Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 224 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
224
Dung lượng
1,74 MB
Nội dung
Decrypting the Security+ BetaExamObjectives
Copyright 2002 AlphaGeekProductions.
Copyright 2002 by AlphaGeekProductions. All rights reserved. Created in the United
States of America. Except as permitted under the United States Copyright Act of 1976, No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any
form or by any means electronic or mechanical or by photocopying, recording, or otherwise
without the prior permission of the publisher.
The views expressed in this book are solely those of the Authors, and do not represent the
views of any other party or parties.
Created in United States of America
UPC: 6-43977-21101-8
The sponsoring editor for this book was Bruce Moran and the production supervisor was
Chad M. Bayer.
Formatted by www.totalrecallpress.com
Authors: Tcat Houser, Helen O'Boyle, Ian Kayne, and Angella Hebert
Design Concepts: Bruce Moran
This publication is not sponsored by, endorsed by, or affiliated with CompTIA, Inc.
CompTIA®, A+®, Network+™, Server+™, I-Net+™, Linux+™, Security+™ The
CompTIA logos and the Network+ logo are trademarks or registered trademarks of
CompTIA, Inc. in the United States and certain other countries. All other trademarks are
trademarks of their respective owners. Throughout this book, trademarked names are used.
Rather than put a trademark symbol after every occurrence of a trademarked name, we used
names in an editorial fashion only and to the benefit of the trademark owner. No intention
of infringement on trademarks is intended. This publication does not constitute an
endorsement of any mentioned product by the authors.
Disclaimer Notice: Judgments as to the suitability of the information
herein for purchaser’s purposes are necessarily the purchaser’s
responsibility. BeachFront Quizzer, Inc. and TotalRecall Press
extends no warranties, makes no representations, and assumes no
responsibility as to the accuracy or suitability of such information
for application to the purchaser’s intended purposes or for
consequences of its use except as described in the Guarantee.
LICENSE
This Document is FREE to everyone.
You are FREE to distribute and use this
document for non-commercial purposes.
This material is protected by
copyright 2002 AlphaGeekProductions.
This work was “Frozen” 08/23/02_ 18:35
Michael Toennessen
Instructional Technology Specialist
Meeker Junior High School
Kent School District #415
NO WARRANTY
BECAUSE THIS DOCUMENT IS LICENSED FREE OF CHARGE,
THERE IS NO WARRANTY FOR THIS CONTENT, TO THE EXTENT
PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE
STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
OTHER PARTIES PROVIDE THIS DOCUMENT "AS IS" WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK OF USE OF THIS CONTENT IS WITH
YOU. SHOULD THIS CONTENT PROVE FAULTY, INACCURATE,
OR OTHERWISE UNACCEPTABLE YOU ASSUME THE COST OF
ALL NECESSARY REPAIR OR CORRECTION.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR
AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR
ANY OTHER PARTY WHO MAY MIRROR AND/OR
REDISTRIBUTE THIS CONTENT AS PERMITTED ABOVE, BE
LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL,
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES
ARISING OUT OF THE USE OR INABILITY TO USE THE OC, EVEN
IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES.
THIS CONTENT WAS CREATED ACCORDING TO A COMMON
BODY OF KNOWLEDGE RELATING TO SECURITY ISSUES. AT
THE TIME OF CREATION, SECURITY+ CERTIFCATION HAS NOT
BEEN RELEASED. THEREFORE IT IS IMPOSSIBLE TO OFFER
ANY WARRANTIES AS TO ACCURACY OR REVELANCE TO
SECURITY+.
This book is dedicated to the all the folks willing to ‘take the whooping’
that the Security+ IT beta test delivers to the mind and body.
Tcat Houser
My work on this study guide is dedicated to the denizens of Virginia
Commonwealth University computer labs, without whose presence in my
life as friends, mentors and occasional adversaries of a white hat who just
wanted to learn, I might never have discovered how enjoyable the field of
computer security could be, or learned as much about it as I did there.
Helen O’Boyle
This is for Gillian and Eddie.
Ian Kayne
I dedicate the success of this effort to all of the loved ones who gave us
moral support through our 7 days of hell, the team members of this
success for all roles played, and to the author I owe my sanity to Tcat.
You are a strong leader with your expertise and make the desires in all of
us run rampid when we think that all of the fires within us have been
distinguished. You push us to the challenge. I thank you. Without that
little extra you always seem to give, I could not have been such an active
participant in this effort.
Angella Hebert
Decrypting the Security+
Beta ExamObjectives
CompTIA Security+
For
SYN-101 Examination
About the Authors
Tcat Houser
Tcat Houser (Network+, MCSE, Server+, CTT+) has garnered other
milestones such as IBM PSE and Microsoft MCSE/MCT. This is the
result of almost 40 years of “fussing with electronics”. When not writing
or teaching, he is doing research. Tcat accomplishes so many tasks
because to him, it isn’t work, its fun, and he has fun 18 hours a day, 7 days
a week. You can reach him by sending mail to Tcat@Tcat.net or
Author@totalrecallpress.com.
Looking back at the last book where I (Tcat Houser) was the lead author
(i-Net+ Exam Prep 1576105989) the independent reviews were very good,
and most readers understood that I had two intentions. One, ace the test.
Two, supply the information to be a reference manual and/or alert the
reader to upcoming technologies so as today’s hero, the reader was not
tomorrow’s zero.
In the two years since that release, I led a number of career changers
through CompTIA and wrote my own courseware. Building on that
learning, you have this release.
Helen O’Boyle
Helen O’Boyle (Network+, MCSE, MCSD, CTT+) has been working with
computers for 20 years. Her background is quite varied in regards to both
platforms and a complete interest in both the engineering of software and
hardware. You may email her at
Author@totalrecallpress.com
o
o
r
r
Hoboyle@mindspring.com.
Author@totalrecallpress.com
Ian Kayne
By day I’m a technical specialist with a focus on Internet & Security
technologies. By night I’m a scene coder, laying down C++ with Win32,
MFC and DirectX code purely for fun. I enjoy a challenge, whether it’s
building pen-resistant systems or getting this mesh and that pixel shader to
render faster. Working with everyone in different time zones and across
the Atlantic has been fun. Certain people will understand the reference to
Spirit ;).
Angella Hebert
A mom whose passions make her eager to learn while keeping her feet
grounded. I contribute my proofreading and English skills. I enjoy the
knowledge it gives and of course the friendships I have built along the
way (Mr. Tcat himself).
Chad Rees
Cover Design and WebMaster
About the EBook
This manual is designed to provide information to help readers study for
and pass CompTIA’s Security+ Beta certification exam. Every effort has
been made to make this manual as complete and accurate as possible.
Special Offer:
We will accept PayPal Donations because while this
work is free, food, etc. is not.
If you do choose to send a $20 USD Donation or
more, we will provide you a PDF file which will
contain all of our Security reference work.
This Security PDF file, will be released on or before
November 01-2002. We estimate this will be about
the time when Security+ goes live.
Http://www.alphageekproductions.com
A quick look at the Chapters
included in this book:
Read.Me 1
General Security Concepts (30%) 13
Communication Security (20%) 41
Infrastructure Security (20%) 87
Basics of Cryptography (15%) 159
Operational/Organizational Security (15%) 171
[...]... Difficulity (1-10) 4 on par with Network+ Fairness (1-10) 9 one of the more fair tests from CompTIA Decrypting the Security+ BetaObjectives 'hit rate' 93% Comments: DAMN glad we put the study guide out BEFORE the test Proves either we're oracle's or everyone wrote to the objectives, including the SME's If the material makes sense, thebeta is yours Wish I had more time to have worked on PKI Had to guess... other words, a guide Today, some call a brain dump the revealing of actual test questions and suspected answers Well these fingers call the latter behavior illegal in the civilized word This body of work is a brain dump in the classic sense To make the point, we have frozen this work before the test goes to betaDecryptingthe Security+ BetaExamObjectives Copyright 2002 AlphaGeekProductions Free... Http://www.netlinknorthwest.com for the practical support with 802.11 www.TotalRecallPress.com for hosting the downloads These folks have contributed to your success without expectation of return Finally, best wishes from all of us to all of you TheDecryptingthe CompTIA Security+ Objectives Team Decryptingthe Security+ BetaExamObjectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial... 199 Decryptingthe Security+ BetaExamObjectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial purposes Decrypting the Security+ BetaExamObjectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial purposes VIII Acknowledgments Preface and Acknowledgments Helen and Tcat were working on what we thought Security+ should... that Security+ as a test focuses on the technical portion in what we refer to as the Triangle of Security This means we have gone beyond the Security+ test and given you a map to succeed and excel in the real world When you pass Security+ , you have our pat on the back, but tat does not make you a security guru Another group has put a fair amount of effort into security, which does not just focus on the. .. trick is to supply the data to the users in a form through which security can be properly applied to suit their own best interests Your authors do not mean to imply that most workers don’t care about their jobs Social engineering is the most successful form of attack used by the outside intruder For example, the first phone call reveals the name of the person in charge of the phone system The second phone... to know the make and model of the phone system This gives the intruders the data to make the third phone call to get a person do perform some simple step, as requested by (insert obtained name from the first call) With this, the intruders just got an employee, who thought they were doing their job, to prop open a door on the phone system for themselves A perfect example for this attack is the Kevin... Security Tao Tao is a term that generally means the subtle reality of the universe cannot be described While choosing the word Tao would seem to suggest it is not possible to describe security, our goal is to give you an outline on the general ‘how’ of security, without pretending to say, ‘step by step, here are all of your answers’ 7 http://www.c4i.org/isn.html Decrypting the Security+ BetaExam Objectives. .. functioning as the outside perimeter The closer in you come to the airport, you find closed circuit TV and police Decrypting the Security+ BetaExamObjectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial purposes 8 Chapter 0000 Move to the inside of a terminal and you find in addition to the closed circuit TV and police, plain clothes (undercover) security forces,... information.” Other parts of this book show many examples of how such information can be found 8 ISBN 0-7356-1588-8 Decrypting the Security+ BetaExamObjectives Copyright 2002 AlphaGeekProductions Free to distribute and use for non-commercial purposes Read.Me 9 Appendix B, The Ten Immutable Laws of Security and Appendix C The Ten Immutable Laws of Security Administration”, make this book a must have on the . from all of us to all of you.
The Decrypting the CompTIA Security+ Objectives Team
Decrypting the Security+ Beta Exam Objectives
Copyright 2002 AlphaGeekProductions this effort.
Angella Hebert
Decrypting the Security+
Beta Exam Objectives
CompTIA Security+
For
SYN-101 Examination
About the Authors
Tcat Houser
Tcat