Get Certified Get Ahead

Search Site

Our goal is to help you Get Certified and Get Ahead in your career and your life. If you want to get certified, you’ll find that many of the free blog posts on this site can help you.

List of recent posts.

Security+ SY0-501 Study Guide Now Available


Key Security+ blog posts

A listing of over 100 blog posts on the Security+exam. Posts are organized into categories such as:

 


Security+ Full Access Package

Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you're ready no matter what study guide you're using.

This exam is expensive.

Make sure you're ready before exam day. 

Here's what you'll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you'll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 40 new multiple-choice questions we've added after publishing the study guide.
  • Over 30 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Recent Posts

  • Linux and Great Administrators

    Linux and Great Administrators

    Are you a good administrator or a great administrator? Great administrators typically move up in the organization quickly. Good administrators are valued but often have to escalate problems that they can’t solve simply because they don’t have the skill set …
  • Understanding Certificate Formats

    Understanding Certificate Formats

    If you’re planning to take the SY0-501 version of the Security+ exam, you should have a basic understanding of implementing public key infrastructure. This includes understanding certificate formats that provides the ability to establish a secure session. For example, can you …
  • Understanding Social Engineering Tactics

    Understanding Social Engineering Tactics

    Social engineers typically use one or more psychology-based principles to increase the effectiveness of their attacks. If you’re planning to take the SY0-501 version of the Security+ exam, you should have a good understanding of these principles and different social engineering …
  • Using Source and Destination Ports

    Using Source and Destination Ports

    Although ports are second nature to router and firewall administrators, they might not be so familiar to you. If you’re planning to take the SY0-501 version of the Security+ exam, you should have a basic understanding of ports. This includes using …
  • Protecting PII and PHI

    Protecting PII and PHI

    Data policies help protect Personally Identifiable Information (PII) and Personal Health Information (PHI) by helping to prevent data leakage. If you’re planning to take the SY0-501 version of the Security+ exam, you should have a basic understanding of different elements that …
  • Wireless Security Protocols

    Wireless Security Protocols

    Wireless security has improved over the years, but wireless networks are still susceptible to vulnerabilities. Unfortunately, many users just don’t understand how to lock down a wireless network adequately. If you’re planning to take the SY0-501 version of the Security+ exam, …
  • Identifying Common Commands

    Identifying Common Commands

    If you’re planning to take the SY0-501 version of the Security+ exam, you should have a basic understanding of common commands that you can run on your primary computer or within a virtual machine. The CompTIA Security+ objectives list several command-line …
  • Understanding Access Management Controls

    Understanding Access Management Controls

    If you’re planning to take the SY0-501 version of the Security+ exam, you should have a good understanding of identity and access management controls. For example, can you answer this question? Q. Your organization is implementing an SDN. Management wants to …
  • Tax Scams

    Tax Scams

    It’s tax season and you know that means. More tax scams. A neighbor recently reported that she received a phone call from someone stating she was from the Commonwealth of Virginia. The caller (let’s call her the scammer) said my …
  • Risk Assessment Methods

    Risk Assessment Methods

    If you’re planning to take the SY0-501 version of the Security+ exam, you should have a basic understanding of risk management processes and concepts. This includes risk assessment methods used by organizations to mitigate risks using different types of security controls. …
  • Comparing Labels and Lattice

    Comparing Labels and Lattice

    Access control ensures that only authenticated and authorized entities can access resources. If you’re planning to take the SY0-501 version of the Security+ exam, you should have a basic understanding of implementing identity and access management controls. This includes an access …
  • Neighbor Spoofing & Vishing

    Neighbor Spoofing & Vishing

    Criminals have increasingly used neighbor spoofing when launching vishing attacks. This apparently became popular in 2018 and has been steadily increasing. Vishing is a a type of phishing attack using phones. Phone spoofing is when a caller changes the number …
  • Encrypting & Decrypting Email

    Encrypting & Decrypting Email

    If you’re planning to take the SY0-501 version of the Security+ exam, you should have a basic understanding of the basic concepts of cryptography. This includes ensuring confidentiality of email by encrypting and decrypting email contents. For example, can you answer …
  • Understanding Cryptography Algorithms

    Understanding Cryptography Algorithms

    If you’re planning to take the SY0-501 version of the Security+ exam, you should have a good understanding of cryptography algorithms and their basic characteristics. This includes symmetric algorithms like AES, DES, 3DES, RC4, Blowfish/Twofish. For example, can you answer this …
  • HTTPS Transport Encryption

    HTTPS Transport Encryption

    If you’re planning to take the SY0-501 version of the Security+ exam, you should have a good understanding of basic cryptography concepts. This includes transport encryption methods used with HTTPS. For example, can you answer this question? Q. Network administrators in …

Now Available
CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

Understanding Certificate Formats

Posted by on March 16 in Security+ | 0 comments

If you’re planning to take the SY0-501 version of the Security+ exam, you should have a basic understanding of implementing public key infrastructure. This includes understanding certificate formats that provides the ability to establish a secure session.

For example, can you answer this question?

Q. You need to request a certificate for a web server. Which of the following would you MOST likely use?

A. CA

B. CRL

C. CSR

D. OCSP

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.

Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Certificate Chaining and Trust Models

CAs are trusted by placing a copy of their root certificate into a trusted root CA store. The root certificate is the first certificate created by the CA that identifies it, and the store is just a collection of these root certificates. If the CA’s root certificate is placed in this store, all certificates issued by this CA are trusted.

The figure shows the Trusted Root Certification Authority store on a Windows computer. You can see that there are many certificates from many different CAs. In the figure, I’ve selected one of the certificates from COMODO Certification Authority.

Understanding Certificate Formats

Trusted Root Certification Authorities

Public CAs such as Symantec and Comodo negotiate with web browser developers to have their certificates included with the web browser. This way, any certificates that they sell to businesses are automatically trusted.

The most common trust model is the hierarchical trust model, also known as a centralized trust model. In this model, the public CA creates the first CA, known as the root CA. If the organization is large, it can create intermediate and child CAs. If you look back at the figure, you can see that it includes a section used to store intermediate CA certificates. A large trust chain works like this:

• The root CA issues certificates to intermediate CAs.
• Intermediate CAs issue certificates to child CAs.
• Child CAs issue certificates to devices or end users.

Certificate chaining combines all the certificates from the root CA down to the certificate issued to the end user.

Another type of trust model is a web of trust or decentralized trust model, sometimes used with PGP and GPG. A web of trust uses self-signed certificates, and a third party vouches for these certificates. For example, if five of your friends trust a certificate, you can trust the certificate. If the third party is a reliable source, the web of trust provides a secure alternative. However, if the third party does not adequately verify certificates, it can result in the use of certificates that shouldn’t be trusted.

CompTIA Security+ Study Guide

The 501 Version of the Study Guide

The CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide is an update to the top-selling SY0-201, SY0-301, and SY0-401 study guides, which have helped thousands of readers pass the exam the first time they took it.  It includes the same elements readers raved about in the previous three versions.

Each of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.

You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.



Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:

  • A 75 question pre-test
  • A 75 question post-test
  • Practice test questions at the end of every chapter.

Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.

If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-501 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.

Kindle edition also available.

Certificate Formats

Most certificates use one of the X.509 v3 formats. The primary exception is certificates used to distribute certificate revocation lists which use the X.509 v2 format.

Certificates are typically stored as binary files or as BASE64 American Standard Code for Information Interchange (ASCII) encoded files. Binary files are stored as 1s and 0s. BASE64 encoding converts the binary data into an ASCII string format. Additionally, some certificates are also encrypted to provide additional confidentiality.

The base format of certificates is Canonical Encoding Rules (CER) or Distinguished Encoding Rules (DER). CER and DER formats are defined by the International Telegraph Union Telecommunication Standardization Sector (ITU-T) in the X.690 standard. They use a variant of the Abstract Syntax Notation One (ASN.1) format, which defines data structures commonly used in cryptography. CER is an ASCII format and DER is a binary format.

DER-based certificates include headers and footers to identify the contents. As an example, the following text shows a header and a footer for a certificate:
—–BEGIN CERTIFICATE—– MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
… additional ASCII Characters here… HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==
—–END CERTIFICATE—–

Each header starts with five dashes (—–), BEGIN, a label, and five more dashes. The footer starts with five dashes, End, the same label, and five more dashes. In the previous example, the label is CERTIFICATE. Other labels include PUBLIC KEY, PRIVATE KEY, ENCRYPTED PRIVATE KEY, CERTIFICATE REQUEST, and X509 CRL. CER-based certificates are binary encoded so they do not have headers and footers.

Certificate files can have many extensions, such as .crt, .cer, .pem, .key, .p7b, .p7c, .pfx, and .p12. However, it’s worth stressing that a certificate with the.cer extension doesn’t necessarily mean that it is using the CER format.
When comparing the different formats, it’s important to know what they can contain and how to identify them.

PEM is derived from the Privacy Enhanced Mail format, but that is misleading. It implies that PEM-based certificates are used for email only. However, PEM-based certificates can be used for just about anything. They can be formatted as CER (ASCII files) or DER (binary files). They can also be used to share public keys within a certificate, request certificates from a CA as a CSR, install a private key on a server, publish a CRL, or share the full certificate chain.

You might see a PEM-encoded certificate with the. pem extension. However, it’s more common for the certificate to use other extensions. For example, a PEM-encoded file holding the certificate with the public key typically uses the.cer or.crt extension. A PEM file holding just the private key typically uses the. key extension.

Full Security+ Course

SY0-501 Full Security+ Course

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide

  • Introduction
  • About the exam (including information on the number of questions, test duration, passing score, types of questions and more. Also includes a listing of the exam objectives)
  • 75 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Identity and Access Management (full content from Chapter 2 of the study guide including the exam topic review and 15 practice test questions)
  • Exploring Network Technologies and Tools (full content from Chapter 3 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 15 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 15 practice test questions)
  • Comparing Threats, Vulnerabilities, and Common Attacks (full content from Chapter 6 of the study guide including the exam topic review and 15 practice test questions)
  • Protecting Against Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 15 practice test questions)
  • Using Risk Management Tools (full content from Chapter 8 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Controls to Protect Assets (full content from Chapter 9 of the study guide including the exam topic review and 15 practice test questions)
  • Understanding Cryptography and PKI (full content from Chapter 10 of the study guide including the exam topic review and 15 practice test questions)
  • Implementing Policies to Mitigate Risks (full content from Chapter 11 of the study guide including the exam topic review and 15 practice test questions)
  • 75 question post-assessment exam
  • Glossary

Get the SY0-501 Full Security+ Course Here


Test your readiness with these quality materials

Random 75-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

3 sets Performance-based Questions

Three new sets of performance-based questions with a total of 30 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 494 Online Security+ Glossary Flashcards
  • 222 Online Security+ Acronyms Flashcards
  • 223 Online Security+ Remember This Slide from the popular CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Audio - SY0-501 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 20 minutes of audio (MP3 downloads.)

Audio - SY0-501 Security+ Question and Answer Audio Files

Learn by Listening. Over two hours hour and 53 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. Over one hour and 40 minutes of additional audio.

Bonus #2

Access to all of the online content that is available for free to anyone that purchases the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. This includes labs, extra practice test questions, and supplementary materials

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the SY0-501 Full Security+ Course Here

P7B certificates use the PKCS version 7 (PKCS#7) format and they are DER-based (binary). They are commonly used to share public keys with proof of identity of the certificate holder. Recipients use the public keys to encrypt or decrypt data. For example, a web server might use a P7B certificate to share its public key. P7B certificates can also contain a certificate chain or a CRL. However, they never include the private key.

P12 certificates use the PKCS version 12 (PKCS#12) format and they are CER-based (ASCII). They are commonly used to hold certificates with the private key. For example, when installing a certificate on a server to supports HTTPS sessions, you might install a P12 certificate with the private key. Because it holds the private key, it’s common to encrypt P12 certificates. It’s also possible to include the full certificate chain in a P12 certificate.

Personal Information Exchange (PFX) is a predecessor to the P12 certificate and it has the same usage. Administrators often use this format on Windows systems to import and export certificates.


Security+ Practice Test Questions

SY0-501 Practice Test Questions 

Over 300 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

 SY0-501 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus - Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SY0-501 Full Study Package

Q. You need to request a certificate for a web server. Which of the following would you MOST likely use?

A. CA

B. CRL

C. CSR

D. OCSP

Answer is C. A certificate signing request (CSR) uses a specific format to request a certificate.

You submit the CSR to a Certificate Authority (CA), but the request needs to be in the CSR format.

A certificate revocation list (CRL) is a list of revoked certificates.

The Online Certificate Status Protocol (OCSP) is an alternate method of validating certificates and indicates if a certificate is good, revoked, or unknown.

See Chapter 10 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on cryptography and PKI.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2020 Get Certified Get Ahead. All Rights Reserved.