Synopses & Reviews
CompTIA® Security+ Exam Cram
Second Edition
Exam SY0-201
Diane Barrett
Kirk Hausman
Martin Weiss
The Smart Way to Study™
Covers the critical information you need to know to score higher on your Security+ exam!
- Master and implement general security best practices
- Systematically identify threats and risks to your systems
- Harden systems by eliminating nonessential services
- Secure your communications, networks, and infrastructure
- Systematically identify and protect against online vulnerabilities
- Implement effective access control and authentication
- Create security baselines and audit your security infrastructure
- Understand cryptographic principles, and effectively deploy cryptographic solutions
- Organize security from both a technical and organizational standpoint
- Manage every facet of security, including education and documentation
- Understand the laws related to IT security, and the basics of forensic investigations
WRITTEN BY LEADING EXPERTS:
Diane Barrett (MCSE, A+, Security+) is a professor in the Network Security and Computer Forensics programs at the University of Advancing Technology. She belongs to several security user groups, including HTCIA and InfraGard.
Kirk Hausman (MCSE, Security+) has worked for more than 20 years as a consultant, trainer, IT manager, and network and security administrator. He works for Texas A&M University as assistant commandant for IT.
Martin Weiss (CISSP, Security+, MCSE) is a manager of information security gurus at RSA, the security division of EMC.
CD Features Test Engine Powered by MeasureUp!
- Detailed explanations of correct and incorrect answers
- Multiple test modes
- Random questions and order of answers
- Coverage of each Security+ exam objective
informit.com/examcram
ISBN-13: 978-0-7897-3804-2
ISBN-10: 0-7897-3804-X
Synopsis
The Security+ certification is CompTIAs answer to the markets need for a baseline, vendor-neutral security certification. The IT industry recognizes there is a need to better train, staff, and empower those tasked with designing and implementing information security, and Security+ is an effort to meet this demand. Security+ will become the baseline certification for Microsofts new security certification initiative (to be announced in 2003). This book is not intended to teach new material. Instead it assumes that you have a solid foundation of knowledge but can use a refresher on important concepts as well as a guide to exam topics and objectives. This book focuses exactly on what you need to pass the exam - it features test-taking strategies, time-saving study tips, and a special Cram Sheet that includes tips, acronyms, and memory joggers not available anywhere else. The series is supported online at several Web sites: examcram.com, informit.com, and cramsession.com.
The accompanying CD features PrepLogic™ Practice Tests, Preview Edition. This product includes one complete PrepLogic Practice Test with approximately the same number of questions found on the actual vendor exam. Each question contains full, detailed explanations of the correct and incorrect answers. The engine offers two study modes, Practice Test and Flash Review, full exam customization, and a detailed score report.
Synopsis
CompTIA's Security+ is the #1 international vendor-neutral baseline security certification. In October 2008, CompTIA is releasing a thoroughly revised certification exam. CompTIA Security+ Exam Cram, Second Edition has been thoroughly updated to prepare candidates for the new exam, using the proven Exam Cram method of study. As with all Exam Cram books, it includes: -Chapters that map directly to the exam objectives -Comprehensive foundational learning on all topics covered on the exam -An extensive collection of practice questions -A state-of-the-art CD-ROM test engine that provides real-time practice and feedback -The Cram Sheet tear-out card including tips, acronyms, and memory joggers not available anywhere else - perfect for last-minute study. Topics covered in this book range from identifying vulnerabilities to implementing communications and infrastructure security; cryptography concepts and deployment techniques to security management; forensics to internal security education and documentation. This book brings together all the knowledge professionals need to walk into the exam room with confidence - and pass their Security+ exams with flying colors.
About the Author
Diane Barrett is a professor in the Network Security and Computer Forensics programs at the University of Advancing Technology. She has authored several security and forensic books. Diane belongs to the local chapters of several security user groups, including HTCIA and InfraGard. She was also a volunteer for ISSA’s (Information Systems Audit and Control Association) Generally Accepted Information Security Principles (GAISP) in the Ethical Practices Working Group. She holds about 15 industry certifications, including CISSP, ISSMP, and Security+. Diane received her master’s of science degree in computer technology, with a specialization in information security, from Capella University.
Kalani K. Hausman, CISSP, CISA, CISM, GHSC, is an author, teacher, and information technology implementer with more than 20 years’ experience specializing in IT governance, enterprise architecture, regulatory compliance, and enterprise security management. His experience includes medium to large-scale globally deployed networks in governmental, higher-education, health-care, and corporate settings. He is active within the FBI InfraGard, Information Systems Audit and Control Association (ISACA) and ISSA and is currently employed as the Assistant Commandant for IT at Texas A&M University.
Martin Weiss is a manager of information security gurus at RSA, The Security Division of EMC, helping organizations accelerate their business by solving their most complex and sensitive security challenges. He is also on the board of directors for the Connecticut chapter of ISSA and has authored several other books. He holds several certifications, including Security+, CISSP, MCSE: Security, and RSA CSE. Marty received his MBA from the Isenberg School of Management at the University of Massachusetts and currently lives in New England with his wife and three sons. Marty can be reached at [email protected].
Table of Contents
Introduction.
Self-Assessment.
1. CompTIA Certification Exams.
CompTIA Certification Programs Launch Your Career. The Exam Situation. Exam Layout and Design. Using CompTIAs Exam Software Effectively. Exam-Taking Techniques. Question-Handling Strategies. Mastering the Inner Game. Weighted Averages of the Skill Sets. Study Guide Checklist. Additional Resources.
2. General Security Practices.
Access Control. Authentication. Nonessential Services and Protocols. Practice Questions. Need to Know More?
3. Nonessential Services and Attacks.
Understanding and Identifying Common Services and Nonessential Services Posing Possible Security Threats. Attacks. Malicious Code. Social Engineering. Auditing. Practice Questions. Need to Know More?
4. Communication Security.
Remote Access. Securing Email. Instant Messaging. Web Connectivity. Practice Questions. Need to Know More?
5. Online Vulnerabilities.
Web Vulnerabilities. Protocol Vulnerabilities. File Transfer Protocol (FTP) Vulnerabilities. Wireless Network Vulnerabilities. Practice Questions. Need to Know More?
6. Infrastructure Security.
Understanding the Basic Security Concepts of Communication and Network Devices. Understanding the Basic Security Concepts of Media. Basic Security Concepts, Strengths, and Vulnerabilities of Security Topologies. Need to Know More?
7. Intrusion Detection and Security Baselines.
Intrusion Detection. Security Baselines. Practice Questions. Need to Know More?
8. Basics of Cryptography.
Algorithms. Concepts of Using Cryptography. Public Key Infrastructure (PKI). Practice Questions. Need to Know More?
9. Deploying Cryptography.
Standards and Protocols. Key Management and the Certificate Lifecycle. Practice Questions. Need to Know More?
10. Organizational Security.
Physical Security. Disaster Recovery. Security Policies and Procedures. Practice Questions. Need to Know More?
11. Privilege Management, Forensics, Risk Identification, Education, and Documentation.
Understanding Privilege Management. Understanding Computer Forensics. Identifying Risks. Implementing User Education. Understanding Security Documentation. Practice Questions. Need to Know More?
12. Sample Test #1.
13. Answer Key to Sample Test #1.
14. Sample Test #2.
15. Answer Key to Sample Test #2.
Appendix A. List of Resources.
Chapter 1. Chapter 2. Chapter 3. Chapter 4. Chapter 5. Chapter 6. Chapter 7. Chapter 8. Chapter 9. Chapter 10. Chapter 11. Other Resources.
Appendix B. List of Products and Vendors.
Chapter 2. Chapter 3. Chapter 4. Chapter 5. Chapter 6. Chapter 7. Chapter 8. Chapter 9. Chapter 10.
Appendix C. Whats on the CD-ROM.
PrepLogic Practice Tests, Preview Edition. Exclusive Electronic Version of Text. Easy Access to Online Pointers and References.
Appendix D. Using the PrepLogic Practice Tests, Preview Edition Software.
Exam Simulation. Question Quality. Interface Design. Effective Learning Environment. Software Requirements. Installing PrepLogic Practice Tests, Preview Edition. Removing PrepLogic Practice Tests, Preview Edition from Your Computer. Using PrepLogic Practice Tests, Preview Edition. Starting a Practice Test Mode Session. Starting aFlash Review Mode Session. Standard PrepLogic Practice Tests, Preview Edition Options. Time Remaining. Your Examination Score Report. Review Your Exam. Get More Exams. Contacting PrepLogic. Customer Service. Product Suggestions and Comments. License Agreement.
Glossary.
Index.