Comparing Application Attacks

Are you familiar with various types of application attacks? If you’re planning to take the Security+ exam, you should have a basic understanding of several common types of attacks launched against systems and networks.

For example, can you answer this question?

Q. An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

A. Buffer overflow

B. Zero-day attack

C. Fuzzing

D. Session hijacking

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

Zero-Day Attacks

A zero-day attack is one that exploits an undocumented vulnerability. Many times, the vendor isn’t aware of the issue. At some point, the vendor learns of the vulnerability and begins to write and test a patch to eliminate it. However, until the vendor releases the patch, the vulnerability is still a zero-day vulnerability.

As an example, a bug existed in the virtual DOS machine (VDM) that shipped with every version of 32-bit Windows systems from 1993 to 2010. The bug allowed attackers to escalate their privileges to full system level, effectively allowing them to take over the system. Google researcher Tavis Ormandy stated that he reported the bug to Microsoft in mid-2009. At this point, Microsoft (the vendor) knew about the bug, but didn’t release a work-around until January 2010 and a patch until February 2010. Because the bug wasn’t known publicly until January 2010, it remained a zero-day vulnerability until then.

Both attackers and security experts are constantly looking for zero-day vulnerabilities. Attackers want to learn about them so that they can exploit them. Most security experts want to know about them so that they can help ensure that vendors patch them before causing damage to users.

Remember this

Zero-day exploits are undocumented and unknown to the public. The vendor might know about it, but has not yet released a patch to address it.

CompTIA Security+ Study Guide (SY0-401)

The 401 Version of the Study Guide is Now Available

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Session Hijacking Attacks

When a user logs on to a web site, the web site often returns a cookie with a session ID. In many cases, this cookie is stored on the user’s system and remains active until the user logs off. If the user closes the session and returns to the web site, the web site reads the cookie and automatically logs the user on. This is convenient for the user, but can be exploited by an attacker.

In a session hijacking attack, the attacker learns the user’s session ID and uses it to impersonate the user. The web server doesn’t know the difference between the original user and the attacker because it is only identifying the user based on the session ID.

Attackers can read cookies installed on systems through several methods, including cross-site scripting attacks and Flash cookies (described in the next section). Once they have the session ID, they can use header manipulation to hijack the session.

Comparing Application Attacks

Flash Cookies and LSOs

A Flash cookie is one created by Adobe Flash Player and is different from a traditional text cookie. They are also known as local shared objects (LSOs) or locally shared objects. As one example, Flash cookies are stored in multiple locations by default, and traditional methods of deleting cookies through a web browser do not delete Flash cookies. Some Flash cookies store the session ID from traditional cookies. If a user deletes the traditional cookies, the Flash cookies re-create them.

Many sites use Flash cookies to track users’ online activity without their knowledge or consent. For example, when a user goes to a web site using a Flash cookie, then goes to web site B, the Flash cookie records their activity on web site B. This continues for the entire session as the Flash cookie tracks and records all of the user’s activity. Their usage has prompted many class-action lawsuits against sites using Flash cookies.

Full Security+ Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

Arbitrary Code Execution/Remote Code Execution

Arbitrary code execution refers to the ability of an attacker to execute commands or run programs on a target system. Remote code execution refers to the ability of an attacker to execute the code from a remote system. Neither of these is desirable because it allows attackers to install and run malware on vulnerable systems.

As an example, imagine an application such as a web browser has a vulnerability that allows execution of code using one of these methods. An unsuspecting user can visit a malicious web site with specially crafted code to exploit this vulnerability. This code can use elevated privileges to cause the system to download a malicious file and then execute it to install it. Once installed, the malware can allow the attacker to take control of the computer whenever desired.

Software bugs are the most common reason that arbitrary code execution and remote code execution is possible. This is another reason why it is important to keep systems up to date with current patches.


Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Q. An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

A. Buffer overflow

B. Zero-day attack

C. Fuzzing

D. Session hijacking

Answer is B. A zero-day attack takes advantage of an undocumented exploit or an exploit that is unknown to the public.

A buffer overflow attack sends unexpected data to a system to access system memory or cause it to crash. Although some buffer overflow attacks are unknown, others are known. If the server isn’t kept up to date with patches, it can be attacked with a known buffer overflow attack.

Fuzzing sends random data to a system and can detect buffer overflows and zero-day attack methods, but the scenario doesn’t indicate the user is sending random data.

Session hijacking takes over a user’s session and isn’t related to an attack on a server.

See Chapter 7 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information on common attacks.

Read More

Security Method Using Digital Signatures

Cryptography provides two primary security methods you can use with email: digital signatures and encryption.  If you’re planning to take the Security+ exam, you should understand that these are separate processes, but you can digitally sign and encrypt the same email.

For example, can you answer this question?

Q. Lenny and Carl work in an organization that includes a PKI. Carl needs to send a digitally signed file to Lenny. What does Carl use in this process?

A. Carl’s public key

B. Carl’s private key

C. Lenny’s public key

D. Lenny’s private key

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

Signing Email with Digital Signatures

Digital signatures are similar in concept to handwritten signatures on printed documents that identify individuals, but they provide more security benefits. A digital signature is an encrypted hash of a message, encrypted with the sender’s private key. If the recipient of a digitally signed email can decrypt the hash, it provides the following three security benefits:

  • Authentication. This identifies the sender of the email. Email recipients have assurances the email actually came from who it appears to be coming from. For example, if an executive digitally signs an email, recipients know it came from the executive and not from an attacker impersonating the executive.
  • Non-repudiation. The sender cannot later deny sending the message. This is sometimes required with online transactions. For example, imagine if Homer sends an order to sell stocks using a digitally signed email. If the stocks increase after his sale completes, he can’t deny the transaction.
  • Integrity. This provides assurances that the message has not been modified or corrupted. Recipients know that the message they received is the same as the sent message.

CompTIA Security+ Study Guide (SY0-401)

The 401 Version of the Study Guide is Now Available

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Digital signatures are much easier to grasp if you understand some other cryptography concepts. As a short review, these concepts are:

  • Hashing. Digital signatures start by creating a hash of the message. A hash is simply a number created by performing an algorithm on the message.
  • Certificates. Digital signatures need certificates, and certificates include the sender’s public key.
  • Public/private keys. In a digital signature, the sender uses the sender’s private key to encrypt the hash of the message. The recipient uses the sender’s public key to decrypt the hash of the message.

The figure shows an overview of this process. In the figure, Lisa is sending a message to Bart with a digital signature. Note that the message “I passed” is not secret. If it was, Lisa would encrypt it, which is a completely separate process. The focus in this explanation is only the digital signature.

Security Method Using Digital Signatures

Digital signature process

Lisa creates her message in an email program, such as Microsoft Outlook. Once Microsoft Outlook is configured, all she has to do is click a button to digitally sign the message. Here is what happens when she clicks the button:

  1. The application hashes the message.
  2. The application retrieves Lisa’s private key and encrypts the hash using this private key.
  3. The application sends both the encrypted hash and the unencrypted message to Bart.

When Bart’s system receives the message, it verifies the digital signature using the following steps:

  1. Bart’s system retrieves Lisa’s public key, which is in Lisa’s public certificate. In some situations, Lisa may have sent Bart a copy of her certificate with her public key. In domain environments, Bart’s system can automatically retrieve Lisa’s certificate from a network location.
  2. The email application on Bart’s system decrypts the encrypted hash with Lisa’s public key.
  3. The application calculates the hash on the received message.
  4. The application compares the decrypted hash with the calculated hash.

Full Security+ Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

If the calculated hash of the received message is the same as the encrypted hash of the digital signature, it validates several important checks:

  • Authentication. Lisa sent the message. The public key can only decrypt something encrypted with the private key, and only Lisa has the private key. If the decryption succeeded, Lisa’s private key must have encrypted the hash. On the other hand, if another key was used to encrypt the hash, Lisa’s public key could not decrypt it. In this case, Bart will see an error indicating a problem with the digital signature.
  • Non-repudiation. Lisa cannot later deny sending the message. Only Lisa has her private key and if the public key decrypted the hash, the hash must have been encrypted with her private key. Non-repudiation is valuable in online transactions.
  • Integrity. Because the hash of the sent message matches the hash of the received message, the message has maintained integrity. It hasn’t been modified.

Remember this

A digital signature is an encrypted hash of a message. The sender’s private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender’s public key. If successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation prevents senders from later denying they sent an email.

At this point, you might be thinking, if we do all of this, why not just encrypt the message, too? The answer is resources. It doesn’t take much processing power to encrypt 256 bits in a SHA-256 hash. In contrast, it would take quite a bit of processing power to encrypt a lengthy email and its attachments. However, if you need to ensure confidentiality of the email, you can encrypt it.


Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Q. Lenny and Carl work in an organization that includes a PKI. Carl needs to send a digitally signed file to Lenny. What does Carl use in this process?

A. Carl’s public key

B. Carl’s private key

C. Lenny’s public key

D. Lenny’s private key

Answer is B. Carl uses his private key to digitally sign the file.

Lenny uses Carl’s public key to decrypt the digital signature.

Lenny’s keys are not used in this scenario.

See Chapter 10 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information cryptographic protocols.

Read More

/32 in an ACL

I’ve recently fielded a few queries on the usage of /24 versus /32 in an access control list (ACL) rule. As an example, consider this practice test question:

Q. You need to configure a firewall to allow traffic from Homer’s computer to all of the servers within the 192.168.8.0/24 network. The following graphic shows a partial network diagram. Click it to view the image in full size.

Which of the following choices is the BEST to identify the source in the ACL rule?

A. 192.168.5.10/24

B. 192.168.5.10/32

C. 192.168.10.0/24

D. 192.168.10.0/32

Do you know the answer? More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

ACL Rules

ACL rules typically include the following information:

  • Permission (allow or deny)
  • Destination protocol (typically TCP, UDP, or ANY)
  • Destination port (the port used on the destination system)
  • Source IP address (where traffic is coming from)
  • Destination IP address (where traffic is going to)

As an example, if you want to allow HTTPS traffic from the 192.168.5.0/24 network to the 192.168.8.0/24 network, you would use the following information in the rule.

PermissionProtocolPortSourceDestination
AllowTCP443192.168.5.0/24192.168.8.0/24

Note that all routers and firewalls don’t put this information in the same order. The important point is to understand the five elements (permission, protocol, port, source, and destination),

CIDR Notation

Classless Inter-Domain Routing (CIDR) notation expresses the subnet mask as a forward slash followed by a number (such as /24).

Consider an IP address of 192.168.1.10 with a subnet mask of 255.255.255.0. Using CIDR notation, you would  express this as 192.168.1.10/24.

Remember that an IPv4 address is 32 bits long and the subnet mask is 32 bits long. You could express the IP address and subnet mask in binary like this:

IP address 192.168.1.10: 1100 0000 . 1010 1000 . 0000 0001 . 0000 1010

Subnet Mask 255.255.255.0: 1111 1111 . 1111 1111 . 1111 1111 . 0000 0000

Count the number of 1 bits in the subnet mask. You see that the first set is 8 bits, the second set is 8 bits, and the third set is 8 bits. The subnet mask has a total of 24 bits that are 1s so we can express this as /24 instead of 255.255.255.0.

CIDR Notation in an ACL Rule

Many routers and firewalls require you to combine the subnet mask (entered with CIDR notation) with the IP address.

As an example, imagine that you want to allow all traffic from computers in the 192.168.5.0/24 network to all computers in the 192.168.8.0/24 network.

The source is 192.168.5.0/24.

The destination is 192.168.8.0/24.

Using /32 in the ACL

What if you only want to allow traffic from a single computer (or to a single computer)?

As an example, what if you want to allow Lisa’s computer to send traffic to any of the servers in the 192.168.8.0/24 network, how would you identify only Lisa’s computer.

You might think that you could use 192.168.5.11/24 as the source because that identifies Lisa’s computer.

However, many routers and firewalls don’t interpret this as a single IP address. Instead, they interpret it as 192.168.5.0/24 and allow traffic from all computers in the 192.168.5.0/24 network.

If you want to identify only a single computer in the rule, you need to use /32 to mask the entire IP address. In other words, you would enter 192.168.5.11/32 to identify the source. The /32 equates to 255.255.255.255 for the subnet mask.

Do all routers and firewalls use /32 in the ACL rules?

No. Vendors can implement rules differently.

However, if you’re preparing to take the Security+ exam you should be aware of this practice used by many vendors.


Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

You need to configure a firewall to allow traffic from Homer’s computer to all of the servers within the 192.168.8.0/24 network. The following graphic shows a partial network diagram (click it to view the image in full size).

Which of the following choices is the BEST to identify the source in the ACL rule?

A. 192.168.5.10/24

B. 192.168.5.10/32

C. 192.168.8.0/24

D. 192.168.8.4/32

B is the correct answer. The question is asking for the source (where traffic is coming from) and Homer’s computer IP address is 192.168.5.5. Because you only want to allow traffic from Homer’s computer , you use CIDR notation of /32.

If you used CIDR notation of /24, it would allow traffic from any of the computers in the 192.168.5.0/24 subnet. However, the requirement is to only allow traffic from Homer’s computer.

The rule would also include the destination, which is any of the servers within the 192.168.8.0/24 network. However, the question isn’t asking for the destination.

If the destination was set as 192.168.8.4/32, it would only allow traffic to Web Server 1. Again though, the question isn’t asking for the destination and it also states that traffic to any servers in the 192.168.8.0/24 network should be allowed.

See Chapter 4 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information on common attacks.

The following links include additional information on firewalls rules.

Security+ and Firewall Rules Video

Page 1 of 3 ACLs and Security+

Page 2 Firewall Rules and Security+

Page 3 Firewall Rules Solution

Read More

Hash-based Message Authentication Code

Integrity verifies that data has not been modified. If you’re planning to take the Security+ exam, you should have a basic understanding of appropriate cryptographic methods. This includes using hash-based message authentication code that provides both integrity and authenticity of messages.

For example, can you answer this question?

Q. Users in your organization sign their emails with digital signatures. What provides integrity for these certificates?

A. Hashing

B. Encryption

C. Non-repudiation

D. Private key

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Full Security+ Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

HMAC

Another method used to provide integrity is with a Hash-based Message Authentication Code (HMAC). An HMAC is a fixed-length string of bits similar to other hashing algorithms such as MD5 and SHA-1 (known as HMAC-MD5 and HMAC-SHA1). However, HMAC also uses a shared secret key to add some randomness to the result and only the sender and receiver know the secret key.

For example, imagine that one server is sending a message to another server using HMAC-MD5. It starts by first creating a hash of a message with MD5 and then uses a secret key to complete another calculation on the hash. The server then sends the message and the HMAC-MD5 hash to the second server. The second server performs the same calculations and compares the received HMAC-MD5 hash with its result. Just as with any other hash comparison, if the two hashes are the same, the message retained integrity, but if the hashes are different, the message lost integrity.

Get Certified Get Ahead

The HMAC provides both integrity and authenticity of messages. The MD5 portion of the hash provides integrity just as MD5 does. However, because only the server and receiver know the secret key, if the receiver can calculate the same HMAC-MD5 hash as the sender, it knows that the sender used the same key. If an attacker was trying to impersonate the sender, the message wouldn’t pass this authenticity check because the attacker wouldn’t have the secret key. Internet Protocol security (IPsec) and Transport Layer Security (TLS) often use a version of HMAC such as HMAC-MD5 and HMAC-SHA1.

Remember this

Two popular hashing algorithms used to verify integrity are MD5 and SHA. HMAC verifies both the integrity and authenticity of a message with the use of a shared secret. Other protocols such as IPsec and TLS use HMAC-MD5 and HMAC-SHA1.

Hashing Files

Many applications calculate and compare hashes automatically without any user intervention. For example, digital signatures (described later) use hashes within email, and email applications automatically create and compare the hashes.

Additionally, there are several applications you can use to manually calculate hashes. As an example, md5sum.exe is a free program anyone can use to create hashes of files. A Google search on “download md5sum” will show several locations. It runs the MD5 hashing algorithm against a file to create the hash.

Imagine that you downloaded a patch file from a vendor’s site. Before posting the files to the web site, an administrator used a program (such as md5sum) to calculate the hash of the file and posted the hash as an MD5 checksum of 367f0ed4ecd70aefc290d1f7dcb578ab.

After downloading the file, you can calculate the hash to verify the file hasn’t lost integrity. The following figure shows one method of calculating the hash of the file. In the figure, I first used the dir command to list the two files in the directory (applicationPatch.exe and md5sum.exe). I then ran md5sum against the patch file three times. Each time, md5sum created the same hash 367f0ed4ecd70aefc290d1f7dcb578ab.

Hash-based Message Authentication Code

Calculating a hash with md5sum

The figure demonstrates two important points:

  • The hash will always be the same no matter how many times you calculate it.
    In the figure, I ran md5sum three times, but it would give me the same result if I ran it 3,000 times.
  • Hashing verifies the file has retained integrity.
    Because the calculated hash is the same as the MD5 checksum posted on the vendor’s site, it verifies the file has not lost integrity.

In contrast, if md5sum created a different hash than the one posted on the web site, I’d know that the file lost integrity. I wouldn’t necessarily know why the file lost integrity. An attacker may have infected it with malware, or it may have lost a bit or two during the transfer. However, I do know that the integrity of the file is lost and the file should not be trusted.

CompTIA Security+ Study Guide (SY0-401)

The 401 Version of the Study Guide is Now Available

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

It’s worth stressing that hashes are one-way functions. In other words, you can calculate a hash on a file or a message, but you can’t use the hash to reproduce the original data. The hashing algorithms always create a fixed-size bit string regardless of the size of the original data.

As an example, the MD5 hash from the message “I will pass the Security+ exam” is: 5384128261CF2EEA6D90ADACE48CD41B. However, you can’t look at the hash and identify the message, or even know that it is a hash of a message.

The hash shown in the figure was calculated on a 35 MB executable file. However, the hash doesn’t give you a clue about the size of the file, the type of the file, or anything else. It could just as easily be a single sentence message, a 10 KB email, a 7 GB database file, or something else.


Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Q. Users in your organization sign their emails with digital signatures. What provides integrity for these certificates?

A. Hashing

B. Encryption

C. Non-repudiation

D. Private key

Answer is A. Hashing provides integrity for digital signatures and other data.

A digital signature is a hash of the message encrypted with the sender’s private key, but the encryption doesn’t provide integrity.

The digital signature provides non-repudiation, but non-repudiation does not provide integrity.

The private key and public key are both needed, but the private key does not provide integrity.

See Chapter 10 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information on cryptography.

Read More

Comparing Risks & Vulnerabilities

As a security professional, you need to be aware of the different security issues associated with threats, vulnerabilities, and risks, and the tools available to combat them.  If you’re planning to take the Security+ exam, risks and vulnerabilities are important topics for the exam.

For example, can you answer this question?

Q. Which of the following is most closely associated with residual risk?

A. Risk acceptance

B. Risk avoidance

C. Risk deterrence

D. Risk mitigation

E. Risk transference

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Identifying Risks

Risk is the likelihood that a threat will exploit a vulnerability. A vulnerability is a weakness, and a threat is a potential danger. The result is a negative impact on the organization. Impact refers to the magnitude of harm that can be caused if a threat exercises a vulnerability.

For example, a system without up-to-date antivirus software is vulnerable to malware. Malware written by malicious attackers is the threat. The likelihood that the malware will reach a vulnerable system represents the risk. Depending on what the malware does, the impact may be an unbootable computer, loss of data, or a remote-controlled computer that has joined a botnet.

CompTIA Security+ Study Guide (SY0-401)

The 401 Version of the Study Guide is Now Available

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

However, the likelihood of a risk occurring isn’t 100 percent. An isolated system without Internet access, network connectivity, or USB ports has a very low likelihood of malware infection. The likelihood significantly increases for an Internet-connected system, and it increases even more if a user visits risky web sites and downloads and installs unverified files.

It’s important to realize that you can’t eliminate risk. Sure, you can avoid information technology (IT) risks completely by unplugging your computer and burying it. However, that’s not very useful. Instead, users and organizations practice risk management to reduce the risks.

You probably practice risk management every day. Driving or walking down roads and streets can be a very dangerous activity. Car-sized bullets are speeding back and forth, representing significant risks to anyone else on the road. However, you mitigate these risks with caution and vigilance. The same occurs with computers and networks. An organization mitigates risks using different types of security controls.

Comparing Risks & Vulnerability

Vulnerabilities

A vulnerability is a flaw or weakness in software or hardware, or a weakness in a process that a threat could exploit resulting in a security breach. Examples of vulnerabilities include:

  • Lack of updates. If systems aren’t kept up to date with patches, hotfixes, and service packs, they are vulnerable to bugs and flaws in the software.
  • Default configurations. Hardening a system includes changing systems from their default hardware and software configurations, including changing default usernames and passwords. If systems aren’t hardened, they are more susceptible to attacks.

Get Certified Get Ahead

  • Lack of malware protection or updated definitions. Antivirus and anti-spyware methods protect systems from malware, but if they aren’t used and kept up to date, systems are vulnerable to malware attacks.
  • Lack of firewalls. If personal and network firewalls aren’t enabled or configured properly, systems are more vulnerable to network and Internet-based attacks.
  • Lack of organizational policies. If job separation, mandatory vacations, and job rotation policies aren’t implemented, an organization may be more susceptible to fraud and collusion from employees.

Not all vulnerabilities are exploited. For example, a user may install a wireless router using the defaults. It is highly vulnerable to an attack, but that doesn’t mean that an attacker will discover it and attack. In other words, just because the wireless router has never been attacked, it doesn’t mean that it isn’t vulnerable. At any moment, a war driving attacker can drive by and exploit the vulnerability.


Full Security+ Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

Q. Which of the following is most closely associated with residual risk?

A. Risk acceptance

B. Risk avoidance

C. Risk deterrence

D. Risk mitigation

E. Risk transference

Answer is A. Residual risk is the risk that an organization accepts after implementing controls to reduce risk.

An organization can avoid a risk by not providing a service or not participating in a risky activity.

Risk deterrence attempts to discourage attacks with preventive controls such as a security guard.

Risk mitigation reduces risks through internal controls.

Purchasing insurance is a common method of risk transference.

See Chapter 8 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information on managing risk.

Read More

I Am Happy

I am happy. There’s just no other way to say it.

My wife and I recently returned from a long overdue vacation. We had an awesome time on an Alaska cruise. We saw whales, otters, seals, eagles, glaciers, and more. We also enjoyed the company of some great people along with some awesome food and wine.

Calving at Dawes Glacier

A highlight was when the ship captain did a few 360 turns at Dawes Glacier giving us some awesome views of the glacier calving. It sounded like thunder as the ice broke apart and fell into the water. It was difficult to judge the size of the ice breaking off, but the ship’s narrator said a few of them were the size of five story buildings. Simply amazing.

Yes. I am happy.

And to celebrate, we’re having a sale.

If you’re pursuing the Security+ certification, check out these two sales pages:

Security+ Full Study Package

Normally $55.98

Now Only $39.99

Almost 30% Off

Get it Here

Full Security+ Course

Normally $89.97

Now Only $63.87

30% Off

Get it Here

 

Whether you take advantage of these sales or not, I hope that you are happy too.

Feeling is the secret.” – Neville Goddard

Read More
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.