Using SQL Query Language

Are you familiar with SQL Query attacks? Many attacks target server applications such as those hosted on web servers or database servers. If you’re planning to take the Security+ exam, you should have a basic understanding of these attacks, along with common application security controls and techniques.

For example, can you answer this question?

Q. Looking at logs for an online web application, you see that someone has entered the following phrase into several queries:

‘ or ‘1’=’1′ —

Which of the following is the MOST likely explanation for this?

A. A buffer overflow attack

B. An XSS attack

C. A SQL injection attack

D. An LDAP injection attack

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

SQL Queries

As a simple example of a web site that uses SQL queries, think of Amazon.com. When you enter a search term and click Go (as shown in the following figure), the web application creates a SQL query, sends it to a database server, and formats the results into a web page that it sends back to you.

Using Query Language

Web page querying a database with SQL

In the example, I selected the Books category and entered Darril Gibson. The result shows a list of books authored by Darril Gibson available for sale on Amazon. The query sent to the database from the Amazon web application may look like this:

SELECT * FROM Books WHERE Author = ‘Darril Gibson’

The * is a wildcard and returns all columns in a table. Notice that the query includes the search term entered into the web page form (Darril Gibson) and encloses the search term in single quotes. If the web site simply plugs the search term into the SELECT statement, surrounded by single quotes, it will work, but it’s also highly susceptible to SQL injection attacks.

CompTIA Security+ Study Guide (SY0-401)

The 401 Version of the Study Guide is Now Available

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Protecting Against SQL Injection Attacks

Input validation provides strong protection against SQL injection attacks. Before using the data entered into a web form, the web application verifies that the data is valid.

Additionally, database developers often use stored procedures with dynamic web pages. A stored procedure is a group of SQL statements that execute as a whole, similar to a mini-program. A parameterized stored procedure accepts data as an input called a parameter. Instead of copying the user’s input directly into a SELECT statement, the input is passed to the stored procedure as a parameter. The stored procedure performs data validation, but it also handles the parameter (the inputted data) differently and prevents a SQL injection attack.

Get Certified Get Ahead

Consider the previous example searching for a book by an author where an attacker entered the following text: Darril Gibson’; SELECT * From Customers;–. The web application passes this search string to a stored procedure. The stored procedure then uses the entire search string in a SELECT statement like this:

SELECT * From Books Where Author = “Darril Gibson’; SELECT * From Customers;– ”

In this case, the text entered by the user is interpreted as harmless text rather than malicious SQL statements. It will look for books with an author name using all of this text: Darril Gibson’; SELECT * From Customers;–. People don’t have names with SELECT statements embedded in them so the query comes back empty.

Depending on how well the database server is locked down (or not), SQL injection attacks may allow the attacker to access the structure of the database, all the data, and even modify data. In some cases, attackers have modified the price of products from several hundred dollars to just a few dollars, purchased several of them, and then returned the price to normal.

Full Security+ Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

XML Injection

Many databases use Extensible Markup Language (XML) for inputting or exporting data. XML provides formatting rules to describe the data. For example, here’s an XML tag for a name: <name>Darril Gibson</name>. The data is “Darril Gibson” and the XML tags (<name> and </name>) describe the data as a name.

Additionally, databases use XPath as a query language for XML data. If an application accepts XML data without input validation and without stored procedures, it is susceptible to an XML injection attack similar to a SQL injection attack. The attacker can insert additional data in an XML injection attack. This additional data creates XPath statements to retrieve or modify data.


 

Q. Looking at logs for an online web application, you see that someone has entered the following phrase into several queries:

‘ or ‘1’=’1′ —

Which of the following is the MOST likely explanation for this?

A. A buffer overflow attack

B. An XSS attack

C. A SQL injection attack

D. An LDAP injection attack

Answer is C. Attackers use the phrase in SQL injection attacks to query or modify databases.

A buffer overflow attack sends more data or unexpected data to an application with the goal of accessing system memory.

A cross-site scripting (XSS) attack attempts to insert HTML or JavaScript code into a web site or email.

A Lightweight Directory Application Protocol (LDAP) injection attack attempts to inject LDAP commands to query a directory service database.

See Chapter 7 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information application attacks.

Read More

Top Qualities of an IT Expert

What are the top qualities of an IT Expert?

As technology becomes the core processing platform of the world, where consumers and businesses are highly dependent on its products, the need for experts in this field becomes even more important. Different careers related to Information Technology have sprouted up to assist and manage the growing web of digital information. IT technicians alone now have a different set of responsibilities in an organization, according to the Chron such as maintaining computers, installing software systems, testing networks, etc.

However, to excel in IT, there are specific qualities companies and HR managers are looking for. Read on below to find out the top indicators that get IT experts hired.

IT Experts are KNOWLEDGEABLE

Experts are labeled as experts for a reason – they have spent years learning their craft and have hands-on experience, acquiring all their knowledge about their respective field. Education is important to be able to succeed in any field and becomes the best defense against mistakes, even the simplest one. IT experts must have the knowledge, experience, and skills that make them successful in the industry. These qualities set them apart from others who only have a degree or minimal experience in the technology industry.

IT Experts are TECH PASSIONATE

Although knowledge is important, having a passion for technology is just as vital to succeed in the IT industry. When you do something you love, you tend to do it better. Passion uplifts the quality of work, making it easy to commit to a task, and increase the willingness to take on any challenging assignments. IT experts are generally excited about technology and always trying to advance their knowledge. Thus, to be effective, you must live, sleep, and breathe technology. This makes millennials suitable for IT positions. According to FXCM millennials have a high affinity for technology which can help them obtain real-time access to information far more quickly than baby boomers. Millennials passion for technology makes it easier for them to adapt to new technological advancements.

IT Experts are CERTIFIED

It’s not enough that you have the knowledge, especially in a competitive industry like Information Technology. To be hired and promoted, employers will require certifications as a validation of your skills. In fact, research featured by InformationWeek revealed that IT professionals with certifications receive higher salaries than those without them. Certificates from the Computer Technology Industry Association (CompTIA) range from entry to expert level, including IT Fundamentals, A+, Network+, Security+ and more. You can earn a certification through a self-study plan that grants you the flexibility to work to your own schedule. You can pass the exam in 30 days or less with the help of Get Certified Get Ahead where you can access study packages, courses, practice test questions, and listen to audio files.

IT Experts are PROBLEM SOLVERS

Among the many skills necessary to be an IT expert, excellent problem-solving skills are very critical. Experts must have the ability to quickly identify a problem and fix it regardless of external environmental factors and concerns. However, they know that rushing into a decision without thinking will only result in further errors. Thus, they need to balance the need for swiftness and accuracy. If you want to be successful in this industry, you must be able to see a problem through until its resolution.

The aforementioned key performance indicators are the best characteristics of successful IT experts. The most important quality is the ability to share technical knowledge with others to enhance your professional reputation and build relations. As an expert, it’s vital to look at things from other people’s perspectives to better enhance one’s understanding of the topic.

Read More

Controlling Protocols and Ports Traffic

IT personnel who regularly work with routers and firewalls can readily tell you which protocols and ports are associated with each other. For example, they readily know what protocols are associated with the following well-known ports: 20, 21, 22, 23, 25, 80, and 443. They regularly use these ports to allow or block traffic.

If you’re planning to take the Security+ exam, you should have a basic understanding of relevant protocols and ports to implement basic network security.

For example, can you answer this question?

Q. Bart wants to block access to all external web sites. Which port should he block at the firewall?

A. TCP 22

B. TCP 53

C. UDP 69

D. TCP 80

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Will you see port questions on the Security+ exam? You never know. However, I saw two.

Full Security+ Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

Source and Destination Ports

Imagine that you decide to visit the web site http://GetCertifiedGetAhead.com using your web browser so you type the URL into the browser, and the web page appears. Here are the details of what is happening. The figure provides an overview of how this will look and the following text explains the process.

Controlling Protocol Traffic

Using source and destination ports

Your computer creates a packet with source and destination IP addresses and source and destination ports. It queries a DNS server for the IP address of GetCertifiedGetAhead.com and learns that the IP address is 72.52.206.134. Additionally, your computer will use its IP address as the source IP address. For this example, imagine your computer’s IP address is 70.150.56.80.

Because the web server is serving web pages using HTTP and the well-known port is used, the destination port is 80. Your computer will identify an unused port in the dynamic and private ports range (a port number between 49,152 and 65,535) and map that port to the web browser. For this example, imagine it assigns 49,152 to the web browser. It uses this as the source port.

At this point, the packet has both destination and source data as follows:

  • Destination IP address: 72.52.206.134 (the web server)
  • Destination port: 80
  • Source IP address: 70.150.56.80 (your computer)
  • Source port: 49,152

TCP/IP uses the IP address (72.52.206.134) to get the packet to the GetCertifiedGetAhead web server. When it reaches the web server, the server looks at the destination port (80) and determines that the packet needs to go to the web server program servicing HTTP. The web server creates the page and puts the data into one or more return packets. At this point, the source and destinations are swapped because the packet is coming from the server back to you:

  • Destination IP address: 70.150.56.80 (your computer)
  • Destination port: 49,152
  • Source IP address: 72.52.206.134 (the web server)
  • Source port: 80

Again, TCP/IP uses the IP address to get the packets to the destination, which is your computer at this point. Once the packets reach your system, it sees that port 49,152 is the destination port. Because your system mapped this port to your web browser, it sends the packets to the web browser, which displays the web page.

Get Certified Get Ahead

Protocol Using Well-known Ports

Routers, and the routing component of firewalls, filter packets based on IP addresses, ports, and some protocols such as ICMP or IPsec. Because many protocols use well-known ports, you can control protocol traffic by allowing or blocking traffic based on the port.

In the previous example, the client firewall must allow outgoing traffic on port 80. Firewalls automatically determine the client ports used for return traffic, and if they allow the outgoing traffic, they allow the return traffic. In other words, because the firewall allows the packet to the web server on port 80, it also allows the web page returning on the dynamic port of 49,152.

CompTIA Security+ Study Guide (SY0-401)

The 401 Version of the Study Guide is Now Available

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Note that the client firewall doesn’t need to allow incoming traffic on port 80 for this to work. The web client isn’t hosting a web server with HTTP, so the client firewall would block incoming traffic on port 80. However, the firewall that is filtering traffic to the web server needs to allow incoming traffic on port 80.

You can apply this same principle for any protocol and port. For example, if you want to allow SMTP traffic, you create a rule on the firewall to allow traffic on port 25. Similarly, if you want to block Telnet traffic, you ensure that the firewall blocks port 23.

IT professionals modifying ACLs on routers and firewalls commonly refer to this as opening a port to allow traffic or closing a port to block traffic.


Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Q. Bart wants to block access to all external web sites. Which port should he block at the firewall?

A. TCP 22

B. TCP 53

C. UDP 69

D. TCP 80

Answer is D. He should block port 80 because web sites use Hypertext Transfer Protocol (HTTP) over TCP port 80.

Secure Shell (SSH) uses TCP port 22.

Domain Name System (DNS) uses TCP port 53 for zone transfers.

Trivial File Transfer Protocol (TFTP) uses UDP port 69.

See Chapter 3 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information basic network security.

Read More

Detecting Hidden System Infection

Are you familiar with how some malware can hide a system infection? If you’re planning to take the Security+ exam, it’s something you might like to review. For example, can you answer this sample practice test question?

Q. A security administrator recently noticed abnormal activity on a workstation. It is connecting to computers outside the organization’s internal network, using uncommon ports. Using a security toolkit, the administrator discovered the computer is also running several hidden processes. Which of the following choices BEST indicates what the administrator has found?

A. Rootkit

B. Backdoor

C. Spam

D. Trojan

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

Rootkits

A rootkit is a group of programs (or, in rare instances, a single program) that hides the fact that the system has been infected or compromised by malicious code. A user may suspect something is wrong, but antivirus scans and other checks may indicate everything is fine because the rootkit hides its running processes to avoid detection.

Rootkits have system-level access to systems. This is sometimes called root-level access, or kernel-level access, indicating that they have the same level of access as the operating system. Rootkits use hooked processes, or hooking techniques, to intercept calls to the operating system. In this context, hooking refers to intercepting system-level function calls, events, or messages. The rootkit installs the hooks into memory and uses them to control the system’s behavior.

CompTIA Security+ Study Guide (SY0-401)

The 401 Version of the Study Guide is Now Available

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Detecting System Infection

Detecting Hidden System InfectionIn addition to modifying the internal operating system processes, rootkits often modify system files such as the Registry. In some cases, the rootkit modifies system access, such as removing users’ administrative access.

Antivirus software often makes calls to the operating system that could detect malware, but the rootkit prevents the antivirus software from making these calls. This is why antivirus software will sometimes report everything is OK, even if the system is infected with a rootkit. However, antivirus software can often detect the hooked processes by examining the contents of the system’s random access memory (RAM).

Another method used to detect rootkits is to boot into safe mode, or have the system scanned before it boots, but this isn’t always successful. It’s important to remember that rootkits are very difficult to detect because they can hide so much of their activity. A clean bill of health by a malware scanner may not be valid.

The Trojan.Popureb/E rootkit is an example of a rootkit. Among other things, it overwrites the hard drive’s Master Boot Record (MBR), where code is stored to start the operating system. The code on the MBR starts before the operating system boots and it remains invisible to the operating system and security software. Even when antivirus software detects the rootkit, the rootkit protects itself. It prevents any attempts to overwrite the MBR by changing write operations to read operations, though it reports that the write operation completed successfully.

It’s important to remember that behind any type of malware, you’ll likely find an attacker involved in criminal activity. Attackers who have successfully installed a rootkit on a user’s system might log on to the user’s computer remotely, using a backdoor installed by the rootkit. Similarly, attackers might direct the computer to connect to computers on the Internet and send data. Data can include anything collected from a keylogger, collected passwords, or specific files or file types stored on the user’s computer.

Remember this

Rootkits have system-level or kernel-level access and can modify system files and system access. Rootkits hide their running processes to avoid detection with hooking techniques. Tools that can inspect RAM can discover these hidden hooked processes.


Full Security+ Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

Q. A security administrator recently noticed abnormal activity on a workstation. It is connecting to computers outside the organization’s internal network, using uncommon ports. Using a security toolkit, the administrator discovered the computer is also running several hidden processes. Which of the following choices BEST indicates what the administrator has found?

A. Rootkit

B. Backdoor

C. Spam

D. Trojan

Answer is A. A rootkit typically runs processes that are hidden and it also attempts to connect to computers via the Internet.

Although an attacker might have used a backdoor to gain access to the user’s computer and install the rootkit, backdoors don’t run hidden processes.

Spam is unwanted email and is unrelated to this question.

A Trojan is malware that looks like it’s beneficial, but is malicious.

See Chapter 6 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information on malware types.

Read More

My Experience with the Security+ Exam

I took the Security+ exam (SYO-401 version) last week. While I’ve held the certification since 2005, I wanted to see how it looked and compare this to what readers have shared with me.  

As background, I hear from people almost every day telling me that they passed the exam using  the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide and/or online study packages. They often mention things like how many performance-based they saw or if they had any port questions.

I’m not going to violate the NDA, but there are many things I can share.

Get Certified Get Ahead

 

Number of Questions

First, I had 6 performance-based questions. Many people that I’ve heard from recently had only two. I followed the advice I’ve given to others and skipped the performance-based questions.

Next, I went through 66 multiple-choice questions. This took me about 40 minutes, which averages out to about 36 seconds per question. Admittedly, this is probably less time than most people will spend on each question.  However, I found most of the questions straight-forward and I’m very familiar with the content.

In contrast, I spent about 30 minutes on the performance-based questions. That’s an average of about 5 minutes per question. Some of these were straight-forward, while others were quite vague making it difficult to figure out what the test writer was asking.

Content

Some test-takers told me they didn’t receive any port questions. I had two. Both were covered in the book, and listed in Table 3.1: “Some commonly used well-known ports.”

Some questions were simple, but thin. For example, I had a couple of one-sentence questions about which key to use with digital signatures or encryption. These didn’t have any scenario and didn’t add any extra words to confuse the topic. They simply asked which key to use to meet a specific need.

Some questions were outrageously fuzzy.  I had difficulty figuring out what they were even asking. Gratefully, these typically had answer choices that were completely unrelated to the topic of the question.

For comparison, imagine this question.

Q. What is the color of the sky at sunset in northern Alaska while the northern lights are active?

A. Electronic

B. Magnetic

C. Gravitational

D. Orange

Admittedly, if this question had four color choices, it might be difficult to answer. However, if you know that electronic, magnetic, and gravitational are not colors, the question becomes trivial.

This is one of the reasons I stress to test takers the importance of knowing why the correct answers are correct and why the incorrect answers are incorrect. This gives them the best chance of accurately interpreting the questions on the live exam and answering them correctly. Eliminate the incorrect answers and you’ll find the correct answer.

Once you eliminate the impossible, whatever remains, no matter how improbable, must be the truth.

– Arthur Conan Doyle

Some questions had two obviously incorrect choices that were easy to throw out. The remaining two answers required me to reread the question to understand what the test writer was really asking. Picking the correct answer in these questions required a solid understanding of the topic.

CompTIA Security+ Study Guide (SY0-401)

The 401 Version of the Study Guide is Now Available

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Multiple-Choice Questions

I had a few questions with multiple answers. These were always clear how many answers were required in the question with a statement such as Select Two or Select Three.

In contrast, some people have reported that questions they saw required multiple answers, but the question didn’t say so. I’m not sure if this was a mistake in a beta question, or something new CompTIA is trying out. At any rate, you can tell if the question needs one or more answers by looking at how the answers are formatted.

A single-answer question has the answers formatted with radio buttons.

A multiple-answer question has the answers formatted with check boxes.

Ungraded Questions

 

CompTIA typically includes ungraded questions in the exam. These are often added to validate the question and commonly called beta questions. However, you are told which questions are ungraded.

I noticed several questions that were obviously beta questions. I could tell because the content was directly from the newer SY0-501 objectives and not included in the SY0-401 objectives.

As an example, Airgap is listed twice in the 501 objectives (once as air gap and once as airgap), but it isn’t listed in the 401 objectives. If I had any questions on airgaps, I’d say that they are beta questions for the 501 version.

Full Security+ Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

Performance-Based Questions

Most of the performance-based questions were relatively straight-forward and simple to answer. However, at least a couple of them were quite deep. Additionally, it was difficult to determine exactly what the question wanted. These will likely be challenging for people that don’t meet the networking prerequisites.

Gratefully, the content to answer the performance-based questions that I saw is included in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, online study packages, and labs. In other words, if you understand the content, you can answer these questions.

Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Security+ Exam Summary

In summary, I had 6 performance-based questions (that I skipped at first) and 66 multiple-choice questions. Many questions were straight-forward and easy to answer because I knew the content. Other questions were unclear, but again because I understood the content, I easily eliminated obviously incorrect answers to get to the correct answer. My exam included what I believe were obviously ungraded questions (but I answered them anyway). Most of the performance-based questions were clear, but a couple of them were very deep and unclear. And yes, I passed.

Read More

Configuring Wireless Security

If you’re planning to take the Security+ exam, you should have a basic understanding of troubleshooting security issues related to wireless networking such as configuring wireless security.

For example, can you answer this question?

Q. Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?

A. An authentication server with a digital certificate installed on the authentication server

B. An authentication server with DHCP installed on the authentication server

C. An authentication server with DNS installed on the authentication server

D. An authentication server with WEP running on the access point

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

IEEE 802.1x

An 802.1x server is integrated with a database of accounts and it provides port-based authentication by requiring users and devices to authenticate before granting them access to a network. When systems connect, the 802.1x server challenges them to authenticate and prevents full network access until it receives valid credentials. This prevents rogue devices from being able to access network resources.

You can implement IEEE 802.1x as a Remote Authentication Dial-In User Service (RADIUS) server. RADIUS provides centralized authentication. When implemented with WPA or WPA2, 802.1x provides an added layer of protection by ensuring users can authenticate before granting them access to the wireless network.

At some point, people started saying that 802.1x is shorthand for multiple wireless protocols such as 802.11a, 802.11b, and so on. It is not. You can implement 802.1x with WPA and WPA2 using Enterprise mode.

CompTIA Security+ Study Guide (SY0-401)

The 401 Version of the Study Guide is Now Available

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Personal Versus Enterprise Modes

Both WPA and WPA2 can operate in either Personal or Enterprise modes. When using Personal mode, users access the wireless network anonymously with a preshared key (PSK) or passphrase. This doesn’t provide authentication. As a reminder, authentication proves a user’s identity with the use of credentials such as a username and password. Users claim an identity with a username and prove their identity with a password.

In contrast, WPA or WPA2 Enterprise mode forces users to authenticate with unique credentials before granting them access to the wireless network. Enterprise mode uses an 802.1x server, often implemented as a RADIUS server, which accesses a database of accounts. If users don’t have the proper credentials, Enterprise mode (using an 802.1x server) blocks their access. Also, an 802.1x server has a certificate on it to secure the authentication process.

Full Security+ Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

The figure shows two screenshots of a Cisco wireless router with the Wireless Security section selected. By clicking in the box next to Security Mode, you can select a variety of different security modes such as WEP, WPA Personal, WPA2 Personal, WPA Enterprise, or WPA2 Enterprise. When you select one of the Personal settings such as WPA2 Personal in the top portion of the figure, it shows a passphrase. It can be as many as 63 characters long and the passphrase you enter here is the same passphrase you would enter on all the wireless devices. Many security experts recommend using a passphrase at least 20 characters long, with a mix of uppercase, lowercase, numbers, and special characters.

Configuring Wireless Security

Configuring wireless security

If you select WPA2 Enterprise, as shown in the bottom portion of the figure, it displays different information. You would need to put in the IP address of the RADIUS (or 802.1x) server, the port it is using, and a shared secret. The official default port for RADIUS is 1812. However, some vendors have used other ports such as 1645. The key is that you must enter the same port here that the server is using. The shared secret is similar to a password and you must enter it here exactly as it is entered on the server.

After configuring WPA2 Enterprise on a WAP, it redirects all attempts to connect to the RADIUS server to authenticate. After users authenticate, the RADIUS server tells the WAP to grant them access.

Wireless authentication systems using an 802.1x server are more advanced than most home networks need, but many larger organizations use them. In other words, most home networks use Personal mode, whereas many organizations use Enterprise mode to increase security. A combination of both a security protocol such as WPA2 and an 802.1x authentication server significantly reduces the chance of a successful access attack against a wireless system.

Remember this

Personal mode (or WPA-PSK and WPA2-PSK) uses a preshared key and does not provide individual authentication. WPA/WPA2 Enterprise mode is more secure than Personal mode, and it provides strong authentication. Enterprise mode uses an 802.1x server (implemented as a RADIUS server) to add authentication.


Security+ Practice Test Questions

SYO-401 Practice Test Questions Now Available

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ Practice Test Questions Here

 SYO-401 Practice Test Questions Now Available


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Q. Your organization is planning to implement a wireless network using WPA2 Enterprise. Of the following choices, what is required?

A. An authentication server with a digital certificate installed on the authentication server

B. An authentication server with DHCP installed on the authentication server

C. An authentication server with DNS installed on the authentication server

D. An authentication server with WEP running on the access point

Answer is A. WPA2 Enterprise requires an 802.1x authentication server and most implementations require a digital certificate installed on the server.

The network will likely have Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) services, but it isn’t necessary to install them on the authentication server.

Wired Equivalent Privacy (WEP) provides poor security and is not compatible with WPA2 Enterprise.

See Chapter 4 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information on securing wireless networks.

Read More
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.