Cryptography & Encryption 

Cryptography provides two primary security methods you can use with email: digital signatures and encryption. These are separate processes, but you can digitally sign and encrypt the same email. If you’re planning to take the SY0-501 exam, you should have a good understanding of cryptography and encryption.

For example, can you answer this practice test question?

Q. An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Acme realized it couldn’t meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Acme did submit the bid?

A. Digital signature

B. Integrity

C. Repudiation

D. Encryption

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

Signing Email with Digital Signatures

Digital signatures are similar in concept to handwritten signatures on printed documents that identify individuals, but they provide more security benefits. The digital signature algorithm (DSA) uses an encrypted hash of a message. The hash is encrypted with the sender’s private key. If the recipient of a digitally signed email can decrypt the hash, it provides the following three security benefits:

Authentication. This identifies the sender of the email. Email recipients have assurances the email actually came from who it appears to be coming from. For example, if an executive digitally signs an email, recipients know it came from the executive and not from an attacker impersonating the executive.

Non-repudiation. The sender cannot later deny sending the message. This is sometimes required with online transactions. For example, imagine Homer sends an order to sell stocks using a digitally signed email. If the stocks increase after his sale completes, he can’t deny the transaction.

Integrity. This provides assurances that the message has not been modified or corrupted. Recipients know that the message they received is the same as the sent message.

Digital signatures are much easier to grasp if you understand some other cryptography concepts. These concepts are:

Hashing. Digital signatures start by creating a hash of the message. A hash is simply a number created by executing a hashing algorithm on the message.

Certificates. Digital signatures need certificates, and certificates include the sender’s public key.

Public/private keys. In a digital signature, the sender uses the sender’s private key to encrypt the hash of the message. The recipient uses the sender’s public key to decrypt the hash of the message. The public key is often distributed in an S/MIME.p7s formatted file.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Certificates

A key element of asymmetric encryption is a certificate. A certificate is a digital document that typically includes the public key and information on the owner of the certificate. Certificate Authorities issue and manage certificates. Certificates are used for a variety of purposes beyond just asymmetric encryption, including authentication and digital signatures.

The figure shows a sample certificate with the public key selected. Users and applications share the certificate file to share the public key. They do not share the private key.

Cryptography & Encryption 

Certificate with public key selected

There is much more information in the certificate than just the public key, but not all of it is visible in the figure. Common elements within a certificate include:

Serial number. The serial number uniquely identifies the certificate. The CA uses this serial number to validate a certificate. If the CA revokes the certificate, it publishes this serial number in a certificate revocation list (CRL).

Issuer. This identifies the CA that issued the certificate.

Validity dates. Certificates include “Valid From” and “Valid To” dates. This ensures a certificate expires at some point.

Subject. This identifies the owner of the certificate. In the figure, it identifies the subject as Google, Inc and indicates this is a wildcard certificate used for all web sites with the google.com root domain name.

Public key. RSA asymmetric encryption uses the public key in combination with the matching private key.

Usage. Some certificates are only for encryption or authentication, whereas other certificates support multiple usages.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Steganography

Steganography hides data inside other data, or, as some people have said, it hides data in plain sight. The goal is to hide the data in such a way that no one suspects there is a hidden message. It doesn’t actually encrypt the data, so it can’t be classified as either symmetric or asymmetric. However, it can effectively hide information using obfuscation, so it is included with encryption topics. Obfuscation methods attempt to make something unclear or difficult to understand.

There are a variety of steganography tools available that make the process easier. Additionally, these tools attempt to resist detection by forensic methods. For example, Kali Linux includes Steghide and StegoSuite, two tools you can use to embed data into graphic files.

Some common examples of steganography are:

Hide data by manipulating bits. It’s possible to manipulate some bits within an image or sound file to embed a message. One method of embedding data in large files is modifying the least significant bit in some By modifying the least significant bit in some of the individual bytes of a JPEG file, it embeds a message, but the changes are so small that they are difficult to detect. However, if people know the file includes a message, they can easily retrieve it.

Hide data in the white space of a file. Many files have unused space (called white space) at the end of file clusters. Imagine a small 6 KB file stored in two 4 KB clusters. It has an extra 2 KB of unused space and it’s possible to fill this white space with a message. For example, you can embed a message into the white space of a GIF or JPEG file without altering the file

Security professionals use steganalysis techniques to detect steganography, and the most common method is with hashing. If a single bit of a file is modified, the hashing algorithm creates a different hash. By regularly taking the hashes of different files and comparing them with previous hashes, it’s easy to detect when a file has been modified.


Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Q. An organization requested bids for a contract and asked companies to submit their bids via email. After winning the bid, Acme realized it couldn’t meet the requirements of the contract. Acme instead stated that it never submitted the bid. Which of the following would provide proof to the organization that Acme did submit the bid?

A. Digital signature

B. Integrity

C. Repudiation

D. Encryption

Answer is A. If Acme submitted the bid via email using a digital signature, it would provide proof that the bid was submitted by Acme. Digital signatures provide verification of who sent a message, non-repudiation preventing them from denying it, and integrity verifying the message wasn’t modified.

Integrity verifies the message wasn’t modified.

Repudiation isn’t a valid security concept.

Encryption protects the confidentiality of data, but it doesn’t verify who sent it or provide non-repudiation.

See Chapter 10 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on cryptography and PKI.

Read More

An Easy Way to Learn Linux

Do you want to learn Linux? It may be easier than you think.

I’ve wanted to learn Linux and get the Linux+ certification for a while now, but I don’t have a Linux system. Knowing that I’m a kinesthetic learner, I know that I learn much better when I do things rather than just reading about them.

Knowing this, I needed a Linux system.

Learn Linux

Learn Linux from a Bootable USB

Most systems can boot from a USB device by modifying the Unified Extensible Firmware Interface (UEFI) or Basic Input/Output System (BIOS). Additionally, there are now several bootable USBs available for sale.

Once you configure your system, these allow you to choose what operating system to boot into. As an example, I have a system with Windows. It can now boot into either Windows or Linux.

After looking around, I ended up buying one that booted into the Linux Mint Cinnamon distribution.  Linux Mint is a flavor of Ubuntu, one of the distributions recommended by CompTIA in the Linux+ Proposed Hardware and Software List.  After using this system for Linux for a couple of months, I verified that the system still boots into Windows without any problems.

Learn Linux with Linux Mint

Learn Linux with Linux Mint

After buying one and modifying the UEFI or BIOS, you can boot into a fully functional Linux system with these steps:

  1. Plug in the USB.
  2. Reboot the computer.
    The Mint USB that I bought launches the YUMI MultiBoot USB menu.
  3. Select Linux Distributions.
  4. Select the Linux menu item.
    The USB I bought displays a Linux Mint menu item.

Accessing the BIOS or UEFI

To access the BIOS or UEFI, you simply press a key or key combination while the system is booting. Traditionally, this is the F1 or F2 key.  You must enter the key at the right time. Otherwise, the system will boot to the operating system. If I want to get into the BIOS or UEFI, I let my finger dance on the F1 and F2 keys hoping I’m entering the key in time.

Unfortunately, several systems require you to use alternate keys. The good news is that you can usually read the directions on the screen as the system is booting to identify the key that will take you to the BIOS/UEFI.

However, Windows 10 systems sometimes boot too quickly making this a frustrating experience. Instead, you can use these steps within Windows 10 to reboot into the UEFI menu.

Warning: Ensure you read each menu item before selecting it. Some menu items can restore your system to factory defaults causing you to lose all data or reset security settings erasing key security information.

  1. Click start, type Settings, and press Enter to start the Settings app.
  2. In the Settings App, click on Update and Security.
    Alternately, you can enter Recovery Options in search text box and press Enter.
  3. In Update & Security, click on Recovery.
  4. Warning: This step will reboot your PC. Ensure you have saved all your work.
    In Recovery, scroll down to the Advanced Startup section and click on Restart now.
  5. After the system reboots, you’ll see a menu. Select Troubleshoot.
  6. In the Troubleshoot menu, select Advanced Options.
  7. In the Advanced Options menu, select UEFI Firmware Settings.
  8. In the UEFI Firmware Settings menu, click Restart.

Modifying the BIOS or UEFI

The most challenging thing I faced with this is getting my system to boot from the USB. It has a UEFI and all the settings weren’t obvious to me at first.

My first step was to set the BIOS Settings -> General -> Boot Sequence to go to the USB first. Theoretically, by setting the system to boot from the USB first, it would always look for a bootable USB first. It didn’t. Instead, the system ignored this setting.

Three other settings needed to be modified:

  • Enable Legacy Option ROMs
  • Enable Attempt Legacy Boot
  • Disable Secure boot

Warning: Ensure you read each menu item before selecting it. Some menu items can restore your system to factory defaults causing you to lose all data or reset security settings erasing key security information.

In this context, legacy refers to the older BIOS. The first two settings are in Settings -> General -> Advanced Boot Options. For my system, I just checked the box for each.

The third setting was in the Settings -> Secure Boot -> Secure Boot Enable section. For my system, I selected Disabled.

Last, if your system has a Trusted Platform Module that has been enabled, you’ll need to disable the Platform Trust Technology (PTT) feature. In the Settings -> Security -> PTT Security section, ensure the PTT On checkbox is disabled.

Check out our Linux+ Study package here.

Learn Linux

Learn Linux by Booting into Linux

At this point you should be able to boot into Linux using the simple steps listed earlier.

  1. Plug the USB into the computer.
  2. Reboot the computer.
    The Mint USB that I bought launches the YUMI MultiBoot USB menu.
  3. Select Linux Distributions.
  4. Select the Linux menu item.

This will put you into Linux. If you purchased the Linux Mint USB, it includes the Cinnamon Graphical User Interface (GUI) mentioned in the CompTIA Linux+ Objectives.

Once booted, you can double-click on the Terminal icon at the bottom left. It’s all black with just a little white in it. Hover over the icons and the name of the app will appear.

Check out our Linux+ Study package here.

Read More

Identifying Authentication Services

Authentication services commonly use protocols to ensure that unencrypted credentials are not sent across a network. This protects user credentials and provides additional security for identity and access services. If you’re planning to take the SY0-501 exam, you should have a basic understanding of installing and  configuring identity and access services.

For example, can you answer this practice test question?

Q. A network includes a ticket-granting ticket server used for authentication. Which authentication service does this network use?

A. Shibboleth
B. SAML
C. LDAP
D. Kerberos

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

Kerberos

Kerberos is a network authentication mechanism used within Windows Active Directory domains and some Unix environments known as realms. It was originally developed at MIT (the Massachusetts Institute of Technology) for Unix systems and later released as a request for comments (RFC). Kerberos provides mutual authentication that can help prevent man-in-the- middle attacks and uses tickets to help prevent replay attacks.

Kerberos includes several requirements for it to work properly. They are:

• A method of issuing tickets used for authentication. The Key Distribution Center (KDC) uses a complex process of issuing ticket-granting tickets (TGTs) and other tickets. The KDC (or TGT server) packages user credentials within a ticket. Tickets provide authentication for users when they access resources such as files on a file server. These tickets are sometimes referred to as tokens, but they are logical tokens, not a key fob type of token.
Time synchronization. Kerberos version 5 requires all systems to be synchronized and within five minutes of each other. The clock that provides the time synchronization is used to timestamp tickets, ensuring they expire correctly. This helps prevent replay attacks. In a replay attack, a third party attempts to impersonate a client after intercepting data captured in a session. However, if an attacker intercepts a ticket, the timestamp limits the amount of time an attacker can use the ticket.
A database of subjects or users. In a Microsoft environment, this is Active Directory, but it could be any database of users.

When a user logs on with Kerberos, the KDC issues the user a ticket-granting ticket, which typically has a lifetime of 10 hours to be useful for a single workday. When the user tries to access a resource, the ticket-granting ticket is presented as authentication, and the user is issued a ticket for the resource. However, the ticket expires if users stay logged on for an extended period, such as longer than 10 hours. This prevents them from accessing network resources. In this case, users may be prompted to provide a password to renew the ticket-granting ticket, or they might need to log off and back on to generate a new ticket-granting ticket.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

LDAP and LDAPS

Lightweight Directory Access Protocol (LDAP) specifies formats and methods to query directories. In this context, a directory is a database of objects that provides a central access point to manage users, computers, and other directory objects. LDAP is an extension of the X.500 standard that Novell and early Microsoft Exchange Server versions used extensively.
Windows domains use Active Directory, which is based on LDAP. Active Directory is a directory of objects (such as users, computers, and groups), and it provides a single location for object management. Queries to Active Directory use the LDAP format. Similarly, Unix realms use LDAP to identify objects.

Administrators often use LDAP in scripts, but they need to have a basic understanding of how to identify objects. For example, a user named Homer in the Users container within the GetCertifiedGetAhead.com domain is identified with the following LDAP string: LDAP://CN=Homer,CN=Users,DC=GetCertifiedGetAhead,DC=com

CN=Homer. CN is short for common name.
CN=Users. CN is sometimes referred to as container in this context.
DC=GetCertifiedGetAhead. DC is short for domain component.
DC=com. This is the second domain component in the domain name.

LDAP Secure (LDAPS) uses encryption to protect LDAP transmissions. When a client connects with a server using LDAPS, the two systems establish a Transport Layer Security (TLS) session before transmitting any data. TLS encrypts the data before transmission.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

SSO and Transitive Trusts

A transitive trust creates an indirect trust relationship. As an example, imagine a transitive trust relationship exists between Homer, Moe, and Fat Tony:

• Homer trusts Moe.
• Moe trusts Fat Tony.
• Because of the transitive trust relationship, Homer trusts Fat Tony.

Of course, this isn’t always true with people and Homer might be a little upset with Moe if Moe shares Homer’s secrets with Fat Tony. However, it reduces network administration in a domain.

Within an LDAP-based network, domains use transitive trusts for SSO. The figure shows a common configuration with three domains in the same network. The parent domain is GetCertifiedGetAhead.com and the configuration includes two child domains—Training and Blogs.

Identifying Authentication Service

An LDAP transitive trust used for SSO

In this example, there is a two-way trust between the parent domain (GetCertifiedGetAhead.com) and the child domain (Training.GetCertifiedGetAhead.com). The parent trusts the child, and the child trusts the parent. Similarly, there is a two-way trust between the parent domain and the Blogs child domain. There isn’t a direct trust between the two child domains. However, the transitive relationship creates a two-way trust between them.

All of these domains contain objects, such as users, computers, and groups. Homer’s user account is in the Training domain, and a server named Costington is in the Blogs domain. With the transitive trust, it’s possible to grant Homer access to the Costington server without creating another trust relationship directly between the Training and Blogs domains.

Without a trust relationship, you’d have to create another account for Homer in the Blogs domain before you could grant him access. Additionally, Homer would need to manage the second account’s password separately. However, with the transitive trust relationships, the network supports SSO, so Homer only needs a single account.


Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Q. A network includes a ticket-granting ticket server used for authentication. Which authentication service does this network use?

A. Shibboleth
B. SAML
C. LDAP
D. Kerberos

Answer is D. Kerberos uses a ticket-granting ticket (TGT) server, which creates tickets for authentication.

Shibboleth is a federated identity solution used in some single sign-on (SSO) solutions.

Security Assertion Markup Language (SAML) is an Extensible Markup Language (XML) used for some SSO solutions.

Lightweight Directory Access Protocol (LDAP) is an X.500- based authentication service used to identify objects.

See Chapter 2 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on authentication services.

Read More

Attacks Launched Against Systems

If you’re planning to take the SY0-501 exam, you should have a good understanding of common and advanced types of attacks launched against systems and networks. This includes identifying ARP poisoning and DNS attacks.

For example, can you answer this practice test question?

Q. Attackers have launched an attack using multiple systems against a single target. Which type of attack is this?

A. DoS

B. DDoS

C. SYN flood

D. Buffer overflow

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

ARP Man-in-the-Middle Attacks

In a man-in-the-middle attack, an attacker can redirect network traffic and, in some cases, insert malicious code. Consider the figure. Normally, traffic from the user to the Internet will go through the switch directly to the router, as shown in the top of the figure. However, after poisoning the ARP cache of the victim, traffic is redirected to the attacker.

Attacks Launched Against Systems

ARP poisoning used to redirect traffic

The victim’s ARP cache should include this entry to send data to the router:
192.168.1.1, 01-23-45-01-01-01
However, after poisoning the ARP cache, it includes this entry:
192.168.1.1, 01-23-45-66-66-66

The victim now sends all traffic destined for the router to the attacker. The attacker captures the data for analysis later. It also uses another method such as IP forwarding to send the traffic to the router so that the victim is unaware of the attack.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

ARP DoS Attacks

An attacker can also use ARP poisoning in a DoS attack. For example, an attacker can send an ARP reply with a bogus MAC address for the default gateway. The default gateway is the IP address of a router connection that provides a path out of the network. If all the computers cache a bogus MAC address for the default gateway, none of them can reach it, and it stops all traffic out of the network.

DNS Poisoning Attacks

A DNS poisoning attack attempts to modify or corrupt DNS results. For example, a successful DNS poisoning attack can modify the IP address associated with google.com and replace it with the IP address of a malicious web site. Each time a user queries DNS for the IP address of google.com, the DNS server responds with the IP address of the malicious web site.

There have been several successful DNS poisoning attacks over the years. Many current DNS servers use Domain Name System Security Extensions (DNSSEC) to protect the DNS records and prevent DNS poisoning attacks. 

Pharming Attacks

A pharming attack is another type of attack that manipulates the DNS name resolution process. It either tries to corrupt the DNS server or the DNS client. Just as a DNS poisoning attack can redirect users to different web sites, a successful pharming attack redirects a user to a different web site.

Pharming attacks on the client computer modify the hosts file used on Windows systems. This file is in the C:\Windows\System32\drivers\etc\ folder and can include IP addresses along with host name mappings. By default, it doesn’t have anything other than comments on current Windows computers. However, a mapping might look like this:

127.0.0.1          localhost

13.207.21.200 google.com

The first entry maps the name localhost to the loopback IP address of 127.0.0.1. The second entry maps the name google.com to the IP address of bing.com (13.207.21.200). If a user enters google.com into the address bar of a browser, the browser will instead go to bing.com. Practical jokers might do this to a friend’s computer and it isn’t malicious. However, if the IP address points to a malicious server, this might cause the system to download malware.

DDoS DNS Attacks

It’s difficult to take down the Internet. However, a cyberattack in October 2016 effectively did so for millions of users in North America and Europe. Specifically, on October 21, attackers launched three DDoS attacks during the day at 7:00 a.m., at 11:52 a.m., and at 4:00 p.m. These attacks prevented users from accessing a multitude of sites, such as Amazon, CNN, Fox News, Netflix, PayPal, Reddit, Spotify, Twitter, Xbox Live, and more.

Attackers infected many Internet-connected devices, such as video cameras, video recorders, printers, and baby monitors, with malware called Mirai. Mirai forces individual systems to become bots within large botnets. On October 21, they sent commands to millions of infected devices directing them to repeatedly send queries to DNS servers. These queries overwhelmed the DNS servers and prevented regular users from accessing dozens of web sites.

These three attacks were launched against DNS servers maintained by Dyn, Inc., an Internet performance management company. They clearly demonstrated that it is possible to seriously disrupt DNS services, causing Internet access problems for millions of people.


Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Q. Attackers have launched an attack using multiple systems against a single target. Which type of attack is this?

A. DoS

B. DDoS

C. SYN flood

D. Buffer overflow

Answer is B. A distributed denial-of-service (DDoS) attack includes attacks from multiple systems with the goal of depleting the target’s resources.

A DoS attack comes from a single system and a SYN flood is an example of a DoS attack.

A buffer overflow is a type of DoS attack that attempts to write data into an application’s memory.

See Chapter 7 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on common attacks.

Read More

5 Things You Need to Know About Cybersecurity in 2019

Cybersecurity used to be just a buzzword — but now it’s an absolute necessity. As we continue to integrate technology into our everyday lives, the threats only continue to grow larger, and our defensive technologies must evolve. However, this constant innovation can make cybersecurity hard to keep up with, so we’ve compiled a list of things we think you need to know about cybersecurity.

5 things you need to know about cybersecurity

Cybercrime is costing businesses millions

The cost of cybercrime for businesses is escalating. IT Governance reports that the average cost of cybercrime in the US is at $27.4 million per company — twice the costs reported by firms from other countries, and 29% more than they were in 2018. According to the report, malware and web-based attacks were the most costly, at $2.6 million and $2.3 million, respectively. Following this, insider attacks jumped by 15% from 2017, costing businesses today $1.6 million on average.

Multi-factor authentication will become standard for online transactions


It’s not the perfect solution, but as credit card fraud and phishing attacks run rampant, multi-factor authentication is getting more and more popular with online vendors. Leaving just one password, leaves individuals at risk, so two or more authentication methods add additional security against hackers. This is especially beneficial as attackers are always finding new ways to get information, such as lurking in emails and gathering information, or stalking individuals to get more personal data that can convince you or your loved ones to wire money to a false account.

Cybersecurity awareness is rising

Human error is often the cause of cyberattacks, and business owners are taking notice — 45% of American organizations now provide employees with formal and mandatory security awareness training. However, more companies should be making an effort, as leaders should ensure that each member of their respective organization is aware of some form of cybersecurity. The cybersecurity guide by Marcus emphasizes the importance of simply knowing the basics, such as increasing awareness about phishing, strengthening passwords, and locking devices — all of which will always remain important. But as cybercrimes get more intense, we’ll see a rise in the number of businesses providing better and more thorough cybersecurity training to their employees.

Artificial Intelligence is reinventing cybersecurity

Artificial Intelligence (AI) is reinventing cybersecurity as a whole. In a survey of over 850 senior IT executives, Capgemini Research Institute found that two thirds of organizations report needing AI to respond to critical cybersecurity threats. AI works around the clock, and can respond to attacks that would normally take hours, days, or even months for humans to detect — and by then, the damage has already been done. Although the technology works for both cybercriminals and defenders alike, AI is definitely helping cybersecurity professionals develop their techniques and respond to attacks faster than ever before.

Demand for cybersecurity professionals is growing

Between 2017 and 2018, CyberSeek revealed that private and public sector employers posted an estimated 313,735 job openings for cybersecurity workers. This is on top of the 715,000+ cybersecurity employees currently working across the country. As cybercrimes (and their cost) increase, businesses are looking for professional and certified IT teams that can protect their valuable data — and are offering high salaries for it, too. The average salary for cybersecurity positions, range from $75,000 for cybersecurity specialists and technicians to $129,000 for cybersecurity architects, all of whom must have certifications to match their jobs. While there are many certifications to look for, the Certified Information Systems Security Professional (CISSP) is one of the most esteemed IT security certifications, as it is the de-facto certification required for information and cyber security job candidates.

Many people pursue the CompTIA Security+ certification before the CISSP because people can commonly study for and pass the Security+ exam in 30 days or less. Additionally, it is required for employment in many organizations.

Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Conclusion

As cybercrime proliferates, it’s important to get professionals who are certified and knowledgeable on how to handle and innovate the defensive process. Fortunately, advancements in cybersecurity technology, such as AI and multi-factor authentication, can be utilized to their full potential to avoid attacks and stay defensive. Moreover, ensuring cybersecurity awareness is also vital to a business and to any individual, as it can mean the difference between disaster and security.

Read More

Comparing Well-known Attacks

If you’re planning to take the SY0-501 exam, you should have a basic understanding of many of the well-known attacks. This includes advanced types of attacks launched against systems and networks.

For example, can you answer this practice test question?

Q. You are troubleshooting an intermittent connectivity issue with a webserver. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring?

A. DDoS attack

B. DoS attack

C. Amplification attack

D. Salting attack

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

DoS Versus DDoS

A denial-of-service (DoS) attack is an attack from one attacker against one target. A distributed denial-of-service (DDoS) attack is an attack from two or more computers against a single target. DDoS attacks often include sustained, abnormally high network traffic on the network interface card of the attacked computer. Other system resource usage (such as the processor and memory usage) will also be abnormally high. The goal of both is to perform a service attack and prevent legitimate users from accessing services on the target computer.

Privilege Escalation

Attackers often use privilege escalation tactics . For example, attackers often use remote access Trojans (RATs) to gain access to a single system. They typically have limited privileges (a combination of rights and permissions) when they first exploit a system. However, they use various privilege escalation techniques to gain more and more privileges.

Most of the attacks use privilege escalation techniques for the same reason—to gain more and more access to a system or a network.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Spoofing

Spoofing occurs when one person or entity impersonates or masquerades as someone or something else. Two common spoofing attacks mentioned specifically in the CompTIA objectives are media access control (MAC) address spoofing and Internet Protocol (IP) address spoofing.

Host systems on a network have a media access control (MAC) address assigned to the network interface card (NIC). These are hard-coded into the NIC. However, it’s possible to use software methods to associate a different MAC address to the NIC in a MAC spoofing attack. For example, a MAC flood attack where an attacker overwhelms a switch with spoofed MAC addresses. Flood guards prevent these types of attacks. Wireless attackers can bypass MAC address filtering by spoofing the MAC address of authorized systems.

In an IP spoofing attack, the attacker changes the source address so that it looks like the IP packet originated from a different source. This can allow an attacker to launch an attack from a single system, while it appears that the attack is coming from different IP addresses.

SYN Flood Attacks

The SYN flood attack is a common attack used against servers on the Internet. They are easy for attackers to launch, difficult to stop, and can cause significant problems. The SYN flood attack disrupts the TCP handshake process and can prevent legitimate clients from connecting. Two systems normally start a TCP session by exchanging three packets in a TCP handshake. For example, when a client establishes a session with a server, it takes the following steps:

1. The client sends a SYN (synchronize) packet to the server.

2. The server responds with a SYN/ACK (synchronize/acknowledge) packet.

3. The client completes the handshake by sending an ACK (acknowledge) packet. After establishing the session, the two systems exchange data.

However, in a SYN flood attack, the attacker never completes the handshake by sending the ACK packet. Additionally, the attacker sends a barrage of SYN packets, leaving the server with multiple half-open connections. The figure compares a normal TCP handshake with the start of a SYN flood attack.

Comparing Well-known Attacks

TCP handshake and SYN flood attack

In some cases, these half-open connections can consume a server’s resources while it is waiting for the third packet, and it can actually crash. More often, though, the server limits the number of these half-open connections. Once the limit is reached, the server won’t accept any new connections, blocking connections from legitimate users. For example, Linux systems support an iptables command that can set a threshold for SYN packets, blocking them after the threshold is set. Although this prevents the SYN flood attack from crashing the system, it also denies service to legitimate clients.

Attackers can launch SYN flood attacks from a single system in a DoS attack. They will often spoof the source IP address when doing so. Attackers can also coordinate an attack from multiple systems using a DDoS attack.

Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.

  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Man-in-the-Middle Attacks

A man-in-the-middle(MITM) attack is a form of active interception or active eavesdropping. It uses a separate computer that accepts traffic from each party in a conversation and forwards the traffic between the two. The two computers are unaware of the MITM computer, and it can interrupt the traffic at will or insert malicious code.

For example, imagine that Maggie and Bart are exchanging information with their two computers over a network. If Hacker Harry can launch an MITM attack from a third computer, he will be able to intercept all traffic. Maggie and Bart still receive all the information, so they are unaware of the attack. However, Hacker Harry also receives all the information. Because the MITM computer can control the entire conversation, it is easy to insert malicious code and send it to the computers. Address Resolution Protocol (ARP) poisoning is one way that an attacker can launch an MITM attack.

Kerberos helps prevent man-in-the-middle attacks with mutual authentication. It doesn’t allow a malicious system to insert itself in the middle of the conversation without the knowledge of the other two systems.quest


CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Q. You are troubleshooting an intermittent connectivity issue with a webserver. After examining the logs, you identify repeated connection attempts from various IP addresses. You realize these connection attempts are overloading the server, preventing it from responding to other connections. Which of the following is MOST likely occurring?

A. DDoS attack

B. DoS attack

C. Amplification attack

D. Salting attack

Answerr is A. A distributed denial-of-service (DDoS) attack includes attacks from multiple systems with the goal of depleting the target’s resources and this scenario indicates multiple connection attempts from different IP addresses.

A DoS attack comes from a single system, and a SYN flood is an example of a DoS attack.

While the DDoS attack may be an amplification attack (an attack that significantly increases the amount of traffic sent to the victim), the scenario doesn’t give enough details to identify this as an amplification attack.

Salting is a method used to prevent brute force attacks to discover passwords.

See Chapter 7 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on common and advanced types of attacks.




Read More
CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.