Idea Questions.

Here are some Question to help you get and Idea of what to expect.

Page 1 of 16

This practice test contains 15 questions and answer explanations, excerpted from Mike Meyers' CompTIA Security+™ Certification Passport, Third Edition (Exam SY0-301), (McGraw-Hill, 2011) with permission from McGraw-Hill.
Question 1:
It has been discovered that a former member of the IT department who switched to the development team still has administrative access to many major network infrastructure devices and servers. Which of the following mitigation techniques should be implemented to help reduce the risk of this event recurring?

A. DLP
B. Incident management and response policy
C. Change management notifications
D. Regular user permission and rights reviews

Security+ SY0-301 Practice Quiz

Page 2 of 16

Question 2:
You are collecting forensic evidence from a recent network intrusion, including firewall logs, access logs, and screen captures of the intruder’s activity. Which of the following concepts describes the procedures for preserving the legal ownership history of evidence from the security incident?

A. Damage control
B. Audit trail
C. Escalation
D. Chain of custody

Page 3 of 16

Question 3:
You have implemented a backup plan for your critical file servers, including proper media rotation, backup frequency, and offsite storage. Which of the following must be performed on a regular basis to ensure the validity and integrity of your backup system?

A. Periodic testing of restores
B. Multiple monthly backup media
C. Purchasing of new media
D. Updating the backup application software

When you connect to a secure HTTPS web page, which of the following actions is performed first?

A. The username and password are sent for authentication.
B. A digital certificate establishes the web site identity to the browser.
C. The web page is displayed, and then authentication is performed.
D. The client establishes its identity to the web server.

Question 5:
You need to renew your company’s certificate for its public web server. When should you renew the certificate?

A. On its expiry date
B. After it expires
C. After it’s revoked
D. Thirty days before expiry

Question 6:
You have had a rash of hacking incidents where weak employee passwords are being hacked through brute-force methods and unauthorized users are gaining access to the network. Which of the following security policies is most efficient for preventing brute-force hacking attempts on employee passwords?

A. Password rotation
B. Password length and complexity restrictions
C. Password expiration
D. Limiting logon attempts

Question 7:
You are setting up a single sign-on authentication system for a large, enterprise network of 5000 users. Which of the following authentication methods would you use?

A. Local login and password database
B. Login and password with a security token
C. LDAP server
D. Smart card with PIN number

Question 8:
You have been tasked by your manager to perform an evaluation of the benefits of using virtualization in your QA testing environment. Which of the following is an advantage of using virtual machines in terms of security and cost efficiency?

A. It reduces the need to install OS software updates.
B. Multiple operating systems can be installed and run in their own separate, secure area on a single hardware device.
C. It helps secure the hardware from unauthorized access.
D. Antivirus and other security software only have to be installed once.

Question 9:
During a denial-of-service attack, a network administrator blocks the source IP with the firewall, but the attack continues. What is the most likely cause of the problem?

A. The denial-of-service worm has already infected the firewall locally.
B. The attack is coming from multiple, distributed hosts.
C. A firewall can’t block denial-of-service attacks.
D. Antivirus software needs to be installed.

Page 10 of 16

Question 10:
To further secure your wireless network, you implement MAC address filtering. Which of the following statements describes the wireless network behavior after you enable MAC address filtering?
A. It allows wireless access only for specified MAC addresses.
B. It prevents wireless access only from specified MAC addresses.
C. It encrypts only specified wireless device MAC addresses.
D. It encrypts only MAC addresses not specified.

Some Need to know.

epts

The Security+ exam is well-known to test heavily on concepts rather than on purely technical knowledge. Security+ concepts relate to the ideas that govern good information security practices. You can think of these core concepts as a sort of “constitution” or even a “charter” of information security. Any organization or practice will inevitably have some sort of governing ideology; for the Security+ exam (for information security), this ideology is always related to the acronym: CIA.

[edit section] What’s CIA?

CIA (in this context, of course) stands for Confidentiality, Integrity, and Availability. These are the three tenets or cornerstones of information security objectives. Virtually all practices within the umbrella called “Information Security” are designed to provide these objectives. They are relatively simple to understand and common-sense notions, yet the Security+ exam writers love to test on CIA concepts. So, you should understand CIA very well in order to understand the reasoning behind later practices as well as to ace this portion of the exam.

[edit section] Confidentiality

Confidentiality refers to the idea that information should only be accessible to its intended recipients and those authorized to receive the information. All other parties should not be able to access the information. This is a pretty common and straight-forward idea; the US government for example marks certain items “Top Secret,” which means that only those who are cleared to see that information can actually view it. In this way, the government is achieving information confidentiality. Another common example is the sharing of a secret between two friends. When the friends tell each other the secret, they usually whisper so that nobody else can hear what they are saying. The friends are also achieving confidentiality.

[edit section] Integrity

Integrity is the idea that information should arrive at a destination as it was sent. In other words, the information should not be tampered with or otherwise altered. Sometimes, secret information may be sent in a locked box. This is to ensure both confidentiality and integrity: it ensures confidentiality by assuring that only those with a key can open it; it ensures integrity by assuring that the information is not able to be altered during delivery. Similarly, government documents are often sealed with some sort of special stamp that is unique to an office or branch of government. In this way, the government ensures that the people reading the documents know that the document is in fact a government document and not a phony.

[edit section] Availability

Imagine that a terrorist blocks the entrance to the Library of Congress. Though he did not necessarily destroy the integrity of the books inside nor did he breach confidentiality, he did do something to negatively affect the security of the Library. We deem his actions a “denial of service,” or more appropriately, a denial of availability. Availability refers to the idea that information should be available to those authorized to use it. When a hacker floods a web server with erroneous requests and the web server goes down as a result of it, he denied availability to the users of the server, and thus, one of the major tenets of information security have been compromised.

[edit section] Wrap Up

Well, you’ve completed your first Security+ lesson! That wasn’t so bad, now was it? As you can see, a lot of what is covered on the Security+ exam is actually commonsense. However, don’t take CIA lightly – it is heavily tested! Below are a few questions that should help you review what you’ve learned today:

[edit section] Quick Review

1. Which of the following are components of CIA? (Choose all that apply)
a. Confidentiality
b. Authentication
c. Integration
d. Integrity
e. Availability
f. Character

2. A user encrypts an email before sending it. The only person that can decrypt the email is the recipient. By encrypting the email in this way, the user is attempting to preserve the:
a. Confidentiality of the recipient
b. Accessibility of the email server
c. Confidentiality of the information
d. Integrity of the information

3. A hooligan unplugs the power from the central data server at a large bank. Which of the following describe the effect on information security?
a. Confidentiality has been breached
b. Loss of availability
c. The information has lost integrity
d. None of the above

[edit section] Answers

1. The components of CIA are Confidentiality, Integrity, and Availability. The answer is (A,D,E)

2. This is a tough question that is sure to manifest itself on the exam. Don’t be confused between confidentiality and integrity. Remember that confidentiality refers to the fact that only the recipient can receive the information, whereas integrity means that the information is basically in the same state that it was sent. Although the encryption may prevent others “in the middle of the communication” from understanding the email, it does nothing to prevent them from manipulating the email being sent. So, the answer is that it only ensures the confidentiality of the information and NOT the integrity of the information. ( C )

3. By unplugging the power, the punk is basically denying availability to the users of the server. He is not however actually changing the information stored on the server nor is he trying to read any sort of confidential information. The answer is therefore that his actions produce a loss of availability (B)

Security + INFO

Some of the key lessons in this re-created course are:

• Network Security Compliance
• Operational Security
• Threats and Vulnerabilities
• Application, Data and Host Security
• Access Control and Identity Management
• Cryptography Concepts and Tools

You will also learn about essential types of attacks, as well as malware prevention and cleanup. There is also a strong focus on secure network administration best practices including disaster recovery planning and securing of applications. Ultimately, all the lessons make up comprehensive preparation for updated CompTIA Security Plus certification.

The course instructor is Lisa Szpunar, a former elementary school teacher, librarian, and network administrator. Lisa specializes in systems design and security with a Master of Science in Computer Science, CompTIA Security+ SY0-201 and SY0-301, A+, MCTS. Her unique background in education and techie expertise help make a fun and engaging learning environment for her students.

What is CompTIA Security+ Certification?

So what is CompTIA Security+ certification, anyway?

For starters, this certification is vender-neutral, meaning that no for-profit organization sponsors it or has invested interest. You don’t have to worry about a company not honoring the certification because of another company’s involvement.

The fact that it’s internationally-recognized means that having this certification puts you ahead of the competition both at home and abroad.

On top of that, Security+ certification is also approved by the Department of Defense to meet Directive 8570.1 requirements. That’s good news for anyone seeking government employment.

This certification shows employers that you are experienced with not only network security, but also with application, data and host security, compliance and operational security, access control and identity management, cryptography, and threats and vulnerabilities associated with network security as well.

Who is CompTIA Security+ Certification For?

Now that you have a general understanding of what Security Plus is, you may be wondering if it’s the right certification for you.

Our certification training courses are designed to meet the needs of individuals near the beginning of their careers in IT security whose responsibilities include dealing with and securing network devices, network services and network traffic.

Also important to note that, though prior knowledge is not required, it may be helpful to have at least two years of experience with networks and adept knowledge of security concepts. You may also find it useful to complete the CompTIA Network+ certification as well, prior to going for Security+.

Why CompTIA Security+?

You have probably read about the growing demand for IT professionals lately. As I said before, so much depends on computer systems and networks to get things done. Not only do we want to protect ourselves from data theft, we also need to keep our networks safe from hackers out to bring down our critical infrastructure. From office communication to national security, securing our networks is a top priority.

Once you complete the Security+ training and receive your certification, you will have the knowledge and skills to enter any number of IT security positions including Network Administrator, Security Administrator, System Administrator, Security Engineer, Security Architect or Information Assurance Professional.

Security+ is one of the top seven certifications in the field of IT. This will surely keep you in high demand as the need for security professionals continues to rise.

How Do I Get Certified?

Alright, so you’re ready to do this. Now what do you have to do to get certified?

It should come as no surprise that there is an exam you have to pass. The obvious first step is to sign up for a Security+ training course where you will learn everything you need to in preparation for the Security+ certification exam.

The exam consists of 100 multiple choice and performance-based questions. You will have 90 minutes to complete the exam, and must score 750 out of 900 to pass and receive your certification. It will cover general security concepts, communication and infrastructure security, the basics of cryptography, and operational and organizational security.

Your certification lasts for three years. If you don’t maintain it you will have to retake the exam.

But there are several ways to maintain your certification through the CompTIA Continuing Education Program which requires you to earn Continuing Education Units (CEUs) in order to keep your certification active. You can earn them by taking a newer version of the exam or attending additional training classes. You can also participate in industry events and seminars, or receive a higher level certification in CompTIA Storage+ or CompTIA Advanced Security Practitioner (CASP).