What’s in a Digital Certificate?

Digital certificates have a lot of data within them, and you should have a good understanding of what they contain, especially if you plan to take the SY0-501 version or the SY0-401 version of the Security+ exam.

As an example, see if you can answer this sample Security+ question I recently added to the Extras SY0-501 test banks on the gcgapremium.com site.

Q. You are examining a certificate received from a web server used for secure transport encryption. Which of the following items will you be able to see in the certificate? (Choose TWO.)

A. The server’s private key
B. The CAs public key
C. The OID
D. The server’s public key
E. The CSR

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

Viewing a Digital Certificate

One easy way to see what is in a certificate is to view one.  You can use the following steps to view a certificate using Google Chrome.

  1. Go to https:/gcgapremium.com.
    You’ll see a lock icon and the word Secure to the left of the URL.
  2. Click on the word Secure and select Certificate.
    You’ll see the certificate open with the General tab selected.

General Tab of the Digital Certificate

The following graphic shows the General tab of a certificate. Notice that this tab shows the purposes of the certificate.

While it doesn’t say it, the certificate is also used to create secure Hypertext Transfer Protocol Secure (HTTPS) sessions with Transport Layer Security (TLS).

The third bullet is a cryptic set of numbers separated by dots (2.23.140.1.2.1). This is the object identifier (OID) for the certificate and provides information on the certificate using the OID format. The 2.23.140.1.2.1 OID indicates it is a domain validated certificate. A domain validated certificate is a server security certificate. It provides assurances that the certificate has been validated to be used with a specific server.

This tab also shows that the certificate was issued to www.gcgapremium.com, the certificate authority (CA) that issued the certificate, and the validity dates.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Details Tab of the Digital Certificate

The Details tab of the certificate has the most information.

It identifies the version (V3), various algorithms used by the certificate, who issued it, validity dates, and more. The following graphic shows the Details tab with the public key selected.

This public key is distributed with the certificate and matches the private key held on the server. The private key is always kept private and never shared. This public/private pair is used for asymmetric encryption.

Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Certification Path Tab of the Digital Certificate

The Certification Path tab (shown in the following graphic) of the certificate shows the certification path or trust chain of the certificate.


GlobalSign Root CA – R3 is the root CA. The root CA issues certificates to child CAs (and in some cases intermediate CAs).

In the trust chain shown in the graphic, the root CA issued a certificate to GlobalSign Domain Validation CA – SHA256 – G2. This child CA issues certificates used by others on the Internet, including the site located on the gcgapremium.com server.

Your computer decides to trust this certificate if it trusts the root CA.

Windows systems have a Trusted Root Certification Authority Store with certificates from multiple CAs. The following graphic shows that this system trusts the GlobalSign Root CA. Because it trusts the root CA, it trusts all certificates issued or used by systems in the certification trust path.

The child CA issues certificates for routine use, such as the certificate for www.gcgapremium.com.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions


Q. You are examining a certificate received from a web server used for secure transport encryption. Which of the following items will you be able to see in the certificate. (Choose TWO.)

A. The server’s private key
B. The CAs public key
C. The OID
D. The server’s public key
E. The CSR

C and D are correct. The object identifier (OID) is a dot-separated series of numbers such as 2.23.140.1.2.1. It is viewable on the General tab of the certificate. The server’s public key is also viewable in the certificate on the Details tab of the certificate.

A server’s private key is always kept private.

The Certification Path tab of the certificate shows the certificate authority (CA) that issued the certificate, but not the CAs public key.

A certificate signing request (CSR) is used to request a certificate, but it is not contained in the issued certificate.

See Chapter 10 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide for more information on certificates. The SY0-401 Study Guide also covers certificates in Chapter 10.

SY0-501 objective 6.4 Given a scenario, implement public key infrastructure.

You might like to check out these blog posts on certificates too:

Submitting CSR and CA

and

Certificate, Certificate Revocation List, and Certificate Authority

 

Read More

Security+ Multiple Choice Answers

Apparently, the CompTIA SY0-501 Security+ exam is including as many as 6 or 8 multiple choice answers in multiple choice questions. Several readers have recently told me they were surprised to see so many questions requiring them to select multiple answers.

Analyzing their feedback and looking at the Security+ objectives, it looks like one more example where CompTIA is requiring test takers to apply critical thinking skills when answering the questions. As an example, see if you can answer this practice test question that I recently added to the online Extras test bank for the SY0-501 exam.

Q. You suspect that an attacker is performing a reconnaissance attack against servers in your organization’s DMZ. The attacker is attempting to gather as much information as possible on these servers. You decide to check the logs of these servers to determine if the attacker is attempting a banner grabbing attack. Which of the following commands MOST likely indicate that the attacker is launching a banner grabbing attack? (Select FOUR.)

A. netcat
B. ipconfig
D. ping
E. arp
F. grep
G. tcpdump
H. nmap
I. telnet

Do you know the correct answers? More, do you know why the correct answers are correct, and why the incorrect answers are incorrect? Check out the answer with the full explanation here.

Banner Grabbing & Security+ Multiple Choice Answers

Banner grabbing is a technique used to gain information about a remote server and is often used as part of a reconnaissance attack. It is one of several methods that can uniquely identify a server by fingerprinting it.

As an example, imagine you issued the following command:

telnet nonexistentdomain.netorg 80

If this was a valid domain name and Telnet was enabled on the server, you would likely see something like this:

<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<html><head><title>501 Method Not Implemented</title>
</head><body>
<h1>Method Not Implemented</h1>
<p>GET to /index.html not supported.<br /></p>
<p>Additionally, a 404 Not Found error was encountered.</p><hr>
<p><address>Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips <br /></p>
<p>mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at <br /></p>
<p>72.52.230.233 Port 80</address><br /></p>
<p></body></html><br /></p>

Check out the Banner Grabbing post for more details on what this response tells you.

You can also check out a Banner Grabbing Exercise here.

Security+ Objectives and Multiple Choice Answers

Take a look at the SY0-501 objectives. They are in the introduction of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide, and you can also download them from the CompTIA site.

Objective 2.2 “Given a scenario, use appropriate software tools to assess the security posture of an organization” includes a section titled “Command line tools.” It then lists the following tools.

  • ping
  • netstat
  • tracert
  • nslookup/dig
  • arp
  • ipconfig/ip/ifconfig
  • tcpdump
  • nmap
  • netcat

Which of these tools can be used for banner grabbing?

Netcat, Nmap, and Ping

Netcat and nmap are two obvious tools. Chapter 8 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide mentions netcat specifically in the Banner Grabbing section. Additionally, one of the free online labs for Chapter 8  the Study Guide, shows the steps you’d use with both netcat and nmap.

Ping isn’t such an obvious answer. However, if you do the banner grabbing lab, you’ll see that netcat doesn’t resolve the hostname, but instead needs an IP address.

Which of the answers can resolve the hostname to an IP address? Ping.

While ping is typically used to test connectivity with a remote system, it can also resolve hostnames to IP addresses. Chapter 1 of the study guide includes a section titled “Using Ping to Check Name Resolution” and shows you how.

The last part of this lab shows you how to use nmap for banner grabbing.

Incorrect Answers

So at this point, you know that telnet, netcat, nmap, and ping can be used in a successful banner grabbing attack.

Telnet is often disabled on Internet facing systems, so it may not be available as a choice.

What about the other answers? If you understand their usage (and what banner grabbing is), you’ll know that they cannot be used for banner grabbing.

The ipconfig command (short for Internet Protocol configuration) shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for the local system.

The arp command is used to resolve the IP address of a computer to its media access control (MAC) address, also known as its physical address.

The grep command (short for global regular expression in print) is used to search plain text files for words or phrases. While grep isn’t in the objectives, it is used so often in Linux, it’s a good distractor.

The tcpdump command is a command-line packet analyzer (sometimes called a protocol analyzer). It can capture live traffic, but not traffic that occurred in the past.


Answer to Security+ Multiple Answer Question

Q. You suspect that an attacker is performing a reconnaissance attack against servers in your organization’s DMZ. The attacker is attempting to gather as much information as possible on these servers. You decide to check the logs of these servers to determine if the attacker is attempting a banner grabbing attack. Which of the following commands MOST likely indicate that the attacker is launching a banner grabbing attack? (Select FOUR.)

A. netcat
B. ipconfig
D. ping
E. arp
F. grep
G. tcpdump
H. nmap
I. telnet

Some tools used for banner grabbing are ping, netcat, nmap, and telnet.

The ping command resolves the hostname to an IP address. If you already know the IP address, you wouldn’t need to use the ping command.

Netcat (often abbreviated as nc), nmap, and telnet can use the IP address to grab a banner from a system.

Due to its vulnerabilities, telnet is often disabled on servers so it may not work.

The ipconfig command (short for Internet Protocol configuration) shows the Transmission Control Protocol/Internet Protocol (TCP/IP) configuration information for the local system.

The arp command is used to resolve the IP address of a computer to its media access control (MAC) address, also known as its physical address.

The grep command (short for global regular expression in print) is used to search plain text files for words or phrases.

The tcpdump command is a command-line packet analyzer (sometimes called a protocol analyzer). It can capture live traffic, but not traffic that occurred in the past.

Two other tools that can perform banner grabbing are Zenmap and ZMap. Zenmap is the windows-based version of nmap. ZMap is a completely different scanning tool.

Chapter 1 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers various commands. Chapter 8 covers banner grabbing. The “Banner Grabbing with NetCat and Nmap” lab shows the steps to grab a banner from a remote system.

Objective 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.

Read More

Identifying Baseline Deviations

A baseline is a known starting point and organizations commonly use secure baselines to provide known starting points for systems.  If you’re planning to take the SY0-501 version or the SY0-401 version of the Security+ exam, you should have a basic understanding of baselines and how they can be used in different situations.  This includes monitoring the systems for any baseline changes, which is a common security issue.

Here is a sample practice test question:

Q. Network administrators have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of applications from the master image, you verify this application is very likely the problem. What allowed you to make this determination?

A. Least functionality

B. Sandbox

C. Blacklist

D. Integrity measurements

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Secure Operating System Configurations

Most operating systems aren’t secure out of the box. Instead, administrators must take specific steps to secure them. A common method of deploying systems is to create a master image with a secure configuration, and then deploy the image to multiple systems.

A trusted operating system meets a set of predetermined requirements with a heavy emphasis on authentication and authorization. The overall goal of a trusted operating system is to ensure that only authorized personnel can access data based on their permissions. Additionally, a trusted operating system prevents any modifications or movement of data by unauthorized entities. A trusted OS helps prevent malicious software (malware) infections because it prevents malicious or suspicious code from executing.

A trusted OS meets a high level of security requirements imposed by a third party. For example, the Common Criteria for Information Technology Security Evaluation (or simply Common Criteria) includes requirements for a trusted OS. Operating systems that meet these requirements can be certified as trusted operating systems. Also, a trusted OS typically uses the mandatory access control (MAC) model.

Identifying Baseline Deviations

Using Master Images

One of the most common methods of deploying systems is with images starting with a master image. An image is a snapshot of a single system that administrators deploy to multiple other systems. Imaging has become an important practice for many organizations because it streamlines deployments while also ensuring they are deployed in a secure manner. The Deploying Systems with Images blog post discusses the overall process of capturing and deploying an image.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Resiliency and Automation Strategies

Resiliency and automation strategies include automation, scripting, and templates and they can help deploy systems securely, and keep them in a secure state. As an example, administrators often use Group Policy in Microsoft domains to automatically check and configure systems. Group Policy provides automated courses of action by applying security and other settings.

Additionally, Microsoft has created several security templates with various levels of security. Administrators can modify these templates to fit their needs, import them into a Group Policy Object (GPO), and then apply them to systems within the domain. Some organizations deploy a master image to all systems, and then use the security templates to automatically apply different security settings to different groups of systems based on their security needs.

Get Certified Get Ahead

Secure Baseline and Integrity Measurements

A baseline is a known starting point and organizations commonly use secure baselines to provide known starting points for systems. One of the primary benefits of secure baselines is that they improve the overall security posture of systems. Weak security configuration is a common security issue, but secure baselines help eliminate this.

The use of baselines works in three steps:

  1. Initial baseline configuration. Administrators use various tools to deploy systems consistently in a secure state.
  2. Integrity measurements for baseline deviation. Automated tools monitor the systems for any baseline changes, which is a common security issue. Some tools such as vulnerability scanners monitor the systems and report any changes they detect. Other tools such as Group Policy automatically reconfigure the systems to the baseline settings when they detect changes.
  3. Remediation. Chapter 5 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide covers network access control (NAC). NAC methods can detect some changes to baseline settings and automatically isolate or quarantine systems in a remediation network. Typically, administrators need to correct the problems in these systems manually.

Remember this

A master image provides a secure starting point for systems. Administrators sometimes create them with templates or with other tools to create a secure baseline. They then use integrity measurements to discover when a system deviates from the baseline.


Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Q. Network administrators have identified what appears to be malicious traffic coming from an internal computer, but only when no one is logged on to the computer. You suspect the system is infected with malware. It periodically runs an application that attempts to connect to web sites over port 80 with Telnet. After comparing the computer with a list of applications from the master image, you verify this application is very likely the problem. What allowed you to make this determination?

A. Least functionality

B. Sandbox

C. Blacklist

D. Integrity measurements

Answer is D. The master image is the baseline and the administrators performed integrity measurements to identify baseline deviations. By comparing the list of applications in the baseline with the applications running on the suspect computer, you can identify unauthorized applications.

None of the other answers include the troubleshooting steps necessary to discover the problem.

The master image would include only the applications, services, and protocols needed to meet the principle of least functionality.

A sandbox is an isolated area of a system, typically used to test applications.

A blacklist is a list of prohibited applications.

See Chapter 5 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

or

Chapter 6 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

for more information on securing hosts and data.

Read More

Comparing Personnel Management Policies

Companies frequently develop policies to specifically define and clarify issues related to personnel management. If you’re planning to take the  SY0-401 version or the SY0-501 version of the Security+ exam, you should have a basic understanding of common security policies.

For example, can you answer this question?

Q. After a major data breach, Lisa has been tasked with reviewing security policies related to data loss. Which of the following is MOST closely related to data loss?

A. Clean desk policy

B. Legal hold policy

C. Job rotation policy

D. Background check policy

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Clean Desk Policy

A clean desk policy directs users to keep their areas organized and free of papers. The primary security goal is to reduce threats of security incidents by ensuring the protection of sensitive data. More specifically, it helps prevent the possibility of data theft or inadvertent disclosure of information.

Imagine an attacker goes into a bank and meets a loan officer. The loan officer has stacks of paper on his desk, including loan applications from various customers. If the loan officer steps out, the attacker can easily grab some of the documents, or simply take pictures of the documents with a mobile phone.

Get Certified Get Ahead

Beyond security, organizations want to present a positive image to customers and clients. Employees with cluttered desks with piles of paper can easily turn off customers.

However, a clean desk policy doesn’t just apply to employees who meet and greet customers. It also applies to employees who don’t interact with customers. Just as dumpster divers can sort through trash to gain valuable information, anyone can sort through papers on a desk to learn information. It’s best to secure all papers to keep them away from prying eyes. Some items left on a desk that can present risks include:

  • Keys
  • Cell phones
  • Access cards
  • Sensitive papers
  • Logged-on computer
  • Printouts left in printer
  • Passwords on Post-it notes
  • File cabinets left open or unlocked
  • Personal items such as mail with Personally Identifiable Information (PII)

Some people want to take a clean desk policy a step further by scrubbing and sanitizing desks with antibacterial cleaners and disinfectants on a daily basis. They are free to do so, but that isn’t part of a security-related clean desk policy.

Remember this

A clean desk policy requires users to organize their areas to reduce the risk of possible data theft. It reminds users to secure sensitive data and may include a statement about not writing down passwords.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Background Check

It’s common for organizations to perform background checks on potential employees and even after employees are hired. A background check checks into a potential employee’s history with the intention of discovering anything about the person that might make him a less-than- ideal fit for a job.

A background check will vary depending on job responsibilities and the sensitivity of data that person can access. For example, a background check for an associate at Walmart will be significantly less than a background check for a government employee who will handle Top Secret Sensitive Compartmented Information.

However, background checks will typically include a query to law enforcement agencies to identify a person’s criminal history. In some cases, this is only to determine if the person is a felon. In other cases, it checks for all potential criminal activity, including a review of a person’s driving records.

Many organizations check a person’s financial history by obtaining a credit report. For example, someone applying for a job in an Accounting department might not be a good fit if his credit score is 350 and he has a string of unpaid loans.

It is also common for employers to check a person’s online activity. This includes social media sites, such as Facebook, LinkedIn, and Twitter. Some people say and do things online that they would rarely do in public. One reason is a phenomenon known as the online disinhibition effect. Just as a beer or glass of wine releases inhibitions in many people, individuals are often less inhibited when posting comments online. And what they post often reflects their true feelings and beliefs. Consider a person who frequently posts hateful comments about others. A potential employer might think that this person is unlikely to work cohesively in a team environment and hire someone else.

Note that some background checks require the written permission from the potential employee. For example, the Fair Credit Reporting Act (FCRA) requires organizations to obtain written permission before obtaining a credit report on a job applicant or employee. However, other background checks don’t require permission. For example, anyone can look at an individual’s social media profile.


Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Q. After a major data breach, Lisa has been tasked with reviewing security policies related to data loss. Which of the following is MOST closely related to data loss?

A. Clean desk policy

B. Legal hold policy

C. Job rotation policy

D. Background check policy

Answer is A. A clean desk policy requires users to organize their areas to reduce the risk of possible data theft and password compromise.

A legal hold refers to a court order to protect data that might be needed as evidence. A legal hold policy may state that the organization will comply with the court order, but it isn’t related to data theft.

Job rotation policies require employees to change roles on a regular basis and can expose fraudulent activity.

A background check policy typically identifies what to check for when hiring an employee.

See Chapter 11 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

or

Chapter 11 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

for more information on security policies.

Check out the Personnel Policies blog posts for more information about Job rotation, Acceptable useMandatory vacations, and Separation of duties.

 

Read More

Can You Identify Common Malware Names

Malware writers often use the same malware names to trick users. Educated cyber security professionals can usually identify these bogus malware names, but without some experience, it may be challenging.

As an example, consider this sample Security+ practice test question that was recently added to the Extras quiz for the online SY0-501 practice test questions.

Q. You are troubleshooting a computer that is displaying erratic behavior. You suspect that malicious software was installed when the user downloaded and installed a free software application. You want to identify the name of the malware and you run the following netstat command from the command prompt:

C:\WINDOWS\system32>netstat -nab > netstat.txt

After opening the text file you see the following information.

Based on the output, what type of malware was most likely installed on the user’s computer?

A. Worm

B. Logic bomb

C. Ransomware

D. RAT

E. Crypto-malware

F. No malware is indicated

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

Netstat and Malware Names

The netstat command (short for network statistics) allows you to view statistics for TCP/IP protocols on a system. It also gives you the ability to view active TCP/IP network connections. Many attacks establish connections from an infected computer to a remote computer. If you suspect this, you can often identify these connections with netstat.

In the sample question, netstat is using the following three switches:

  • -n Displays addresses and port numbers in numerical form.
  • -a Displays all connections and listening ports.
  • -b Displays the executable involved in creating each connection or listening port.

The -b switch is key here because it identifies the names of the executables that created the connection. The graphic shows the following names:

  • RpcSs [svchost.exe]
  • [chrome.exe]
  • winserver.exe
  • SSDPSRV [svchost.exe]
  • Can not obtain ownership information

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Valid Executable Names and Malware Names

From a simpler perspective, the question is asking you which of these executables is NOT valid.

svchost.exe

The svchost.exe executable is a system process used to host multiple instances of Windows Services at a time. It is valid and is shown in brackets [svchost.exe] after the service it is starting, such as RpcSs [svchost.exe].

The valid version is located in the c:\Windows\system32\ folder as svchost.exe.

The valid version of svchost.exe will only launch valid services.

Warning: Malware writers have often named malware as svchost.exe and located it in other folders. If the malware version is running, it will typically be listed in the netstat results as svchost.exe or [svchost.exe] but without a matching service.

RpcSs

The RpcSs (Remote Procedure Call Start/Stop) is used to support Component Object Model (COM) and Distributed COM (DCOM) technologies. Many Microsoft applications use it to call reusable code.

The valid version is located in the c:\windows\system32 folder as rpcss.dll.

Warning: Malware writers have often named malware as rpcss.exe and located it in other folders. If the malware version is running, it will typically be listed in the netstat results as rpcss.exe or [rpcss.exe], but without [svchost] launching it.

Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Chrome

The entry showing [chrome.exe] indicates that the Google Chrome browser is running. It is valid.

SSDPSRV

The Simple Service Discovery Protocol Service (SSDPSRV) is valid. It is used in Windows systems to discover networked devices and services that use the Simple Service Discovery Protocol (SSDP).

The valid version is located in the c:\windows\system32 folder as ssdpsrv.dll.

Warning: Malware writers have often named malware as ssdpsrv.dll and located it in other folders. These won’t pass system checks and cannot be started with the valid version of svchost.

Winserver.exe

Winserver.exe is a very old file used in Windows systems, but it hasn’t been used in Windows XP, Windows 7, Windows Vista, or Windows 10.

Trojan malware has adopted the name (winserver.exe) because it looks legitimate. It tries to terminate antivirus programs, monitor the user’s Internet activity, gather private information, and send the data to the attacker. Some versions of this Trojan allow the attack to remotely access the infected computer to collect and steal passwords.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions


Q. You are troubleshooting a computer that is displaying erratic behavior. You suspect that malicious software was installed when the user downloaded and installed a free software application. You want to identify the name of the malware and you run the following netstat command from the command prompt:

C:\WINDOWS\system32>netstat -nab > netstat.txt

After opening the text file you see the following information.

Based on the output, what type of malware was most likely installed on the user’s computer?

A. Worm

B. Logic bomb

C. Ransomware

D. RAT

E. Crypto-malware

F. No malware is indicated

Answer is D. The winserver.exe file is a remote access Trojan (RAT).  All of the other executable names displayed by netstat are valid.

A worm is self-replicating malware that travels throughout a network without the assistance of a host application or user interaction.

A logic bomb is a string of code embedded into an application or script that will execute in response to an event.

Ransomware is a specific type of Trojan that typically encrypts the user’s data until the user pays a ransom.

Ransomware that encrypts data is often called crypto-malware.

Because winserver.exe is known malware, the netstat output does indicate malware is running.

See Chapter 6 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide for more information on malware.

 

Read More

Understanding Network Separation

A common network security practice is to use different components to provide network separation. If you’re planning to take the SY0-501 or  SY0-401 Security+ exam, you should have a basic understanding of implementing secure network architecture concepts. This includes physical security and logical security methods used for isolation.

As an example, see if you can answer this question?

Q. You are tasked with configuring a switch so that it separates VoIP and data traffic. Which of the following provides the BEST solution?

A. NAC

B. DMZ

C. SRTP

D. VLAN

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

Network Separation

A common network security practice is to use different components to provide network separation. The CompTIA objectives list these as segregation, segmentation, and isolation. Segregation provides basic separation, segmentation refers to putting traffic on different segments, and isolation indicates the systems are completely separate. Chapter 1 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide covers virtualization concepts in depth and virtualization can be used to provide isolation. For example, some antivirus experts use virtual machines to analyze malware.

Logical Separation and Segmentation

Routers and firewalls provide a basic level of separation and segmentation. Routers segment traffic between networks using rules within ACLs. Administrators use subnetting to divide larger IP address ranges into smaller ranges. They then implement rules within ACLs to allow or block traffic. Firewalls separate network traffic using basic packet-filtering rules and can also use more sophisticated methods to block undesirable traffic.

It’s also possible to segment traffic between logical groups of users or computers with a virtual local area network (VLAN). This provides logical separation.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Comparing a Layer 2 Versus Layer 3 Switch

A traditional switch operates on Layer 2 of the Open Systems Interconnection (OSI) model. A traditional switch (a Layer 2 switch) uses the destination MAC address within packets to determine the destination port. Additionally, a Layer 2 switch forwards broadcast traffic to all ports on the switch.

Routers operate on Layer 3 of the OSI model. They forward traffic based on the destination IP address within a packet, and they block broadcast traffic. A Layer 3 switch mimics the behavior of a router and allows network administrators to create virtual local area networks (VLANs). Because a Layer 3 switch forwards traffic based on the destination IP address instead of the MAC address, it is not susceptible to ARP-based attacks.

Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Isolating Traffic with a VLAN

A virtual local area network (VLAN) uses a switch to group several different computers into a virtual network. You can group the computers together based on departments, job function, or any other administrative need. This provides security because you’re able to isolate the traffic between the computers in the VLAN.

Normally, a router would group different computers onto different subnets, based on physical locations. All the computers in a routed segment are typically located in the same physical location, such as on a specific floor or wing of a building.

However, a single Layer 3 switch can create multiple VLANs to separate the computers based on logical needs rather than physical location. Additionally, administrators can easily reconfigure the switch to add or subtract computers from any VLAN if the need arises.

Understanding Network Separation

For example, a group of users who normally work in separate departments may begin work on a project that requires them to be on the same subnet. You can configure a Layer 3 switch to logically group these workers together, even if the computers are physically located on different floors or different wings of the building. When the project is over, you can simply reconfigure the switch to return the network to its original configuration.

As another example, VoIP streaming traffic can consume quite a bit of bandwidth. One way to increase the availability and reliability of systems using this voice traffic is to put them on a dedicated VLAN. Other systems transferring traditional data traffic can be placed on a separate VLAN. This separates the voice and data traffic within the VLAN.

Similarly, you can use a single switch with multiple VLANs to separate user traffic. For example, if you want to separate the traffic between the HR department and the IT department, you can use a single switch with two VLANs. The VLANs logically separate all the computers between the two different departments, even if the computers are located close to each other.

Remember this

Virtual local area networks (VLANs) separate or segment traffic on physical networks and you can create multiple VLANs with a single Layer 3 switch. A VLAN can logically group several different computers together, or logically separate computers, without regard to their physical location. VLANs are also used to separate traffic types, such as voice traffic on VLAN and data traffic on a separate VLAN.


Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Q. You are tasked with configuring a switch so that it separates VoIP and data traffic. Which of the following provides the BEST solution?

A. NAC

B. DMZ

C. SRTP

D. VLAN

Answer is D. A virtual local area network (VLAN) provides separation for traffic and can be configured to separate Voice over IP (VoIP) traffic and data Network access control (NAC) solutions inspect clients for health after they connect to a network.

A demilitarized zone (DMZ) provides a layer of protection for Internet-facing systems, while also allowing clients to connect to them.

Secure Real-time Transport Protocol (SRTP) provides encryption and authentication for Real-time Transport Protocol (RTP) traffic.

RTP is used for audio/video streaming, such as in video teleconferencing applications.

See Chapter 3 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

Or

Chapter 3 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

for more information on implementing a secure network.

Read More
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.