CompTIA security+ study guide exam SY0 501

Tips for Taking the Security+ Exam What’s Included in the Book Interactive Online Learning Environment and Test BankHow to Use This Book and Study Tools Exam SY0-501 Exam Objectives SY0-

Senior Acquisitions Editor: Kenyon Brown

Development Editor: Gary Schwartz

Technical Editors: Buzz Murphy and Warren Wyrostek

Production Editor: Christine O’Connor

Copy Editor: Elizabeth Welch

Editorial Manager: Mary Beth Wakefield

Production Manager: Kathleen Wisor

Associate Publisher: Jim Minatel

Book Designers: Bill Gibson and Judy Fung

Proofreader: Kim Wimpsett

Indexer: John Sleeva

Project Coordinator, Cover: Brent Savage

Cover Designer: Wiley

Cover Image: Getty Images Inc./Jeremy Woodhouse

Copyright © 2018 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-119-41687-6

ISBN: 978-1-119-41690-6 (ebk.)

ISBN: 978-1-119-41689-0 (ebk.)

Manufactured in the United States of America

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc.,

111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at

http://www.wiley.com/go/permissions

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no

representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or

promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services If professional assistance is

required, the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an

organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared

between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S at (877) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or

in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com For more information about Wiley products, visit www.wiley.com

Library of Congress Control Number: 2017955410

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc and/or its affiliates, in the United States and other countries, and may not be used without written permission CompTIA and Security+ are trademarks or registered trademarks of CompTIA, Inc All other trademarks are the property

of their respective owners John Wiley & Sons, Inc is not associated with any product or vendor mentioned in this book.

For Emmett Buis and Wolfgang Scisney: bookends.

—Emmett

This book would not exist were it not for Mike Pastore, the author ofthe first edition He took a set of convoluted objectives for a broadexam and wrote the foundation of the study guide that you now hold

in your hands While the exam and their associated objectives

improved with each iteration, all subsequent editions of this text areforever indebted to his knowledge, hard work, and brilliance so earlyon

Thanks are also due to Gary Schwartz, for being one of the best editors

in publishing to work with, and to all of those at Wiley who helpedwith this title

About the Authors

Emmett Dulaney is a professor at a small university in Indiana and

the former director of training for Mercury Technical Solutions He is

a columnist for Certification Magazine and the author of more than

30 books on certification, operating systems, and cross-platform

integration Emmett can be reached at eadulaney@comcast.net

Chuck Easttom is a researcher, consultant, and trainer in computer

science and computer security He has expertise in software

engineering, operating systems, databases, web development, andcomputer networking He travels the world teaching and consulting ondigital forensics, cyber security, cryptology, and related topics He hasauthored 22 books and counting, as well as dozens of research papers.Chuck is additionally an inventor with 10 patented computer-scienceinventions He also frequently works as an expert witness in

computer-related cases His website is http://chuckeasttom.com/

How to Become a Security+ Certified Professional

Who Should Read This Book?

What Does This Book Cover?

Tips for Taking the Security+ Exam

What’s Included in the Book

Interactive Online Learning Environment and Test BankHow to Use This Book and Study Tools

Exam SY0-501 Exam Objectives

SY0-501 Certification Exam Objective Map

Assessment Test

Answers to Assessment Test

Chapter 1 Managing Risk

Chapter 2 Monitoring and Diagnosing Networks

Monitoring and Diagnosing Networks Terminology

Frameworks, Best Practices, and Configuration Guides

Secure Network Architecture Concepts

Secure Systems Design

Chapter 4 Identity and Access Management

Using Tools to Assess Your Network

Troubleshooting Common Security Issues

Security Technologies

Identity and Access Management Concepts

Install and Configure Identity and Access ServicesFile and Database Security

Summary

Exam Essentials

Review Questions

Chapter 5 Wireless Network Threats

Wireless Threat Terminology

Wireless Vulnerabilities to Know

Chapter 6 Securing the Cloud

Cloud-Related Terminology

Working with Cloud Computing

Working with Virtualization

Security and the Cloud

Summary

Exam Essentials

Review Questions

Chapter 7 Host, Data, and Application Security

Threat Actors and Attributes

Use of Open Source Intelligence

Using Cryptographic Systems

Understanding Cryptography Standards and ProtocolsPublic Key Infrastructure

Using Public Key Infrastructure

Authentication

Summary

Exam Essentials

Review Questions

Chapter 9 Threats, Attacks, and Vulnerabilities

Threat and Attack Terminology

Living in a World of Viruses

Malware and Crypto-Malware

Understanding Various Types of Application/Service AttacksSummary

Exam Essentials

Review Questions

Chapter 10 Social Engineering and Other Foes

Social Engineering and Physical Security Terminology

Understanding Social Engineering

Understanding Physical Security

Various Control Types

Data Security and Privacy Practices

Chapter 12 Disaster Recovery and Incident Response

Disaster and Incident Related Terminology

Penetration Testing

Issues Associated with Business Continuity

Summary

Exam Essentials

Review Questions

Appendix Answers to Review Questions

Chapter 1 : Managing Risk

Chapter 2 : Monitoring and Diagnosing NetworksChapter 3 : Understanding Devices and InfrastructureChapter 4 : Identity and Access Management

Chapter 5 : Wireless Network Threats

Chapter 6 : Securing the Cloud

Chapter 7 : Host, Data, and Application Security

Chapter 8 : Cryptography

Chapter 9 : Threats, Attacks, and Vulnerabilities

Chapter 10 : Social Engineering and Other Foes

Chapter 11 : Security Administration

Chapter 12 : Disaster Recovery and Incident ResponseAdvert

EULA

List of Tables

Chapter 1

TABLE 1.1 TABLE 1.2 TABLE 1.3

Chapter 4

TABLE 4.1 TABLE 4.2 TABLE 4.3 TABLE 4.4 TABLE 4.5 TABLE 4.6 TABLE 4.7

FIGURE 2.3 Network segmentation

FIGURE 2.4 Two LANs connected using a VPN across the

Internet

FIGURE 2.5 A proxy firewall blocking network access from

external networks

FIGURE 2.6 Windows 10 Control Panel

FIGURE 2.7 Windows 10 System and Security

FIGURE 2.8 Windows 10 Administrative Tools screen

FIGURE 2.9 Windows 10 Services

FIGURE 3.4 The components of an IDS working together to

provide network monitoring

FIGURE 3.5 A signature-based detection system in action FIGURE 3.6 AD-IDS using expert system technology to

evaluate risks

FIGURE 3.7 NIDS placement in a network determines what

data will be analyzed

FIGURE 3.8 A hub being used to attach the NIDS to the

network

FIGURE 3.9 An IPS instructing TCP to reset all connections FIGURE 3.10 An IPS instructing the firewall to close port 80

for 60 seconds to thwart an IIS attack

FIGURE 3.11 A network honeypot deceives an attacker and

gathers intelligence

FIGURE 3.12 A host-based IDS interacting with the operating

system

FIGURE 3.13 Router connecting two LANs

FIGURE 3.14 A corporate network implementing routers for

segmentation and security

FIGURE 3.15 Switching between two systems

Chapter 4

FIGURE 4.1 tcpdump

FIGURE 4.2 Wireshark

FIGURE 4.3 Wireshark follow conversation

FIGURE 4.4 SolarWinds network topology scan

FIGURE 4.5 SolarWinds scan results

FIGURE 4.6 LanHelper

FIGURE 4.7 Aircrack

FIGURE 4.8 pwdump

FIGURE 4.9 Ophcrack

FIGURE 4.10 Nessus report

FIGURE 4.11 MBSA output

FIGURE 4.12 OWASP ZAP output

FIGURE 4.21 Windows Firewall

FIGURE 4.22 A logon process occurring on a workstation FIGURE 4.23 Kerberos authentication process

FIGURE 4.24 The RADIUS client manages the local

connection and authenticates against a central server

FIGURE 6.1 The SaaS service model

FIGURE 6.2 The PaaS service model

FIGURE 6.3 The IaaS service model

FIGURE 6.4 Type I hypervisor model

FIGURE 6.5 Type II hypervisor model

Chapter 7

FIGURE 7.1 Dark web market

FIGURE 7.2 ThreatCrowd

FIGURE 8.1 A simple transposition cipher in action

FIGURE 8.2 Symmetric encryption system

FIGURE 8.3 A two-key system in use

FIGURE 8.4 The MAC value is calculated by the sender and

receiver using the same algorithm

FIGURE 8.5 Digital signature processing steps

FIGURE 8.6 The PGP encryption system

FIGURE 8.7 The SSL connection process

FIGURE 8.8 The TLS connection process

Chapter 9

FIGURE 9.1 Virus spreading from an infected system using

the network or removable media

FIGURE 9.2 An email virus spreading geometrically to other

users

FIGURE 9.3 A logic bomb being initiated

FIGURE 9.4 A backdoor attack in progress

FIGURE 9.5 Distributed denial-of-service attack

FIGURE 9.6 A man-in-the-middle attack occurring between a

client and a web server

FIGURE 9.7 A replay attack occurring

FIGURE 9.8 A spoofing attack during logon

Chapter 10

FIGURE 10.1 An example of vishing

FIGURE 10.2 An example of tailgating

FIGURE 10.3 An example of dumpster diving

FIGURE 10.4 An example of shoulder surfing

FIGURE 10.5 Falsely sounding an alarm is a type of hoax FIGURE 10.6 The three-layer security model

FIGURE 10.7 A cable can be used to keep a desktop machine

from easily being taken

FIGURE 10.8 If theft of equipment is a possibility, run one

end of the cable from the monitor to the desktop computerthrough a hole in the work desk

FIGURE 10.9 A mantrap in action

FIGURE 10.10 A hot and cold aisle design

FIGURE 10.11 Water-based fire-suppression system

FIGURE 10.12 Electromagnetic interference (EMI) pickup in

a data cable

FIGURE 10.13 RF desensitization occurring as a result of cell

phone interference

FIGURE 10.14 A cable in the security slot keeps the laptop

from easily being removed

FIGURE 12.1 Database transaction auditing process

FIGURE 12.2 Grandfather, Father, Son backup method

FIGURE 12.3 Full Archival backup method

FIGURE 12.4 A backup server archiving server files

FIGURE 12.5 System regeneration process for a workstation

or server

This book presents the material at an intermediate technical level.Experience with and knowledge of security concepts, operating

systems, and application systems will help you get a full understanding

of the challenges that you’ll face as a security professional

We’ve included review questions at the end of each chapter to give you

a taste of what it’s like to take the exam If you’re already working inthe security field, we recommend that you check out these questionsfirst to gauge your level of expertise You can then use the book mainly

to fill in the gaps in your current knowledge This study guide will helpyou round out your knowledge base before tackling the exam

If you can answer 90 percent or more of the review questions correctlyfor a given chapter, you can feel safe moving on to the next chapter Ifyou’re unable to answer that many correctly, reread the chapter andtry the questions again Your score should improve

Don’t just study the questions and answers! The questions

on the actual exam will be different from the practice questions

included in this book The exam is designed to test your knowledge

of a concept or objective, so use this book to learn the objectives

behind the questions

Before You Begin the CompTIA Security+

Certification Exam

Before you begin studying for the exam, it’s imperative that you

understand a few things about the Security+ certification Security+ is

a certification from CompTIA (an industry association responsible formany entry-level certifications) granted to those who obtain a passingscore on a single entry-level exam In addition to adding Security+ toyour résumé as a stand-alone certification, you can use it as an elective

in many vendor-certification tracks

The CompTIA Advance Security Practitioner (CASP)certification is designed for those with up to 10 years of security

experience It builds on Security+ and authenticates knowledge at

a higher level Between Security+ and CASP, CompTIA created aCybersecurity Analyst certification (CSA+) as a bridge that remainsvendor-neutral and verifies that successful candidates have the

knowledge and skills required to configure and use threat detectiontools, perform data analysis, and interpret the results to identifyvulnerabilities, threats, and risks to an organization, with the endgoal of securing and protecting applications and systems within anorganization

When you’re studying for any exam, the first step in preparation

should always be to find out as much as possible about the test: themore you know up front, the better you can plan your course of study.The current exam, and the one addressed by this book, is the 2017update Although all variables are subject to change, as this book isbeing written, the exam consists of 100 questions You have 90

minutes to take the exam, and the passing score is based on a scalefrom 100 to 900 Pearson VUE testing centers administer the examthroughout the United States and several other countries

The exam is predominantly multiple choice with short, concise

questions, usually followed by four possible answers Don’t expectlengthy scenarios and complex solutions This is an entry-level exam

of knowledge-level topics; you’re expected to know a great deal aboutsecurity topics from an overview perspective rather than

implementation In many books, the glossary is filler added to the back

of the text; this book’s glossary (located on the book’s online test bank

at www.wiley.com/go/sybextestprep) should be considered necessaryreading You’re likely to see a question on the exam about what a

Trojan horse is, not how to identify it at the code level Spend yourstudy time learning the different security solutions and identifyingpotential security vulnerabilities and where they would be applicable.Don’t get bogged down in step-by-step details; those are saved for

certification exams beyond the scope of Security+

You should also know that CompTIA is notorious for including vaguequestions on all of its exams You might see a question for which two

of the possible four answers are correct—but you can choose only one.Use your knowledge, logic, and intuition to choose the best answer andthen move on Sometimes, the questions are worded in ways that

would make English majors cringe—a typo here, an incorrect verbthere Don’t let this frustrate you; answer the question, and go to thenext Although we haven’t intentionally added typos or other

grammatical errors, the questions throughout this book make everyattempt to re-create the structure and appearance of the real examquestions

CompTIA frequently does what is called item seeding,

which is the practice of including unscored questions on exams Itdoes so to gather psychometric data, which is then used when

developing new versions of the exam Before you take it, you are

told that your exam may include unscored questions So, if you

come across a question that does not appear to map to any of theexam objectives—or for that matter, does not appear to belong inthe exam—it is likely a seeded question You never really know

whether or not a question is seeded, however, so always make yourbest effort to answer every question.

As you study, you need to know that the exam you’ll take was created

at a certain point in time You won’t see a question about the new virusthat hit your systems last week, but you’ll see questions about conceptsthat existed when this exam was created Updating the exam is a

difficult process and results in an increment in the exam number

Why Become Security+ Certified?

There are a number of reasons for obtaining a Security+ certification.These include the following:

It provides proof of professional achievement Specialized

certifications are the best way to stand out from the crowd In this age

of technology certifications, you’ll find hundreds of thousands of

administrators who have successfully completed the Microsoft andCisco certification tracks To set yourself apart from the crowd, youneed a little bit more The Security+ exam is part of the CompTIA

certification track that includes A+, Network+, and other

vendor-neutral certifications such as Linux+, Project+, and more This examwill help you prepare for more advanced certifications because it

provides a solid grounding in security concepts, and it will give you therecognition you deserve

It increases your marketability Almost anyone can bluff their

way through an interview Once you’re Security+ certified, you’ll havethe credentials to prove your competency Moreover, certificationscan’t be taken from you when you change jobs—you can take that

certification with you to any position you accept

It provides opportunity for advancement Individuals who

prove themselves to be competent and dedicated are the ones who willmost likely be promoted Becoming certified is a great way to proveyour skill level and show your employer that you’re committed to

improving your skill set Look around you at those who are certified:they are probably the people who receive good pay raises and

promotions

It fulfills training requirements Many companies have set

training requirements for their staff so that they stay up-to-date on thelatest technologies Having a certification program in security providesadministrators with another certification path to follow when theyhave exhausted some of the other industry-standard certifications

It raises customer confidence As companies discover the

advantages of CompTIA, they will undoubtedly require qualified staff

to achieve these certifications Many companies outsource their work

to consulting firms with experience working with security Firms thathave certified staff have a definite advantage over firms that don’t

How to Become a Security+ Certified

Professional

The first place to start to get your certification is to register for theexam at any Pearson VUE testing center Exam pricing might vary bycountry or by CompTIA membership You can contact Pearson at:Pearson VUE

www.vue.com/comptia

U.S and Canada: 877-551-PLUS (7587)

When you schedule the exam, you’ll receive instructions regardingappointment and cancellation procedures, ID requirements, and

information about the testing center location In addition, you’ll

receive a registration and payment confirmation letter Exams can bescheduled up to six weeks out or as late as the next day (or, in somecases, even on the same day)

Exam prices and codes may vary based on the country inwhich the exam is administered For detailed pricing and exam

registration procedures, refer to CompTIA’s website at

registration packet.)

Who Should Read This Book?

If you want to acquire a solid foundation in computer security andyour goal is to prepare for the exam by learning how to develop andimprove security, this book is for you You’ll find clear explanations ofthe concepts that you need to grasp and plenty of help to achieve thehigh level of professional competency that you need in order to

succeed in your chosen field

If you want to become certified as a certification holder, this book isdefinitely what you need However, if you just want to attempt to passthe exam without really understanding security, this study guide isn’tfor you It’s written for people who want to acquire hands-on skills andin-depth knowledge of computer security

In addition to reading this book, you might considerdownloading and reading the white papers on security that are

scattered throughout the Internet

What Does This Book Cover?

This book covers everything you need to know to pass the Security+exam

Chapter 1 : Managing Risk

Chapter 2 : Designing and Diagnosing Networks

Chapter 3 : Understanding Devices and Infrastructure

Chapter 4 : Identity and Access Management

Chapter 5 : Wireless Network Threats

Chapter 6 : Securing the Cloud

Chapter 7 : Data and Privacy Security Practices

Chapter 8 : Cryptography

Chapter 9 : Threats, Attacks, and Vulnerabilities

Chapter 10 : Social Engineering and Other Foes

Chapter 11 : Security Administration

Chapter 12 : Disaster Recovery and Incident Response

Tips for Taking the Security+ Exam

Here are some general tips for taking your exam:

Bring two forms of ID with you One must be a photo ID, such as adriver’s license The other can be a major credit card or a passport.Both forms must include a signature

Arrive early at the exam center so that you can relax and reviewyour study materials, particularly tables and lists of exam-relatedinformation After you are ready to enter the testing room, you willneed to leave everything outside; you won’t be able to bring anymaterials into the testing area

Read the questions carefully Don’t be tempted to jump to an earlyconclusion Make sure that you know exactly what each question isasking

Don’t leave any unanswered questions Unanswered questions arescored against you

There will be questions with multiple correct responses When

there is more than one correct answer, a message at the bottom ofthe screen will prompt you to either “Choose two” or “Choose allthat apply.” Be sure to read the messages displayed to know howmany correct answers you must choose

When answering multiple-choice questions about which you’reunsure, use a process of elimination to get rid of the obviously

incorrect answers first Doing so will improve your odds if you need

to make an educated guess

On form-based tests (nonadaptive), because the hard questionswill take the most time, save them for last You can move forwardand backward through the exam

For the latest pricing on the exams and updates to the registrationprocedures, visit CompTIA’s website at

http://certification.comptia.org

What’s Included in the Book

We’ve included several testing features in this book and on the

companion website These tools will help you retain vital exam content

as well as prepare you to sit for the actual exam:

Assessment Test At the end of this introduction is an assessment

test that you can use to check your readiness for the exam Take thistest before you start reading the book; it will help you determine theareas in which you might need to brush up The answers to the

assessment test questions appear on a separate page after the last

question of the test Each answer includes an explanation and a notetelling you the chapter in which the material appears

Objective Map and Opening List of Objectives After this book’s

introduction, we have included a detailed exam objective map showingyou where each of the exam objectives is covered in this book In

addition, each chapter opens with a list of the exam objectives it

covers Use these to see exactly where each of the exam topics is

covered

Exam Essentials Just before the Summary, each chapter includes a

number of exam essentials These are the key topics that you shouldtake from the chapter in terms of areas to focus on when preparing forthe exam

Review Questions To test your knowledge as you progress

throughout the book, there are review questions at the end of eachchapter As you finish each chapter, answer the review questions andthen check your answers The correct answers and explanations arefound in Appendix A You can go back to reread the section that dealswith each question that you got wrong to ensure that you answer

correctly the next time you’re tested on the material

The Sybex Interactive Online Test Bank, flashcards, bonuslabs, and glossary can be accessed at

http://www.wiley.com/go/sybextestprep.

Interactive Online Learning Environment and Test Bank

The interactive online learning environment that accompanies

CompTIA Security+ Study Guide: Exam SY0-501 provides a test bank

with study tools to help you prepare for the certification exams andincrease your chances of passing them the first time! The test bankincludes the following elements:

Sample Tests All of the questions in this book, including the

assessment test that you’ll find at the end of this introduction and thechapter tests, which include the review questions at the end of eachchapter, are provided In addition, there are two practice exams Usethese questions to test your knowledge of the study guide material.The online test bank runs on multiple devices

Electronic Flashcards One set of questions is provided in digital

flashcard format (a question followed by a single correct answer) Youcan use the flashcards to reinforce your learning and provide last-minute test prep before the exam

Glossary The key terms from this book and their definitions are

available as a fully searchable PDF

Bonus Labs Also online, you will find additional bonus labs These

include activities such as labs that you can do on a system as well asmental exercises (crossword puzzles, word searches, and so forth) tohelp you memorize key concepts

You can access the online test bank atwww.wiley.com/go/sybextestprep

How to Use This Book and Study Tools

If you want a solid foundation for preparing for the Security+ exam,this is the book for you We’ve spent countless hours putting togetherthis book with the sole intention of helping you prepare for the exam.This book is loaded with valuable information, and you will get themost out of your study time if you understand how we put it together.Here’s a list that describes how to approach studying:

1 Take the assessment test immediately following this introduction.It’s okay if you don’t know any of the answers—that’s what thisbook is for Carefully read over the explanations for any questionthat you get wrong, and make a note of the chapters where thatmaterial is covered

2 Study each chapter carefully, making sure that you fully

understand the information and the exam objectives listed at thebeginning of each one Again, pay extra-close attention to any

chapter that includes material covered in the questions that youmissed on the assessment test

3 Read over the summary and exam essentials These will highlightthe sections from the chapter with which you need to be familiarbefore sitting for the exam

4 Answer all of the review questions at the end of each chapter

Specifically note any questions that confuse you, and study thosesections of the book again Don’t just skim these questions—makesure that you understand each answer completely

5 Go over the electronic flashcards These help you to prepare for thelatest Security+ exam, and they’re really great study tools

6 Take the practice exams

Performance-Based Questions

CompTIA introduced performance-based questions in their

certification exams, including Security+, several years ago Theseare not the traditional multiple-choice questions with which you’reprobably familiar These questions require the candidate to knowhow to perform a specific task or series of tasks Although the newSecurity+ exam was not live by the time this book was published,

we have a pretty good idea of how these questions will be laid out

In some cases, the candidate might be asked to fill in the blankwith the best answer Alternatively, you may be asked to matchcertain items from one list into another Some of the more involvedperformance-based questions might present the candidate with ascenario and then ask them to complete a task You will be taken to

a simulated environment where you will have to perform a series ofsteps, and you will be graded on how well you complete the task.The Sybex test engine does not have the ability to include

performance-based questions However, we have included

numerous hands-on exercises throughout the book that are

designed to measure how well you understand the chapter topics.Being able to think logically is a great way to learn

Exam SY0-501 Exam Objectives

CompTIA goes to great lengths to ensure that its certification

programs accurately reflect the IT industry’s best practices They dothis by establishing committees for each of its exam programs Eachcommittee comprises a small group of IT professionals, training

providers, and publishers who are responsible for establishing theexam’s baseline competency level and who determine the appropriatetarget-audience level

Once these factors are determined, CompTIA shares this informationwith a group of hand-selected subject matter experts (SMEs) Thesefolks are the true brainpower behind the certification program In thecase of this exam, they are IT-seasoned pros from the likes of

Microsoft, Oracle, VeriSign, and RSA Security, to name just a few TheSMEs review the committee’s findings, refine them, and shape theminto the objectives that follow this section CompTIA calls this process

a job-task analysis (JTA)

Finally, CompTIA conducts a survey to ensure that the objectives andweightings truly reflect job requirements Only then can the SMEs go

to work writing the hundreds of questions needed for the exam Even

so, they have to go back to the drawing board for further refinements

in many cases before the exam is ready to go live in its final state Restassured that the content you’re about to learn will serve you long afteryou take the exam

Exam objectives are subject to change at any time withoutprior notice and at CompTIA’s sole discretion Visit the

certification page of CompTIA’s website at

http://certification.comptia.org for the most current listing of

exam objectives

CompTIA also publishes relative weightings for each of the exam’s

objectives The following table lists the six Security+ objective

domains and the extent to which they are represented on the exam Asyou use this study guide, you’ll find that we have administered just theright dosage of objective knowledge by tailoring coverage to mirror thepercentages that CompTIA uses

1.0 Threats, Attacks and Vulnerabilities 21%

4.0 Identity and Access Management 16%

SY0-501 Certification Exam Objective Map

1.0 Threats, Attacks and Vulnerabilities

1.1 Given a scenario, analyze indicators of compromise and

determine the type of malware

Chapter9

Viruses; Crypto-malware; Ransomware; Worm; Trojan;

Rootkit; Keylogger; Adware; Spyware; Bots; RAT; Logic

bomb; Backdoor

1.2 Compare and contrast types of attacks

Social Engineering: Phishing; Spear phishing; Whaling;

Vishing; Tailgating; Impersonation; Dumpster diving;

Shoulder surfing; Hoax; Watering hole attack; Principles

(reasons for effectiveness): (Authority; Intimidation;

Consensus; Scarcity; Familiarity; Trust; Urgency)

Chapter10

Application/service attacks: DoS; DDoS;

Man-in-the-middle; Buffer overflow; Injection; Cross-site scripting;

Cross-site request forgery; Privilege escalation; ARP

poisoning; Amplification; DNS poisoning; Domain

hijacking; Man-in-the-browser; Zero day; Replay; Pass the

hash; Hijacking and related attacks (Clickjacking; Session

hijacking; URL hijacking; Typo squatting); Driver

manipulation (Shimming; Refactoring); MAC spoofing; IP

spoofing

Chapter9

Wireless attacks: Replay; IV; Evil twin; Rogue AP;

Jamming; WPS; Bluejacking; Bluesnarfing; RFID; NFC;

Disassociation

Chapter5

Cryptographic attacks: Birthday; Known plain text/cipher

text; Rainbow tables; Dictionary; Brute force (Online vs

offline); Collision; Downgrade; Replay; Weak

implementations

Chapter8

1.3 Explain threat actor types and attributes Chapter

7