Security+ Exam Notes

Page1    Page2    Page3    Page4    Page5    Page6    Page7

Security+ Certification is offered by CompTIA®. Undoubtedly, Seucrity+ Certification is one of the most widely recognized certification in the field of computer and network security. Security+ exam is targeted for computer service technicians with at least 2 year on-the-job experience. To get Security+ certified, one need to pass only one exam.

1. Three basic types of distributed trust models are:

2. The following are the basic types of firewall architectures:

  1. Bastion host
  2. Screened host gateway
  3. Screened subnet gateway or DMZ

3. Hash Algorithms: Hash algorithms produce a hash of a message and encrypt it. They use a mathematical formula for hashing, and it is extremely difficult to tamper with the message and still produce the same hash. Basically, Hashing enable a recipient to check whether a message is received intact without being tampered by a third party.

1. SHA (Secure Hashing Algorithms): There are several Secure Hashing Algorithms and they primarily differ in the hash length. They are SHA-1, SHA-256, SHA-384 and SHA-512. In SHA-1 the bit length is 160 bits, in SHA-256 it is 256 bits, for SHA-384, 384 bits and in SHA-512 it is 512 bits.

2. MD2, MD4, MD5 (Message Digest Series Algorithms): These are another type of hash algorithms. These algorithms were developed by Rivest. All three algorithms take a message of arbitrary length and produce a 128-bit message digest. MD2 is meant for 8 bit machines and MD4, MD5 are suitable for 32 bit machines. These algorithms are primarily used for digital signature applications.

4. The two primary security services that are provided by IPSec are:

  1. Authentication Header (AH), and
  2. Encapsulating Security Payload

AH provides the authentication of the sender, and ESP provides encryption of the payload.

5. Some issues that need to be taken care of, while planning security policies are:

  1. Due Care
  2. Privacy
  3. Separation of Duties
  4. Need to Know
  5. Password Management
  6. Disposal Management
  7. Human Resource Policies, and
  8. Incident Management

6. Social engineering is a skill that an attacker uses to trick an innocent person such as an employee of a company into doing a favour. For example, the attacker may hold packages with both the hands and request a person with appropriate permission to enter a building to open the door. Social Engineering is considered to be the most successful tool that hackers use.
7. The following are the most commonly used access control mechanisms:

  1. Mandatory Access Control (MAC): Here the access control is determined by the security policy of the system. The object owner or the user have almost no control over the resource.
  2. Discretionary Access Control (DAC): Here the access control is determined by the owner of an object.
  3. Role Based Access Control (RBAC): As the name suggests, the access to an object is determined by the role of an employee. Users are assigned roles first and then the permissions are assigned to roles.

8. DNS server uses UDP for name resolution uses port 53. Web server uses port 80. DHCP uses port 67 by default. FTP uses port 21.

9. Block cipher derives its name from the fact that a block of data is taken at a time to cipher.

10. Usually the user names and passwords are transmitted in plain text. But this kind of transmission of authentication details is not secure. Any body with a packet sniffer can read the login and password. Kerberos is basically an authentication protocol that uses secret-key cryptography for secure authentication. In Kerberos, all authentication takes place between clients and servers. The name Kerberos comes from Greek mythology; it is the three-headed dog that guarded the entrance to Hades. It was developed by the Massachusetts Institute of Technology, USA

11. Biometrics is the ability measure physical characteristics of a human such as fingerprints, speech etc. These measured values are then used for authentication purpose. Given below are few of the measurable quantities:

12. A token can be a physical device such as a smart card or an electronic process such as RSA’s SecureID token. Tokens provide one of the most secure authentication environments, because typically a token is unique to a user, and it is difficult to spoof.

13. VPN (Short for Virtual Private Network) is private network formed using public Internet. It is formed between two hosts using tunneling protocols such as PPTP, L2TP, etc. Using VPN, you can connect two LANs in geographically distant locations together, as if they were located in the same building. The cost of connecting these LANs together is small since public Internet is used for providing the WAN link.

14. Buffer overflow occurs when the input is more than that allocated for that purpose. The system doesn’t know what to do with the additional input, and it may result in freezing of the system, or sometimes to take control of the system by a hacker. By validating the inputs, it is possible to reduce this vulnerability to a great extent.
IP address check, and using short input fields are not a solution, and imposes restrictions on access and functionality. Avoiding email input doesn’t help in solving the problem.

15. FTP transfers authentication information in clear text. The security concerns while using FTP also include buffer overflow, and anonymous access. However, the cache mining does not occur while using FTP.

16. Web servers are most prone to CGI script exploits, and buffer overflow attacks. CGI scripts run at server side performing a given functionality, such as writing to database or reading from database etc. Hackers may use the loopholes the scripts to hack in to the web server. Similarly, buffer-overflow can be used to run undesirable code on the server making it vulnerable.
War-driving is related to exploiting the vulnerabilities in wireless networks. Spam is primarily related to client side machines.

17. Non-repudiation ensures that the sender, as well as the receiver cannot refute having sent or received a message. For example, you receive an email from your perspective employer. By using an unsigned email, it might so happen that your employer later denies having sent any such email. Non-repudiation ensures that neither the sender nor the receiver can deny the transmission or the reception of a message respectively.

18. The VPN can be implemented in any of the following combinations:
a. Gateway-to-gateway VPN
b. Gateway-to-host VPN
c. Host-to-gateway VPN
d. Host-to-host VPN
The host-to-host configuration provides the highest security for the data. However, a Gate-to-Gateway VPN is transparent to the end users.

19. Hub: A hub is basically a multi-port repeater. When it receives a packet, it repeats that packet out each port. This means that all computers that are connected to the hub receive the packet whether it is intended for them or not. It's then up to the computer to ignore the packet if it's not addressed to it. This might not seem like a big deal, but imagine transferring a 50 MB file across a hub. Every computer connected to the hub gets sent that entire file (in essence) and has to ignore it.

20. NAT Filters and FireWalls:

Page1    Page2    Page3    Page4    Page5    Page6    Page7


Certexams.com Facebook Page Certexams.com Twitter Page Certexams.com Google+ Page

Disclaimer: CertExams.com is neither associated nor affiliated with CompTIA® or any other company. Security+ is trademarks of CompTIA® and duly acknowledged. The cheatsheets and practice tests material is a copyright of CertExams.com and the same is not approved or endorsed by respective certifying bodies.