CompTIA Security+
Get Certified Get Ahead
SY0-501 Study Guide
Darril Gibson
CompTIA Security+: Get Certified Get Ahead SY0-501 Study Guide Copyright 2017 by Darril Gibson
All rights reserved.
Printed in the United States of America.
No part of this book may be used or reproduced in any manner whatsoever without written permission except in the case of brief quotations embodied in critical articles and review. For information, contact YCDA, LLC
1124 Knights Bridge Lane, Virginia Beach, VA, 23455
YCDA, LLC books may be purchased for educational, business, or sales promotional use. For information, please contact Darril Gibson at
Copy editor: Karen Annett Technical editor: Chris Crayton Proofreader: Karen Annett Compositor: Susan Veach
ISBN-10: 1-939136-05-9
ISBN-13: 978-1-939136-05-3
Dedication
To my wife, who even after 25 years of marriage continues to remind me how wonderful life can be if youre in a loving relationship. Thanks for sharing your life with me.
Acknowledgments
Books of this size and depth cant be done by a single person, and Im grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The technical editor, Chris Crayton, provided some great feedback on each of the chapters and the online labs. If you have the paperback copy of the book in your hand, youre enjoying some excellent composite editing work done by Susan Veach.
Im extremely grateful for all the effort Karen Annett put into this project. Shes an awesome copy editor and proofer and the book is tremendously better due to all the work shes put into it. Last, thanks to my assistant Jaena Nerona who helped with many of the details behind the scenes. She helped me with some quality control and project management. More, she managed
most of the daily tasks associated with maintaining online web sites.
While I certainly appreciate all the feedback everyone gave me, I want to stress that any errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in.
Special thanks to:
Chief Wiggum for bollards installation.
Nelson Muntz for personal physical security services.
Martin Prince for educating us about downgrade attacks.
Comp-Global-Hyper-Mega-Net for intermittent HTTP services.
Edna Krabapple for her thoughtful continuing education lessons.
Apu Nahasapeemapetilon for technical advice on secure coding concepts.
Moe Szyslak for refreshments and uplifting our spirits with his talks about RATs.
About the Author
Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 40 books as the author, coauthor, or technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications, including CompTIA A+, Network+, Security+, and CASP; (ISC)2 SSCP and CISSP; Microsoft MCSE and MCITP; and ITIL Foundations.
In response to repeated requests, Darril created the http://gcgapremium.com/ site where he provides study materials for several certification exams, including the CompTIA Security+ exam. Darril regularly posts blog articles at http://blogs.getcertifiedgetahead.com/ , and uses the site to help people stay abreast of changes in certification exams. You can contact him through either of these sites.
Additionally, Darril publishes the Get Certified Get Ahead newsletter. This weekly newsletter typically lets readers know of new blog posts and about updates related to CompTIA certification exams. You can sign up at http://eepurl.com/g44Of .
Darril lives in Virginia Beach with his wife and two dogs. Whenever possible, they escape to a small cabin in the country on over twenty acres of land that continue to provide them with peace, tranquility, and balance.
Table of Contents
Introduction
Congratulations on your purchase of CompTIA Security+: Get Certified Get Ahead study guide. You are one step closer to becoming CompTIA Security+ certified. This certification has helped many individuals get ahead in their jobs and their careers, and it can help you get ahead, too.
It is a popular certification within the IT field. One IT hiring manager told me that if a rsum doesnt include the Security+ certification, or a higher-level security certification, he simply sets it aside. He wont even talk to applicants. Thats not the same with all IT hiring managers, but it does help illustrate how important security is within the IT field.
Who This Book Is For
If youre studying for the CompTIA Security+ exam and want to pass it on your first attempt, this book is for you. It covers percent of the objectives identified by CompTIA for the Security+ exam.
The first target audience for this book is students in CompTIA Security+ classes. My goal is to give students a book they can use to study the relevant and important details of CompTIA Security+ in adequate depth for the challenging topics, but without the minutiae in topics that are clear for most IT professionals. I regularly taught from the earlier editions of this book, and Ill continue to teach using this edition. I also hear from instructors around the United States and in several other countries who use versions of the book to help students master the topics and pass the Security+ exam the first time they take it.
Second, this book is for those people who like to study on their own. If youre one of the people who can read a book and learn the material without sitting in a class, this book has what you need to take and pass the exam.
Additionally, you can keep this book on your shelf (or in your Kindle) to remind yourself of important, relevant concepts. These concepts are important for security professionals and IT professionals in the real world.
Based on many conversations with students and readers of the previous versions of this book, I know that many people use the Security+ certification as the first step in achieving other security certifications. For example, you may follow Security+ with one of these cybersecurity certifications:
(ISC)2 Systems Security Certified Practitioner (SSCP)
(ISC)2 Certified Information Systems Security Professional (CISSP)
CompTIA Advanced Security Practitioner (CASP)
CompTIA Cybersecurity Analyst (CSA+)
If you plan to pursue any of these advanced security certifications, youll find this book will help you lay a solid foundation of security knowledge. Learn this material, and youll be a step ahead on the other exams.
About This Book
Over the past several years, Ive taught literally hundreds of students, helping them to become CompTIA Security+ certified. During that time, Ive learned what concepts are easy to grasp and what concepts need more explanation. Ive developed handouts and analogies that help students grasp the elusive concepts.
Feedback from students was overwhelmingly positiveboth in their comments to me and their successful pass rates after taking the certification exam. When the objectives changed in 2008, I rewrote my handouts as the first edition of this book. When the objectives changed again in 2011 and 2014, I rewrote the book to reflect the new objectives. This book reflects the objective changes released in 2017.
Gratefully, this book has allowed me to reach a much larger audience and share security and IT-related information. Even if you arent in one of the classes I teach, this book can help you learn the relevant material to pass the exam the first time you take it.
Next page