources/US_Gov.aspx.

comptia sy0-201 dumps

http://rapidshare.com/files/284397774/comptia_security__sy0-201_book_pdf.rar.html
http://www.2shared.com/file/8015595/b5da25ef/comptia_security_sy0-201_book_pdf.html
http://uploading.com/files/c97d9bd9/comptia%2Bsecurity%252B%2Bsy0-201%2Bbook%2Bpdf.rar
http://www.4shared.com/file/135087223/1a350839/comptia_security_sy0-201_book_pdf.html

INTRODUCTION

The CompTIA Network+ (2009 Edition) certification is an internationally recognized validation of the technical knowledge required of foundation-level IT network practitioners.

The CompTIA Network+ (2009 Edition) certification ensures that the successful candidate has the important knowledge and skills necessary to manage, maintain, troubleshoot, install, operate and configure basic network infrastructure, describe networking technologies, basic design principles,
and adhere to wiring standards and use testing tools.

The skills and knowledge measured by this examination were derived from an industry-wide job task analysis and validated through an industry-wide global survey in Q2 2008. The results of this survey were used in weighing the domains and ensuring that the weighting is representative of the relative importance of the content.

It is recommended for CompTIA Network+ (2009 Edition) candidates to have the following:
• CompTIA A+ certification or equivalent knowledge, though CompTIA A+ certification is
not required.
• Have at least 9 to 12 months of work experience in IT networking.

The table below lists the domains measured by this examination and the extent to which they are represented. CompTIA Network+ (2009 Edition) exams are based on these objectives.

Domain % of Examination
1.0 Network Technologies 20%
2.0 Network Media and Topologies 20%
3.0 Network Devices 17%
4.0 Network Management 20%
5.0 Network Tools 12%
6.0 Network Security 11%
Total 100%

Code:
http://www.4shared.com/file/108711186/48d0c153/net_2009.html

http://rapidshare.com/files/284391168/PassGuide_comptia_sy0-201_770q.rar.html
http://www.2shared.com/file/8015334/3cbf8141/PassGuide_comptia_sy0-201_770q.html
http://uploading.com/files/f5d26886/PassGuide%2Bcomptia%2Bsy0-201%2B770q.rar/

http://www.passguide.com/sy0-201.html

A. The system administrator.
B. The owner of the resource.
C. The system administrator and the owner of the resource.
D. The user requiring access to the resource.

Answer: B

The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and
procedures needed to create, manage, store, distribute, and revoke digital certificates. The public
key infrastructure is based on which encryption schemes?

A. Symmetric
B. Quantum
C. Asymmetric
D. Elliptical curve

Answer: C
Which definition best defines what a challenge-response session is?

A. A challenge-response session is a workstation or system that produces a random challenge
string that the user provides, when prompted, in conjunction with the proper PIN (Personal
Identification Number).
B. A challenge-response session is a workstation or system that produces a random login ID that
the user provides, when prompted, in conjunction with the proper PIN (Personal Identification
Number).
C. A challenge-response session is a special hardware device used to produce random text in a
cryptography system.
D. A challenge-response session is the authentication mechanism in the workstation or system
that does not determine whether the owner should be authenticated.

Answer: A
For which reason are clocks used in Kerberos authentication?

A. Clocks are used to ensure proper connections.
B. Clocks are used to ensure that tickets expire correctly.
C. Clocks are used to generate the seed value for the encryptions keys.
D. Clocks are used to both benchmark and specify the optimal encryption algorithm.

Answer: B

To reduce vulnerabilities on a web server, an administrator should adopt which of the following
preventative measures?

A. Use packet sniffing software on all inbound communications
B. Apply the most recent manufacturer updates and patches to the server.
C. Enable auditing on the web server and periodically review the audit logs
D. Block all Domain Name Service (DNS) requests coming into the server.

Answer: B
A travel reservation organization conducts the majority of its transactions via a public facing
website. Any downtime to this website will lead to serious financial damage for this organization.
One web server is connected to several distributed database servers. Which statement is correct
about this scenario?

A. RAID
B. Warm site
C. Proxy server
D. Single point of failure

Answer: D
Which of the following types of firewalls provides inspection at layer 7 of the OSI model?

A. Application-proxy
B. Network address translation (NAT)
C. Packet filters
D. Stateful inspection

Answer: A
A newly hired security specialist is asked to evaluate a company’s network security. The security
specialist discovers that users have installed personal software; the network OS has default
settings and no patches have been installed and passwords are not required to be changed
regularly. Which of the following would be the FIRST step to take?

A. Install software patches.
B. Disable non-essential services.
C. Enforce the security policy.
D. Password management

Answer: C

Giving each user or group of users only the access they need to do their job is an example of
which of the following security principals?

A. Least privilege
B. Defense in depth
C. Separation of duties
D. Access control

Answer: A
In computing, the Basic Input/Output System (BIOS , also known as the System BIOS, is a de
facto standard defining a firmware interface for IBM PC Compatible computers. A user is
concerned with the security of their laptops BIOS. The user would not like anyone to be able to
access control functions except themselves. Which of the following could make the BIOS more
secure?

A. Password
B. Flash the BIOS
C. Encrypt the hard drive
D. Create an access-list

Answer: A
In computing, a Uniform Resource Locator (URL) is a type of Uniform Resource Identifier (URI)
that specifies where an identified resource is available and the mechanism for retrieving it. When
a user attempts to go to a website, he notices the URL has changed, which attack will MOST
likely cause the problem?

A. ARP poisoning
B. DLL injection
C. DNS poisoning
D. DDoS attack

Answer: C
What does the DAC access control model use to identify the users who have permissions to a
resource?

A. Predefined access privileges.
B. The role or responsibilities users have in the organization
C. Access Control Lists
D. None of the above.

Answer: C

n10-004 exam
PassGuide sy0-201

Since most of us don’t have a lot of time to study for exams, we created PrepLogic Printables. Printables gives you a big selection of exam questions in a PDF format that’s easy to print and easy to use, so you can study anywhere.

When you can’t be in front of a computer you have to find creative ways to study. Many of our customers suggest printing multiples so you can have a copy in the car, at your desk or in your gym bag. Printables gives you many more chances to study, and that gives you a much better chance to pass the first time.
The CompTIA Security+ exam has long stood as the forefront entry-level exam to the field of security. Through its difficulty, complexity of scope, and broad spectrum covering numerous aspects of the IT field, it has become one of the most sought after and respected certification offered by CompTIA, so much so that other companies, such as Microsoft, have long since used the CompTIA Security+ as an alternative choice for their elective exams for the MCSE.

The CompTIA Security+ exam is approximately 100 questions long and is available through both Pearson Vue and Thomson Prometric training facilities. The test is approximately 90 minutes long and contains the following official objectives:

Systems Security
Network Infrastructure
Access Control
Assessments & Audits
Cryptography
Organizational Security

http://rapidshare.com/files/225989605/preplogic__comptia_SY0-201.rar.html
http://rapidshare.de/files/46911119/preplogic__comptia_SY0-201.rar.html
http://uploading.com/files/E1RFQ0TK/preplogic__comptia_SY0-201.rar.html

1. Download ActualTests.CompTIA.SY0-101.Exam.Q.and.A.08.01.06.pdf [1,188 KB]
2. Download Sybex[1][1].CompTIA.A.plus.Complete.Fast.Pass.Sep.2006.pdf [12,608 KB]
3. Download Sybex CompTIA Security+ Studyguide 3rd Ed.pdf [10,876 KB]
4. Download CompTIA Security+ Certification.chm [1231 KB]
5. Download SY0-101 Comptia Security+.pdf [2,444 KB]
6. Download CompTIA Security +.rar [7,486 KB]
7. Download ComptiaA_Plus_220-601.pdf [1,453 KB]
8. Download CompTIA A+ Complete Study Guide (2007).rar [12,472 KB]
9. Download CompTIA A+ Guide to Managing and Troubleshooting PCs Lab Manual.rar [17,332 KB]
10. Download P4S_Comptia_Linux_Plus.zip [487 KB]
11. Download Comptia_networkplus_15min_guide.pdf [380 KB]
12. Download CompTIA A+220-603.pdf [249 KB]
13. Download Sybex.CompTIA.RFID.plus_Exam.RF0-101._Dec.2006.chm [2402 KB]
14. Download TestKing CompTia sy0-101 V15.pdf
15. Download KNOWLEDGENET COMPTIA SECURITY PLUS STUDENT GUIDE V1.pdf

Note: The above mentioned links are external links only and no file is being uploaded on blogger’s server. If any of these links violates copyright, please inform us, we will remove that link immediately.

Check-In
Part I: Systems Security
Chapter 1. System Security Threats and Risks
Objective 1.01 Differentiate Among Various Systems Security Threats
Object 1.02 Explain System Hardware and Peripheral Risks
Chapter 2. System Software Security
Objective 2.01 Implement OS Hardening Practices
Objective 2.02 Establish Application Security
Objective 2.03 Implement Security Applications
Objective 2.04 Explain Virtualization Technology
Part II: Network Infrastructure
Chapter 3. Network Security
Objective 3.01 Network Ports and Protocol Threats
Objective 3.02 Network Design Elements and Components
Objective 3.03 Network Device Vulnerabilities
Objective 3.04 Transmission Media Vulnerabilities
Chapter 4. Network Security Tools and Wireless Security
Objective 4.01 Determine and Apply Appropriate Network Security Tools
Objective 4.02 Explain Wireless Networking Vulnerabilities and Implement Mitigations
Part III: Access Control
Chapter 5. Access Control
Objective 5.01 Identify and Apply Access Control Methods
Objective 5.02 Explain Common Access Control Models
Objective 5.03 Organize Appropriate Security Groups, Roles, Rights, and Privileges
Objective 5.04 Apply File and Print Security Controls
Objective 5.05 Compare and Implement Logical Access Control Methods
Chapter 6. Authentication
Objective 6.01 Explain Identification and Authentication
Objective 6.02 Identify Authentication Models
Objective 6.03 Deploy Authentication Models
Objective 6.04 Apply Physical Access Security
Part IV: Assessments and Audits
Chapter 7. Risk and Vulnerability Assessment
Objective 7.01 Conduct Risk Assessments
Objective 7.02 Perform Vulnerability Assessments
Objective 7.03 Penetration Testing and Vulnerability
Chapter 8. Monitoring and Auditing
Objective 8.01 Monitor and Detect Security-Related Anomalies
Objective 8.02 Compare Monitoring Methodologies
Objective 8.03 Execute Proper Logging Procedures
Objective 8.04 Conduct System Audits
Part V: Cryptography
Chapter 9. Cryptography and Encryption Overview
Objective 9.01 Explain General Cryptography Concepts
Objective 9.02 Explain Basic Hashing Concepts
Objective 9.03 Explain Basic Encryption Concepts
Objective 9.04 Explain and Implement Protocols
Chapter 10. Public Key Cryptography
Objective 10.01 Public Key Cryptography
Objective 10.02 Certificate Management
Part VI: Organizational Security
Chapter 11. Redundancy and Environmental Planning
Objective 11.01 Explain Redundancy Planning
Objective 11.02 Explain Environmental Controls
Chapter 12. Disaster Recovery and Incident Response
Objective 12.01 Implement Disaster Recovery Procedures
Objective 12.02 Execute Incident Response Procedures
Chapter 13. Organizational Policies and Procedures
Objective 13.01 Explain Legislation and Organizational Policies
Objective 13.02 Reduce the Risks of Social Engineering
Appendix A: About the CD-ROM
Appendix B: Career Flight Path
Index
Biographical note

T.J. Samuelle, CompTIA Network+, CompTIA Server+, CompTIA Security+, is an IT consultant and author of several computer books on CompTIA certifications. He served as a subject matter expert for CompTIA on the Network+ and Security+ exams.

Get complete coverage of all the material included on the CompTIA Security+ exam inside this fully up-to-date, comprehensive resource. Written by network security experts, this authoritative exam guide features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. Designed to help you pass the CompTIA Security+ exam with ease, this definitive volume also serves as an essential on-the-job reference. Get full details on all exam topics, including how to:

Combat viruses, Trojan horses, spyware, logic bombs, and worms
Defend against DDoS, spoofing, replay, TCP/IP hijacking, and other attacks
Apply best practices for access control methods
Implement authentication using Kerberos, CHAP, biometrics, and other methods
Use cryptography and PKI
Secure remote access, wireless, and virtual private networks (VPNs)
Harden networks, operating systems, and applications
Manage incident response and follow forensic procedures
The CD-ROM features

One full practice exam
Complete electronic book

About the Author
Greg White is an Associate Professor in the Department of Computer Science at the University of Texas at San Antonio. He is the author of the first edition of this book.

Wm. Arthur Conklin, CompTIA Security+, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston.

.
Product Details
Hardcover: 672 pages
Publisher: McGraw-Hill Osborne Media; 2 edition (December 19, 2008)
A CompTIA Security+ Exam Guide and An On-the-Job Reference–All-in-One
Get complete coverage of all the material included on the CompTIA Security+ exam inside this fully up-to-date, comprehensive resource. Written by network security experts, this authoritative exam guide features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. Designed to help you pass the CompTIA Security+ exam with ease, this definitive volume also serves as an essential on-the-job reference. Get full details on all exam topics, including how to:
Combat viruses, Trojan horses, spyware, logic bombs, and worms
Defend against DDoS, spoofing, replay, TCP/IP hijacking, and other attacks
Apply best practices for access control methods
Implement authentication using Kerberos, CHAP, biometrics, and other methods
Use cryptography and PKI
Secure remote access, wireless, and virtual private networks (VPNs)
Harden networks, operating systems, and applications
Manage incident response and follow forensic procedures
The CD-ROM features
One full practice exam
Complete electronic book
Table of contents

We, the authors of CompTIA Security+ Certification All-in-One Exam Guide, have many 

individuals who we need to acknowledge—individuals without whom this effort would 

not have been successful.

The list needs to start with those folks at McGraw-Hill who worked tirelessly with 

the project’s multiple authors and contributors and led us successfully through the 

minefield that is a book schedule and who took our rough chapters and drawings and 

turned them into a final, professional product we can be proud of. We thank all the 

good people from the Acquisitions team, Tim Green, Jennifer Housh, and Carly Staple-

ton; from the Editorial Services team, Jody McKenzie; and from the Illustration and 

Production team, George Anderson, Peter Hancik, and Lyssa Wald. We also thank the 

technical editor Glen Clarke; the project editor, LeeAnn Pickrell; the copyeditor, Lisa 

Theobald; the proofreader, Susie Elkind; and the indexer, Karin Arrigoni for all their 

attention to detail that made this a finer work after they finished with it.

We also need to acknowledge our current employers who, to our great delight, have 

seen fit to pay us to work in a career field that we all find exciting and rewarding. There 

is never a dull moment in security because it is constantly changing.

We would like to thank Art Conklin for herding the cats on this one.

Finally, we would each like to individually thank those people who—on a personal 

basis—have provided the core support for us individually. Without these special people 

in our lives, none of us could have put this work together.

I would like to thank my wife, Charlan, for the tremendous support she has always 

given me. It doesn’t matter how many times I have sworn that I’ll never get involved 

with another book project only to return within months to yet another one; through it 

all, she has remained supportive.

I would also like to publicly thank the United States Air Force, which provided me 

numerous opportunities since 1986 to learn more about security than I ever knew existed.

To whoever it was who decided to send me as a young captain—fresh from complet-

ing my master’s degree in artificial intelligence—to my first assignment in computer secu-

rity: thank you, it has been a great adventure!

—Gregory B. White, Ph.D.

To Susan, my muse and love, for all the time you suffered as I work on books.

—Art Conklin

Special thanks to Josie for all her support.

—Chuck Cothren

Computer security is becoming increasingly important today as the number of security 

incidents steadily climbs. Many corporations now spend significant portions of their 

budget on security hardware, software, services, and personnel. They are spending this 

money not because it increases sales or enhances the product they provide, but because 

of the possible consequences should they not take protective actions.

Why Focus on Security?

Security is not something that we want to have to pay for; it would be nice if we didn’t 

have to worry about protecting our data from disclosure, modification, or destruction 

from unauthorized individuals, but that is not the environment we find ourselves in 

today. Instead, we have seen the cost of recovering from security incidents steadily rise 

along with the number of incidents themselves. Since September 11, 2001, this has 

taken on an even greater sense of urgency as we now face securing our systems not 

just from attack by disgruntled employees, juvenile hackers, organized crime, or com-

petitors; we now also have to consider the possibility of attacks on our systems from 

terrorist organizations. If nothing else, the events of September 11, 2001, showed that 

anybody is a potential target. You do not have to be part of the government or a govern-

ment contractor; being an American is sufficient reason to make you a target to some, 

and with the global nature of the Internet, collateral damage from cyber attacks on one 

organization could have a worldwide impact.

A Growing Need for Security Specialists

In order to protect our computer systems and networks, we will need a significant num-

ber of new security professionals trained in the many aspects of computer and network 

security. This is not an easy task as the systems connected to the Internet become in-

creasingly complex with software whose lines of codes number in the millions. Under-

standing why this is such a difficult problem to solve is not hard if you consider just 

how many errors might be present in a piece of software that is several million lines 

long. When you add the additional factor of how fast software is being developed—

from necessity as the market is constantly changing—understanding how errors occur is easy.

Not every “bug” in the software will result in a security hole, but it doesn’t take 

many to have a drastic affect on the Internet community. We can’t just blame the ven-

dors for this situation because they are reacting to the demands of government and 

industry. Most vendors are fairly adept at developing patches for flaws found in their 

software, and patches are constantly being issued to protect systems from bugs that may 

introduce security problems. This introduces a whole new problem for managers and 

administrators—patch management. How important this has become is easily illus-

trated by how many of the most recent security events have occurred as a result of a 

security bug that was discovered months prior to the security incident, and for which a 

patch has been available, but for which the community has not correctly installed the 

patch, thus making the incident possible. One of the reasons this happens is that many 

of the individuals responsible for installing the patches are not trained to understand 

the security implications surrounding the hole or the ramifications of not installing the 

patch. Many of these individuals simply lack the necessary training.

Because of the need for an increasing number of security professionals who are 

trained to some minimum level of understanding, certifications such as the Security+ 

have been developed. Prospective employers want to know that the individual they are 

considering hiring knows what to do in terms of security. The prospective employee, in 

turn, wants to have a way to demonstrate his or her level of understanding, which can 

enhance the candidate’s chances of being hired. The community as a whole simply 

wants more trained security professionals.

Preparing Yourself for the Security+ Exam

CompTIA Security+ Certification All-in-One Exam Guide is designed to help prepare you 

to take the CompTIA Security+ certification exam. When you pass it, you will demon-

strate you have that basic understanding of security that employers are looking for. 

Passing this certification exam will not be an easy task, for you will need to learn many 

things to acquire that basic understanding of computer and network security.

How This Book Is Organized

The book is divided into sections and chapters to correspond with the objectives of the 

exam itself. Some of the chapters are more technical than others—reflecting the nature 

of the security environment where you will be forced to deal with not only technical 

details but also other issues such as security policies and procedures as well as training 

and education. Although many individuals involved in computer and network security 

have advanced degrees in math, computer science, information systems, or computer or 

electrical engineering, you do not need this technical background to address security 

effectively in your organization. You do not need to develop your own cryptographic 

algorithm; for example, you simply need to be able to understand how cryptography is 

used along with its strengths and weaknesses. As you progress in your studies, you will 

learn that many security problems are caused by the human element. The best technol-

ogy in the world still ends up being placed in an environment where humans have the 

opportunity to foul things up—and all too often do.

xxxi

Part I: Security Concepts  The book begins with an introduction of some of the 

basic elements of security.

Part II: Cryptography and Applications  Cryptography is an important part 

of security, and this part covers this topic in detail. The purpose is not to make cryptog-

raphers out of readers but to instead provide a basic understanding of how cryptogra-

phy works and what goes into a basic cryptographic scheme. An important subject in 

cryptography, and one that is essential for the reader to understand, is the creation of 

public key infrastructures, and this topic is covered as well.

Part III: Security in the Infrastructure  The next part concerns infrastructure 

issues. In this case, we are not referring to the critical infrastructures identified by the 

White House several years ago (identifying sectors such as telecommunications, bank-

ing and finance, oil and gas, and so forth) but instead the various components that 

form the backbone of an organization’s security structure.

Part IV: Security in Transmissions  This part discusses communications secu-

rity. This is an important aspect of security because, for years now, we have connected 

our computers together into a vast array of networks. Various protocols in use today 

and that the security practitioner needs to be aware of are discussed in this part.

Part V: Operational Security  This part addresses operational and organiza-

tional issues. This is where we depart from a discussion of technology again and will 

instead discuss how security is accomplished in an organization. Because we know that 

we will not be absolutely successful in our security efforts—attackers are always finding

new holes and ways around our security defenses—one of the most important topics 

we will address is the subject of security incident response and recovery. Also included 

is a discussion of change management (addressing the subject we alluded to earlier 

when addressing the problems with patch management), security awareness and train-

ing, incident response, and forensics.

Part VI: Appendixes  There are two appendixes in CompTIA Security+ Certification 

All-in-One Exam Guide. Appendix A explains how best to use the CD-ROM included 

with this book, and Appendix B provides an additional in-depth explanation of the OSI 

model and Internet protocols, should this information be new to you.

Glossary  Located just before the Index, you will find a useful glossary of security 

terminology, including many related acronyms and their meaning. We hope that you 

use the Glossary frequently and find it to be a useful study aid as you work your way 

through the various topics in this exam guide.

xxxii

Special Features of the 

All-in-One Certification Series

To make our exam guides more useful and a pleasure to read, we have designed the All-

in-One Certification series to include several conventions.

Icons

To alert you to an important bit of advice, a shortcut, or a pitfall, you’ll occasionally see 

Notes, Tips, Cautions, and Exam Tips peppered throughout the text.

NOTE NOTE  Notes offer nuggets of especially helpful stuff, background 

explanations, and information, and terms are defined occasionally.

TIP TIP Tips provide suggestions and nuances to help you learn to finesse your 

job. Take a tip from us and read the Tips carefully.

CAUTION CAUTION  When you see a Caution, pay special attention. Cautions appear 

when you have to make a crucial choice or when you are about to undertake 

something that may have ramifications you might not immediately anticipate. 

Read them now so you don’t have regrets later.

EXAM TIP EXAM TIP  Exam Tips give you special advice or may provide information 

specifically related to preparing for the exam itself.

End-of-Chapter Reviews and Chapter Tests

An important part of this book comes at the end of each chapter where you will find a 

brief review of the high points along with a series of questions followed by the answers 

to those questions. Each question is in multiple-choice format. The answers provided 

also include a small discussion explaining why the correct answer actually is the correct 

answer.

The questions are provided as a study aid to you, the reader and prospective Secu-

rity+ exam taker. We obviously can’t guarantee that if you answer all of our questions 

correctly you will absolutely pass the certification exam. Instead, what we can guarantee 

is that the questions will provide you with an idea about how ready you are for the exam.

xxxiii

The CD-ROM

CompTIA Security+ Certification All-in-One Exam Guide  also provides you with a CD-

ROM of even more test questions and their answers to help you prepare for the certifi-

cation exam. Read more about the companion CD-ROM in Appendix A.

Onward and Upward

At this point, we hope that you are now excited about the topic of security, even if you 

weren’t in the first place. We wish you luck in your endeavors and welcome you to the 

exciting field of computer and network security.

Part I: Security Concepts
Chapter 1. General Security Concepts
Chapter 2. Operational Organizational Security
Chapter 3. Legal Issues, Privacy, and Ethics
Part II: Cryptography and Applications
Chapter 4. Cryptography
Chapter 5. Public Key Infrastructure
Chapter 6. Standards and Protocols
Part III: Security in the Infrastructure
Chapter 7. Physical Security
Chapter 8. Infrastructure Security
Chapter 9. Authentication and Remote Access
Chapter 10. Wireless Security
Part IV: Security in Transmissions
Chapter 11. Intrusion Detection Systems
Chapter 12. Security Baselines
Chapter 13. Types of Attacks and Malicious Software
Chapter 14. E-Mail and Instant Messaging
Chapter 15. Web Components
Part V: Operational Security
Chapter 16. Disaster Recovery and Business Continuity
Chapter 17. Risk Management
Chapter 18. Change Management
Chapter 19. Privilege Management
Chapter 20. Computer Forensics
Part VI: Appendixes
Appendix A. About the CD
Appendix B. OSI Model and Internet Protocols
Glossary
Index
Biographical note

Greg White is an Associate Professor in the Department of Computer Science at the University of Texas at San Antonio. He is the author of the first edition of this book.Wm. Arthur Conklin, CompTIA Security+, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston.

CompTIA Security+ All-in-One Exam Guide, Second Edition
672 pages | McGraw-Hill Osborne Media; 2 edition (December 19, 2008) | 0071601279 | PDF | 7 Mb

A CompTIA Security+ Exam Guide and An On-the-Job Reference–All-in-One