Congratulations on your purchase of CompTIA Security+ Practice Tests. This book will serve as a preparation tool for the CompTIA Security+ certification exam (SY0-501) as well as your career in the IT security field.
The objective of this book is to prepare you for the CompTIA Security+ exam by explaining the terminology and technology that will be tested on the exam. The main focus of this book is to help you pass the exam. We don’t always cover every aspect of the related field, so some of the aspects of the technology will be covered only to the extent necessary to help you understand what you will need to know to pass the exam. We hope this book will become a valuable resource for you after you achieve the certification.
It Pays to Get Certified
In a digital world, digital literacy is an essential survival skill. Certification proves that you have the knowledge and skill to solve business problems in virtually any business environment.
Certification makes you more competitive and employable. Research has shown that people who study technology get hired. In the competition for entry-level jobs, applicants with high school diplomas or college degrees who included IT coursework in their academic load consistently fared better in job interviews and were hired in significantly higher numbers. If considered a compulsory part of a technology education, testing for certification can be an invaluable competitive distinction for IT professionals.
How Certification Helps Your Career
Security is one of the highest-demand job categories. The U.S. Bureau of Labor Statistics (BLS) predicts that information security analysts will be the fastest growing overall job category, with 37 percent overall growth between 2012 and 2022.
Get your foot in the door. According to CompTIA’s Employer Perceptions of IT Training and Certification study, 91 percent of hiring managers today believe that IT certifications are valuable in validating expertise.
Network security administrators earn a good income. According to Glassdoor, network security administrators earn a national average of almost $70,000 per year.
CompTIA Security+ is the first step in starting your career as a network security administrator or systems security administrator. Professionals who are CompTIA Security+ certified are 85 percent more likely to believe that they have the knowledge and skills needed to fulfill their jobs successfully.
CompTIA Security+ certification is popular. More than 250,000 individuals worldwide are CompTIA Security+ certified.
CompTIA Security+ is regularly used in organizations. Companies such as Hitachi Systems, Fuji Xerox, HP, Dell, and a variety of major U.S. government contractors use CompTIA Security+.
CompTIA Security+ is approved by the U.S. Department of Defense (DoD). CompTIA Security+ is approved by the DoD as one of the required certification options in the DoD 8570.01-M directive for Information Assurance Technical Level II and Management Level I job roles.
Steps to Getting Certified and Staying Certified
Review exam objectives. Review the certification objectives to make sure that you know what is covered in the exam:
Stay certified with continuing education. New CompTIA Security+ certifications are valid for three years from the date of certification. There are a number of ways that the certification can be renewed. For more information, check the CompTIA site.
CompTIA partners with Pearson VUE’s testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson VUE website, where you will need to navigate to “Find a test center”:
On the day of the test, take two forms of identification, and make sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials in with you.
How This Book Is Organized
This book consists of six chapters based on each of the domains in the CompTIA Security+ Exam SY0-501. The book also has one chapter that is meant to simulate the exam based on a variety of the questions from all six domains. The chapters are organized as follows:
Chapter 1: Threats, Attacks, and Vulnerabilities (Domain 1) Explain various types of attacks, such as wireless, application, and social engineering. Explain various types of malware.
Chapter 2: Technologies and Tools (Domain 2) Apply various types of mitigation and deterrent techniques to various attacks. Use appropriate tools and techniques to discover security threats and vulnerabilities.
Chapter 3: Architecture and Design (Domain 3) Explain network design elements and components and implement common protocols and services. Implement security configuration parameters on network devices and other types of technologies.
Chapter 4: Identity and Access Management (Domain 4) Compare and contrast the function and purpose of authentication services. Install and configure security controls when performing account management.
Chapter 5: Risk Management (Domain 5) Implement appropriate risk mitigation strategies and basic forensic procedures. Explain the importance of risk-related concepts and summarize risk management best practices.
Chapter 6: Cryptography and PKI (Domain 6) Understand general cryptography concepts and use the appropriate methods. Use appropriate PKI, certificate management, and associated components.
Chapter 7: Practice Test The practice test simulates the actual exam. Although the questions are different, they test your knowledge of the objectives and your understanding of basic concepts.
How to Use This Book and the Interactive Online Learning Environment and Test Bank
This book includes 1,000 practice test questions, which will help you get ready to pass the Security+ exam. The interactive online learning environment that accompanies the CompTIA Security+ Practice Tests provides a robust test bank to help you prepare for the certification exam and increase your chances of passing it the first time. By using this test bank, you can identify weak areas up front and then develop a solid studying strategy using each of the robust testing features.
The test bank also includes a practice exam. Take the practice exam just as if you were taking the actual exam (without any reference material). If you get more than 90 percent of the answers correct, you’re ready to take the certification exam.
Security+ Exam Objective Map
The following objective map will help you to find the book chapter that covers each objective for the exam.
1.0 Threats, Attacks, and Vulnerabilities
Exam Objective
Chapter
1.1 Given a scenario, analyze indicators of compromise and determine the type of malware.
1
Viruses
1
Crypto-malware
1
Ransomware
1
Worm
1
Trojan
1
Rootkit
1
Keylogger
1
Adware
1
Spyware
1
Bots
1
RAT
1
Logic bomb
1
Backdoor
1
1.2 Compare and contrast types of attacks.
1
Social engineering
1
Phishing
1
Spear phishing
1
Whaling
1
Vishing
1
Tailgating
1
Impersonation
1
Dumpster diving
1
Shoulder surfing
1
Hoax
1
Watering hole attack
1
Principles (reasons for effectiveness)
1
Application/service attacks
1
DoS
1
DDoS
1
Man-in-the-middle
1
Buffer overflow
1
Injection
1
Cross-site scripting
1
Cross-site request forgery
1
Privilege escalation
1
ARP poisoning
1
Amplification
1
DNS poisoning
1
Domain hijacking
1
Man-in-the-browser
1
Zero day
1
Replay
1
Pass the hash
1
Hijacking and related attacks
1
Driver manipulation
1
MAC spoofing
1
IP spoofing
1
Wireless attacks
Replay
1
IV
1
Evil twin
1
Rogue AP
1
Jamming
1
WPS
1
Bluejacking
1
Bluesnarfing
1
RFID
1
NFC
1
Disassociation
1
Cryptographic attacks
1
Birthday
1
Known plain text/cipher text
1
Rainbow tables
1
Dictionary
1
Brute force
1
Collision
1
Downgrade
1
Replay
1
Weak implementations
1
1.3 Explain threat actor types and attributes.
1
Types of actors
1
Script kiddies
1
Hacktivist
1
Organized crime
1
Nation states/APT
1
Insiders
1
Competitors
1
Attributes of actors
1
Internal/external
1
Level of sophistication
1
Resources/funding
1
Intent/motivation
1
Use of open-source intelligence
1
1.4 Explain penetration testing concepts.
1
Active reconnaissance
1
Passive reconnaissance
1
Pivot
1
Initial exploitation
1
Persistence
1
Escalation of privilege
1
Black box
1
White box
1
Gray box
1
Pen testing vs. vulnerability scanning
1
1.5 Explain vulnerability scanning concepts.
1
Passively test security controls
1
Identify vulnerability
1
Identify lack of security controls
1
Identify common misconfigurations
1
Intrusive vs. non-intrusive
1
Credentialed vs. non-credentialed
1
False positive
1
1.6 Explain the impact associated with types of vulnerabilities.
1
Race conditions
1
Vulnerabilities due to:
1
End-of-life systems
1
Embedded systems
1
Lack of vendor support
1
Improper input handling
1
Improper error handling
1
Misconfiguration/weak configuration
1
Default configuration
1
Resource exhaustion
1
Untrained users
1
Improperly configured accounts
1
Vulnerable business processes
1
Weak cipher suites and implementations
1
Memory/buffer vulnerability
1
Memory leak
1
Integer overflow
1
Buffer overflow
1
Pointer dereference
1
DLL injection
1
System sprawl/undocumented assets
1
Architecture/design weaknesses
1
New threats/zero day
1
Improper certificate and key management
1
2.0 Technologies and Tools
Exam Objective
Chapter
2.1 Install and configure network components, both hardware- and software-based, to support organizational security.
2
Firewall
2
ACL
2
Application-based vs. network-based
2
Stateful vs. stateless
2
Implicit deny
2
VPN concentrator
2
Remote access vs. site-to-site
2
IPSec
2
Split tunnel vs. full tunnel
2
TLS
2
Always-on VPN
2
NIPS/NIDS
2
Signature-based
2
Heuristic/behavioral
2
Anomaly
2
Inline vs. passive
2
In-band vs. out-of-band
2
Rules
2
Analytics
2
Router
2
ACLs
2
Antispoofing
2
Switch
2
Port security
2
Layer 2 vs. Layer 3
2
Loop prevention
2
Flood guard
2
Proxy
2
Forward and reverse proxy
2
Transparent
2
Application/multipurpose
2
Load balancer
2
Scheduling
2
Active-passive
2
Active-active
2
Virtual IPs
2
Access point
2
SSID
2
MAC filtering
2
Signal strength
2
Band selection/width
2
Antenna types and placement
2
Fat vs. thin
2
Controller-based vs. stand-alone
2
SIEM
2
Aggregation
2
Correlation
2
Automated alerting and triggers
2
Time synchronization
2
Event deduplication
2
Logs/WORM
2
DLP
2
USB blocking
2
Cloud-based
2
Email
2
NAC
2
Dissolvable vs. permanent
2
Host health checks
2
Agent vs. agentless
2
Mail gateway
2
Spam filter
2
DLP
2
Encryption
2
Bridge
2
SSL/TLS accelerators
2
SSL decryptors
2
Media gateway
2
Hardware security module
2
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.
2
Protocol analyzer
2
Network scanners
2
Rogue system detection
2
Network mapping
2
Wireless scanners/cracker
2
Password cracker
2
Vulnerability scanner
2
Configuration compliance scanner
2
Exploitation frameworks
2
Data sanitization tools
2
Steganography tools
2
Honeypot
2
Backup utilities
2
Banner grabbing
2
Passive vs. active
2
Command-line tools
2
ping
2
netstat
2
tracert
2
nslookup/dig
2
arp
2
ipconfig/ip/ifconfig
2
tcpdump
2
nmap
2
netcat
2
2.3 Given a scenario, troubleshoot common security issues.