CompTIA® Security+ SY0-301 Practice Questions Exam Cram, Third Edition, offers all the exam practice you’ll need to systematically prepare, identify and fix areas of weakness, and pass your exam the first time. This book complements any Security+ study plan with more than 800 practice test questions–all supported with complete explanations of every correct and incorrect answer–covering all Security+ exam objectives, including network security; compliance and operation security; threats and vulnerabilities; application, host and data security; access control and identity management; and cryptography.
This is the eBook version of the print title. Note that the eBook does not provide access to the CD-ROM content that accompanies the print book.
Limited Time Offer: Buy CompTIA Security+ SY0-301 Practice Questions Exam Cram and receive a 10% off discount code for the CompTIA Security+ SYO-301 exam. To receive your 10% off discount code:
1. Register your product at pearsonITcertification.com/register
2. When prompted, enter ISBN: 9780789748287
3. Go to your Account page and click on “Access Bonus Content”
Covers the critical information you’ll need to know to score higher on your Security+ exam!
- Features more than 800 questions that are organized according to the Security+ exam objectives, so you can easily assess your knowledge of each topic.
- Use our innovative Quick-Check Answer System™ to quickly find answers as you work your way through the questions.
- Each question includes detailed explanations!
- Our popular Cram Sheet, which includes tips, acronyms, and memory joggers, helps you review key facts before you enter the testing center.
Diane M. Barrett (MCSE, CISSP, Security+) is the director of training for Paraben Corporation and an adjunct professor for American Military University. She has done contract forensic and security assessment work for several years and has authored other security and forensic books. She is a regular committee member for ADFSL’s Conference on Digital Forensics, Security and Law, as well as an academy director for Advancement Solutions. She holds many industry certifications, including CISSP, ISSMP, DFCP, PCME, and Security+. Diane’s education includes a MS in Information Technology with a specialization in Information Security. She expects to complete a PhD in business administration with a specialization in Information Security shortly.
Table of Contents:
Introduction . 5
Who This Book Is For 5
What You Will Find in This Book 5
Hints for Using This Book 6
Need Further Study? . 7
Chapter One Domain 1.0: Network Security 9
Practice Questions 10
Objective 1.1: Explain the security function and purpose of network devices and technologies 10
Objective 1.2: Apply and implement secure network administration principles . 16
Objective 1.3: Distinguish and differentiate network design elements and compounds . 23
Objective 1.4: Implement and use common protocols 32
Objective 1.5: Identify commonly used ports . 36
Objective 1.6: Implement wireless network in a secure manner 40
Quick-Check Answer Key 44
Objective 1.1: Explain the security function and purpose of network devices and technologies 44
Objective 1.2: Apply and implement secure network administration principles . 44
Objective 1.3: Distinguish and differentiate network design elements and compounds . 45
Objective 1.4: Implement and use common protocols 45
Objective 1.5: Identify commonly used ports . 46
Objective 1.6: Implement wireless network in a secure manner 46
Answers and Explanations 47
Objective 1.1: Explain the security function and purpose of network devices and technologies 47
Objective 1.2: Apply and implement secure network administration principles . 52
Objective 1.3: Distinguish and differentiate network design elements and compounds 58
Objective 1.4: Implement and use common protocols 65
Objective 1.5: Identify commonly used ports . 70
Objective 1.6: Implement wireless network in a secure manner 71
Chapter Two Domain 2.0: Compliance and Operational Security . 75
Practice Questions 76
Objective 2.1: Explain risk related concepts. 76
Objective 2.2: Carry out appropriate risk mitigation strategies . 83
Objective 2.3: Execute appropriate incident response procedures . 85
Objective 2.4: Explain the importance of security related awareness and training . 87
Objective 2.5: Compare and contrast aspects of business continuity 92
Objective 2.6: Explain the impact and proper use of environmental controls . 94
Objective 2.7: Execute disaster recovery plans and procedures . 98
Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability. 105
Quick-Check Answer Key . 108
Objective 2.1: Explain risk related concepts . 108
Objective 2.2: Carry out appropriate risk mitigation strategies 108
Objective 2.3: Execute appropriate incident response procedures 108
Objective 2.4: Explain the importance of security related awareness and training 109
Objective 2.5: Compare and contrast aspects of business continuity . 109
Objective 2.6: Explain the impact and proper use of environmental controls. . 109
Objective 2.7: Execute disaster recovery plans and procedures 110
Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability. 110
Answers and Explanations . 111
Objective 2.1: Explain risk related concepts . 111
Objective 2.2: Carry out appropriate risk mitigation strategies 117
Objective 2.3: Execute appropriate incident response procedures 118
Objective 2.4: Explain the importance of security related awareness and training 120
Objective 2.5: Compare and contrast aspects of business continuity . 123
Objective 2.6: Explain the impact and proper use of environmental controls. . 125
Objective 2.7: Execute disaster recovery plans and procedures 128
Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability. 133
Chapter Three Domain 3.0: Threats and Vulnerabilities . 135
Practice Questions . 136
Objective 3.1: Analyze and differentiate among types of malware. 136
Objective 3.2: Analyze and differentiate among types of attacks 144
Objective 3.3: Analyze and differentiate among types of social engineering attacks 154
Objective 3.4: Analyze and differentiate among types of wireless attacks. 156
Objective 3.5: Analyze and differentiate among types of application attacks 160
CompTIA Security+ SY0-301 Practice Questions Exam Cram
Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques. 165
Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities 174
Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus
vulnerability scanning . 177
Quick-Check Answer Key . 180
Objective 3.1: Analyze and differentiate among types of malware. 180
Objective 3.2: Analyze and differentiate among types of attacks. . 180
Objective 3.3: Analyze and differentiate among types of social engineering attacks 181
Objective 3.4: Analyze and differentiate among types of wireless attacks. 181
Objective 3.5: Analyze and differentiate among types of application attacks 181
Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques. 182
Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities 182
Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus
vulnerability scanning. 183
Answers and Explanations . 184
Objective 3.1: Analyze and differentiate among types of malware 184
Objective 3.2: Analyze and differentiate among types of attacks. . 191
Objective 3.3: Analyze and differentiate among types of social engineering attacks . 200
Objective 3.4: Analyze and differentiate among types of wireless attacks 202
Objective 3.5: Analyze and differentiate among types of application attacks. . 206
Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques 210
Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities 216
Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning. 219
Chapter Four Domain 4.0: Application, Data, and Host Security . 223
Practice Questions . 224
Objective 4.1: Explain the importance of application security . 224
Objective 4.2: Carry out appropriate procedures to establish host security. 232
Objective 4.3: Explain the importance of data security 239
Quick-Check Answer Key . 248
Objective 4.1: Explain the importance of application security . 248
Objective 4.2: Carry out appropriate procedures to establish host security. 248
Objective 4.3: Explain the importance of data security 249
Answers and Explanations . 250
Objective 4.1: Explain the importance of application security . 250
Objective 4.2: Carry out appropriate procedures to establish host security . 257
Objective 4.3: Explain the importance of data security 262
Chapter Five Domain 5.0: Access Control and Identity Management . 269
Practice Questions . 270
Objective 5.1: Explain the function and purpose of authentication services 270
Objective 5.2: Explain the fundamental concepts and best practices related to authorization and access control . 275
Objective 5.3: Implement appropriate security controls when performing account management 285
Quick-Check Answer Key . 293
Objective 5.1: Explain the function and purpose of authentication services 293
Objective 5.2: Explain the fundamental concepts and best practices related to authorization and access control . 293
Objective 5.3: Implement appropriate security controls when performing account management . 294
Answers and Explanations . 295
Objective 5.1: Explain the function and purpose of authentication services 295
Objective 5.2: Explain the fundamental concepts and best practices related to authorization and access control . 299
Objective 5.3: Implement appropriate security controls when performing account management 309
Chapter Six Domain 6.0: Cryptography . 317
Practice Questions . 318
Objective 6.1: Summarize general cryptography concepts . 318
Objective 6.2: Use and apply appropriate cryptographic tools and products 323
Objective 6.3: Explain core concepts of public key infrastructure 329
Objective 6.4: Implement PKI, certificate management, and associated components 333
Quick-Check Answer Key . 338
Objective 6.1: Summarize general cryptography concepts . 338
Objective 6.2: Use and apply appropriate cryptographic tools and products 338
Objective 6.3: Explain core concepts of public key infrastructure 339
Objective 6.4: Implement PKI, certificate management, and associated components 339
Answers and Explanations . 340
Objective 6.1: Summarize general cryptography concepts . 340
Objective 6.2: Use and apply appropriate cryptographic tools and products 343
Objective 6.3: Explain core concepts of public key infrastructure 348
Objective 6.4: Implement PKI, certificate management, and associated components 351
9780789748287, TOC, 11/09/2011
About the Author :
Diane Barrett is the director of training for Paraben Corporation and an adjunct professor for American Military University. She has done contract forensic and security assessment work for several years and has authored other security and forensic books. She is a regular committee member for ADFSL’s Conference on Digital Forensics, Security and Law, as well as an academy director for Edvancement Solutions. She holds many industry certifications, including CISSP, ISSMP, DFCP, PCME, along with many CompTIA certifications, including the Security+ (2011 objectives). Diane’s education includes a MS in Information Technology with a specialization in Information Security. She expects to complete a PhD in business administration with a specialization in Information Security shortly.
