Exam Cram CompTIA Security SYO-301 Practice Questions Third Edition
CompTIASecurity SY0-301Practice QuestionsThird EditionDiane Barrett800 East 96th Street, Indianapolis, Indiana 46240 USA
CompTIA Security SY0-301 Practice Questions Exam Cram,Third EditionPublisherPaul BogerCopyright 2012 by Pearson Education, Inc.Associate PublisherDavid DusthimerAll rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, orotherwise, without written permission from the publisher. No patent liability isassumed with respect to the use of the information contained herein. Although everyprecaution has been taken in the preparation of this book, the publisher and authorassume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.ISBN-13: 978-0-7897-4828-7ISBN-10: 0-7897-4828-2Printed in the United States of AmericaSecond Printing: October 2013TrademarksAll terms mentioned in this book that are known to be trademarks or service markshave been appropriately capitalized. Pearson cannot attest to the accuracy of thisinformation. Use of a term in this book should not be regarded as affecting the validityof any trademark or service mark.Warning and DisclaimerEvery effort has been made to make this book as complete and as accurate aspossible, but no warranty or fitness is implied. The information provided is on an “asis” basis. The author and the publisher shall have neither liability nor responsibility toany person or entity with respect to any loss or damages arising from the informationcontained in this book or from the use of the CD or programs accompanying it.Bulk SalesQue Publishing offers excellent discounts on this book when ordered in quantity forbulk purchases or special sales. For more information, please contactU.S. Corporate and Government or sales outside the U.S., please contactInternational Salesinternational@pearsoned.comAcquisitions EditorBetsy BrownSenior DevelopmentEditorChristopherClevelandManaging EditorSandra SchroederTechnical EditorChris CraytonProject EditorMandie FrankCopy EditorBarbara HachaProofreaderLeslie JosephPublishingCoordinatorVanessa EvansMultimediaDeveloperTim WarnerCover DesignerGary AdairPage LayoutStudio Galou, LLC
Contents at a GlanceIntroduction5CHAPTER 1Domain 1.0: Network Security9CHAPTER 2Domain 2.0: Compliance and Operational SecurityCHAPTER 3Domain 3.0: Threats and Vulnerabilities135CHAPTER 4Domain 4.0: Application, Data, and Host Security223CHAPTER 5Domain 5.0: Access Control and Identity Management269CHAPTER 6Domain 6.0: Cryptography31775
ivTable of ContentsCompTIA Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1It Pays to Get Certified . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1How Certification Helps Your Career . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2CompTIA Career Pathway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Join the Professional Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Content Seal of Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Why CompTIA? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4How to Obtain More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Who This Book Is For. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5What You Will Find in This Book. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Hints for Using This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Need Further Study? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Chapter OneDomain 1.0: Network Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Objective 1.1: Explain the security function and purpose ofnetwork devices and technologies. . . . . . . . . . . . . . . . . . . . . . . . . . 10Objective 1.2: Apply and implement secure networkadministration principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Objective 1.3: Distinguish and differentiate network designelements and compounds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Objective 1.4: Implement and use common protocols. . . . . . . . . . 32Objective 1.5: Identify commonly used ports. . . . . . . . . . . . . . . . . 36Objective 1.6: Implement wireless network in a securemanner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Objective 1.1: Explain the security function and purpose ofnetwork devices and technologies. . . . . . . . . . . . . . . . . . . . . . . . . . 44Objective 1.2: Apply and implement secure networkadministration principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Objective 1.3: Distinguish and differentiate network designelements and compounds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
vObjective 1.4: Implement and use common protocols. . . . . . . . . . 45Objective 1.5: Identify commonly used ports. . . . . . . . . . . . . . . . . 46Objective 1.6: Implement wireless network in asecure manner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47Objective 1.1: Explain the security function and purpose ofnetwork devices and technologies. . . . . . . . . . . . . . . . . . . . . . . . . . 47Objective 1.2: Apply and implement secure networkadministration principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Objective 1.3: Distinguish and differentiate network designelements and compounds. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Objective 1.4: Implement and use common protocols. . . . . . . . . . 65Objective 1.5: Identify commonly used ports. . . . . . . . . . . . . . . . . 70Objective 1.6: Implement wireless network in a securemanner. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Chapter TwoDomain 2.0: Compliance and Operational Security . . . . . . . . . . . . . . . . . . . . . . . 75Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Objective 2.1: Explain risk related concepts. . . . . . . . . . . . . . . . . . 76Objective 2.2: Carry out appropriate risk mitigationstrategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Objective 2.3: Execute appropriate incident responseprocedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85Objective 2.4: Explain the importance of security relatedawareness and training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Objective 2.5: Compare and contrast aspects of businesscontinuity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92Objective 2.6: Explain the impact and proper use ofenvironmental controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Objective 2.7: Execute disaster recovery plans andprocedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Objective 2.8: Exemplify the concepts of confidentiality,integrity, and availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Objective 2.1: Explain risk related concepts. . . . . . . . . . . . . . . . . 108Objective 2.2: Carry out appropriate riskmitigation strategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Objective 2.3: Execute appropriate incidentresponse procedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
viCompTIA Security SY0-301 Practice Questions Exam CramObjective 2.4: Explain the importance of security relatedawareness and training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Objective 2.5: Compare and contrast aspects of businesscontinuity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Objective 2.6: Explain the impact and proper use ofenvironmental controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Objective 2.7: Execute disaster recovery plans andprocedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Objective 2.8: Exemplify the concepts of confidentiality,integrity, and availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111Objective 2.1: Explain risk related concepts. . . . . . . . . . . . . . . . . 111Objective 2.2: Carry out appropriate risk mitigationstrategies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Objective 2.3: Execute appropriate incident responseprocedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Objective 2.4: Explain the importance of security relatedawareness and training. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Objective 2.5: Compare and contrast aspects of businesscontinuity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123Objective 2.6: Explain the impact and proper use ofenvironmental controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Objective 2.7: Execute disaster recovery plans andprocedures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128Objective 2.8: Exemplify the concepts of confidentiality,integrity, and availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133Chapter ThreeDomain 3.0: Threats and Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Objective 3.1: Analyze and differentiate among types ofmalware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Objective 3.2: Analyze and differentiate among types ofattacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144Objective 3.3: Analyze and differentiate among types ofsocial engineering attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154Objective 3.4: Analyze and differentiate among types ofwireless attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156Objective 3.5: Analyze and differentiate among types ofapplication attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
ContentsviiObjective 3.6: Analyze and differentiate among types ofmitigation and deterrent techniques. . . . . . . . . . . . . . . . . . . . . . . 165Objective 3.7: Implement assessment tools and techniquesto discover security threats and vulnerabilities. . . . . . . . . . . . . . 174Objective 3.8: Within the realm of vulnerability assessments,explain the proper use of penetration testing versusvulnerability scanning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Objective 3.1: Analyze and differentiate among types ofmalware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Objective 3.2: Analyze and differentiate among typesof attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180Objective 3.3: Analyze and differentiate among types ofsocial engineering attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Objective 3.4: Analyze and differentiate among types ofwireless attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Objective 3.5: Analyze and differentiate among types ofapplication attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181Objective 3.6: Analyze and differentiate among types ofmitigation and deterrent techniques. . . . . . . . . . . . . . . . . . . . . . . 182Objective 3.7: Implement assessment tools and techniquesto discover security threats and vulnerabilities. . . . . . . . . . . . . . 182Objective 3.8: Within the realm of vulnerabilityassessments, explain the proper use of penetrationtesting versus vulnerability scanning. . . . . . . . . . . . . . . . . . . . . . 183Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Objective 3.1: Analyze and differentiate among typesof malware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Objective 3.2: Analyze and differentiate among typesof attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Objective 3.3: Analyze and differentiate among typesof social engineering attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200Objective 3.4: Analyze and differentiate among typesof wireless attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202Objective 3.5: Analyze and differentiate among typesof application attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206Objective 3.6: Analyze and differentiate among typesof mitigation and deterrent techniques. . . . . . . . . . . . . . . . . . . . 210Objective 3.7: Implement assessment tools and techniquesto discover security threats and vulnerabilities. . . . . . . . . . . . . . 216
viiiCompTIA Security SY0-301 Practice Questions Exam CramObjective 3.8: Within the realm of vulnerabilityassessments, explain the proper use of penetrationtesting versus vulnerability scanning. . . . . . . . . . . . . . . . . . . . . . 219Chapter FourDomain 4.0: Application, Data, and Host Security . . . . . . . . . . . . . . . . . . . . . . . 223Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224Objective 4.1: Explain the importance ofapplication security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224Objective 4.2: Carry out appropriate proceduresto establish host security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232Objective 4.3: Explain the importance of data security. . . . . . . . 239Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Objective 4.1: Explain the importance ofapplication security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248Objective 4.2: Carry out appropriateprocedures to establish host security. . . . . . . . . . . . . . . . . . . . . . 248Objective 4.3: Explain the importance of data security. . . . . . . . 249Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Objective 4.1: Explain the importance ofapplication security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250Objective 4.2: Carry out appropriate procedures toestablish host security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Objective 4.3: Explain the importance of data security. . . . . . . . 262Chapter FiveDomain 5.0: Access Control and Identity Management . . . . . . . . . . . . . . . . . . . 269Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270Objective 5.1: Explain the function and purpose ofauthentication services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270Objective 5.2: Explain the fundamental concepts andbest practices related to authorization and access control. . . . . 275Objective 5.3: Implement appropriate security controlswhen performing account management. . . . . . . . . . . . . . . . . . . . 285Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Objective 5.1: Explain the function and purpose ofauthentication services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Objective 5.2: Explain the fundamental concepts andbest practices related to authorization and access control. . . . . 293
ContentsixObjective 5.3: Implement appropriate security controls whenperforming account management. . . . . . . . . . . . . . . . . . . . . . . . . 294Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295Objective 5.1: Explain the function and purpose ofauthentication services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295Objective 5.2: Explain the fundamental concepts andbest practices related to authorization and access control. . . . . 299Objective 5.3: Implement appropriate security controlswhen performing account management. . . . . . . . . . . . . . . . . . . . 309Chapter SixDomain 6.0: Cryptography. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317Practice Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318Objective 6.1: Summarize general cryptography concepts. . . . . 318Objective 6.2: Use and apply appropriate cryptographictools and products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323Objective 6.3: Explain core concepts of public keyinfrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329Objective 6.4: Implement PKI, certificate management,and associated components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333Quick-Check Answer Key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338Objective 6.1: Summarize general cryptography concepts. . . . . 338Objective 6.2: Use and apply appropriate cryptographictools and products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338Objective 6.3: Explain core concepts of public keyinfrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339Objective 6.4: Implement PKI, certificate management,and associated components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339Answers and Explanations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340Objective 6.1: Summarize general cryptography concepts. . . . . 340Objective 6.2: Use and apply appropriate cryptographictools and products. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343Objective 6.3: Explain core concepts of public keyinfrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348Objective 6.4: Implement PKI, certificate management,and associated components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
xAbout the AuthorDiane Barrett is the director of training for Paraben Corporation and anadjunct professor for American Military University. She has done contractforensic and security assessment work for several years and has authored othersecurity and forensic books. She is a regular committee member for ADFSL’sConference on Digital Forensics, Security and Law, as well as an academy director for Edvancement Solutions. She holds many industry certifications, including CISSP, ISSMP, DFCP, PCME, along with many CompTIA certifications,including the Security (2011 objectives). Diane’s education includes a MS inInformation Technology with a specialization in Information Security. Sheexpects to complete a PhD in business administration with a specialization inInformation Security shortly.
xiDedicationTo my niece Elizabeth, who never ceases to amaze me.AcknowledgmentsPublishing a book takes the collaboration and teamwork of many individuals.Thanks to everyone involved in this process at Pearson Education, especiallyBetsy and Drew. To the editorial and technical reviewers, especially ChrisCrayton, thank you for making sure that my work was sound and on target.Special thanks to my husband for all his support and patience while I worked onthis project.
xiiWe Want to Hear from You!As the reader of this book, you are our most important critic and commentator.We value your opinion and want to know what we’re doing right, what we coulddo better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way.As an Associate Publisher for Pearson, I welcome your comments. You can emailor write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books better.Please note that I cannot help you with technical problems related to the topic of this book.We do have a User Services group, however, where I will forward specific technical questions related to the book.When you write, please be sure to include this book’s title and author as well asyour name, email address, and phone number. I will carefully review your comments and share them with the author and editors who worked on the :David DusthimerAssociate PublisherPearson800 East 96th StreetIndianapolis, IN 46240 USAReader ServicesVisit our website and register this book at www.examcram.com/register for convenient access to any updates, downloads, or errata that might be available forthis book.
CompTIA Security . Designed for IT professionals focused on system security. Covers network infrastructure, cryptography, assessments, and audits. Security is mandated by the U.S. Department of Defense and is recom-mended by top companies such as Microsoft, HP, and Cisco.It Pays to Get CertifiedIn a digital world, digital literacy is an essential survival skill—Certificationproves you have the knowledge and skill to solve business problems in virtuallyany business environment. Certifications are highly valued credentials that qualify you for jobs, increased compensation and promotion.Security is one of the highest demand job categories—growing in importance as the frequency and severity of security threats continues to be a majorconcern for organizations around the world. Jobs for security administrators are expected to increase by 18%—the skill set required for these types of jobs map to CompTIA Security certification. Network Security Administrators—can earn as much as 106,000 peryear. CompTIA Security is the first step—in starting your career as aNetwork Security Administrator or Systems Security Administrator. CompTIA Security is regularly used in organizations—such asHitachi Information Systems, Trendmicro, the McAfee Elite Partnerprogram, the U.S. State Department, and U.S. government contractorssuch as EDS, General Dynamics, and Northrop Grumman.
2CompTIA Security SY0-301 Practice Questions Exam CramHow Certification Helps Your CareerIT Is EverywhereIT Knowledge andSkills Gets JobsRetain Your Joband SalaryWant to ChangeJobsStick Out from theResume PileIT is ubiquitous,needed by mostorganizations.Globally, there areover 600,000 IT jobopenings.Certifications areessentialcredentials thatqualify you forjobs, increasedcompensation,and promotion.Make your expertisestand above the rest.Competence isusually retainedduring times ofchange.Certifications qualifyyou for newopportunities, whetherlocked into a currentjob, see limitedadvancement, or needto change careers.Hiring managerscan demand thestrongest skill set.CompTIA Career PathwayCompTIA offers a number of credentials that form a foundation for your careerin technology and allow you to pursue specific areas of concentration.Depending on the path you choose to take, CompTIA certifications help youbuild upon your skills and knowledge, supporting learning throughout yourentire career.
IntroductionSteps to Getting Certified and Staying CertifiedReview ExamObjectivesReview the certification objectives to make sure you know what iscovered in the tingcenters/examobjectives.aspxPractice for theExamAfter you have studied for the certification, take a free assessmentand sample test to get an idea of what type of questions might be onthe tingcenters/samplequestions.aspxPurchase anExam VoucherPurchase your exam voucher on the CompTIA Marketplace, which islocated at: http://www.comptiastore.com/Take the Test!Select a certification exam provider and schedule a time to take yourexam. You can find exam providers at the following tingcenters.aspxStay Certified!Effective January 1, 2011, new CompTIA Security certifications arevalid for three years from the date of your certification. There are anumber of ways the certification can be renewed. For more information go to: s to nJoin the Professional CommunityJoin IT Pro Communityhttp://itpro.comptia.orgThe free IT Pro online community provides valuable content tostudents and professionals.Career IT Job Resources Where to start in IT Career Assessments Salary Trends US Job BoardForums on Networking, Security, Computing and Cutting EdgeTechnologiesAccess to blogs written by Industry ExpertsCurrent information on Cutting Edge TechnologiesAccess to various industry resource links and articles related toIT and IT careers3
4CompTIA Security SY0-301 Practice Questions Exam CramContent Seal of QualityThis courseware bears the seal of CompTIA Approved Quality Content.This seal signifies this content covers 100% of the exam objectives and implements important instructional design principles. CompTIA recommends multiple learning tools to help increase coverage of the learning objectives.Why CompTIA?. Global Recognition—CompTIA is recognized globally as the leadingIT non-profit trade association and has enormous credibility. Plus,CompTIA’s certifications are vendor-neutral and offer proof of foundational knowledge that translates across technologies. Valued by Hiring Managers—Hiring managers value CompTIA certi-fication, because it is vendor- and technology-independent validation ofyour technical skills. Recommended or Required by Government and Businesses—Manygovernment organizations and corporations either recommend or requiretechnical staff to be CompTIA certified. (For example, Dell, Sharp,Ricoh, the U.S. Department of Defense, and many more.). Three CompTIA Certifications ranked in the top 10—In a study byDICE of 17,000 technology professionals, certifications helped command higher salaries at all experience levels.How to obtain more information. Visit CompTIA online—www.comptia.org to learn more about gettingCompTIA certified. Contact CompTIA—Call 866-835-8020 ext. 5 or emailquestions@comptia.org. Join the IT Pro Community—http://itpro.comptia.org to join the ITcommunity to get relevant career information. Connect with us—
IntroductionWelcome to CompTIA Security SYO-301 Practice Questions Exam Cram. The solepurpose of this book is to provide you with practice questions and answers andexplanations that will help you learn, drill, and review for the Security Certification (2011 Edition) exam. The book offers a large number of questionsto practice each exam objective and will help you assess your knowledge beforeyou take the real exam. The detailed answers to every question will help reinforceyour knowledge about different concepts covered on the Security (2011Edition) exam.Who This Book Is ForIf you have studied the SY0-301 exam’s content and think you are ready to putyour knowledge to the test, but you are not sure that you want to take the realexam yet, this book is for you! Maybe you have answered other practice questions or unsuccessfully taken the real exam, reviewed, and want to do more practice questions before going to take the real exam; this book is for you, too! Evenwhen the exam is done and you have passed with flying colors and have theSecurity Certification in your pocket, keep the book handy on your desktop tolook for answers to your everyday security issues.What You Will Find in This BookThis book is all about practice questions. The practice questions in the book,some very easy and others a bit more difficult (perhaps with a little complicatedproblem scenario, for example), are all aimed at raising your confidence levelbefore you take the real exam. In fact, you will even find questions that you willface in real life.This book is organized according to the objectives published by CompTIA forthe SY0-301: CompTIA Security (2011 Edition) exam (find the updated examinformation at enters/examobjectives.aspx). Each chapter corresponds to an exam domain, and in everychapter you will find the following three elements:. Practice questions: These are the numerous questions that will helpyou learn, drill, and re
Contents at a Glance Introduction 5 CHAPTER 1 Domain 1.0: Network Security 9 CHAPTER 2 Domain 2.0: Compliance and Operational Security 75 CHAPTER 3 Domain 3.0: Threats and Vulnerabilities 135 CHAPTER 4 Domain 4.0: Application, Data, and Host Security 223 CHAPTER 5 Domain 5.0: Access Control and Identity Management 269 CHAPTER 6 Domain 6.0: Cryptography 317
The CompTIA A 220-901 Objectives are subject to change without notice. CompTIA A Certification Exam Objectives Exam Number: 220-901 Introduction In order to receive CompTIA A certification a candidate must pass two exams. The first exam is CompTIA A 220-901 Certification Exam. The CompTIA A 220-901 examination measures necessary
The CompTIA A 220-901 Objectives are subject to change without notice. CompTIA A Certification Exam Objectives Exam Number: 220-901 Introduction In order to receive CompTIA A certification a candidate must pass two exams. The first exam is CompTIA A 220-901 Certification Exam. The CompTIA A 220-901 examination measures necessary
The CompTIA A 220-901 Objectives are subject to change without notice. CompTIA A Certification Exam Objectives Exam Numbers: 220-901 & 220-902 Introduction In order to receive CompTIA A certification a candidate must pass two exams. The first exam is CompTIA A 220-901 Certification Exam.
The CompTIA A 220-802 Objectives are subject to change without notice. CompTIA A Certification Exam Objectives Exam Number: 220-802 Introduction In order to receive CompTIA A certification a candidate must pass two exams. The first exam is the CompTIA A 220-801 Certification Exam. The Com
220-902 Exam Dumps 220-902 Exam Questions 220-902 PDF Dumps 220-902 VCE Dumps Back to the Source of this PDF and Get More Free Braindumps -- www.comptiadump.com CompTIA A Certification 220-902 Exam Vendor: CompTIA Exam Code: 220-902 Exam Name: CompTIA A (220-902) Get Complete Version Exam 220-902 Dumps with VCE and PDF Here
Certification Exam Structure? Exam Name CompTIA A Exam Code 220-1101 Exam Price 239 (USD) Duration 90 mins Number of Questions 90 Passing Score 675 / 900 Books / Training CertMaster Learn for A Schedule Exam Pearson VUE Sample Questions CompTIA A Core 1 Sample Questions Practice Exam CompTIA 220-1101 Certification Practice Exam
Part I: Network Security CHAPTER 1 Network Design 1 CHAPTER 2 Network Implementation 41 Part II: Compliance and Operational Security CHAPTER 3 Risk Management 69 CHAPTER 4 Response and Recovery 103 Part III: Threats and Vulnerabilities . CompTIA Security SY0-301 Authorized Exam Cram, Third Edition .
The CompTIA Security Certification Exam Objectives are subject to change without notice. Certification Exam Objectives: SY0-401 INTRODUCTION The CompTIA Security Certification is a vendor neutral credential. The CompTIA Security exam is an internationally recognized vali
