Security+ Certification Exam Cram 2 (Exam Cram SYO-101)

As you read through this book, use the following checklist to ensure you understand all the skill sets the Security+ exam will cover. The criteria parallel those found on the CompTIA Web site and follow the domain structure for the test.

Domain 1.0: General Security Concepts

1.1 Access Control

  • 1.1.1. MAC/DAC/RBAC

1.2 Authentication

  • 1.2.1. Kerberos

  • 1.2.2. CHAP

  • 1.2.3. Certificates

  • 1.2.4. Username/Password

  • 1.2.5. Tokens

  • 1.2.6. Multifactor

  • 1.2.7. Mutual Authentication

  • 1.2.8. Biometrics

These objectives are covered in Chapter 2, "General Security Practices."

1.3 Nonessential Services and Protocols

1.4 Attacks

  • 1.4.1. DOS/DDOS

  • 1.4.2. Back Door

  • 1.4.3. Spoofing

  • 1.4.4. Man in the Middle

  • 1.4.5. Replay

  • 1.4.6. TCP/IP Hijacking

  • 1.4.7. Weak Keys

  • 1.4.8. Mathematical

  • 1.4.9. Social Engineering

  • 1.4.10. Birthday

  • 1.4.11. Password Guessing

    • 1.4.11.1. Brute Force

    • 1.4.11.2. Dictionary

  • 1.4.12. Software Exploitation

1.5 Malicious Code

  • 1.5.1. Viruses

  • 1.5.2. Trojan Horses

  • 1.5.3. Logic Bombs

  • 1.5.4. Worms

1.6 Social Engineering

1.7 Auditing

These objectives are covered in Chapter 3, "Nonessential Services and Attacks."

Domain 2.0: Communication Security

2.1 Remote Access

  • 2.1.1. 802.1x

  • 2.1.2. VPN

  • 2.1.3. RADIUS

  • 2.1.4. TACACS/+

  • 2.1.5. L2TP/PPTP

  • 2.1.6. SSH

  • 2.1.7. IPSec

  • 2.1.8. Vulnerabilities

2.2 Email

  • 2.2.1. S/MIME

  • 2.2.2. PGP

  • 2.2.3. Vulnerabilities

    • 2.2.3.1. Spam

    • 2.2.3.2. Hoaxes

2.3 Web

  • 2.3.1. SSL/TLS

  • 2.3.2. HTTP/S

  • 2.3.3. Instant Messaging

    • 2.3.3.1. Vulnerabilities

    • 2.3.3.2. 8.3 Naming Conventions

    • 2.3.3.3. Packet Sniffing

    • 2.3.3.4. Privacy

These objectives are covered in Chapter 4, "Communication Security."

  • 2.3.4. Vulnerabilities

    • 2.3.4.1. Java Script

    • 2.3.4.2. ActiveX

    • 2.3.4.3. Buffer Overflows

    • 2.3.4.4. Cookies

    • 2.3.4.5. Signed Applets

    • 2.3.4.6. CGI

    • 2.3.4.7. SMTP Relay

2.4 Directory

  • 2.4.1. SSL/TLS

  • 2.4.2. LDAP

2.5 File Transfer

  • 2.5.1. S/FTP

  • 2.5.2. Blind FTP/Anonymous

  • 2.5.3. File Sharing

  • 2.5.4. Vulnerabilities

    • 2.5.4.1. Packet Sniffing

2.6 Wireless

  • 2.6.1. WTLS

  • 2.6.2. 802.11x

  • 2.6.3. WEP/WAP

  • 2.6.4. Vulnerabilities

    • 2.6.4.1. Site Surveys

These objectives are covered in Chapter 5, "Online Vulnerabilities."

Domain 3.0: Infrastructure Security

3.1 Devices

  • 3.1.1. Firewalls

  • 3.1.2. Routers

  • 3.1.3. Switches

  • 3.1.4. Wireless

  • 3.1.5. Modems

  • 3.1.6. RAS

  • 3.1.7. Telecom/PBX

  • 3.1.8. VPN

  • 3.1.9. IDS

  • 3.1.10. Network Monitoring/Diagnostic

  • 3.1.11. Workstations

  • 3.1.12. Servers

  • 3.1.13. Mobile Devices

3.2 Media

  • 3.2.1. Coax

  • 3.2.2. UTP/STP

  • 3.2.3. Fiber

  • 3.2.4. Removable Media

    • 3.2.4.1. Tape

    • 3.2.4.2. CDR

    • 3.2.4.3. Hard drives

    • 3.2.4.4. Diskettes

    • 3.2.4.5. Flashcards

    • 3.2.4.6. Smartcards

3.3 Security Topologies

  • 3.3.1. Security Zones

    • 3.3.1.1. DMZ

    • 3.3.1.2. Intranet

    • 3.3.1.3. Extranet

  • 3.3.2. VLANs

  • 3.3.3. NAT

  • 3.3.4. Tunneling

These objectives are covered in Chapter 6, "Infrastructure Security."

3.4 Intrusion Detection

  • 3.4.1. Network Based

    • 3.4.1.1. Active Detection

    • 3.4.1.2. Passive Detection

  • 3.4.2. Host Based

    • 3.4.2.1. Active Detection

    • 3.4.2.2. Passive Detection

  • 3.4.3. Honey Pots

  • 3.4.4. Incident Response

3.5 Security Baselines

  • 3.5.1. OS/NOS Hardening

    • 3.5.1.1. File System

    • 3.5.1.2. Updates (Hotfixes, Service Packs, Patches)

  • 3.5.2. Network Hardening

    • 3.5.2.1. Updates (Firmware)

    • 3.5.2.2. Configuration

      • 3.5.2.2.1. Enabling and Disabling Services and Protocols

      • 3.5.2.2.2. Access Control Lists

  • 3.5.3. Application Hardening

    • 3.5.3.1. Updates (Hotfixes, Service Packs, Patches)

    • 3.5.3.2. Web Servers

    • 3.5.3.3. Email Servers

    • 3.5.3.4. FTP Servers

    • 3.5.3.5. DNS Servers

    • 3.5.3.6. NNTP Servers

    • 3.5.3.7. File/Print Servers

    • 3.5.3.8. DHCP Servers

    • 3.5.3.9. Data Repositories

      • 3.5.3.9.1. Directory Services

      • 3.5.3.9.2. Databases

These objectives are covered in Chapter 7, "Intrusion Detection and Security Baselines."

Domain 4.0: Basics of Cryptography

4.1 Algorithms

  • 4.1.1. Hashing

  • 4.1.2. Symmetric

  • 4.1.3. Asymmetric

4.2 Concepts of Using Cryptography

  • 4.2.1. Confidentiality

  • 4.2.2. Integrity

    • 4.2.2.1. Digital Signatures

  • 4.2.3. Authentication

  • 4.2.4. Nonrepudiation

    • 4.2.4.1. Digital Signatures

  • 4.2.5. Access Control

4.3 PKI

  • 4.3.1. Certificates

    • 4.3.1.1. Certificate Policies

    • 4.3.1.2. Certificate Practice Statements

  • 4.3.2. Revocation

  • 4.3.3. Trust Models

These objectives are covered in Chapter 8, "Basics of Cryptography."

4.4 Standards and Protocols

4.5 Key Management/Certificate Lifecycle

  • 4.5.1. Centralized vs. Decentralized

  • 4.5.2. Storage

    • 4.5.2.1. Hardware vs. Software

    • 4.5.2.2. Private Key Protection

  • 4.5.3. Escrow

  • 4.5.4. Expiration

  • 4.5.5. Revocation

    • 4.5.5.1. Status Checking

  • 4.5.6. Suspension

    • 4.5.6.1. Status Checking

  • 4.5.7. Recovery

    • 4.5.7.1. M of N Control

  • 4.5.8. Renewal

  • 4.5.9. Destruction

  • 4.5.10. Key Usage

    • 4.5.10.1. Multiple Key Pairs (Single, Dual)

These objectives are covered in Chapter 9, "Deploying Cryptography."

Domain 5.0: Operational/Organizational Security

5.1 Physical Security

  • 5.1.1. Access Control

    • 5.1.1.1. Physical Barriers

    • 5.1.1.2. Biometrics

  • 5.1.2. Social Engineering

  • 5.1.3. Environment

    • 5.1.3.1. Wireless Cells

    • 5.1.3.2. Location

    • 5.1.3.3. Shielding

    • 5.1.3.4. Fire Suppression

5.2 Disaster Recovery

  • 5.2.1. Backups

    • 5.2.1.1. Offsite Storage

  • 5.2.2. Secure Recovery

    • 5.2.2.1. Alternate Sites

  • 5.2.3. Disaster Recovery Plan

5.3 Business Continuity

  • 5.3.1. Utilities

  • 5.3.2. High Availability / Fault Tolerance

  • 5.3.3. Backups

5.4 Policy and Procedures

  • 5.4.1. Security Policy

    • 5.4.1.1. Acceptable Use

    • 5.4.1.2. Due Care

    • 5.4.1.3. Privacy

    • 5.4.1.4. Separation of Duties

    • 5.4.1.5. Need to Know

    • 5.4.1.6. Password Management

    • 5.4.1.7. SLA

    • 5.4.1.8. Disposal/Destruction

    • 5.4.1.9. HR Policy

      • 5.4.1.9.1 Termination

      • 5.4.1.9.2 Hiring

      • 5.4.1.9.3 Code of Ethics

  • 5.4.2. Incident Response Policy

These objectives are covered in Chapter 10, "Organizational Security."

5.5 Privilege Management

  • 5.5.1. User/Group/Role Management

  • 5.5.2. Single Sign-On

  • 5.5.3. Centralized vs. Decentralized

  • 5.5.4. Auditing (Privilege, Usage, Escalation)

  • 5.5.5. MAC/DAC/RBAC

5.6 Forensics

  • 5.6.1. Chain of Custody

  • 5.6.2. Preservation of Evidence

  • 5.6.3. Collection of Evidence

5.7 Risk Identification

  • 5.7.1. Asset Identification

  • 5.7.2. Risk Assessment

  • 5.7.3. Threat Identification

  • 5.7.4. Vulnerabilities

5.8 Education

  • 5.8.1. Communication

  • 5.8.2. User Awareness

  • 5.8.3. Education

  • 5.8.4. Online Resources

5.9 Documentation

  • 5.9.1. Standards and Guidelines

  • 5.9.2. Systems Architecture

  • 5.9.3. Change Documentation

  • 5.9.4. Logs and Inventories

  • 5.9.5. Classification

    • 5.9.5.1. Notification

  • 5.9.6. Retention/Storage

  • 5.9.7. Destruction

These objectives are covered in Chapter 11, "Privilege Management, Forensics, Risk Identification, Education, and Documentation."

Related

Категории