Virtualization Technologies Weaknesses

Despite the strengths of virtualization technologies, you should understand some weaknesses. If you’re planning to take the SY0-501 exam, you’re expected to have a good understanding of virtualization concepts. This includes threats to virtual system security.

For example, can you answer this practice test question?

Q. Administrators frequently create VMs for testing. They sometimes leave these running without using them again after they complete their tests. Which of the following does this describe?

A. VM escape

B. VDI snapshot

C. VM sprawl

D. Type II hypervisor

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Application Cell or Container Virtualization

Application cell virtualization or container virtualization runs services or applications within isolated application cells (or containers). For comparison, the figure shows an example of container virtualization. Notice that the containers don’t host an entire operating system. Instead, the host’s operating system and kernel run the service or app within each of the containers. However, because they are running in separate containers, none of the services or apps can interfere with services and apps in other containers.

Virtualization Technologies Weaknesses

Container-based virtualization

A benefit of container virtualization is that it uses fewer resources and can be more efficient than a system using a traditional Type II hypervisor virtualization. Internet Service Providers (ISPs) often use it for customers who need specific applications. One drawback is that containers must use the operating system of the host. As an example, if the host is running Linux, all the containers must run Linux.

Risks Associated with Virtualization

Despite the strengths of virtualization technologies, you should understand some weaknesses. Many people consider virtual machine escape (VM escape) to be the most serious threat to virtual system security. Loss of confidentiality and loss of availability can also be a concern.

VM Escape

VM escape is an attack that allows an attacker to access the host system from within the virtual system. As previously mentioned, the host system runs an application or process called a hypervisor to manage the virtual systems. In some situations, the attacker can run code on the virtual system and interact with the hypervisor.

Most virtual systems run on a physical server with elevated privileges, similar to administrator privileges. A successful VM escape attack often gives the attacker unlimited control over the host system and each virtual system within the host.

When vendors discover VM escape vulnerabilities, they write and release patches. Just as with any patches, it is important to test and install these patches as soon as possible. This includes keeping both the physical and the virtual servers patched.

VM Sprawl

VM sprawl occurs when an organization has many VMs that aren’t managed properly. Most organizations have specific policies in place to ensure physical servers are kept up to date and personnel only make changes to these servers after going through a change management process. These same policies should also apply to virtual servers.

Consider this scenario. Bart creates a VM running a Microsoft Windows Server version to test a software application. After testing the application, he leaves the VM running. Later, Microsoft releases security patches for the server. The IT department tests these patches and applies them to all of the known servers that need them. However, because Bart didn’t tell anyone he was creating the VM, it remains unpatched and vulnerable to attack.

Another challenge with VM sprawl is that each VM adds additional load onto a server. If unauthorized VMs are added to physical servers, they can consume system resources. The servers might become slower and potentially crash.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Loss of Confidentiality

As a reminder, each virtual system or virtual machine is just one or more files. Although this makes it easy to manage and move virtual machines, it also makes them easy to steal.

It’s worth pointing out that many VMs include the operating system and data, just as a physical system would have both the operating system and data on its physical drives. For example, a virtual machine can include a database with credit card data, company financial records, or any type of proprietary data.

Imagine if an administrator became disgruntled. He has access to the systems and as a malicious insider, he can copy the virtual machine, take it home, and launch it on another physical server. At this point, he has access to the system and the data.


Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Q. Administrators frequently create VMs for testing. They sometimes leave these running without using them again after they complete their tests. Which of the following does this describe?

A. VM escape

B. VDI snapshot

C. VM sprawl

D. Type II hypervisor

Answer is C. VM sprawl occurs when an organization has many VMs that aren’t managed properly. Unmonitored VMs typically won’t get updated and can be vulnerable to attacks.

VM escape is an attack that allows an attacker to access the host system from within the virtual system. A virtual desktop infrastructure (VDI) provides users with virtual desktops hosted on a server.

A VDI snapshot is commonly used to provide users with the same non-persistent desktop that doesn’t save changes.

The VMs might be Type II hypervisors (running as software within a host operating system), but that isn’t relevant to leaving them running and unmonitored.

See Chapter 1 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on implementing virtualization.

Read More

Capturing Network Traffic

Several tools are available for use by security professionals and attackers alike. If you’re planning to take the SY0-501 exam, you should have a basic understanding of specific tools used to assess networks and manage risks. This includes using tools to capture and analyze network traffic.

For example, can you answer this practice test question?

Q. You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices, what is the BEST tool to capture and analyze this traffic?

A. Network mapper

B. Protocol analyzer

C. Network scanner

D. SIEM

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

Sniffing with a Protocol Analyzer

A protocol analyzer can capture and analyze packets on a network. The process of using a protocol analyzer is sometimes referred to as sniffing or using a sniffer. Both administrators and attackers can use a protocol analyzer to view IP headers and examine packets. For example, administrators can use a protocol analyzer to troubleshoot communication issues between network systems, or identify potential attacks using manipulated or fragmented packets.

Attackers can use a protocol analyzer to capture data sent across a network in cleartext. For example, unencrypted credentials are usernames and passwords sent across a network in cleartext. One of the ways attackers can view this data is by connecting an unauthorized switch within a network to capture traffic and forward it to a system running a protocol analyzer. If cabling isn’t protected, they might be able to simply connect a switch above a drop-down ceiling. Wireshark is a free protocol analyzer that you can download from the Wireshark site: http://www.wireshark.org/.

The figure shows Wireshark after it captured packets transmitted over the network. It includes about 150 packets and has packet 121 selected in the top pane. The top pane shows the source and destination IP addresses and the Server Message Block (SMB) protocol. Many networks use SMB to send files over the network, and this packet includes the contents of that file. The middle pane shows details from this packet with the Internet Protocol version 4 header information partially expanded. The bottom pane shows the entire contents of the packet (including the unencrypted credentials) displayed in hexadecimal and ASCII characters.

Capturing Network Traffic

Wireshark capture

Although it can be tedious to analyze a packet capture, there is a lot of information in it for anyone willing to take the time to do so. Occasionally, attackers manipulate flags (arrow 1) within the headers for different types of attacks, and the protocol analyzer allows you to verify header manipulation attacks. You can also see the source and destination IP addresses (arrow 2) within the IP header field. You can expand the Ethernet II section to show the media access control (MAC) addresses of the source and destination computers.

Notice that you can view the unencrypted credentials—username (Darril) and password (P@ssw0rd)—in the bottom pane (arrow 3) because SMB sends it in cleartext. However, if an application encrypted the data before sending it across the network, it would not be readable.

Although this packet capture only includes about 150 packets, a packet capture can easily include thousands of packets. Wireshark includes filters that administrators use to focus on specific types of traffic. These filters also allow them to quantify the traffic. For example, they can determine the percentage of SMTP traffic or HTTP traffic on the network.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

In addition to seeing a capture using the Wireshark graphical interface, you can also view them as text files. The information in the text file is usually limited using filters, but normally includes the time, source information labeled as src, destination information labeled as dst, and sometimes protocol information. Here’s an example:

22:33:44, src 192.168.5.55:3389, dst 192.168.7.17:8080, syn/ack

The time is shown in a 24-hour clock as 10:33 p.m. and 44 seconds. Notice the source and destination includes an IP address and a port number. This reiterates the importance of knowing commonly used ports. It also shows you how you can identify the source of traffic. For example, if an attacker is manipulating or fragmenting packets as part of an attack, you can use the src IP address to identify the potential source of the attack.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

It’s worth noting that the source IP address doesn’t always identify the actual attacker. For example, attackers often take control of other computers and launch attacks from them without the knowledge of the owner. Similarly, Port Address Translation (PAT) translates public and private IP addresses. If the traffic goes through a device using PAT, the protocol analyzer only captures the translated IP address, not the original IP address.

When using a protocol analyzer, you need to configure the network interface card (NIC) on the system to use promiscuous mode. Normally, a NIC uses non-promiscuous mode and only processes packets addressed directly to its IP address. However, when you put it in promiscuous mode, it processes all packets regardless of the IP address. This allows the protocol analyzer to capture all packets that reach the NIC.


Q. You are troubleshooting issues between two servers on your network and need to analyze the network traffic. Of the following choices, what is the BEST tool to capture and analyze this traffic?

A. Network mapper

B. Protocol analyzer

C. Network scanner

D. SIEM

Answer is B. A protocol analyzer (also called a sniffer) is the best choice to capture and analyze network traffic.

A network mapper can detect all the devices on a network, and a network scanner can detect more information about these devices, but neither of these tools is the best choice to capture and analyze traffic for troubleshooting purposes.

A security information and event management (SIEM) system aggregates and correlates logs from multiple sources, but does not capture network traffic.

See Chapter 8 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on using security tools.




Read More

Comparing Backup Types

Backups are copies of data created to ensure that when the original data is lost or corrupted, it can be restored.  If you’re planning to take the SY0-501 exam, you should have a good understanding of backup utilities that support several different types of backups. Even though third-party backup programs can be quite sophisticated in what they do and how they do it, you should have a solid understanding of the basics.

For example, can you answer this practice test question?

Q. Your backup policy for a database server dictates that the amount of time needed to perform backups should be minimized. Which of the following backup plans would BEST meet this need?

A. Full backups on Sunday and full backups on the other six days of the week

B. Full backups on Sunday and differential backups on the other six days of the week

C. Full backups on Sunday and incremental backups on the other six days of the week

D. Differential backups on Sunday and incremental backups on the other six days of the week

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Full Backups

A full backup backs up all data specified in the backup. For example, you could have several folders on the D: drive. If you specify these folders in the backup program, the backup program backs up all the data in these folders.

Although it’s possible to do a full backup on a daily basis, it’s rare to do so in most production environments. This is because of two limiting factors:

  • Time. A full backup can take several hours to complete and can interfere with operations. However, administrators don’t always have unlimited time to do backups and other system maintenance. For example, if a system is online 24/7, administrators might need to limit the amount of time for full backups to early Sunday morning to minimize the impact on users.
  • Money. Backups need to be stored on some type of media, such as tape or hard drives. Performing full backups every day requires more media, and the cost can be prohibitive. Instead, organizations often combine full backups with differential or incremental backups.

However, every backup strategy must start with a full backup.

Restoring a Full Backup

A full backup is the easiest and quickest to restore. You only need to restore the single full backup and you’re done. If you store backups on tapes, you only need to restore a single tape. However, most organizations need to balance time and money and use either a full/differential or a full/incremental backup strategy.
Comparing Backup Types

Differential Backups

A differential backup strategy starts with a full backup. After the full backup, differential backups back up data that has changed or is different since the last full backup.

For example, a full/differential strategy could start with a full backup on Sunday night. On Monday night, a differential backup would back up all files that changed since the last full backup on Sunday. On Tuesday night, the differential backup would again back up all the files that changed since the last full backup. This repeats until Sunday, when another full backup starts the process again. As the week progresses, the differential backup steadily grows in size.

Order of Restoration for a Full/Differential Backup Set

Assume for a moment that each of the backups was stored on different tapes. If the system crashed on Wednesday morning, how many tapes would you need to recover the data?

The answer is two. You would first recover the full backup from Sunday. Because the differential backup on Tuesday night includes all the files that changed after the last full backup, you would restore that tape to restore all the changes up to Tuesday night.

Incremental Backups

An incremental backup strategy also starts with a full backup. After the full backup, incremental backups then back up data that has changed since the last backup. This includes either the last full backup, or the last incremental backup.

As an example, a full/incremental strategy could start with a full backup on Sunday night. On Monday night, an incremental backup would back up all the files that changed since the last full backup. On Tuesday night, the incremental backup would back up all the files that changed since the incremental backup on Monday night. Similarly, the Wednesday night backup would back up all files that changed since the last incremental backup on Tuesday night. This repeats until Sunday when another full backup starts the process again. As the week progresses, the incremental backups stay about the same size.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Order of Restoration for a Full/Incremental Backup Set

Assume for a moment that each of the backups were stored on different tapes. If the system crashed on Thursday morning, how many tapes would you need to recover the data?

The answer is four. You would first need to recover the full backup from Sunday. Because the incremental backups would be backing up different data each day of the week, each of the incremental backups must be restored—and must be restored in chronological order.

Sometimes, people mistakenly think the last incremental backup would have all the relevant data. Although it might have some relevant data, it doesn’t have everything.

As an example, imagine you worked on a single project file each day of the week, and the system crashed on Thursday morning. In this scenario, the last incremental backup would hold the most recent copy of this file. However, what if you compiled a report every Monday but didn’t touch it again until the following Monday? Only the incremental backup from Monday would include the most recent copy. An incremental backup from Wednesday night or another day of the week wouldn’t include the report.


Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.

  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Q. Your backup policy for a database server dictates that the amount of time needed to perform backups should be minimized. Which of the following backup plans would BEST meet this need?

A. Full backups on Sunday and full backups on the other six days of the week

B. Full backups on Sunday and differential backups on the other six days of the week

C. Full backups on Sunday and incremental backups on the other six days of the week

D. Differential backups on Sunday and incremental backups on the other six days of the week

Answer is C. A full/incremental backup strategy is the best option with one full backup on one day and incremental backups on the other days. The incremental backups will take a relatively short time compared with the other methods.

A full backup every day would require the most time every day.

Differential backups become steadily larger as the week progresses and take more time to back up than incremental backups.

Backups must start with a full backup, so a differential/incremental backup strategy is not possible.

See Chapter 9 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on protecting data.




Read More

Something You Have Authentication Factor

Authentication is often simplified as types, or factors, of authentication. If you’re planning to take the SY0-501 exam, you should have a basic understanding of authentication factors. This includes the something you have authentication factor.

For example, can you answer this practice test question?

Q. Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?

A. HOTP

B. TOTP

C. CAC

D. Kerberos

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

The something you have authentication factor refers to something you can physically hold such as smart cards,  tokens, Common Access Card, Personal Identity Verification card, HMAC-based One-Time Password and Time-based One-Time Password. This blog post discusses on CACs and PIVs, and HOTP and TOTP.

CACs and PIVs

A Common Access Card (CAC) is a specialized type of smart card used by the U.S. Department of Defense. In addition to including the capabilities of a smart card, it also includes a picture of the user and other readable information. Users can use the CAC as a form of photo identification to gain access into a secure location. For example, they can show their CAC to guards who are protecting access to secure areas. Once inside the secure area, users can use the CAC as a smart card to log on to computers.

Similarly, a Personal Identity Verification (PIV) card is a specialized type of smart card used by U.S. federal agencies. It also includes photo identification and provides confidentiality, integrity, authentication, and non-repudiation for the users, just as a CAC does.

CACs and PIVs both support dual-factor authentication (sometimes called two-factor authentication) because users generally log on with the smart card and by entering information they know such as a password. Additionally, just as with smart cards, these cards include embedded certificates used for digital signatures and encryption.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

HOTP and TOTP

Hash-based Message Authentication Code (HMAC) uses a hash function and cryptographic key for many different cryptographic functions. A hash is simply a number created with a hashing algorithm. HMAC-based One-Time Password (HOTP) is an open standard used for creating one-time passwords, similar to those used in tokens or key fobs. The algorithm combines a secret key and an incrementing counter, and uses HMAC to create a hash of the result. It then converts the result into an HOTP value of six to eight digits.

Imagine Bart needs to use HOTP for authentication. He requests a new HOTP number using a token or a software application. He can then use this number for authentication along with some other authentication method, such as a username and password. As soon as he uses it, the number expires. No one else is able to use it, and Bart cannot use it again either.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Here’s an interesting twist, though. A password created with HOTP remains valid until it’s used. Suppose Bart requested the HOTP number but then got distracted and never used it.  What happens now? Theoretically, it remains usable forever. This presents a risk related to HOTP because other people can use the password if they discover it.

A Time-based One-Time Password (TOTP) is similar to HOTP, but it uses a timestamp instead of a counter. One-time passwords created with TOTP typically expire after 30 seconds.

One significant benefit of HOTP and TOTP is price. Hardware tokens that use these open source standards are significantly less expensive than tokens that use proprietary algorithms. Additionally, many software applications use these algorithms to create software tokens used within the application.

For example, the figure shows the free VIP Access app created by Symantec and running on an iPad. It’s also available for many other tablets and smartphones. Once you configure it to work with a compatible authentication server, it creates a steady stream of one-time use passwords. The six-digit security code is the password, and the counter lets you know how much more time you have before it changes again.

Something You Have Authentication Factor

VIP Access app

Similar to a hardware token, the user enters a username and password as the something you know factor, and then enters the security code from the app as the something you have factor. This provides dual-factor authentication. Many public web sites like eBay and PayPal support it, allowing many end users to implement dual-factor authentication as long as they have a smartphone or tablet device.

Remember this

HOTP and TOTP are both open source standards used to create one-time use passwords. HOTP creates a one-time use password that does not expire until it is used. TOTP creates a one-time password that expires after 30 seconds. Both can be used as software tokens for authentication.

.


Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.

  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Q. Your organization is planning to implement remote access capabilities. Management wants strong authentication and wants to ensure that passwords expire after a predefined time interval. Which of the following choices BEST meets this requirement?

A. HOTP

B. TOTP

C. CAC

D. Kerberos

Answer is B. A Time-based One-Time Password (TOTP) meets this requirement. Passwords created with TOTP expire after 30 seconds.

An HMAC-based One-Time Password (HOTP) creates passwords that do not expire.

A Common Access Card (CAC) is a type of smart card, but it does not create passwords.

Kerberos uses tickets instead of passwords.

See Chapter 2 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on authentication factors.




Read More

Failed Again – How Can I Pass

I recently received an email from Moe* complaining about the CompTIA Security+ exam. He closed with “I am honestly heartbroken… what do I do?”

Six Steps To Pass Security+

Jaena, one of my assistants, answered. She gave some advice that I’ve provided in the past for people using the online materials.


When people tell Darril that they’ve failed after using the materials on the site, he typically sees one (or more) of the following issues:
– They didn’t use all the materials.
– They didn’t get the recommended scores of 90% on all the materials.
– They memorized the questions and answers.

Darril encourages you to check out the “How to Pass” section on the Member Home page (the landing page after you log on) for key steps to take when studying.

It includes six steps and Darril encourages you to read it (and follow the advice).

Step 1 is to Use all the materials.

Step 2 aims to Get scores of at least 90% on all the quizzes.

Step 3 is highly relevant.
Memorizing questions and answers is not a path to success.

Step 4 is Read the explanations.

Step 5 tells you why this is so important.
Ideally, you should be able to look at any practice test question and not only know why the correct answers are correct but also why the incorrect answers are incorrect. This gives you the best chance of accurately interpreting the questions on the live exam no matter how CompTIA words them.

Step 6 gives you a way to evaluate your progress and see if you are ready.


Many people have told me that they passed the exam by following those six steps.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

If I Fail Your Practice Tests, Will I Pass the Live Exam

Because Moe sounded so distraught, I looked at his quiz history to see if there was anything else we could point out to him.

The answer was obvious.

– He didn’t use all the materials.

As an example, we have five sets of extra questions in the package he bought. However, he only took one set which included only 20 of the extra questions.

– He didn’t get the recommended scores of 90% on all the materials.

As one of many examples, he took the Test Your Readiness quiz (a random set of 75 questions) once, scoring only 62%.

This reminded me of the fictitious question I wrote about in this post:

If I fail all of your practice tests,
will I still be able to pass the Security+ exam?

– He likely memorized the questions and answers.

As an example, he took one quiz twice in the same day. His first score was 67%. He immediately took the quiz again, finishing 15 questions in six minutes. This equates to about 24 seconds per question.

That’s enough time for someone to pick the correct answer for questions they just saw. However, 24 seconds isn’t enough time for most people to review all the answers and remind themselves why the correct answers are correct and why the incorrect answers are incorrect.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Additionally, his quiz history showed that he only took quizzes on five days, and only over eight days total. For most people, this isn’t enough time to absorb the material.

 You can’t hire someone to do your pushups. 

– Jim Rohn

Failed Again - How Can I Pass Pushups Picture

Self Evaluation

With this in mind, I tried to get Moe to do some self-evaluation. I asked him to honestly answer the following questions for himself:

  • Did you use all the materials?
  • Did you get the recommended scores of 90% on all the materials?
  • Did you use study practices that encourage a healthy mind to memorize the questions and answers?

Unfortunately, Moe chose not to address these questions. Instead, he  wrote:

Again I am not asking for help with the information I need help in understanding how to comprehend what CompTia questions are asking bc overall this is my 5th CompTia test My 5th failure.

My attempt to encourage self-evaluation failed.

I’ve been here before. It’s apparent to me what Moe can do to increase his score and pass the exam. However, it’s not necessarily easy to get Moe to hear this. Maybe he’ll read this blog post.

Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.

  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Three Habits of Success

Successful people typically develop the following three habits:

  • Figure out what works and keep doing it.
  • Figure out what doesn’t work and stop.
  • Try new things.

Unfortunately, some people are unable to recognize what isn’t working and they are unwilling to try new things.

Here are some additional blog posts that Moe might like to read:

English Comprehension and Security+


How to Fail the Security+ Exam


How to Pass a Certification Exam


Why Some People Pass Security and Others Fail

* Moe isn’t the actual name of this person.




Read More

Data Acquisition for Evidence

Forensic experts use a variety of forensic procedures to collect and protect data after an attack. If you’re planning to take the SY0-501 exam, you should have a basic understanding of forensics concepts. This includes the process in data acquisition and preservation of evidence.

For example, can you answer this practice test question?

Q. An administrator recently learned of a suspected attack on a Florida-based web server from IP address 72.52.206.134 at 01:45:43 GMT. However, after investigating the logs, he doesn’t see any traffic from that IP at that time. Which of the following is the MOST likely reason why the administrator was unable to identify the traffic?

A. He did not account for time offsets.

B. He did not capture an image.

C. The IP address has expired.

D. The logs were erased when the system was rebooted.

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

When performing data acquisition for evidence, it’s important to follow specific procedures to ensure that the evidence is not modified.

Capture System Image

A forensic image of a disk captures the entire contents of the drive. Some tools use bit-by- bit copy methods that can read the data without modifying it. Other methods include hardware devices connected to the drive to write-protect it during the copy process.

Chapter 5 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide introduces disk images as a common method used to deploy systems. These system disk images include mandatory security configurations and help ensure a system starts in a secure state. A distinct difference between standard system images and forensic images is that a forensic image is an exact copy and does not modify the original. This isn’t always true with system imaging tools.

One of the oldest disk imaging tools used for forensics is the dd command available in Linux systems, including Kali Linux. It can also be installed on Windows systems.

These methods capture the entire contents of the disk, including system files, user files, and files marked for deletion but not overwritten. Similarly, many tools include the ability to capture data within volatile memory and save it as an image.

After capturing an image, experts create a copy and analyze the copy. They do not analyze the original disk and often don’t even analyze the original image. They understand that by analyzing the contents of a disk directly, they can modify the contents. By creating and analyzing forensic copies, they never modify the original evidence.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Capture Video

Video surveillance methods such as closed-circuit television (CCTV) systems are often used as a detective control during an investigation. If a person is recorded on video, the video provides reliable proof of the person’s location and activity. For example, if a person is stealing equipment or data, video might provide proof.

As an example, I remember a high school student was working nights at a local grocery store. The store had a delivery of beer in a tractor-trailer that hadn’t been unloaded yet but was kept backed up to the store loading dock overnight. The student stole several cases of beer thinking the crime was undetectable. However, the entire scene was recorded on video. When he showed up for work the next evening, the store promptly called the police and provided a copy of the video. The video provided reliable proof that simply couldn’t be disputed.

Record Time Offset

In some cases, it’s easy to identify the time of an event such as in the figure. In the figure, you can easily identify the exact dates and times when someone created, modified, last saved, and last accessed the file. However, in some cases, you need to consider a time offset.

 

Data Acquisition for Evidence

File Explorer showing exact dates and times

For example, Greenwich Mean Time (GMT) identifies the time at the Royal Observatory in Greenwich, London. Other times are often expressed as a relationship to GMT. For example, I live in the Eastern Standard Time (EST) zone, which has a four-hour offset. You can express the Date Accessed time as 5:10 p.m. EST. Using GMT, you can express the same time as 9:10 p.m. GMT. One benefit of using GMT is that it doesn’t change for daylight saving time, so it stays constant.

Many video recorders use a record time offset to identify times on tape recordings rather than the actual time. For example, a recording might use a displayed counter to identify the time that has passed since the recording started. Imagine that the counter advances 1,000 ticks or counts per hour. If the counter indicates an event occurred at an offset time of 1,500 and the recording started at midnight, then the time of the event was 1:30 a.m.

When analyzing timestamps of any evidence, it’s important to understand that these times are often based on an offset. If you can’t identify the offset, you might not be able to identify the actual time.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Screenshots

Screenshots are simply pictures of what you can see displayed on a computer screen. If you want to capture exactly what a user was doing, or specific displays, a screenshot is the perfect solution.

For example, in the figure above, is a screenshot of File Explorer. You can save screenshots as graphics files and embed these graphics into documents. Many operating systems include the ability to capture the screen and save it to the Clipboard. For example, you can capture the screen of almost any system by pressing the PrtScn key found on most keyboards. Many applications such as the Windows Snipping Tool or Snagit by TechSmith allow you to capture screenshots from specific windows or applications, any region of the screen, and even scrolling windows such as a long web page.


Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.

  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Q. An administrator recently learned of a suspected attack on a Florida-based web server from IP address 72.52.206.134 at 01:45:43 GMT. However, after investigating the logs, he doesn’t see any traffic from that IP at that time. Which of the following is the MOST likely reason why the administrator was unable to identify the traffic?

A. He did not account for time offsets.

B. He did not capture an image.

C. The IP address has expired.

D. The logs were erased when the system was rebooted.

Answer is A. The most likely reason is that he did not account for the time offset. The attack occurred at 01:45:43 Greenwich Mean Time (GMT) and the web server is in the Eastern Standard Time (EST) zone in Florida, which is five hours different from GMT.

There is no need to capture an image to view logs.

IP addresses on the Internet do not expire.

Logs are written to a hard drive or a central location; they are not erased when a system is rebooted.

See Chapter 11 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on implementing policies to mitigate risks




Read More
CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.