CompTIA Security+ SY0-301 Authorized Practice Questions Exam Cram Book

Introduction . 5

Who This Book Is For 5

What You Will Find in This Book 5

Hints for Using This Book 6

Need Further Study? . 7

Chapter One Domain 1.0: Network Security 9

Practice Questions 10

Objective 1.1: Explain the security function and purpose of network devices and technologies 10

Objective 1.2: Apply and implement secure network administration principles . 16

Objective 1.3: Distinguish and differentiate network design elements and compounds . 23

Objective 1.4: Implement and use common protocols 32

Objective 1.5: Identify commonly used ports . 36

Objective 1.6: Implement wireless network in a secure manner 40

Quick-Check Answer Key 44

Objective 1.1: Explain the security function and purpose of network devices and technologies 44

Objective 1.2: Apply and implement secure network administration principles . 44

Objective 1.3: Distinguish and differentiate network design elements and compounds . 45

Objective 1.4: Implement and use common protocols 45

Objective 1.5: Identify commonly used ports . 46

Objective 1.6: Implement wireless network in a secure manner 46

Answers and Explanations 47

Objective 1.1: Explain the security function and purpose of network devices and technologies 47

Objective 1.2: Apply and implement secure network administration principles . 52

Objective 1.3: Distinguish and differentiate network design elements and compounds 58

Objective 1.4: Implement and use common protocols 65

Objective 1.5: Identify commonly used ports . 70

Objective 1.6: Implement wireless network in a secure manner 71

Chapter Two Domain 2.0: Compliance and Operational Security . 75

Practice Questions 76

Objective 2.1: Explain risk related concepts. 76

Objective 2.2: Carry out appropriate risk mitigation strategies . 83

Objective 2.3: Execute appropriate incident response procedures . 85

Objective 2.4: Explain the importance of security related awareness and training . 87

Objective 2.5: Compare and contrast aspects of business continuity 92

Objective 2.6: Explain the impact and proper use of environmental controls . 94

Objective 2.7: Execute disaster recovery plans and procedures . 98

Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability. 105

Quick-Check Answer Key . 108

Objective 2.1: Explain risk related concepts . 108

Objective 2.2: Carry out appropriate risk mitigation strategies 108

Objective 2.3: Execute appropriate incident response procedures 108

Objective 2.4: Explain the importance of security related awareness and training 109

Objective 2.5: Compare and contrast aspects of business continuity . 109

Objective 2.6: Explain the impact and proper use of environmental controls. . 109

Objective 2.7: Execute disaster recovery plans and procedures 110

Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability. 110

Answers and Explanations . 111

Objective 2.1: Explain risk related concepts . 111

Objective 2.2: Carry out appropriate risk mitigation strategies 117

Objective 2.3: Execute appropriate incident response procedures 118

Objective 2.4: Explain the importance of security related awareness and training 120

Objective 2.5: Compare and contrast aspects of business continuity . 123

Objective 2.6: Explain the impact and proper use of environmental controls. . 125

Objective 2.7: Execute disaster recovery plans and procedures 128

Objective 2.8: Exemplify the concepts of confidentiality, integrity, and availability. 133

Chapter Three Domain 3.0: Threats and Vulnerabilities . 135

Practice Questions . 136

Objective 3.1: Analyze and differentiate among types of malware. 136

Objective 3.2: Analyze and differentiate among types of attacks 144

Objective 3.3: Analyze and differentiate among types of social engineering attacks 154

Objective 3.4: Analyze and differentiate among types of wireless attacks. 156

Objective 3.5: Analyze and differentiate among types of application attacks 160

CompTIA Security+ SY0-301 Practice Questions Exam Cram

Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques. 165

Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities 174

Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus

vulnerability scanning . 177

Quick-Check Answer Key . 180

Objective 3.1: Analyze and differentiate among types of malware. 180

Objective 3.2: Analyze and differentiate among types of attacks. . 180

Objective 3.3: Analyze and differentiate among types of social engineering attacks 181

Objective 3.4: Analyze and differentiate among types of wireless attacks. 181

Objective 3.5: Analyze and differentiate among types of application attacks 181

Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques. 182

Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities 182

Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus

vulnerability scanning. 183

Answers and Explanations . 184

Objective 3.1: Analyze and differentiate among types of malware 184

Objective 3.2: Analyze and differentiate among types of attacks. . 191

Objective 3.3: Analyze and differentiate among types of social engineering attacks . 200

Objective 3.4: Analyze and differentiate among types of wireless attacks 202

Objective 3.5: Analyze and differentiate among types of application attacks. . 206

Objective 3.6: Analyze and differentiate among types of mitigation and deterrent techniques 210

Objective 3.7: Implement assessment tools and techniques to discover security threats and vulnerabilities 216

Objective 3.8: Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning. 219

Chapter Four Domain 4.0: Application, Data, and Host Security . 223

Practice Questions . 224

Objective 4.1: Explain the importance of application security . 224

Objective 4.2: Carry out appropriate procedures to establish host security. 232

Objective 4.3: Explain the importance of data security 239

Quick-Check Answer Key . 248

Objective 4.1: Explain the importance of application security . 248

Objective 4.2: Carry out appropriate procedures to establish host security. 248

Objective 4.3: Explain the importance of data security 249

Answers and Explanations . 250

Objective 4.1: Explain the importance of application security . 250

Objective 4.2: Carry out appropriate procedures to establish host security . 257

Objective 4.3: Explain the importance of data security 262

Chapter Five Domain 5.0: Access Control and Identity Management . 269

Practice Questions . 270

Objective 5.1: Explain the function and purpose of authentication services 270

Objective 5.2: Explain the fundamental concepts and best practices related to authorization and access control . 275

Objective 5.3: Implement appropriate security controls when performing account management 285

Quick-Check Answer Key . 293

Objective 5.1: Explain the function and purpose of authentication services 293

Objective 5.2: Explain the fundamental concepts and best practices related to authorization and access control . 293

Objective 5.3: Implement appropriate security controls when performing account management . 294

Answers and Explanations . 295

Objective 5.1: Explain the function and purpose of authentication services 295

Objective 5.2: Explain the fundamental concepts and best practices related to authorization and access control . 299

Objective 5.3: Implement appropriate security controls when performing account management 309

Chapter Six Domain 6.0: Cryptography . 317

Practice Questions . 318

Objective 6.1: Summarize general cryptography concepts . 318

Objective 6.2: Use and apply appropriate cryptographic tools and products 323

Objective 6.3: Explain core concepts of public key infrastructure 329

Objective 6.4: Implement PKI, certificate management, and associated components 333

Quick-Check Answer Key . 338

Objective 6.1: Summarize general cryptography concepts . 338

Objective 6.2: Use and apply appropriate cryptographic tools and products 338

Objective 6.3: Explain core concepts of public key infrastructure 339

Objective 6.4: Implement PKI, certificate management, and associated components 339

Answers and Explanations . 340

Objective 6.1: Summarize general cryptography concepts . 340

Objective 6.2: Use and apply appropriate cryptographic tools and products 343

Objective 6.3: Explain core concepts of public key infrastructure 348

Objective 6.4: Implement PKI, certificate management, and associated components 351

9780789748287, TOC, 11/09/2011