Another concept within secure systems design is secure staging and deployment concepts. If you’re planning to take the SY0-501 version of the Security+ exam, you should be able to explain the importance of secure staging deployment concepts. These include sandboxing, controlling the environment, using secure baselines, and performing integrity measurements.

For example, can you answer this practice test question?

Q. A software vendor recently developed a patch for one of its applications. Before releasing the patch to customers, the vendor needs to test it in different environments. Which of the following solutions provides the BEST method to test the patch in different environments?

A. Baseline image

B. BYOD

C. Sandbox

D. Change management

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

Sandboxing with VMs

Sandboxing is the use of an isolated area on a system and it is often used for testing.

Administrators and security professionals also use sandboxing to test various security controls before deploying them to a live production network. Virtualization provides a high level of flexibility when testing security controls because the environments are easy to re-create. For example, they can test the effectiveness of antivirus software to detect malware released within a sandbox. If the antivirus software doesn’t detect the malware and the malware causes problems, it is easy to revert the system to a previous state. Also, the isolation within the sandbox prevents the malware from spreading.

Similarly, virtualized sandboxes are useful for testing patches. For example, software vendors typically develop software updates and patches, but they need to test them in various environments before releasing them. They could create VMs for multiple operating systems. When they’re ready to test, they turn on one of the VMs, take a snapshot, and then apply and test the patch. If the patch causes a problem, they can easily revert the VM.

Sandboxing with Chroot

Another method of sandboxing is with the Linux-based chroot command. It is used to change the root directory for an application, effectively isolating it. Normally, the root of Linux  is designated as / and all other directories can be accessed from here. Users often have their own home directories within the /home directory. For example, Lisa’s root directory on a Linux system might be /home/lisa. Regular users won’t have access to the root directory, but only to files within their directory. In contrast, a root user (or administrator) has root access and can access all files and folders on the drive.

Imagine Lisa is a root user and wants to test an application within an isolated area. She could create a directory named testing in her environment. It would be /home/lisa/testing. She would copy her application files and copy any other required directories such as the /bin and /lib directories into the sandbox directory. She would then use chroot to create the isolated sandbox in the testing directory. This sandbox is often referred to as a chroot jail.

At this point, any commands she enters can only access files within the /home/lisa/testing directory. Additionally, her application can only access files with the same path. If the application is malicious or buggy, it cannot access any system files.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

• Introduction
• About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
• 75 question pre-assessment exam
• Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
• Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
• Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
• Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
• Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
• Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
• Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
• 75 question post-assessment exam
• Glossary

Get the SY0-501 Full Security+ Course Here

---

Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

• 494 Online Security+ Glossary Flashcards
• 222 Online Security+ Acronyms Flashcards
• 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Secure Staging Environment

A secure staging environment includes multiple environments, and typically includes different systems used for each stage. As an example, imagine a software development team  is creating an application that will be used to sell products via the Internet. The different environments are:

• Development. Software developers use a development environment to create the application. This typically includes version control and change management controls to track the application development.
• Test. Testers put the application through its paces and attempt to discover any bugs or errors. The testing environment typically doesn’t simulate a full production environment, but instead includes enough hardware and software to test software modules.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

---

---

Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

• A 75 question pre-test
• A 75 question post-test
• Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

• Staging. The staging environment simulates the production environment and is used for late stage testing. It provides a complete but independent copy of the production environment.
• Production. The production environment is the final product. It includes everything needed to support the application and allow customers and others to use it. In this example, it would include the live web server, possibly a back-end database server, and Internet access.

Secure systems design includes secure staging and deployment.

Q. A software vendor recently developed a patch for one of its applications. Before releasing the patch to customers, the vendor needs to test it in different environments. Which of the following solutions provides the BEST method to test the patch in different environments?

A. Baseline image

B. BYOD

C. Sandbox

D. Change management

Answer is C. A sandbox provides a simple method of testing patches and would be used with snapshots so that the virtual machine (VM) can easily be reverted to the original state.

A baseline image is a starting point of a single environment.

Bring your own device (BYOD) refers to allowing employee-owned mobile devices in a network, and is not related to this question.

Change management practices ensure changes are not applied until they are approved and documented.

See Chapter 5 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on implementing secure systems.

What is the difference between DER and CER encoded certificates?  CompTIA added these into the SY0-501 version of the Security+ exam, so if you plan to take it, you should have a good understanding of these encoding types. The primary differences are:

• Canonical Encoding Rules (CER) files are stored as ASCII files
• Distinguished Encoding Rules (DER) files are stored as binary files

However, it is important to understand that the extension doesn’t necessarily tell you what encoding rules were implemented to create the certificate file. In other words, an extension of .cer doesn’t necessarily indicate that the file is using Canonical Encoding Rules (CER).

What is Base-64 Encoding?

CER certificate files are stored using a base-64 encoded X.509 certificate format. However, instead of referring to them as CER files, they are often just referred to as a base-64 encoded X.509 files.

Base-64 encoding uses the base64 formatting rules to convert the binary data into readable ASCII characters.

DER and CER Certificate Labs

If you have a Windows system, try these labs.

Export a DER Certificate

1) Click the Windows Start button.

2) Type “certmgr” without the quotes.

3) Select Manage Computer Certificates.

4) Open Trusted Root Certification Authorities and select Certificates.

5) Right click over one of the certificates and select All Tasks -> Export as shown in the following graphic.

6) Click Next.

7) Select the option of creating a DER encoded binary X.509 (.CER) file and click Next.

8) Click Browse… and browse to a location where you can find the file later. Name the file something like SampleDER and click Save.
Note that Windows automatically saves this as a .cer file.

9) Click Next.

10) Click Finish to finish the export. Click OK.

11. Leave certmgr open.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

---

---

Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

• A 75 question pre-test
• A 75 question post-test
• Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Export a CER Certificate

) Right click over the certificate you did in the “Export a DER Certificate lab and select All Tasks -> Export as shown in the following graphic.

6) Click Next.

7) Select the option of creating a Base-64 encoded binary X.509 (.CER) file and click Next.

8) Click Browse… and browse to the same location where you created the SampleDER file. Name the file something like SampleCER and click Save.

Note that Windows automatically saves this as a .cer file.

9) Click Next.

10) Click Finish to finish the export. Click OK.

Open the Files with Notepad

1) Browse to the location where you saved the files using File Explorer. Note that they look the same in File Explorer.

The following graphic shows them with File name extensions enabled. If your system doesn’t have this enabled, you won’t see the .cer extension.

If you open the files with Notepad, you can see that they have completely different formats.

2) Right-click over SampleCER.cer file and select Open With and select Notepad (if it is available). If Notepad is not available, select Choose another app, select More apps, and then scroll down to select Notepad. You’ll see something like the following graphic.

Note that CER files are ASCII files and have readable ASCII characters. They typically start with —–BEGIN CERTIFICATE—–, end with —–END CERTIFICATE—–, and have readable ASCII characters in the middle. Admittedly the ASCII characters aren’t readable words and paragraphs, but they are readable.

3) Right-click over SampleDER.cer file and select Open With and select Notepad. You’ll see something like the following graphic.

Note that DER files are binary files and have few (if any) ASCII characters.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

• Introduction
• About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
• 75 question pre-assessment exam
• Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
• Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
• Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
• Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
• Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
• Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
• Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
• 75 question post-assessment exam
• Glossary

Get the SY0-501 Full Security+ Course Here

---

Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

• 494 Online Security+ Glossary Flashcards
• 222 Online Security+ Acronyms Flashcards
• 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Why Do We Have Both Formats?

In some scenarios, you’re unable to copy binary data and retain integrity of the data. However, you can reliably copy and paste ASCII data.

Additionally, utilities such as certutil allow you to convert a binary DER file to an ASCII CER file using the encode switch. Alternately, you can convert an ASCII CER file to a binary DER file using the decode switch.

Memory Trick

If you’re having trouble remembering which one is ASCII and which one is binary, you’re not alone. I ultimately came up with a simple memory trick to help me.

Each of these starts with the unique letters of A, B, C, and D. A is ASCII, B is binary, C is CER, and D is DER.

• A matches with C. ASCII matches with CER.
• B matches with D. Binary matches with DER.

Once I finally got these straight in my head, this memory trick helped me keep it straight.

Attackers lurk almost everywhere. If you have computer systems, you can’t escape them. However, you can be proactive in identifying the different types of attacks and take steps to prevent them, or at least prevent their effectiveness. If you’re planning to take the SY0-501 version of the Security+ exam, you should have a good understanding of common and advanced types of attacks launched against systems and networks.

For example, can you answer this practice test question?

Q. An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

A. Buffer overflow

B. Zero-day attack

C. Man-in-the-browser

D. Session hijacking

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

Domain Hijacking

In a domain hijacking attack, an attacker changes the registration of a domain name without permission from the owner. Attackers often do so with social engineering techniques to gain unauthorized access to the domain owner’s email account.

As an example, imagine that Homer sets up a domain named homersimpson.com. He uses his Gmail account as the email address when he registers it, though he rarely checks his Gmail account anymore.

Attackers watch his Facebook page and notice that he often adds simple comments like “Doh!” Later, they try to log on to his Gmail account with a brute force attempt. They try the password of Doh!Doh! and get in. They then go to the domain name registrar, and use the Forgot Password feature. It sends a link to Homer’s Gmail account to reset the password. After resetting the password at the domain name registrar site, the attackers change the domain ownership. They also delete all the emails tracking what they did. Later, Homer notices his web site is completely changed and he no longer has access to it.

Man-in-the-Browser

A man-in-the-browser is a type of proxy Trojan horse that infects vulnerable web browsers. Successful man-in-the-browser attacks can capture browser session data. This includes keyloggers to capture keystrokes, along with all data sent to and from the web browser.

As an example, Zeus is a Trojan horse that has used man-in-the-browser techniques after infecting systems. Zeus includes keystroke logging and form grabbing. Once the attackers collect logon information for a user’s bank, they use it to log on and transfer money to offshore accounts.

Driver Manipulation

Operating systems use drivers to interact with hardware devices or software components. For example, when you print a page using Microsoft Word, Word accesses the appropriate print driver via the Windows operating system. Similarly, if you access encrypted data on your system, the operating system typically accesses a software driver to decrypt the data so that you can view it.

Occasionally, an application needs to support an older driver. For example, Windows 10 needed to be compatible with drivers used in Windows 8, but all the drivers weren’t compatible at first. Shimming provides the solution that makes it appear that the older drivers are compatible.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

---

---

Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

• A 75 question pre-test
• A 75 question post-test
• Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

A driver shim is additional code that can be run instead of the original driver. When an application attempts to call an older driver, the operating system intercepts the call and redirects it to run the shim code instead. Refactoring code is the process of rewriting the internal processing of the code, without changing its external behavior. It is usually done to correct problems related to software design.

Developers have a choice when a driver is no longer compatible. They can write a shim to provide compatibility or they can completely rewrite the driver to refactor the relevant code. If the code is clunky, it’s appropriate to rewrite the driver.

Attackers with strong programming skills can use their knowledge to manipulate drivers by either creating shims, or by rewriting the internal code. If the attackers can fool the operating system into using a manipulated driver, they can cause it to run malicious code contained within the manipulated driver.

Zero-Day Attacks

A zero-day vulnerability is a weakness or bug that is unknown to trusted sources, such as operating system and antivirus vendors. A zero-day attack exploits an undocumented vulnerability. Many times, the vendor isn’t aware of the issue. At some point, the vendor learns of the vulnerability and begins to write and test a patch to eliminate it. However, until the vendor releases the patch, the vulnerability is still a zero-day vulnerability.

In most cases, a zero-day vulnerability is a new threat. However, there have been zero-day vulnerabilities that have existed for years.

Both attackers and security experts are constantly looking for new threats, such as zero-day vulnerabilities. Attackers want to learn about them so that they can exploit them. Most security experts want to know about them so that they can help ensure that vendors patch them before causing damage to users.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

• Introduction
• About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
• 75 question pre-assessment exam
• Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
• Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
• Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
• Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
• Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
• Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
• Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
• 75 question post-assessment exam
• Glossary

Get the SY0-501 Full Security+ Course Here

---

Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

• 494 Online Security+ Glossary Flashcards
• 222 Online Security+ Acronyms Flashcards
• 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Q. An attacker recently attacked a web server hosted by your company. After investigation, security professionals determined that the attacker used a previously unknown application exploit. Which of the following BEST identifies this attack?

A. Buffer overflow

B. Zero-day attack

C. Man-in-the-browser

D. Session hijacking

Answer is B. A zero-day attack takes advantage of an undocumented exploit or an exploit that is unknown to the public.

A buffer overflow attack sends unexpected data to a system to access system memory or cause it to crash. Although some buffer overflow attacks are unknown, others are known. If the server isn’t kept up to date with patches, it can be attacked with a known buffer overflow attack.

A man-in-the-browser attack is a type of proxy Trojan horse that takes advantage of vulnerabilities in web browsers, not web servers.

Session hijacking takes over a user’s session and isn’t related to an attack on a server.

See Chapter 7 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on advanced attacks.

The CompTIA Security+ certification is a popular certification within the IT field. One IT hiring manager told me that if a résumé doesn’t include the Security+ certification, or a higher-level security certification, he simply sets it aside. He won’t even talk to applicants.

Because of this many IT professionals have this certification and it doesn’t have to be difficult.

There isn’t any guaranteed path to pass the Security+ Certification. However, the following steps outline the path that thousands of people have used to add the Security+ certification to their resume.

Here are 7 steps that thousands of people have used to get the Security+ certification, and you can use them too. As an overview they are:

1. Get a good study guide.
2. Set a goal 45 days out from the day you receive your study guide.
3. Start studying the book.
4. Supplement your studies with online materials such as blog posts.
5. Buy a voucher (assuming your employer doesn’t buy it for you).
6. Schedule your exam for your target date.
7. Use quality practice test questions with explanations.

Security+ Certification Step 1 of 7

Get a good study guide.

One of the best ways you can identify a good study guide is by the reviews of others. The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. This is an update to the  CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide, which has 933 customer reviews and about 700 of them are five star reviews.

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide hasn’t been out as long so it doesn’t have as many reviews yet, but it has all of the same elements that made the 401 study guide so popular.

When getting a study guide, ensure you get one for the exam you plan to take. Exams periodically change and using an old book to take a new exam isn’t the best path to success.

Security+ Certification Step 2 of 7

Set a goal 45 days out from the day you receive your study guide.

A target of 45 days allows you to master about one and a half chapters per week. It may be that some of the chapters take you less time and some of the chapters take you more time. No problem. If you want to modify your target date later or reschedule your exam, do so. However, a recipe for success in almost any endeavor includes setting a goal.

If you look at the reviews on Amazon, you’ll see that many people followed this advice and took the exam within 45 days. It’s achievable and you can do it too. First, get a study guide.

Security+ Certification Step 3 of 7

Start studying the book.

Set a time to read the study guide daily and stick to your schedule. Some people study best in the morning. Others study best in the evening. If you don’t know what works best for you, study throughout the day as your schedule allows.

However, you do need to study every day.

Most study guides include an objective map at the beginning of the book. For example, the CompTIA Security+: Get Certified Get Ahead SY0-501 Study Guide lists all of the objectives for the SY0-501 exam in the introduction. Next to each of the objectives, it lists the chapters where you can find the relevant content. Here’s a short snippet:

1.0 Threats, Attacks and Vulnerabilities 

1.1 Given a scenario, analyze indicators of compromise and determine the type of
malware. (Chapter 6)

• Viruses (Chapter 6)
• Crypto-malware (Chapter 6)
• Ransomware (Chapter 6)
• Worm (Chapter 6)
• Trojan (Chapter 6)
• Rootkit (Chapter 6)
• Keylogger (Chapter 6)
• Adware (Chapter 6)
• Spyware (Chapter 6)
• Bots (Chapter 6)
• RAT (Chapter 6)
• Logic bomb (Chapter 6)
• Backdoor (Chapter 6)

Objective maps such as this allow you to easily review the exam objectives and see where they are covered.

Security+ Certification Step 4 of 7

Supplement your studies with online materials such as blog posts.

When a topic isn’t clear, look for more information on the topic online.

I regularly post blog articles about Security+ and other topics on the Get Certified Get Ahead blog site and this page is a good place to see if there are important changes to the certification before you take the exam. Readers often post their comments on the pages too so it’s worth reading their comments too.

Security+ Certification Step 5 of 7

Buy a voucher (assuming your employer doesn’t buy it for you).

Purchase a Security+ certification voucher for the exam. These typically are good for a year, and purchasing it early provides some motivation to you to keep you studying. You can get a code for a 10% discount on all CompTIA vouchers here.

Be careful about buying vouchers from unknown sources. Many people have purchased vouchers through sites such as eBay only to learn that the voucher isn’t valid.

Security+ Certification Step 6 of 7

Schedule your exam for your target date.

Contact a Pearson Vue testing center and schedule your exam. Just as purchasing the voucher provides some motivation for you to keep studying, scheduling your exam helps keep you focused.

Even if a life event pops up and slows you down, you can still reschedule the exam for a later date.

Security+ Certification Step 7 of 7

Use quality practice test questions with explanations.

Practice test questions help you gauge your understanding and ability to pass the actual exam. These can be very useful, but beware of questions without explanations.

Many “braindumps” have questions and answers but the majority of the questions don’t have any explanations. Worse, many of the answers are incorrect. The result is that people using these memorize inaccurate information without understanding the content. When CompTIA modifies the questions just slightly, they fail the exam without understanding why.

In contrast, when you use questions with explanations, you’ll understand why the correct answers are correct, and why the incorrect answers are incorrect. When you soak up this knowledge, you’ll be able to answer the questions correctly no matter how CompTIA words the questions.

Some people use the practice test questions within their study guide. Other people, look for additional materials such as the materials available here. This site includes practice test questions, flashcards, and audio files.

After gauging your understanding with practice test questions, take the exam and celebrate.

If you’re planning to take the SY0-501 version of the Security+ exam, you may run across questions with subtle word choices. For example, a question could have one answer correct. However, a subtle change in a phrase in a question would make that answer incorrect.

Consider this question that I recently added to the gcgapremium.com site:

Q. Your organization is planning to implement SELinux in enforcing mode as a mandatory access control (MAC) model. Which of the following roles will specify the subjects that can access certain data objects?

A. Administrator

B. System

C. Owner

D. User

The answer and explanation are available at the end of this post.

Subjects and Objects

Within the context of access control models, you’ll often run across the terms subject and objects.

Subjects are typically users or groups that access an object. Occasionally, the subject may be a service that is using a service account to access an object.

Objects are items such as files, folders, shares, and printers that subjects access. For example, users access files and printers. The access control helps determine how a system grants authorization to objects. Or, said another way, the access control model determines how a system grants users access to files and other resources.

To simplify this you can think of subjects as users, and objects as files. Subjects access files. Subjects can be much more than users and files can be much more than files, but remembering that subjects (users) can access objects (files) it makes it easier to remember.

Mandatory Access Control

The mandatory access control (MAC) model uses labels (sometimes referred to as sensitivity labels or security labels) to determine access. Security administrators assign labels to both subjects (users) and objects (files or folders). When the labels match, the system can grant a subject access to an object. When the labels don’t match, the access model blocks access.

Security-enhanced Linux (SELinux) is one of the few operating systems using the mandatory access control model. If SELinux is in enforcing mode, it enforces the SELinux policy.

Data Roles and Responsibilities

Many people within the organization handle data. However, an organization often assigns specific roles to some people. Each of these roles has specific responsibilities. The Security+ objectives outline list the following roles:

• Owner. The data owner is the individual with overall responsibility for the data. It is often a high-level position such as the chief executive officer (CEO) or a department head. The data owner is responsible for specifying the classification of the data, ensuring the data is labeled to match the classification, and ensuring security controls are implemented to protect the data.
• Steward/custodian. A data steward or data custodian handles the routine tasks to protect data. For example, a data custodian (often referred to as a system administrator) would ensure data is backed up in accordance with a backup policy. The custodian would also ensure that backup tapes are properly labeled to match the classification of the data and stored in a location that provides adequate protection for the classification of the data. Data owners typically delegate tasks to the data custodian.
• Privacy.  A privacy officer is an executive position within an organization. This person is primarily responsible for ensuring that the organization is complying with relevant laws. For example, if the organization handles any PHI, the privacy officer ensures the organization complies with HIPAA. If SOX applies to the organization, the privacy officer ensures that the organization is complying with SOX.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

• Introduction
• About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
• 75 question pre-assessment exam
• Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
• Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
• Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
• Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
• Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
• Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
• Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
• 75 question post-assessment exam
• Glossary

Get the SY0-501 Full Security+ Course Here

---

Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

• 494 Online Security+ Glossary Flashcards
• 222 Online Security+ Acronyms Flashcards
• 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

Subtle Phrase Changes

Consider the following three questions with subtle phrase changes.

Which of the following roles will specify the subjects that can access certain data objects? Specify indicates someone is stating a fact or requirement clearly and precisely. It would be the data owner.

Which of the following roles will implement the controls so that the subjects can access certain data objects? Administrators (referred to as stewards or custodians in the Security+ objectives) implement security controls specified by data owners.

Which of the following roles will enforce the controls so that subjects can access certain data objects? A system would enforce the settings implemented by administrators.

Remember this

Key data roles within an organization are responsible for protecting data. The owner has overall responsibility for the protection of the data and specifies the subjects that can access certain objects. A steward or custodian handles routine tasks to protect data. A privacy officer is an executive responsible for ensuring the organization complies with relevant laws.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

---

---

Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

• A 75 question pre-test
• A 75 question post-test
• Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Q. Your organization is planning to implement SELinux in enforcing mode as a mandatory access control (MAC) model. Which of the following roles will specify the subjects that can access certain data objects?

A. Administrator

B. System

C. Owner

D. User

C is correct. The data owner will specify which subjects (such as users) can access certain data objects (such as files). A key word here is “specify” and specify indicates someone is stating a fact or requirement clearly and precisely.

Administrators will implement the model by assigning labels to both subjects and objects. If the question was “Which of the following roles will implement the controls so that the subjects can access certain data objects?”, Administrator would be the correct answer.

After the labels have been assigned, the system will enforce the model by ensuring that only authorized users can access data by ensuring labels match. If the question was “Which of the following roles will enforce the controls so that subjects can access certain data objects?”, than system would be the correct answer.

Users will not specify any permissions for access control in a MAC model.

Chapter 2 of the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide covers the MAC model and Chapter 11 covers different data roles

SY0-501 objective 5.8 Given a scenario, carry out data security and privacy practices.

If you’re planning to take the Security+SY0-501 exam, you should have a basic understanding of implementing secure systems design. This includes firmware/hardware security,  operating systems, and peripherals.

For example, can you answer this question?

Q. What functions does an HSM include?

A. Reduces the risk of employees emailing confidential information outside the organization

B. Provides webmail to clients

C. Provides full drive encryption

D. Generates and stores keys used with servers

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

• Introduction
• About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
• 75 question pre-assessment exam
• Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
• Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
• Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
• Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
• Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
• Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
• Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
• Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
• Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
• 75 question post-assessment exam
• Glossary

Get the SY0-501 Full Security+ Course Here

---

Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

• 494 Online Security+ Glossary Flashcards
• 222 Online Security+ Acronyms Flashcards
• 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

When implementing secure systems design, it’s also important to evaluate several hardware elements. Additionally, an organization should evaluate the supply chain. A supply chain includes all the elements required to produce a product. In secure systems design, the product is a secure system.

There have been many incidents where new computers were shipped with malware. As an example, Microsoft researchers purchased several new computers in China and found them infected with the Nitol virus. These computers were also running counterfeit versions of Windows. This helps illustrate the importance of purchasing computers from reputable sources.

EMI and EMP

When designing systems, it’s important to consider electromagnetic interference (EMI) and electromagnetic pulse (EMP). EMI comes from sources such as motors, power lines, and fluorescent lights and it can interfere with signals transmitted over wires. Chapter 9 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide discusses shielding that helps prevent EMI from causing problems. It’s easier to include shielding during the design process rather than add shielding later.

EMP is a short burst of electromagnetic energy. EMP can come from a wide assortment of sources and some sources can cause damage to computing equipment. Some sources include:

• Electrostatic discharge (ESD). Basic ESD prevention practices, such as using ESD wrist straps, help prevent ESD damage.
• Lightning. Lightning pulses can go through electrical wires and damage unprotected systems. Surge protection methods, such as surge protection strips, protect electrical systems.
• Military weapons. Nuclear explosions create a large EMP that can damage electronic equipment (including embedded systems) over a large area. Some non-nuclear weapons have been designed to mimic the nuclear EMP, but without the nuclear explosion. Non-nuclear EMP has a smaller range than nuclear EMP, but can still damage equipment. The best publicly known protection is to turn equipment off, but you’re unlikely to know when one of these explosions will occur.

FDE and SED

Full disk encryption (FDE) encrypts an entire disk. Several applications are available to do this. For example, VeraCrypt is an open source utility that can encrypt partitions or the entire storage device.

Many hardware vendors now manufacture hardware-based FDE drives. These are sometimes referred to as self-encrypting drives (SEDs). An SED includes the hardware and software to encrypt all data on the drive and securely store the encryption keys. These typically allow users to enter credentials when they set up the drive. When users power up the system, they enter their credentials again to decrypt the drive and boot the system.

UEFI and BIOS

The Basic Input/Output System (BIOS) includes software that provides a computer with basic instructions on how to start. It runs some basic checks, locates the operating system, and starts. The BIOS is often referred to as firmware. It is a hardware chip that you can physically see and touch and it includes software that executes code on the computer. The combination of hardware and software is firmware.

Newer systems use Unified Extensible Firmware Interface (UEFI) instead of BIOS. UEFI performs many of the same functions as BIOS, but provides some enhancements. As an example, it can boot from larger disks and it is designed to be CPU-independent.

Both BIOS and UEFI can be upgraded using a process called flashing. Flashing overwrites the software within the chip with newer software.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.

---

---

Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

• A 75 question pre-test
• A 75 question post-test
• Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Hardware Security Module

A hardware security module (HSM) is a security device you can add to a system to manage, generate, and securely store cryptographic keys. High-performance HSMs are external devices connected to a network using TCP/IP. Smaller HSMs come as expansion cards you install within a server, or as devices you plug into computer ports.

HSMs support the security methods as a TPM. They provide a hardware root of trust, secure boot, and can be configured for remote attestation.

One of the noteworthy differences between an HSM and a TPM is that HSMs are removable or external devices. In comparison, a TPM is a chip embedded into the motherboard. You can easily add an HSM to a system or a network, but if a system didn’t ship with a TPM, it’s not feasible to add one later. Both HSMs and TPMs provide secure encryption capabilities by storing and using RSA keys. Many high-performance servers use HSMs to store and protect keys.

Q. What functions does an HSM include?

A. Reduces the risk of employees emailing confidential information outside the organization

B. Provides webmail to clients

C. Provides full drive encryption

D. Generates and stores keys used with servers

Answer is D. A hardware security module (HSM) is a removable device that can generate and store RSA keys used with servers for data encryption.

A data loss prevention (DLP) device is a device that can reduce the risk of employees emailing confidential information outside the organization.

Software as a Service (SaaS) provides software or applications, such as webmail, via the cloud.

A Trusted Platform Module (TPM) provides full drive encryption and is included in many laptops.

See Chapter 5 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on securing hosts and data.