Common Vulnerability Assessment Tools

Vulnerabilities are weaknesses, and by reducing vulnerabilities, you can reduce risks.  If you’re planning to take the  SY0-401 version or the SY0-501 version of the Security+ exam, you should have a basic understanding of using appropriate vulnerability assessment tools that assess the security posture of an organization.

For example, can you answer this question?

Q. You suspect that a user is running an unauthorized AP within the organization’s building. Which of the following tools is the BEST choice to see if an unauthorized AP is operating on the network?

A. Rogue system

B. Wireless scanner

C. Password cracker

D. Penetration test

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Get Certified Get Ahead

Password Crackers

A password cracker attempts to discover a password. Passwords are typically encrypted or hashed so that they aren’t easily readable. Some methods are stronger than others. If passwords are protected with weak methods, a password cracker can discover the password.

As an example, Message Digest 5 (MD5) is a hashing algorithm. When executed against a passwordofP@ssw0rd, it creates the following MD5hash:161ebd7d45089b3446ee4e0d86dbcf92.  A password cracker can analyze the MD5 hash of 161ebd7d45089b3446ee4e0d86dbcf92 and discover the actual password of P@ssw0rd. There are many of the common methods used to crack passwords. The point here is that password crackers are one of the tools security administrators use during a vulnerability assessment.

There are two categories of password crackers—offline and online:

  • An offline password cracker attempts to discover passwords by analyzing a database or file containing passwords. For example, attackers often obtain large volumes of data during a data breach. This includes files that include hashed or encrypted passwords. They can then analyze the protected passwords to discover the actual passwords. A key benefit of an offline password cracking attack is that attackers have unlimited time to analyze the passwords.
  • An online password cracker attempts to discover passwords by guessing them in a brute force attack. For example, some online password crackers attempt to discover the passwords for specific accounts by trying to log on to the accounts remotely. Other online password crackers collect network traffic and attempt to crack any passwords sent over the network.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Network Mapping

Network mapping discovers devices on the network and how they are connected with each other. It is often done as part of a network scan, but it only focuses on connectivity. In contrast, a full network scan also includes additional scans to identify open ports, running services, and OS details.

Some tools, such as Zenmap, provide you with a graphical representation of the network.

Wireless Scanners/Cracker

Administrators often perform site surveys while planning and deploying a wireless network. Security personnel periodically repeat the site survey to verify the environment hasn’t changed.

Wireless scanners can typically use both passive and active scans. When using a passive scan, a scanner just listens to all the traffic being broadcast on known channels within the 2.4 GHz and 5 GHz frequency ranges.

The figure shows a screenshot from Acrylic Wi-Fi Professional, a wireless scanner with many capabilities. As with many scanners, it can collect and report quite a bit of information on local APs.

Acrylic Wi-Fi Professional

The following bullets describe some of the columns in the figure:

  • SSIDs. A scanner will detect the service set identifier (SSID) of all access points within range of the scanner.
  • MAC addresses. It shows the MAC, or hardware address of the AP.
  • Signal strength. The signal strength typically identifies how near (or how far away) the AP is in relation to the computer performing the scan.
  • Channels. This helps administrators determine if nearby APs are broadcasting on the same channel, causing interference.
  • Channel widths. A channel is typically 20 MHz wide, but when an AP is using two channels, it is 40 MHz. The scanner will show this information.
  • Security. The scanner will show if the AP is in Open mode or using one of the other wireless cryptographic protocols: Wi-Fi Protected Access (WPA) or Wi-Fi Protected Access II (WPA2).

When using an active scan, a wireless scanner acts like a scanner/cracker and can gain more information about an AP by sending queries to it. As an example, a WPS attack keeps guessing PINs until it discovers the eight-digit PIN used by an AP. It can then use this to discover the pre-shared key (PSK) used by the AP. Various wireless scanners have other capabilities, including password crackers using other methods.

Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Rogue System Detection

Rogue APs are APs placed into service without authorization. As long as an administrator knows what APs are authorized, it’s easy to discover rogue APs with a wireless scan. Administrators often perform site surveys while planning and deploying a wireless network. As an example, the figure shows all the SSIDs it has detected.

Administrators can investigate any unknown SSIDs. The received signal strength indicator (RSSI) shows the strength of the signal. A lower negative number (closer to zero) is stronger than a higher negative number. By installing the wireless scanner on a laptop and walking around an organization, you can locate rogue APs. As you move closer to a rogue AP, the signal becomes stronger. As you move farther away from it, the signal becomes weaker.


Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Q. You suspect that a user is running an unauthorized AP within the organization’s building. Which of the following tools is the BEST choice to see if an unauthorized AP is operating on the network?

A. Rogue system

B. Wireless scanner

C. Password cracker

D. Penetration test

Answer is B. A wireless scanner can detect all of the wireless access points (APs) running on a network. By comparing this with a list of authorized APs, you can detect unauthorized APs.

A rogue system is an unauthorized system, but it isn’t used to detect unauthorized APs.

A password cracker can often crack passwords used by APs, but it isn’t used to detect rogue APs.

A penetration test attempts to exploit known vulnerabilities, but it isn’t used to detect rogue APs.

See Chapter 8 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide for more information on checking for vulnerabilities.

 


If you’re studying for the SY0-501 version of the exam, check out the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide.

Read More

Physical Security Controls & Asset Management

You can’t eliminate risk to an organization’s assets. However, you can reduce the impact of many threats by implementing security controls. If you’re planning to take the SY0-501 or  SY0-401 Security+ exam, you should have a basic understanding of security controls.  This includes physical security controls that help protect access to secure areas and asset management systems that can help reduce several vulnerabilities.

For example, can you answer this question?

Q. Management within your organization wants to create a small network used by executives only. They want to ensure that this network is completely isolated from the main network. Which of the following choices BEST meets this need?

A. Airgap

B. Mantrap

C. Control diversity

D. Infrared motion detectors

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Physical Security Controls

A physical security control is something you can physically touch, such as a hardware lock, a fence, an identification badge, and a security camera. Physical security access controls attempt to control entry and exits, and organizations commonly implement different controls at different boundaries, such as the following:

  • Perimeter. Military bases and many other organizations erect a fence around the entire perimeter of their land. They often post security guards at gates to control access. In some cases, organizations install barricades to block vehicles.
  • Buildings. Buildings commonly have additional controls for both safety and security. For example, guards and locked doors restrict entry so only authorized personnel enter. Many buildings include lighting and video cameras to monitor the entrances and exits.
  • Secure work areas. Some companies restrict access to specific work areas when employees perform classified or restricted access tasks. In some cases, an organization restricts access to all internal work areas. In other words, visitors can enter the lobby of a building, but they are not able to enter internal work areas without an escort.

Physical Security Controls & Asset Management

  • Server and network rooms. Servers and network devices such as routers and switches are normally stored in areas where only the appropriate IT personnel can access them. These spaces may be designated as server rooms or wiring closets. It’s common for an organization to provide additional physical security for these rooms to prevent attackers from accessing the equipment. For example, locking a wiring closet prevents an attacker from installing illicit monitoring hardware, such as a protocol analyzer, to capture network traffic.
  • Hardware. Additional physical security controls protect individual systems. For example, server rooms often have locking cabinets to protect servers and other equipment installed in the equipment bays. Cable locks protect laptop computers, and smaller devices can be stored in safes.
  • Airgap. An airgap is a physical security control that ensures that a computer or network is physically isolated from another computer or network. As an example, you can isolate a computer from a network by ensuring that it is not connected to any other system in the network. This lack of connectivity provides an airgap. This is often done to separate classified networks from unclassified networks.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Asset Management

Asset management is the process of tracking valuable assets throughout their life cycles. For example, organizations commonly implement processes to track hardware such as servers, desktop computers, laptop computers, routers, and switches. An effective asset management system can help reduce several vulnerabilities:

  • Architecture and design weaknesses. Asset management helps reduce architecture and design weaknesses by ensuring that purchases go through an approval process. The approval process does more than just compare costs. It also evaluates the purchase to ensure it fits in the overall network architecture. Unapproved assets often weaken security by adding in additional resources that aren’t managed.
  • System sprawl and undocumented assets. System sprawl occurs when an organization has more systems than it needs, and systems it owns are underutilized. Asset management begins before the hardware is purchased and helps prevent system sprawl by evaluating the purchase. Additionally, after the purchase is completed, asset management processes ensure hardware is added into the asset management tracking system. This ensures that the assets are managed and tracked from cradle to grave.

Get Certified Get Ahead

Many organizations use automated methods for inventory control. For example, radio- frequency identification (RFID) methods can track the movement of devices. These are the same types of devices used in stores to prevent shoplifting. If someone exits without paying, the RFID device transmits when the shoplifter gets close to the exit door and sounds an alarm. Organizations won’t necessarily have an alarm, but they can track the movement of devices.

Mobile devices are easy to lose track of, so organizations often use asset-tracking methods to reduce losses. For example, when a user is issued a mobile device, asset-tracking methods record it. Similarly, if the user leaves the company, asset-tracking methods ensure the user returns the device.


Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Q. Management within your organization wants to create a small network used by executives only. They want to ensure that this network is completely isolated from the main network. Which of the following choices BEST meets this need?

A. Airgap

B. Mantrap

C. Control diversity

D. Infrared motion detectors

Answer is A. An airgap ensures that a computer or network is physically isolated from another computer or network.

A mantrap helps prevent unauthorized entry and is useful for preventing tailgating.

Control diversity is the use of different controls such as technical, administrative, and physical, but it doesn’t necessarily isolate networks.

Infrared motion detectors sense motion from infrared light, but they don’t isolate networks.

See Chapter  8 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

or

See Chapter 2 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

for more information on implementing controls to protect assets.

Read More

Understanding Cryptographic Algorithms

With a basic understanding of hashing, symmetric encryption, and asymmetric encryption, it’s easier to grasp how cryptography is used. If you’re planning to take the SY0-501 or  SY0-401 Security+ exam, you should have a basic understanding of cryptographic algorithms and their basic characteristics. The 501 exam is digging into some details a little deeper.

As an example, see if you can answer this question?

Q. An application developer is working on the cryptographic elements of an application. Which of the following cipher modes should NOT be used in this application?

A. CBC

B. CTM

C. ECB

D. GCM

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Cipher Suites

Cipher suites are a combination of cryptographic algorithms that provide several layers of security for TLS and SSL, though most organizations have deprecated the use of SSL. When two systems connect, they identify a cipher suite that is acceptable to both systems and then use the protocols within that suite.

Some cipher suites are very old and include encryption algorithms such as DES. Clearly, they shouldn’t be used and are disabled by default in most systems today. When necessary, administrators configure systems and applications to disable older specific cipher suites.

When two systems connect, they negotiate to identify which cipher suite they use. Each system passes a prioritized list of cipher suites it is willing to use. They then choose the cipher suite that is highest on their lists and common to both lists.

Understanding Cryptographic Algorithms

Implementation Versus Algorithm Selection

As you read about different algorithms and different modes of operation, you might have been wondering how this is relevant. It really depends on your job. Two terms are relevant here:

  • Crypto module. A crypto module is a set of hardware, software, and/or firmware that implements cryptographic functions. This includes algorithms for encryption and hashing, key generation, and authentication techniques such as a digital signature.
  • Crypto service providers. A crypto service provider is a software library of cryptographic standards and algorithms. These libraries are typically distributed within crypto modules.

As an example, software developers access software libraries when implementing cryptographic functions in their programs. If they need to encrypt data, they don’t start from nothing. Instead, they access a crypto service provider, or cryptographic service provider, which is a library of different implementations of cryptographic standards and algorithms.

Get Certified Get Ahead

Crypto service providers are typically distributed within crypto modules. As an example, Python is a popular application used by web developers to create dynamic web sites. Python includes a rich assortment of crypto modules developers can use. The Python Cryptography Toolkit includes a library of both hashing functions and encryption algorithms. Developers simply follow the syntax defined within the library to implement these hashing functions and encryption algorithms.

Developers should know about the different cryptographic algorithms, along with the different modes of operation. As an example, although it’s possible to select DES for encryption, this would be a mistake because DES has been deprecated. Similarly, it’s possible for a developer to implement an algorithm using the ECB mode of operation. However, ECB has known weaknesses, so this would also be a mistake.

Administrators implement algorithms via cipher suites on servers. Their responsibility is to ensure that deprecated and weak cipher suites are disabled on servers. If administrators leave weak or deprecated algorithms functioning on servers, it makes the servers susceptible to attacks such as downgrade attacks.


Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Q. An application developer is working on the cryptographic elements of an application. Which of the following cipher modes should NOT be used in this application?

A. CBC

B. CTM

C. ECB

D. GCM

Answer is C. The Electronic Codebook (ECB) mode of operation encrypts blocks with the same key, making it easier for attackers to crack. The other cipher modes are secure and can be used.

Cipher Block Chaining (CBC) mode is used by some symmetric block ciphers, though it isn’t as efficient.

Counter (CTM) mode combines an initialization vector (IV) with a counter and effectively converts a block cipher into a stream cipher.

Galois/Counter Mode (GCM) combines the Counter mode with hashing techniques for data authenticity and confidentiality.

See Chapter 10 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

or

See Chapter 10 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide 

for more information on cryptographic protocols.

 

Read More

Log Entries and Security+

Several people have recently queried me about log entries related to the SY0-401 and SY0-501 Security+ exam. People that have worked in networking jobs for the past couple of years have likely seen log entries from many different sources.

However, many people are required to earn the Security+ certification that haven’t necessarily worked in networking jobs. Additionally, some IT jobs don’t require technicians to routinely review and analyze logs so they might be confused by them.

However, with some basic knowledge and applying some critical thinking skills, you should be able to figure many of them out.

Sample Log Entry Practice Test Question

As an example, consider the following Security+ practice test question that I recently added to the test banks on the gcgapremium.com site.

Q. Your IPS recently raised an alert from the following log entry on of your organization’s web servers:

04/23/18 23:13:50 httpd: GET /wp/forms/process.php?input=cd%20../../../etc;cat%20shadow

Based on this log entry, which of the following is MOST likely occurring

A. False negative

B. XSS attack

C. Command injection attack

D. Password attack

E. Buffer overflow attack

The answer (and full explanation) is at the end of this blog post.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Analyzing the Log Entry

In most log entries (if not all), you will see a time stamp somewhere within the log entry. This entry indicates it was logged on April 23, 2018 (04/23/18) at about 50 seconds after 11:13 PM (23:13:50).  Note that the date could be entered as an easier to recognize date like this:

Apr 23 2018 23:13:50...

Log entries typically use a 24 hour clock instead of dividing time into AM and PM. One way of determining the actual time after 1 PM is to subtract 12 from the first number if it is greater than 12.  In this case, 23-12 is 11, indicating 11 PM.

Next, in the entry is httpd. Hopefully, you’ll recognize that this represents the Hypertext Transfer Protocol (HTTP) used on the Internet to serve up web pages.

04/23/18 23:13:50 httpd:

What about the extra D? It represents a daemon. A daemon is a process that runs in the background on a Linux systems, similar to how services run in the background on Windows systems. HTTPD indicates it is a daemon handling HTTP requests.

Next is the GET command.

04/23/18 23:13:50 httpd: GET

This is where CompTIA is making the Security+ exam more focused on programmers and developers. This is admittedly a little odd, considering that recommend experience says nothing about development experience, but only mentions “experience in IT administration with a security focus.”

Developers that have done web page development using common languages such as Python, PHP, and JavaScript understand that GET is an HTTP command used to retrieve something, such as a web page. However, for a Cisco expert that knows routers and switches inside and out, this isn’t common knowledge.

At any rate, you can think of GET as a simple read command. What is it trying to read? The answer is in the following section:

GET /wp/modules/process.php?input=cd%20../../../etc;cat%20shadow

There are a couple of things going in this part of the entry, but it’s important to realize that is a single line of code with multiple elements.

First, it is running a PHP program called process.php, which is a generic name for a PHP module typically used to process web page forms. The module would typically be within another directory, so the code adds the appropriate path (/wp/forms/ in this scenario) before the module name.

The next part (?input=cd%20../../../etc;cat%20shadow) is very likely the malicious code. It indicates that it is retrieving data and passing it back to the process.php module.

If you’ve done some work with the command line on Linux systems,  the commands should be familiar. The %20 indicates a space, so the this is essentially the following two commands:

cd ../../../etc

cat shadow

The first command (cd) changes the directory  to the etc directory.

The second command (cat shadow) attempts to read the shadow file, which is an encrypted form of the password file.

The code than passes the password file back to the process.php file as an input.

But here’s a question to ask. Why would a PHP module be retrieving the password file?

Hint: It shouldn’t.

Is This Normal?

A PHP module used to process forms would NOT be trying to retrieve the entire contents of the shadow file.

Additionally, it is NOT natural for an HTTP GET command to execute commands normally run at the Linux terminal or a Windows command line.

Command Injection Attack

Here’s a snippet from Chapter 7 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide.

“In some cases, attackers can inject operating system commands into an application using web page forms or text boxes. Any web page that accepts input from users is a potential threat. Directory traversal is a specific type of command injection attack that attempts to access a file by including the full directory path, or traversing the directory structure.”

In this scenario, the attacker used directory traversal to first access the /etc/ folder. It then used the cat shadow command to access the encrypted passwords.

Did it work? We don’t know.

Hopefully, the process.php file is using adequate input validation techniques to block this type of attack.

Sample Log Entry Practice Test Question Answer

Q. Your IPS recently raised an alert from the following log entry on of your organization’s web servers:

04/23/18 23:13:50 httpd: GET /wp/forms/process.php?input=cd%20../../../etc;cat%20shadow

Based on this log entry, which of the following is MOST likely occurring

A. False negative

B. XSS attack

C. Command injection attack

D. Password attack

E. Buffer overflow attack

Answer: This is a command injection attack because it is attempting to run the cd and cat commands.

A false negative indicates an attack is occurring, but a system such as the intrusion prevention system (IPS) is not detecting the attack. Because the IPS raised an alert, it is not a false negative.

A cross-site scripting (XSS) attack used embedded HTML or JavaScript code, not command-line commands.

A password attack attempts to discover passwords. While this looks like it may be trying to discover passwords, it is unlikely to do so if the process.php module is using adequate input validation.

A buffer overflow occurs if an application receives more data than it could handle. If the process.php module is not using adequate input validation techniques, this could result in a buffer overflow problem, but there isn’t any indication that it did cause a buffer overflow issue.

 

 

 

Read More

Accessing Networks Using NAC Systems

NAC provides a measure of control for other computers. It ensures that clients meet predetermined characteristics prior to accessing a network.  If you’re planning to take the SY0-501 or  SY0-401 Security+ exam, you should have a basic understanding of installing and configuring network components to support organizational security. This includes using NAC systems to isolate computers that don’t meet preset conditions.

For example, can you answer this question?

Q. Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following agents would the NAC MOST likely have?

A. Permanent

B. Health

C. RADIUS

D. Dissolvable

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Host Health Checks

Administrators set predefined conditions for healthy clients and those that meet these preset conditions can access the network. The NAC system isolates computers that don’t meet the conditions. Common health conditions checked by a NAC are:

  • Up-to-date antivirus software, including updated signature definitions
  • Up-to-date operating system, including current patches and fixes
  • Firewall enabled on the client

NAC systems use authentication agents (sometimes called health agents) to inspect NAC clients. These agents are applications or services that check different conditions on the computer and document the status in a statement of health. When a client connects to a NAC-controlled network, the agent reports the health status of the NAC client.

Consider the figure. When a VPN client accesses the network, the VPN server queries the NAC health server to determine required health conditions. The VPN server also queries the client for a statement of the client’s health. If the client meets all health requirements, the NAC system allows the client to access the network.

Using NAC Systems

Using network access control

However, if a client doesn’t meet the health conditions mandated by the NAC server, the VPN server redirects the client to a remediation network (also called a quarantine network). The remediation network includes resources the client can use to get healthy. For example, it would include current approved patches, antivirus software, and updated virus signatures. The client can use these resources to improve its health and then try to access the network again.

While NAC can inspect the health of VPN clients, you can also use it to inspect the health of internal clients. For example, internal computers may occasionally miss patches and be vulnerable. NAC will detect the unpatched system and quarantine it. If you use this feature, it’s important that the detection is accurate. A false positive by the NAC system can quarantine a healthy client, and prevent it from accessing the network.

Similarly, your organization may allow visitors or employees to plug in their mobile computers to live wall jacks for connectivity, or connect to a wireless network. NAC inspects the clients, and if they don’t meet health conditions, they may be granted Internet access through the network but remain isolated from any other network activity.

CompTIA Security+ Study Guide

Are you looking for SYO-501 Study Guide?

The 501 Version of the Study Guide is Now Available. Click Here.

The 401 Version of the Study Guide

SY0-401 Study GuideThe CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.

CompTIA Authorized Quality Content (CAQC)After a comprehensive review by ProCert Labs, the SY0-401 version has been certified as CompTIA Approved Quality Content (CAQC) and covers every aspect of the SY0-401 exam.

It includes the same elements readers raved about in the previous two versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.


Click for Free Preview


Over 400 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 100 question pre-test
  • A 100 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-401 study guide is for any IT or security professional interested in advancing in their field, and a must read for anyone striving to master the basics of IT security.

Kindle edition also available.

Permanent Versus Dissolvable

Agents on clients can be either dissolvable or permanent. A permanent agent (sometimes called a persistent NAC agent) is installed on the client and stays on the client. NAC uses the agent when the client attempts to log on remotely. This is the most common implementation for corporate-owned devices, and for approved laptops and PCs that employees use to connect remotely.

A dissolvable agent is downloaded and run on the client when the client logs on remotely. It collects the information it needs, identifies the client as healthy or not healthy, and reports the status back to the NAC system. Some dissolvable NAC agents remove themselves immediately after they report back to the NAC system. Others remove themselves after the remote session ends.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Dissolvable agents are often used on mobile devices when an organization has implemented a bring your own device (BYOD) policy. Employee-owned devices are inspected for health, but the organization doesn’t require users to install extra software on their devices. However, these dissolvable agents can detect vulnerabilities on mobile devices, such as a jail-broken or rooted device. A jail-broken Apple device removes software restrictions, such as the ability to install software from sources other than the Apple store. A rooted Android device has been modified, allowing root-level access to, and the ability to modify, the Android operating system.

Many NAC vendors refer to dissolvable agents as an agentless capability, though this is somewhat of a misnomer. The NAC is still using an agent to inspect the client, but it is not installing the agent on the client.

Remember this

Network access control (NAC) includes methods to inspect clients for health, such as having up-to-date antivirus software. NAC can restrict access of unhealthy clients to a remediation network. You can use NAC for VPN clients and for internal clients. Permanent agents are installed on the clients. Dissolvable agents (sometimes called agentless) are not installed on the clients and are often used to inspect employee-owned mobile devices.


Full Security+ Course

SY0-401 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Click here if you're looking for SYO-501 Full Security+ Course

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the SY0-401 Full Security+ Course Here

 Full Security+ Course


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-401 Full Security+ Course Here

Click here if you're looking for SYO-501 Full Security+ Course

Q. Your organization recently implemented a BYOD policy. However, management wants to ensure that mobile devices meet minimum standards for security before they can access any network resources. Which of the following agents would the NAC MOST likely have?

A. Permanent

B. Health

C. RADIUS

D. Dissolvable

Answer is D. A dissolvable agent is often used on employee-owned devices and would be appropriate if an organization implemented a bring your own device (BYOD) policy.

A permanent network access control (NAC) agent is installed on the device permanently, but this might cause problems for employee-owned devices.

Any NAC agent is a health agent.

Remote Authentication Dial-In User Service (RADIUS) is used for authentication, not to inspect clients.

See Chapter 4 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

or

See Chapter 4 of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide 

for more information on securing network.

Read More

CISSP and Adaptive Testing

Did you hear that the (ISC)2 CISSP exam is now using adaptive testing for the English version of the exam?

This is a welcome change for many people. It reduces the time length of the exam from up to 6 hours to up to 3 hours. It also reduces the number of questions from 250 to a range of 100 to 150. A passing score in both versions is 700 (out of 1000) and they typically include 25 experimental or beta questions that don’t count towards your score.

New CISSP Objectives Go Live April 15

(ISC)2 updates the objectives every three years and the 2018 version is effective April 15, 2018. You can download the updated objectives here.

If you’re looking for study materials, check out the updated CISSP: Certified Information Systems Security Professional Official Study Guide (8th Edition).

What is Adaptive Testing?

Adaptive testing asks you different questions based on how you answered previous questions to identify your competence level. As an example, imagine the exam wants to determine your knowledge about vulnerability assessments.

  • If you answer a question correctly, the next question will be more difficult.
  • If you answer a question incorrectly, the next question will be easier.
  • You cannot go back to see previous questions.

Imagine that the exam has five questions on vulnerability assessments For simplicity, let’s call them Question 1 through Question 5. Question 1 is the easiest and Question 5 is the most difficult.

The algorithms for adaptive testing vary. However, the following scenarios show different ways the adaptive exam may work. For each one, imagine that you see Question 4 first.

Adaptive Testing Scenario 1 – Pass (2 Questions)

The Quiz shows you Question 4.

  • You answer it correctly.
  • You will then see Question 5 (the most difficult question for the sub-objective).
  • You answer Question 5 correctly.
  • The quiz assumes you understand this topic and gives you a Pass for the topic.

Note that you only had to answer two questions for the topic.

Adaptive Testing Scenario 2 – Pass (5 Questions)

The Quiz shows you Question 4.

  • You answer it incorrectly.
  • You will then see Question 3 (a question less difficult than Question 4).
  • You answer Question 3 correctly.
  • You will then see Question 5 (the most difficult question for the topic).
  • You answer Question 5 incorrectly.
  • You then answer Question 2 and Question 1 correctly
  • You have answered three questions correctly (1 through 3) and the quiz gives you a pass for the topic.
  • If you answer it correctly, you’ll see Question 1.

Note that you had to answer all five questions for the topic in this scenario.

Adaptive Testing Scenario 3 – Fail (3 Questions)

The Quiz shows you Question 4.

  • You answer it incorrectly.
  • You will then see Question 3 (a question less difficult than Question 4).
  • You answer Question 3 incorrectly.
  • You will then see Question 2 (a question less difficult than Question 3).
  • You answer Question 2 incorrectly.
  • At this point, you’ve answered three questions incorrectly and the quiz gives you a fail for the topic.

Note that you only answered three questions for the topic. However, because you didn’t get any of them correct, the exam assumes you do not have an adequate understanding of the topic and stops giving you additional questions.

Are These Adaptive Testing Scenarios Accurate?

The exact algorithm that (ISC)2 test developers used to create the exam is probably protected as a proprietary secret and I don’t know it. However, the scenarios are accurate descriptions of how an adaptive exam can evaluate your understanding. They also show how one person may see only two questions for a topic, and why another person may see five questions for the same topic.

Additionally, it’s unlikely that any topic has only five Questions. Instead, it may have 15 questions, with three questions in each difficulty level of Question 1 (least difficult) to Question 5 (most difficult). This allows the exam to give different test takers different questions, but at the same difficultly level.

Also, (ISC)2 weighs objectives differently, so another topic may have ten different difficulty levels, again, with multiple questions in each difficulty level.

What Happens if I Fail a Topic

If you fail a topic, it doesn’t mean you failed the exam. However, you are required to pass a specific number of topics to pass the exam.

For simplicity, imagine that the exam covers only ten topics, they are all weighted equally, and you are expected to pass seven of them.

Adaptive Testing Scenario 1 Quick Fail

If you fail the first four topics, you fail the exam because you can only answer six topics correctly at this point.

It’s highly likely that the testing engine will not show you the rest of the questions knowing that you already failed.

Adaptive Testing Scenario 2 Quick Pass

If you pass the first seven topics, you pass the exam. The testing engine may stop the exam and let you know that you passed.

However, (ISC)2 puts beta questions in for testing, so you’ll probably still see questions from the other three topics.

Adaptive Testing Scenario 3 Pass

You see all ten topics and pass at least seven of them. You pass.

 

700 Out of 1000

A passing score for the (ISC)2 CISSP exam is 700 out of a total of 1000.

Unlike the simple testing scenario, topics are worth more than a single point. In other words, you won’t see 1000 topics (thank goodness!). Instead, the topics are weighted differently and (ISC)2 has assigned different values for each of their topics.

Adaptive Testing Tips

When taking an adaptive exam, the following tips may help.

  • Do your best on every question. The earlier questions typically weigh more so the better you do on early questions, the less questions you’ll likely see.
  • Do not skip questions.  If you skip a question it will be marked wrong and you can’t go back.
  • Do not analyze the exam. While taking the exam, you may see a string of “easy” questions and think you’re about to fail the topic or even the exam. However, it’s entirely possible that your mastery of the topic makes difficult questions look easy to you. If you start stressing about issues that aren’t issues, the anxiety may impact your ability to answer other questions.
Read More
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.