sybex sy0-201 comptia security ebook pdf
Before You Begin
Before you begin studying for the exam, it’s imperative that you understand a few things
about the Security+ certifcation. Security+ is a certifcation for life from CompTIA (an
industry association responsible for many entry-level certifcations) granted to those who
obtain a passing score on a single entry-level exam. In addition to adding Security+ to
your resume as a stand-alone certifcation, you can use it as an elective in many vendor-
certifcation tracks.
When you’re studying for any exam, the frst step in preparation should always be to fnd
out as much as possible about the test; the more you know up front, the better you can plan
your course of study. The current exam, and the one this book is written for, is the 2008
update. While all variables are subject to change, as this book is being written, the exam con-
sists of 100 questions. You have 90 minutes to take the exam, and the passing score is based
on a scale from 100 to 900. Both Pearson VUE and Prometric testing centers administer the
exam throughout the United States and several other countries.
The exam is multiple choice with short, terse questions followed by four possible answers.
Don’t expect lengthy scenarios and complex solutions. This is an entry-level exam of knowl-
edge-level topics; you’re expected to know a great deal about security topics from an overview
perspective rather than implementation. In many books, the glossary is fller added to the
back of the text; this book’s glossary should be considered necessary reading. You’re likely
to see a question on the exam about what a Trojan horse is, not how to identify it at the code
level. Spend your study time learning the different security solutions and identifying potential
security vulnerabilities and where they would be applicable. Don’t get bogged down in step-
by-step details; those are saved for certifcation exams beyond the scope of Security+.
You should also know that CompTIA is notorious for including vague questions on all
its exams. You might see a question for which two of the possible four answers are correct—
but you can only choose one. Use your knowledge, logic, and intuition to choose the best
answer, and then move on. Sometimes the questions are worded in ways that would make
English majors cringe—a typo here, an incorrect verb there. Don’t let this frustrate you;
answer the question, and go to the next. Although we haven’t intentionally added typos
or other grammatical errors, the questions throughout this book make every attempt to
re-create the structure and appearance of the real exam questions. CompTIA offers a page
on study tips for their exams at http://certification.comptia.org/resources/test_tips.aspx,
and it is worth skimming.
CompTIA frequently does what is called item seeding, which is the practice of
including unscored questions on exams. It does that to gather psychometric
data, which is then used when developing new versions of the exam. Before
you take it, you are told that your exam may include unscored questions.
So if you come across a question that does not appear to map to any of the
exam objectives—or for that matter, does not appear to belong in the exam—
it is likely a seeded question.
As you study, you need to know that the exam you’ll take was created at a certain point
in time. You won’t see a question about the new virus that hit your systems last week, but
you’ll see questions about concepts that existed when this exam was created. Updating the
exam is a diffcult process and results in an increment in the exam number.
Why Become Security+ Certified?
There are a number of reasons for obtaining a Security+ certifcation:
It provides proof of professional achievement. Specialized certifcations are the best way
to stand out from the crowd. In this age of technology certifcations, you’ll fnd hundreds
of thousands of administrators who have successfully completed the Microsoft and Cisco
certifcation tracks. To set yourself apart from the crowd, you need a little bit more. The
Security+ exam is part of the CompTIA certifcation track that includes A+, Network+, and will help you prepare for more advanced certifcations because it provides a solid grounding
in security concepts and will give you the recognition you deserve.
It increases your marketability. Almost anyone can bluff their way through an interview.
Once you’re security certifed, you’ll have the credentials to prove your competency. And,
certifcations can’t be taken from you when you change jobs—you can take that certifcation
with you to any position you accept.
It provides opportunity for advancement. Individuals who prove themselves to be competent
and dedicated are the ones who will most likely be promoted. Becoming certifed is a great
way to prove your skill level and show your employer that you’re committed to improving
your skill set. Look around you at those who are certifed: They are probably the people who
receive good pay raises and promotions.
It fulfills training requirements. Many companies have set training requirements for their
staff so that they stay up-to-date on the latest technologies. Having a certifcation program
in security provides administrators with another certifcation path to follow when they have
exhausted some of the other industry-standard certifcations.
It raises customer confidence. As companies discover the CompTIA advantage, they
will undoubtedly require qualifed staff to achieve these certifcations. Many companies
outsource their work to consulting frms with experience working with security. Firms
that have certifed staff have a defnite advantage over frms that don’t.
How to Become a Security+ Certified Professional
As this book goes to press, there are two Security+ exam providers: Prometric and Pearson
VUE. The following table contains all the necessary contact information and exam-specifc
details for registering. Exam pricing might vary by country or by CompTIA membership.
Vendor Website Phone Number
Prometric securereg3.prometric.com U.S. and Canada: 800-977-3926
Pearson VUE www.vue.com/comptia U.S. and Canada: 877-551-PLUS (7587)
When you schedule the exam, you’ll receive instructions regarding appointment and
cancellation procedures, ID requirements, and information about the testing center loca-
tion. In addition, you’ll receive a registration and payment confrmation letter. Exams
can be scheduled up to six weeks out or as late as the next day (or, in some cases, even
the same day).
Sybex Test Engine The CD also contains the Sybex Test Engine. Using this custom soft-
ware, you can identify up front the areas in which you are weak and then develop a solid
studying strategy using each of these robust testing features. The ReadMe fle walks you
through the installation process.
In addition to taking the assessment test and the chapter review questions in the test engine,
you’ll fnd practice exams, one if you purchased the standard edition, four if you purchased
the deluxe edition. Take these practice exams just as if you were taking the actual exam
(without any reference material). When you’ve fnished the frst exam, move on to the next
one to solidify your test-taking skills. If you get more than 90 percent of the answers cor-
rect, you’re ready to take the certifcation exam.
Full text of the book in PDF The CD-ROM contains this book in PDF so you can easily
read it on any computer. If you have to travel but still need to study for the exam, and you
have a laptop with a CD-ROM drive, you can carry this entire book with you.
What’s Included in the Deluxe Edition?
If you purchased the deluxe edition of this Study Guide, you will notice the two additional
appendixes: the security administrator’s troubleshooting guide and workbook exercises.
Together, these two elements add an additional hands-on component to your studies and
can be useful resources long after you’ve passed the exam and earned your Security+
certifcation.
Not only is there a difference within the spine of the deluxe edition with the inclusion of
the additional chapters, but the CD has been enhanced as well. The deluxe edition con-
tains an additional bonus exam to help you gauge your readiness for the real exam at
your closest testing center.
Exam Objectives
CompTIA goes to great lengths to ensure that its certifcation programs accurately refect the
IT industry’s best practices. The company does this by establishing cornerstone committees for
each of its exam programs. Each committee comprises a small group of IT professionals, train-
ing providers, and publishers who are responsible for establishing the exam’s baseline compe-
tency level and who determine the appropriate target-audience level. Once these factors are
determined, CompTIA shares this information with a group of hand-selected Subject Matter
Experts (SMEs). These folks are the true brainpower behind the certifcation program. In the
case of this exam, they are IT-seasoned pros from the likes of Microsoft, Sun Microsystems,
VeriSign, and RSA Security, to name just a few. They review the committee’s fndings, refne
them, and shape them into the objectives you see before you. CompTIA calls this process a
job task analysis (JTA). Finally, CompTIA conducts a survey to ensure that the objectives and
Answers to Review Questions
1. A. The frst layer of access control is perimeter security. Perimeter security is intended to
delay or deter entrance into a facility.
2. C. Type C fre extinguishers are intended for use in electrical fres.
3. B. Electrical devices, such as motors, that generate magnetic felds cause EMI. Humidity
control won’t address EMI.
4. A. A security zone is a smaller part of a larger area. Security zones can be monitored indi-
vidually if needed. Answers B, C, and D are examples of security zones.
5. B. Partitioning is the process of breaking a network into smaller components that can
each be individually protected. This is analogous to building walls in an offce building.
6. B. Access control is the primary process of preventing access to physical systems.
7. A. Perimeter security involves creating a perimeter or outer boundary for a physical space.
Video surveillance systems wouldn’t be considered a part of perimeter security, but they can
be used to enhance physical security monitoring.
8. C. A security zone is an area that is a smaller component of the entire facility. Security
zones allow intrusions to be detected in specifc parts of the building.
9. A. Biometrics is a technology that uses personal characteristics, such as a retinal pattern
or fngerprint, to establish identity.
10. A. Social engineering uses the inherent trust in the human species, as opposed to technology,
to gain access to your environment.
11. A. Wireless cell systems are primarily line-of-site communication systems. These systems
use the microwave band for communications.
12. D. Global System for Mobile Communications (GSM) is the newest standard for cellular
communications. GSM promises to provide encryption as well as international usability.
13. A. Shielding keeps external electronic signals from disrupting operations.
14. D. TEMPEST is the certifcation given to electronic devices that emit minimal RF.
The TEMPEST certifcation is diffcult to acquire, and it signifcantly increases the
cost of systems.
15. A. Receivers tend to become desensitized when they’re exposed to strong RF signals. This
makes the receiver in the WAP seemingly go deaf to normal-strength signals.
16. A. Gas-based systems work by displacing the air around a fre. This eliminates one of the
three necessary components of a fre: oxygen.
17. C. The critical business functions are those functions that must be established as soon as
possible for a business to succeed after a catastrophic event.
18. C. Guidelines help clarify processes to maintain standards. Guidelines tend to be less
formal than policies or standards.
19. D. Limited distribution information can be released to select individuals and organizations,
such as fnancial institutions, governmental agencies, and creditors.
20. A. The Bell La-Padula model is intended to protect confdentiality of information. This
is accomplished by prohibiting users from reading above their security level and preventing
them from writing below their security level.
xxviii Introduction
weightings truly refect the job requirements. Only then can the SMEs go to work writing the
hundreds of questions needed for the exam. And in many cases, they have to go back to the
drawing board for further refnements before the exam is ready to go live in its fnal state. So,
rest assured the content you’re about to learn will serve you long after you take the exam.
Exam objectives are subject to change at any time without prior notice and
at CompTIA’s sole discretion. Visit the certification page of CompTIA’s web-
site at www.comptia.org for the most current listing of exam objectives.
CompTIA also publishes relative weightings for each of the exam’s objectives. The fol-
lowing table lists the six Security+ objective domains and the extent to which they are rep-
resented on the exam. As you use this study guide, you’ll fnd that I have administered just
the right dosage of objective knowledge by tailoring coverage to mirror the percentages that
CompTIA uses.
As part of the Department of Defense (DoD) Directive 8570.1—which requires
certain DoD technicians and managers to get trained and certified in certain
areas, including Security+—CompTIA will release a Security+ Bridge exam.
The Bridge exam will test on topics that are new since the previous version
of the exam. Individuals required to get recertified can take the Bridge exam
to meet the recertification policy. It should be noted that CompTIA does not
require individuals to get recertified. Refer to the objective tear out card at
the beginning of this book. All objectives that are new to the Security (2008
Edition) are in bold. For more information on Directive 8570.1, visit http://
certification.comptia.org/resources/US_Gov.aspx.
http://rapidshare.com/files/284397774/comptia_security__sy0-201_book_pdf.rar.html
http://www.2shared.com/file/8015595/b5da25ef/comptia_security_sy0-201_book_pdf.html
http://uploading.com/files/c97d9bd9/comptia%2Bsecurity%252B%2Bsy0-201%2Bbook%2Bpdf.rar
http://www.4shared.com/file/135087223/1a350839/comptia_security_sy0-201_book_pdf.html
