WIXLIB

Cross-Site Request Forgery (XSRF)Directory Traversal/Command InjectionLDAP InjectionTransitive Access and Client-Side AttacksFuzzingChapter 7 Exam Topic ReviewChapter 7 Practice QuestionsChapter 7 Practice Question AnswersChapter 8 Managing RiskIdentifying RiskThreats and Threat VectorsTypes of ThreatsMalicious Insider ThreatThreat AssessmentsVulnerabilitiesRisk ManagementRisk AssessmentUsing Metrics to Identify RiskChecking for VulnerabilitiesAnatomy of an AttackIdentifying IP Addresses of TargetsIdentifying Open Ports with a Port ScannerFingerprint SystemBanner GrabbingIdentifying VulnerabilitiesAttackPutting It All TogetherVulnerability AssessmentVulnerability ScanningOther Assessment TechniquesCredentialed Versus NoncredentialedPenetration TestingWhite, Gray, and Black Box TestingObtaining ConsentIntrusive Versus Nonintrusive TestingPassive Versus Active ToolsContinuous MonitoringIdentifying Security ToolsSniffing with a Protocol AnalyzerPerforming Routine AuditsUser ReviewsMonitoring Events with LogsOperating System Event LogsFirewall and Router Access LogsOther LogsReviewing LogsChapter 8 Exam Topic Review

Chapter 8 Practice QuestionsChapter 8 Practice Question AnswersChapter 9 Preparing for Business ContinuityAdding RedundancySingle Point of FailureDisk RedundanciesRAID-0RAID-1RAID-5 and RAID-6RAID-10Software Versus Hardware RAIDServer RedundancyFailover Clusters for High AvailabilityLoad Balancers for High AvailabilityPower RedundanciesUPSGeneratorsProtecting Data with BackupsComparing Backup TypesFull BackupsRestoring a Full BackupDifferential BackupsRestoring a Full/Differential Backup SetIncremental BackupsRestoring a Full/Incremental Backup SetChoosing Full/Incremental or Full/DifferentialTesting BackupsProtecting BackupsBackup Policies and PlansComparing Business Continuity ElementsBusiness Impact AnalysisRecovery Time ObjectiveRecovery Point ObjectiveContinuity of OperationsHot SiteCold SiteWarm SiteSite VariationsAfter the DisasterDisaster RecoveryPlanning for CommunicationsIT Contingency PlanningSuccession PlanningBCP and DRP TestingTesting ControlsEscape Plans, Escape Routes, and DrillsImplementing Environmental Controls

Heating, Ventilation, and Air ConditioningHot and Cold AislesHVAC and FireFail-Safe Versus Fail-OpenFire SuppressionEnvironmental MonitoringShieldingShielding CablesProtected Distribution of CablingFaraday CageChapter 9 Exam Topic ReviewChapter 9 Practice QuestionsChapter 9 Practice Question AnswersChapter 10 Understanding CryptographyIntroducing Cryptography ConceptsProviding Integrity with HashingMD5SHAHMACHashing FilesHashing PasswordsHashing MessagesUsing HMACOther Hash AlgorithmsRIPEMDLANMAN and NTLMProviding Confidentiality with EncryptionSymmetric EncryptionBlock Versus Stream CiphersAESDES3DESRC4Blowfish and TwofishOne-Time PadAsymmetric EncryptionThe Rayburn BoxThe Rayburn Box Used to Send SecretsThe Rayburn Box Used for AuthenticationThe Rayburn Box DemystifiedCertificatesRSAStatic Versus Ephemeral KeysElliptic Curve CryptographyDiffie-HellmanSteganographyQuantum Cryptography

Using Cryptographic ProtocolsProtecting EmailSigning Email with Digital SignaturesEncrypting EmailS/MIMEPGP/GPGTransport EncryptionIPsecSSLTLSCipher SuitesStrong Versus Weak CiphersEncrypting HTTPS Traffic with SSL or TLSKey StretchingIn-Band Versus Out-of-Band Key ExchangeExploring PKI ComponentsCertificate AuthorityCertificate Trust Paths and Trust ModelsSelf-Signed CertificatesWildcard CertificatesRegistrationRevoking CertificatesValidating CertificatesOutdated CertificatesKey EscrowRecovery AgentChapter 10 Exam Topic ReviewChapter 10 Practice QuestionsChapter 10 Practice Question AnswersChapter 11 Exploring Operational SecurityExploring Security PoliciesPersonnel PoliciesAcceptable Use Policy and Privacy PolicyMandatory VacationsSeparation of DutiesJob RotationClean Desk PolicyAccount Management PoliciesRequire Administrators to Use Two AccountsNever Use Shared AccountsThird-Party IssuesInteroperability AgreementsChange Management PolicyData PoliciesInformation ClassificationData Labeling and HandlingData Wiping and Disposing

Wiping FilesStorage and Retention PoliciesPersonally Identifiable InformationProtecting PIIPrivacy PolicySocial Media Networks and ApplicationsResponding to IncidentsIncident Response TeamIncident Response ProceduresImplementing Basic Forensic ProceduresOrder of VolatilityCapture System ImageTake HashesNetwork Traffic and LogsChain of CustodyCapture VideoRecord Time OffsetScreenshotsWitnessesTrack Man-Hours and ExpenseBig Data AnalysisRaising Security AwarenessSecurity Policy Training and ProceduresRole-Based TrainingTraining and Compliance IssuesUsing Metrics to Validate ComplianceChapter 11 Exam Topic ReviewChapter 11 Practice QuestionsChapter 11 Practice Question AnswersCompTIA Security Practice ExamSecurity Practice Exam AnswersAppendix A—Acronym List

IntroductionCongratulations on your purchase of CompTIA Security : Get Certified Get Ahead. You are one step closer to becoming CompTIA Security certified. This certification has helped many individuals get ahead in their jobs and their careers, and it can help you get ahead, too.It is a popular certification within the IT field. One IT hiring manager told me that if a résumé doesn’t include the Security certification, or ahigher-level security certification, he simply sets it aside. He won’t even talk to applicants. That’s not the same with all IT hiring managers, but it doeshelp illustrate how important security is within the IT field.Who This Book Is ForIf you’re studying for the CompTIA Security exam and want to pass it on your first attempt, this book is for you. It covers 100 percent of theobjectives identified by CompTIA in enough depth so that you’ll be able to easily answer the exam questions.The first target audience for this book is students in CompTIA Security classes. My goal is to give students a book they can use to study therelevant and important details of CompTIA Security in adequate depth for the challenging topics, but without the minutiae in topics that are clear formost IT professionals. I regularly taught from the first edition of this book, and I’ll continue to teach using this edition. I also heard from instructorsaround the United States and in other countries who used versions of the book to help students master the topics and pass the Security exam the firsttime they took it.This book is also for those people who can study on their own. If you’re one of the people who can read a book and learn the material withoutsitting in a class, this book has what you need to take and pass the exam the first time.Additionally, you can keep this book on your shelf (or in your Kindle) to remind yourself of important, relevant concepts. These concepts areimportant for security professionals and IT professionals in the real world.Based on many conversations with students and readers of the previous versions of this book, I know that many people use the Security certification as the first step in achieving other security certifications. For example, you may follow the Security with the ISC(2) SSCP or CISSP, orpossibly the CompTIA CASP certification. If you plan to pursue any of these advanced security certifications, you’ll find this book will help you lay asolid foundation of security knowledge. Learn this material, and you’ll be a step ahead on the other exams.About This BookOver the past several years, I’ve taught literally hundreds of students, helping them to become CompTIA Security certified. During that time, I’velearned what concepts are easy to grasp and what concepts need more explanation. I’ve developed handouts and analogies that help students grasp theelusive concepts.Feedback from students was overwhelmingly positive—both in their comments to me and their successful pass rates after taking the certificationexam. When the objectives changed in 2008, I rewrote my handouts as the first edition of this book. When the objectives changed again in 2011, Irewrote the book to reflect the new objectives. This book reflects the objective changes in 2014.This book has allowed me to reach a much larger audience and share security and IT-related information. Even if you aren’t in one of the classes Iteach, this book can help you learn the relevant material to pass the exam the first time you take it.How to Use This BookWhen practicing for any certification exam, the following steps are a good recipe for success:Review the objectives. The objectives for the SY0-401 exam are listed in the “Objective to Chapter Map” in this Introduction.Learn the material related to the objectives. This book covers all of the objectives, and the introduction includes a map showing whichchapter (or chapters) covers each objective.Take practice questions. A key step when preparing for any certification exam is to make sure you can answer the exam questions. Yes, youneed the knowledge, but you also must be able to read a question and choose the correct answer. This simply takes practice. When usingpractice test questions, ensure they have explanations. Questions without explanations often give you the wrong answers.Read and understand the explanations. When preparing, you should make sure you know why the correct answers are correct and why theincorrect answers are incorrect. The explanations provide this information and are worded to help you get other questions correct.This book has over 400 practice test questions you can use to test your knowledge and your ability to correctly answer them. Every question has adetailed explanation to help you understand why the correct answers are correct and why the incorrect answers are incorrect.You can find the practice questions in the following areas:Pre-assessment exam. Use these questions at the beginning of the book to get a feel for what you know and what you need to study more.

End-of-chapter practice questions. Each chapter has practice questions to help you test your comprehension of the material in the chapter.End-of-book practice exam. Use this as a practice exam to test your comprehension of the subject matter and readiness to take the actualexam.It’s OK if you do the practice questions in a different order. You may decide to tackle all the chapters in the book and then do the pre-assessmentand post-assessment questions. That’s fine. However, I strongly suggest you review all the questions in the book.Remember ThisThroughout the book, you’ll see text boxes that highlight important information you should remember to successfully pass the exam. The surroundingcontent provides the additional information needed to fully understand these key points, and the text boxes summarize the important points.These text boxes will look like this:Remember thisI strongly encourage you to repeat the information in the text boxes to yourself as often as possible. Themore you repeat the information, the more likely you are to remember it when you take the exam.A tried-and-true method of repeating key information is to take notes when you’re first studying the material and then rewrite the notes later. Thiswill expose you to the material a minimum of three times.Another method that students have told me has been successful for them is to use an MP3 player. Many MP3 players can record. Start your MP3recorder and read the information in each text box for a chapter and the information in the Exam Topic Review section of each chapter. Save the MP3file and regularly listen to it. This allows you to reaffirm the important information in your own voice.You can play it while exercising, walking, or just about any time when it’s not dangerous to listen to any MP3 file. You can even burn the MP3 filesto a CD and play them back from a CD player.If the MP3 method is successful for you, you can also record and listen to exam questions. Read the question, only the correct answer, and the firstsentence or two of the explanation in each practice question.If you don’t have time to create your own MP3 recordings, check out the companion web site (http://GetCertifiedGetAhead.com andhttp://gcgapremium.com) for this book. You can purchase MP3 recordings there that you can download and use.Vendor NeutralCompTIA certifications are vendor neutral. In other words, certifications are not centered on any single vendor, such as Microsoft, Apple, or Linux.With that in mind, you don’t need significantly deep knowledge of any of the operating systems, but don’t be surprised if you see more questions aboutone OS over another simply because of market share.In August 2014, Windows had about 91 percent market share of desktop and laptop computer operating systems. Apple MACs were next with about6 percent, and Linux had about 1 percent. Looking at mobile operating systems such as tablets and smartphones, it’s close to a tie with Android deviceshaving 44.6 percent market share and Apple iOS systems having 44.19 percent.Because over 90 percent of the systems you’ll touch in a corporate environment are Microsoft based, don’t be surprised to see some Microsoftspecific questions.Web ResourcesCheck out http://GetCertifiedGetAhead.com for up-to-date details on the CompTIA Security exam. This site includes additional informationrelated to the CompTIA Security exam and this book.Although many people have spent a lot of time and energy trying to ensure that there are no errors in this book, occasionally they slip through. Thissite includes an errata page listing any errors we’ve discovered.If you discover any errors, please let me know through the links on the web site. I’d also love to hear about your success when you pass the exam.I’m constantly getting good news from readers and students who are successfully earning their certifications.In response to all the requests I’ve received for additional materials, such as online practice test questions, flash cards, and audio files, I createdthis site: http://gcgapremium.com/. It includes access to various study materials.Last, I’ve found that many people find cryptography topics challenging, so I’ve posted some videos on YouTube (http://www.youtube.com/). Astime allows, I’ll post additional videos, and you can get a listing of all of them by searching YouTube with “Darril Gibson.”AssumptionsThe CompTIA Security exam assumes you have at least two years of experience working with computers in a network. It also assumes you earnedthe CompTIA Network certification, or at least have the equivalent knowledge. While writing this book, I have largely assumed the same thing.

However, I’m well aware that two years of experience in a network could mean many different things. Your two years of experience may exposeyou to different technologies than someone else’s two years of experience.When it’s critical that you understand an underlying network concept in order to master the relevant exam material, I have often included theconcept within the background information.Set a GoalLook at a calendar right now and determine the date 45 days from today. This will be your target date to take this exam. Set this as your goal tocomplete studying the materials and to take the exam.This target allows you to master about one and a half chapters per week. It may be that some of the chapters take you less time and some of thechapters take you more time. No problem. If you want to modify your target date later, do so. However, a recipe for success in almost any endeavorincludes setting a goal.When I teach CompTIA Security at a local university, I often help the students register for the exam on the first night. They pick a date close to theend of the course and register. I’ve found that when we do this, about 90 percent of the students take and pass the exam within one week after completingthe course. On the other hand, when I didn’t help the students register on the first night, more than half of them did not complete the exam in the same timeframe. Setting a goal helps.About the ExamCompTIA first released the Security exam in 2002, and it has quickly grown in popularity. They revised the exam objectives in 2008, 2011, andagain in 2014. The 2014 exam is numbered as SY0-401 (or JK0-022 for the academic version of the exam). SY0-201 retired on December 31, 2011,and SY0-301 is scheduled to retire on December 31, 2014.The SY0-401 exam is the same as the JK0-022 exam. CompTIA uses the JK0-022 code for CompTIA Academy Partners. If you attend a Security course at a CompTIA Academy partner, they might give you a JK0-022 voucher. Everyone else uses the SY0-401 code.A summary of the details of the exam includes:Number of questions: Maximum of 90 questionsTime to complete questions: 90 minutes (does not include time to complete pretest and posttest surveys)Passing score: 750Grading criteria: Scale of 100 to 900 (about 83 percent)Question types: Multiple choice and performance-basedExam format: Traditional—can move back and forth to view previous questionsExam prerequisites: None required but Network is recommendedExam test provider: Pearson VueNumber of Questions and DurationYou have 90 minutes to complete up to 90 questions. This gives you about one minute per question. Don’t let this scare you; it’s actually a goodthing. With only about a minute to read and answer a question, you know the questions can’t be very long. The exception is the performance-basedquestions, but you’ll only see a few of those.Passing ScoreA score of 750 is required to pass. This is on a scale of 100 to 900. If the exam is paid for and you don’t get a single question correct, you still get ascore of 100. If you get every testable question correct, you get a score of 900.If all questions are weighted equally, then you need to get 75 questions correct—a passing score of 750 divided by 900 equals .8333 or 83.33percent. CompTIA doesn’t say if all questions are scored equally or whether harder questions are weighted and worth more. However, most peoplebelieve that the performance-based questions are worth more than a typical multiple-choice question.Also, a score of 83 percent is higher than many other certification exams, so you shouldn’t underestimate the difficulty of this exam. However, manypeople regularly pass it and you can pass it, too. With this book, you will be well prepared.Exam PrerequisitesAll that is required for you to take the exam is money. Other than that, there are no enforced prerequisites. However, to successfully pass the exam,you’re expected to have at least two years of experience working with computers in a networking en

CompTIA Security : Get Certified Get Ahead SY0-401 Study Guide Darril Gibson. Dedication . CompTIA Security Assessment Exam Assessment Exam Answers Chapter 1 Mastering Security Basics Understanding Core Security Goals Confident