Thông tin tài liệu
Security+
Study Guide
Second Edition
4350.book Page i Thursday, July 8, 2004 11:49 PM
4350.book Page ii Thursday, July 8, 2004 11:49 PM
San Francisco • London
Security+
™
Study Guide
Second Edition
Mike Pastore and Emmett Dulaney
4350.book Page iii Thursday, July 8, 2004 11:49 PM
Associate Publisher: Neil Edde
Acquisitions and Developmental Editor: Jeff Kellum
Production Editor: Susan Berge
Technical Editors: J. Kevin Lundy, Jay Stephen Leeds
Copyeditor: Tiffany Taylor
Compositor: Craig Woods, Happenstance Type-O-Rama
Graphic Illustrator: Happenstance Type-O-Rama
CD Coordinator: Dan Mummert
CD Technician: Kevin Ly
Proofreaders: Laurie O’Connell, Nancy Riddiough
Indexer: Ted Laux
Book Designers: Bill Gibson, Judy Fung
Cover Designer: Archer Design
Cover Photograph: Photodisc and Victor Arre
Copyright © 2004 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No
part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, including but
not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written per-
mission of the publisher.
First edition copyright © 2003 SYBEX Inc.
Library of Congress Card Number: 2004104231
ISBN: 0-7821-4350-4
SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States
and/or other countries.
Screen reproductions produced with FullShot 99. FullShot 99 © 1991-1999 Inbit Incorporated. All rights reserved.
FullShot is a trademark of Inbit Incorporated.
The CD interface was created using Macromedia Director, COPYRIGHT 1994, 1997-1999 Macromedia Inc. For
more information on Macromedia and Macromedia Director, visit http://www.macromedia.com.
Sybex is an independent entity from CompTIA and is not affiliated with CompTIA in any manner. Neither Comp-
TIA nor Sybex warrants that use of this publication will ensure passing the relevant exam. Security+ is either a
registered trademark or trademark of CompTIA in the United States and/or other countries.
4350.book Page iv Thursday, July 8, 2004 11:49 PM
How to Become CompTIA Certified
:
This training material can help you prepare for and pass a related CompTIA certification exam or exams. In order
to achieve CompTIA certification, you must register for and pass a CompTIA certification exam or exams.
In order to become CompTIA certified, you must:
(1) Select a certification exam provider. For more information please visit http://www.comptia.org/certification/
general_information/test_locations.asp.
(2) Register for and schedule a time to take the CompTIA certification exam(s) at a convenient location.
(3) Read and sign the Candidate Agreement, which will be presented at the time of the exam(s). The text of the
Candidate Agreement can be found at http://www.comptia.org/certification/general_information/candidate_
agreement.asp.
(4) Take and pass the CompTIA certification exam(s).
For more information about CompTIA’s certifications, such as their industry acceptance, benefits, or program
news, please visit http://www.comptia.org/certification/default.asp.
CompTIA is a non-profit information technology (IT) trade association. CompTIA’s certifications are designed
by subject matter experts from across the IT industry. Each CompTIA certification is vendor-neutral, covers mul-
tiple technologies, and requires demonstration of skills and knowledge widely sought after by the IT industry.
To contact CompTIA with any questions or comments:
Please call + 1 630 268 1818
questions@comptia.org
Sybex is an independent entity from CompTIA and is not affiliated with CompTIA in any manner. Neither Comp-
TIA nor Sybex warrants that use of this publication will ensure passing the relevant exam. Security+ is either a
registered trademark or trademark of CompTIA in the United States and/or other countries.
TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from
descriptive terms by following the capitalization style used by the manufacturer.
The author and publisher have made their best efforts to prepare this book, and the content is based upon final
release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied
by software manufacturer(s). The author and the publisher make no representation or warranties of any kind
with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including
but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of
any kind caused or alleged to be caused directly or indirectly from this book.
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
4350.book Page v Thursday, July 8, 2004 11:49 PM
Software License Agreement: Terms and Conditions
The media and/or any online materials accompanying
this book that are available now or in the future contain
programs and/or text files (the "Software") to be used in
connection with the book. SYBEX hereby grants to you
a license to use the Software, subject to the terms that
follow. Your purchase, acceptance, or use of the Soft-
ware will constitute your acceptance of such terms.
The Software compilation is the property of SYBEX
unless otherwise indicated and is protected by copyright
to SYBEX or other copyright owner(s) as indicated in
the media files (the "Owner(s)"). You are hereby
granted a single-user license to use the Software for your
personal, noncommercial use only. You may not repro-
duce, sell, distribute, publish, circulate, or commercially
exploit the Software, or any portion thereof, without the
written consent of SYBEX and the specific copyright
owner(s) of any component software included on this
media.
In the event that the Software or components include
specific license requirements or end-user agreements,
statements of condition, disclaimers, limitations or war-
ranties ("End-User License"), those End-User Licenses
supersede the terms and conditions herein as to that par-
ticular Software component. Your purchase, accep-
tance, or use of the Software will constitute your
acceptance of such End-User Licenses.
By purchase, use or acceptance of the Software you fur-
ther agree to comply with all export laws and regula-
tions of the United States as such laws and regulations
may exist from time to time.
Software Support
Components of the supplemental Software and any
offers associated with them may be supported by the
specific Owner(s) of that material, but they are not sup-
ported by SYBEX. Information regarding any available
support may be obtained from the Owner(s) using the
information provided in the appropriate read.me files or
listed elsewhere on the media.
Should the manufacturer(s) or other Owner(s) cease to
offer support or decline to honor any offer, SYBEX
bears no responsibility. This notice concerning support
for the Software is provided for your information only.
SYBEX is not the agent or principal of the Owner(s),
and SYBEX is in no way responsible for providing any
support for the Software, nor is it liable or responsible
for any support provided, or not provided, by the
Owner(s).
Warranty
SYBEX warrants the enclosed media to be free of phys-
ical defects for a period of ninety (90) days after pur-
chase. The Software is not available from SYBEX in any
other form or media than that enclosed herein or posted
to www.sybex.com. If you discover a defect in the
media during this warranty period, you may obtain a
replacement of identical format at no charge by sending
the defective media, postage prepaid, with proof of pur-
chase to:
SYBEX Inc.
Product Support Department
1151 Marina Village Parkway
Alameda, CA 94501
Web: http://www.sybex.com
After the 90-day period, you can obtain replacement
media of identical format by sending us the defective
disk, proof of purchase, and a check or money order for
$10, payable to SYBEX.
Disclaimer
SYBEX makes no warranty or representation, either
expressed or implied, with respect to the Software or its
contents, quality, performance, merchantability, or fit-
ness for a particular purpose. In no event will SYBEX,
its distributors, or dealers be liable to you or any other
party for direct, indirect, special, incidental, consequen-
tial, or other damages arising out of the use of or inabil-
ity to use the Software or its contents even if advised of
the possibility of such damage. In the event that the Soft-
ware includes an online update feature, SYBEX further
disclaims any obligation to provide this feature for any
specific duration other than the initial posting.
The exclusion of implied warranties is not permitted by
some states. Therefore, the above exclusion may not
apply to you. This warranty provides you with specific
legal rights; there may be other rights that you may have
that vary from state to state. The pricing of the book
with the Software by SYBEX reflects the allocation of
risk and limitations on liability contained in this agree-
ment of Terms and Conditions.
Shareware Distribution
This Software may contain various programs that are
distributed as shareware. Copyright laws apply to both
shareware and ordinary commercial software, and the
copyright Owner(s) retains all rights. If you try a share-
ware program and continue using it, you are expected to
register it. Individual programs differ on details of trial
periods, registration, and payment. Please observe the
requirements stated in appropriate files.
Copy Protection
The Software in whole or in part may or may not be
copy-protected or encrypted. However, in all cases,
reselling or redistributing these files without authoriza-
tion is expressly forbidden except as specifically pro-
vided for by the Owner(s) therein.
4350.book Page vi Thursday, July 8, 2004 11:49 PM
To Our Valued Readers:
Thank you for looking to Sybex for your Security+ exam prep needs. We at Sybex are proud of
our reputation for providing certification candidates with the practical knowledge and skills
needed to succeed in the highly competitive IT marketplace. Certification candidates have come
to rely on Sybex for accurate and accessible instruction on today’s crucial technologies and busi-
ness skills. For the second year in a row, readers such as yourself voted Sybex as winner of the
“Best Study Guides” category in the most recent CertCities Readers Choice Awards.
Just as CompTIA is committed to establishing measurable standards for certifying IT security
professionals by means of the Security+ certification, Sybex is committed to providing those
individuals with the knowledge needed to meet those standards.
The authors and editors have worked hard to ensure that the new edition of the
Security+ Study
Guide
you hold in your hands is comprehensive, in-depth, and pedagogically sound. We’re con-
fident that this book will exceed the demanding standards of the certification marketplace and
help you, the Security+ certification candidate, succeed in your endeavors.
As always, your feedback is important to us. If you believe you’ve identified an error in the
book, please send a detailed e-mail to support@sybex.com. And if you have general com-
ments or suggestions, feel free to drop me a line directly at nedde@sybex.com. At Sybex
we’re continually striving to meet the needs of individuals preparing for certification exams.
Good luck in pursuit of your Security+ certification!
Neil Edde
Associate Publisher—Certification
Sybex, Inc.
4350.book Page vii Thursday, July 8, 2004 11:49 PM
For John Pastore and Peter Steinberg, two fine young men who left us too soon.
They would want us to remember to enjoy life and care about each other. They are
truly missed.
—Michael Pastore
For Kristin, Evan, and Spencer
—Emmett Dulaney
4350.book Page viii Thursday, July 8, 2004 11:49 PM
Acknowledgments
I would like to thank Michael Pastore for creating this text in the first place and for
providing such good material to work with. Thanks also to Jeff Kellum, Susan Berge, Kevin
Lundy, Tiffany Taylor, Steve Leeds, Kevin Ly, Dan Mummert, Laurie O’Connell, Nancy
Riddiough, Happenstance Type-O-Rama, and Ted Laux for having a vision and making
certain that it was met.
4350.book Page ix Thursday, July 8, 2004 11:49 PM
Contents at a Glance
Introduction xix
Assessment Test xxxiii
Chapter 1
General Security Concepts 1
Chapter 2
Identifying Potential Risks 47
Chapter 3
Infrastructure and Connectivity 95
Chapter 4
Monitoring Communications Activity 153
Chapter 5
Implementing and Maintaining a Secure Network 195
Chapter 6
Securing the Network and Environment 235
Chapter 7
Cryptography Basics and Methods 281
Chapter 8
Cryptography Standards 321
Chapter 9
Security Policies and Procedures 355
Chapter 10
Security Management 403
Glossary
437
Index 477
4350.book Page x Thursday, July 8, 2004 11:49 PM
[...]... question Before You Begin Before you begin studying for the exam, it’s imperative that you understand a few things about the Security+ certification Security+ is a certification-for-life from CompTIA granted to those who obtain a passing score on a single entry-level exam In addition to being a stand-alone certification that can be added to the bottom of your resume, Security+ can also be used as an elective... objectives The following table lists the five Security+ objective domains and the extent to which they are represented on the exam For example, expect to spend more time answering questions that pertain to authentication from the first domain, General Security Concepts, than questions on algorithms from the fourth domain, Basics of Cryptography As you use this study guide, you’ll find that we have administered... 33 99 Introduction If you’re preparing to take the Security+ exam, you’ll undoubtedly want to find as much information as you can concerning computer and physical security The more information you have at your disposal and the more hands-on experience you gain, the better off you’ll be when attempting the exam This study guide was written with that in mind We have attempted to dispense... Microsoft’s MCSA and MCSE tracks, and it counts as credit toward the security specializations Microsoft offers When you’re studying for any exam, the first step in preparation should always be to find out as much as possible about the test; the more you know up front, the better you can plan your study The current exam number, and the one this book is written to, is SY0-101; it consists of 100 questions You... question on the exam about what reverse DNS is, not how to implement it Spend your study time learning the different security solutions and identifying potential security vulnerabilities and where they would be applicable Don’t get bogged down in step-by-step details; those are saved for certification exams beyond the scope of Security+ You should also know that CompTIA is notorious for including vague questions... that existed in 2002 when this exam was created Updates to the exam are a difficult process and result in an increment in the exam number when they’re finished Why Become Security+ Certified? There are a number of reasons for obtaining a Security+ certification: Provides Proof of Professional Achievement Specialized certifications are the best way to stand out from the crowd In this age of technology certifications,... their work to consulting firms with experience working with security Firms that have certified staff have a definite advantage over firms that don’t How to Become a Security+ Certified Professional As this book goes to press, there are two Security+ exam providers: Thompson Prometric and Pearson VUE The following table contains all the necessary contact information and exam-specific details for registering... registration procedures, please refer to CompTIA’s website, www.comptia.com After you’ve successfully passed your Security+ exam, CompTIA will award you a certification that is good for life Within four to six weeks of passing the exam, you’ll receive your official xxii Introduction CompTIA Security+ certificate and ID card (If you don’t receive these within eight weeks of taking the test, contact CompTIA... high level of professional competency you need in order to succeed in your chosen field If you want to become certified as a Security+ holder, this book is definitely what you need However, if you just want to attempt to pass the exam without really understanding security, this study guide isn’t for you It’s written for people who want to acquire hands-on skills and in-depth knowledge of computer security... question and answers, just like the flashcards you probably used to study in school You can answer them on your PC or download them onto a Palm device for quick and convenient reviewing Test Engine The CD also contains the Sybex Test Engine Using this custom test engine, you can identify weak areas up front and then develop a solid studying strategy using each of these robust testing features Our thorough . Incorporated. The CD interface was created using Macromedia Director, COPYRIGHT 1994, 1997-1999 Macromedia Inc. For more information on Macromedia and Macromedia Director, visit http://www.macromedia.com. Sybex. by means of the Security+ certification, Sybex is committed to providing those individuals with the knowledge needed to meet those standards. The authors and editors have worked hard to ensure. Communications 132 Coax 132 Unshielded Twisted Pair and Shielded Twisted Pair 135 Fiber Optic 137 Infrared 138 Radio Frequencies 138 Microwave Systems 139 Employing Removable Media 140 Tape 141 CD-R 142 Hard
Ngày đăng: 25/03/2014, 12:08
Xem thêm: security+ study guide, 2nd ed. [syo-101], security+ study guide, 2nd ed. [syo-101]