CompTIA Security+ Training Kit (Exam SY0-301) (Microsoft Press Training Kit)
David Seidl, Mike Chapple
Format: PDF / Kindle (mobi) / ePub
Ace your preparation for the skills measured by CompTIA Security+ Exam SY0-301. Work at your own pace through a series of lessons and reviews that fully cover each exam objective. Then, reinforce what you’ve learned by applying your knowledge to real-world case scenarios and practice exercises. This guide is designed to help make the most of your study time.
Maximize your performance on the exam by demonstrating your mastery of:
- Network Security
- Compliance and operational security
- Threats and vulnerabilities
- Application, data, and host security
- Access control and identity management
Assess your skills with practice tests on CD. You can work through hundreds of questions using multiple testing modes to meet your specific learning needs. You get detailed explanations for right and wrong answers—including a customized learning path that describes how and where to focus your studies.
management representatives that will join forces to coordinate a response. The incident response life cycle has four phases: preparation to get the team ready for future incidents, detection and analysis of an incident; containment, eradication, and recovery; and post-incident activity. CHAPTER 1 Risk management and incident response Chapter review Test your knowledge of the information in Chapter 1 by answering these questions. The answers to these questions, and the explanations of why
meant that the WEP key for the network could be retrieved in almost all cases in less than a minute. Wireless protocols: encryption and authentication CHAPTER 3 101 WEP and data breaches In 2006, a major breach of TJX, the parent company of the TJ Maxx and Marshalls chain of stores, was revealed. The hackers had attacked the WEP encryption used to protect the company’s wireless networks, which carried credit card and other customer data. The hackers had gained access with relative ease,
questions for the “Chapter review” section in this chapter. 1. Correct Answer: A A. Correct: Standards are mandatory requirements that are easily changed. They often contain specific details of security controls. B. Incorrect: A policy is mandatory but not easily changed. Policies should not con- tain specific details of security controls but rather make broad general objective statements. C. Incorrect: A guideline can be easily changed to adapt to new technologies, but it is not suitable
self-replicating program, and use the features of the other types of malware to differentiate them. Many modern viruses target users who can be persuaded to run them. Others attempt to spread via file shares and other places to which the system can write files, such as flash drives. Some viruses use email to spread, and might hijack the computer owner’s own email address or webmail account, or they might send out messages pretending to be people from the owner’s address book. Unlike worms, which
code that has been inserted into otherwise normally functioning software that will activate when certain conditions are met. This could be something as simple as a certain date or time being reached, but it could be as complex as an employee being removed from an HR database or a system receiving a specific type of packet or logon. Client-side attacks CHAPTER 5 159 Logic bombs might seem like something you’d only see in a movie plot, but the concept of taking action due to a date, time, or