Summary TEST BANK-(Exam SY0-201) Gregory White, Wm. Arthur Conklin, Dwayne Williams, Roger Davis, Chuck Cothren - CompTIA Security+ All-in-One Exam Guide-McGraw-Hill Osborne Media (2008) (1)

ALL IN ONE


CompTIA
Security+ ™




EXAM GUIDE
Second Edition

, CONTENTS AT A GLANCE


Part I Security Concepts ................................. 1
Chapter 1 General Security Concepts ............................... 3
Chapter 2 Operational Organizational Security ........................ 27
Chapter 3 Legal Issues, Privacy, and Ethics ............................ 53


Part II Cryptography and Applications ....................... 75
Chapter 4 Cryptography .......................................... 77
Chapter 5 Public Key Infrastructure ................................. 109
Chapter 6 Standards and Protocols ................................. 155


Part III Security in the Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . 183
Chapter 7 Physical Security ........................................ 185
Chapter 8 Infrastructure Security ................................... 201
Chapter 9 Authentication and Remote Access ........................ 241
Chapter 10 Wireless Security ....................................... 275


Part IV Security in Transmissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Chapter 11 Intrusion Detection Systems .............................. 297
Chapter 12 Security Baselines ....................................... 339
Chapter 13 Types of Attacks and Malicious Software .................... 391
Chapter 14 E-Mail and Instant Messaging .............................. 425
Chapter 15 Web Components ...................................... 443




xi

,CompTIA Security+ All-in-One Exam Guide
xii
Part V Operational Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
Chapter 16 Disaster Recovery and Business Continuity .................. 475
Chapter 17 Risk Management ....................................... 493
Chapter 18 Change Management .................................... 513
Chapter 19 Privilege Management ................................... 529
Chapter 20 Computer Forensics .................................... 553


Part VI Appendixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 567
Appendix A About the CD ......................................... 569
Appendix B OSI Model and Internet Protocols ......................... 571
Glossary .............................................. 581
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601

, CONTENTS

Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix



Part I Security Concepts ................................. 1
Chapter 1 General Security Concepts ............................... 3
The Security+ Exam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Basic Security Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Security Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Quick Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Chapter 2 Operational Organizational Security ........................ 27
Policies, Standards, Guidelines, and Procedures . . . . . . . . . . . . . . . 27
The Security Perimeter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Logical Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Access Control Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Phishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Vishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Shoulder Surfing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Dumpster Diving .................................. 37
Hoaxes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Organizational Policies and Procedures . . . . . . . . . . . . . . . . . . . . . 37
Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Service Level Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Human Resources Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Code of Ethics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Answers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50




xiii