You are previewing Security+ Practice Questions Exam Cram 2 (Exam SYO-101).
O'Reilly logo
Security+ Practice Questions Exam Cram 2 (Exam SYO-101)

Book Description

The Security+ exam certifies that candidates have demonstrated the aptitude and ability to master general security concepts, communications security, infrastructure security, basics of cryptography, and operation/organizational security. Security+ is taught at Excelsior College, Capella University, and Ivy Tech. Several key industry leaders back this exam, including IBM, ISACA, Microsoft, Motorola, Novell, Symantec, Tivoli, Sun Microsystems, and VeriSign. The Security+ Certification Practice Questions Exam Cram 2 (SYO-101) provides readers with over 500 practice test questions as well as complete answer explanations, giving readers the perfect complementary tool for their Security+ studies. Features relevant Exam Notes to help readers score better on the tests, plus the ever-popular "Cram Sheet" tear card, which is used for last minute cramming.

Table of Contents

  1. Copyright
  2. A Note from Series Editor Ed Tittel
  3. Expand Your Certification Arsenal!
  4. About the Author
  5. We Want to Hear from You!
  6. Introduction
    1. What Is This Book About?
    2. Who Is This Book For?
    3. What Will You Find in This Book?
    4. Hints for Using This Book
    5. Need Further Study?
  7. 1. General Security Concepts
    1. Objective 1.1: Access Control
      1. Objective 1.1.1: MAC
      2. Objective 1.1.1: DAC
      3. Objective 1.1.1: RBAC
    2. Objective 1.2: Authentication
      1. Objective 1.2.1: Kerberos
      2. Objective 1.2.2: CHAP
      3. Objective 1.2.3: Certificates
      4. Objective 1.2.4: Username/Password
      5. Objective 1.2.5. Tokens
      6. Objective 1.2.6: Multi-Factor
      7. Objective 1.2.7: Mutual Authentication
      8. Objective 1.2.8: Biometrics
    3. Objective 1.3: Nonessential Services and Protocols
    4. Objective 1.4: Attacks
      1. Objective 1.4.1: DOS/DDOS
      2. Objective 1.4.2: Back Door
      3. Objective 1.4.3: Spoofing
      4. Objective 1.4.4: Man in the Middle
      5. Objective 1.4.5: Replay
      6. Objective 1.4.6: TCP/IP Hijacking
      7. Objective 1.4.7: Weak Keys
      8. Objective 1.4.8: Mathematical
      9. Objective 1.4.9: Social Engineering
      10. Objective 1.4.10: Birthday
      11. Objective 1.4.11: Password Guessing
        1. Objective 1.4.11.1: Brute Force
        2. Objective 1.4.11.2: Dictionary
      12. Objective 1.4.12: Software Exploitation
      13. Objective 1.4.12: SYN attack
      14. Objective 1.4.12: Buffer Overflow
      15. Objective 1.5.1: Virus
      16. Objective 1.5.2: Trojan Horses
      17. Objective 1.5.3: Logic Bombs
      18. 1.5.4: Worms
    5. Objective 1.6: Social Engineering
    6. Objective 1.7: Auditing, Logging, and System Scanning
    7. Quick Check Answer Key
      1. Objective 1.1: Access Control
        1. Objective 1.1.1: Mandatory Access Control (MAC)
        2. Objective 1.1.1: Discretionary Access Control (DAC)
        3. Objective 1.1.1: Role-Based Access Control (RBAC)
      2. Objective 1.2: Authentication
        1. Objective 1.2.1: Kerberos
        2. Objective 1.2.2: Challenge-Handshake Authentication Protocol (CHAP)
        3. Objective 1.2.3: Certificates
        4. Objective 1.2.4: Username/Password
        5. Objective 1.2.5: Tokens
        6. Objective 1.2.6: Multi-Factor
        7. 1.2.7: Mutual Authentication
        8. Objective 1.2.8: Biometrics
      3. Objective 1.3: Nonessential Services and Protocols
      4. Objective 1.4: Attacks
        1. Objective 1.4.1: DOS/DDOS
        2. Objective 1.4.2: Back Door
        3. Objective 1.4.3: Spoofing
        4. Objective 1.4.4: Man in the Middle
        5. Objective 1.4.5: Replay
        6. Objective 1.4.6: TCP/IP Hijacking
        7. Objective 1.4.7: Weak Keys
        8. Objective 1.4.8: Mathematical
        9. Objective 1.4.9: Social Engineering
        10. Objective 1.4.10: Birthday
        11. Objective 1.4.11: Password Guessing
          1. Objective 1.4.11.1: Brute Force
          2. Objective 1.4.11.2: Dictionary
        12. Objective 1.4.12: Software Exploitation
        13. Objective 1.4.12: SYN attack
        14. Objective 1.4.12: Buffer Overflow
        15. Objective 1.5.1: Virus
        16. Objective 1.5.2: Trojan Horses
        17. Objective 1.5.3: Logic Bombs
        18. 1.5.4: Worms
      5. Objective 1.6: Social Engineering
      6. Objective 1.7: Auditing, Logging, and System Scanning
    8. Answers and Explanations
      1. Objective 1.1: Access Control
        1. Objective 1.1.1: Mandatory Access Control (MAC)
        2. Objective 1.1.1: Discretionary Access Control (DAC)
        3. Objective 1.1.1: Role-Based Access Control (RBAC)
      2. Objective 1.2: Authentication
        1. Objective 1.2.1: Kerberos
        2. Objective 1.2.2: Challenge-Handshake Authentication Protocol (CHAP)
        3. Objective 1.2.3: Certificates
        4. Objective 1.2.4: Username/Password
        5. Objective 1.2.5: Tokens
        6. Objective 1.2.6: Multi-Factor
        7. Objective 1.2.7: Mutual Authentication
        8. Objective 1.2.8: Biometrics
      3. Objective 1.3: Nonessential Services and Protocols
      4. Objective 1.4: Attacks
        1. Objective 1.4.1: DOS/DDOS
        2. Objective 1.4.2: Back Door
        3. Objective 1.4.3: Spoofing
        4. Objective 1.4.4: Man in the Middle
        5. Objective 1.4.5: Replay
        6. Objective 1.4.6: TCP/IP Hijacking
        7. Objective 1.4.7: Weak Keys
        8. Objective 1.4.8: Mathematical
        9. Objective 1.4.9: Social Engineering
        10. Objective 1.4.10: Birthday
        11. Objective 1.4.11: Password Guessing
          1. Objective 1.4.11.1: Brute Force
          2. Objective 1.4.11.2: Dictionary
        12. Objective 1.4.12: Software Exploitation
        13. Objective 1.4.12: SYN attack
        14. Objective 1.4.12: Buffer Overflow
        15. Objective 1.5.1: Virus
        16. Objective 1.5.2: Trojan Horses
        17. Objective 1.5.3: Logic Bombs
        18. 1.5.4: Worms
      5. Objective 1.6: Social Engineering
      6. Objective 1.7: Auditing, Logging, and System Scanning
  8. 2. Communication Security
    1. Objective 2.1: Remote Access
      1. Objective 2.1.1: 802.1x
      2. Objective 2.1.2: VPN
      3. Objective 2.1.3: RADIUS
      4. Objective 2.1.4: TACACS/+
      5. Objective 2.1.5: L2TP/PPTP
      6. Objective 2.1.6: SSH
      7. Objective 2.1.7: IPSec
      8. Objective 2.1.8: Vulnerabilities (of Remote Access)
    2. Objective 2.2: Email
      1. Objective 2.2.1: S/MIME
      2. Objective 2.2.2: PGP
      3. Objective 2.2.3: Vulnerabilities (of Email)
        1. Objective 2.2.3.1: Spam
        2. Objective 2.2.3.2: Hoaxes
    3. Objective 2.3: Web
      1. Objective 2.3.1: SSL/TLS
      2. Objective 2.3.2: HTTP/S
      3. Objective 2.3.3: Instant Messaging
        1. Objective 2.3.3.1: Vulnerabilities (of Instant Messaging)
        2. Objective 2.3.3.2: 8.3 Naming Conventions
        3. Objective 2.3.3.3: Packet Sniffing
        4. Objective 2.3.3.4: Privacy
      4. Objective 2.3.4: Vulnerabilities (of the Web)
        1. Objective 2.3.4.1: JavaScript
        2. Objective 2.3.4.2: ActiveX
        3. Objective 2.3.4.3: Buffer Overflows
        4. Objective 2.3.4.4: Cookies
        5. Objective 2.3.4.5: Signed Applets
        6. Objective 2.3.4.6: CGI
        7. Objective 2.3.4.7: SMTP Relay
    4. Objective 2.4: Directory—Recognition Not Administration
      1. Objective 2.4.1: SSL/TLS
      2. Objective 2.4.2: LDAP
    5. Objective 2.5: File Transfer
      1. Objective 2.5.1: S/FTP
      2. Objective 2.5.2: Blind FTP/Anonymous
      3. Objective 2.5.3: File Sharing
      4. Objective 2.5.4: Vulnerabilities (of File Transfer)
        1. Objective 2.5.4.1: Packet Sniffing
    6. Objective 2.6: Wireless
      1. Objective 2.6.1: WTLS
      2. Objective 2.6.2: 802.11x
      3. Objective 2.6.3: WEP/WAP
      4. Objective 2.6.3: WAP
      5. Objective 2.6.4: Vulnerabilities (of Wireless)
        1. Objective 2.6.4.1: Site Surveys
    7. Quick Check Answer Key
      1. Objective 2.1: Remote Access
        1. Objective 2.1.1: 802.1x
        2. Objective 2.1.2: VPN
        3. Objective 2.1.3: RADIUS
        4. Objective 2.1.4: TACACS/+
        5. Objective 2.1.5: L2TP/PPTP
        6. Objective 2.1.6: SSH
        7. Objective 2.1.7: IPSec
        8. Objective 2.1.8: Vulnerabilities (of Remote Access)
      2. Objective 2.2: Email
        1. Objective 2.2.1: S/MIME
        2. Objective 2.2.2. PGP
        3. Objective 2.2.3. Vulnerabilities (of Email)
          1. Objective 2.2.3.1: Spam
          2. Objective 2.2.3.2: Hoaxes
      3. Objective 2.3: Web
        1. Objective 2.3.1: SSL/TLS
        2. Objective 2.3.2: HTTP/S
        3. Objective 2.3.3: Instant Messaging
          1. Objective 2.3.3.1: Vulnerabilities (of Instant Messaging)
          2. Objective 2.3.3.2: 8.3 Naming Conventions
          3. Objective 2.3.3.3: Packet Sniffing
          4. Objective 2.3.3.4: Privacy
        4. Objective 2.3.4: Vulnerabilities (of the Web)
          1. Objective 2.3.4.1: JavaScript
          2. Objective 2.3.4.2: ActiveX
          3. Objective 2.3.4.3: Buffer Overflows
          4. Objective 2.3.4.4: Cookies
          5. Objective 2.3.4.5: Signed Applets
          6. Objective 2.3.4.6: CGI
          7. Objective 2.3.4.7: SMTP Relay
      4. Objective 2.4: Directory—Recognition Not Administration
        1. Objective 2.4.1: SSL/TLS
        2. Objective 2.4.2: LDAP
      5. Objective 2.5: File Transfer
        1. Objective 2.5.1: S/FTP
        2. Objective 2.5.2: Blind FTP/Anonymous
        3. Objective 2.5.3: File Sharing
        4. Objective 2.5.4: Vulnerabilities (of File Transfer)
          1. Objective 2.5.4.1: Packet Sniffing
      6. Objective 2.6: Wireless
        1. Objective 2.6.1: WTLS
        2. Objective 2.6.2: 802.11x
        3. Objective 2.6.3: WEP/WAP
        4. Objective 2.6.3: WAP
        5. Objective 2.6.4: Vulnerabilities (of Wireless)
          1. Objective 2.6.4.1: Site Surveys
    8. Answers and Explanations
      1. Objective 2.1: Remote Access
        1. Objective 2.1.1: 802.1x
        2. Objective 2.1.2: VPN
        3. Objective 2.1.3: RADIUS
        4. Objective 2.1.4: TACACS/+
        5. Objective 2.1.5. L2TP/PPTP
        6. Objective 2.1.6. SSH
        7. Objective 2.1.7. IPSec
        8. Objective 2.1.8: Vulnerabilities (of Remote Access)
      2. Objective 2.2: Email
        1. Objective 2.2.1: S/MIME
        2. Objective 2.2.2: PGP
        3. Objective 2.2.3: Vulnerabilities (of Email)
          1. Objective 2.2.3.1: Spam
          2. Objective 2.2.3.2: Hoaxes
      3. Objective 2.3: Web
        1. Objective 2.3.1: SSL/TLS
        2. Objective 2.3.2: HTTP/S
        3. Objective 2.3.3: Instant Messaging
          1. Objective 2.3.3.1: Vulnerabilities (of Instant Messaging)
          2. Objective 2.3.3.2: 8.3 Naming Conventions
          3. Objective 2.3.3.3: Packet Sniffing
          4. Objective 2.3.3.4: Privacy
        4. Objective 2.3.4: Vulnerabilities (of the Web)
          1. Objective 2.3.4.1: JavaScript
          2. Objective 2.3.4.2: ActiveX
          3. Objective 2.3.4.3: Buffer Overflows
          4. Objective 2.3.4.4: Cookies
          5. Objective 2.3.4.5: Signed Applets
          6. Objective 2.3.4.6: CGI
          7. Objective 2.3.4.7: SMTP Relay
      4. Objective 2.4: Directory—Recognition Not Administration
        1. Objective 2.4.1: SSL/TLS
        2. Objective 2.4.2: LDAP
      5. Objective 2.5: File Transfer
        1. Objective 2.5.1: S/FTP
        2. Objective 2.5.2: Blind FTP/Anonymous
        3. Objective 2.5.3: File Sharing
        4. Objective 2.5.4: Vulnerabilities (of File Transfer)
          1. Objective 2.5.4.1 Packet Sniffing
      6. Objective 2.6: Wireless
        1. Objective 2.6.1: WTLS
        2. Objective 2.6.2: 802.11x
        3. Objective 2.6.3: WEP/WAP
        4. Objective 2.6.3: WAP
        5. Objective 2.6.4: Vulnerabilities (of Wireless)
          1. Objective 2.6.4.1: Site Surveys
  9. 3. Infrastructure Security
    1. Objective 3.1: Devices
      1. Objective 3.1.1: Firewalls
      2. Objective 3.1.2: Routers
      3. Objective 3.1.3: Switches
      4. Objective 3.1.4: Wireless
      5. Objective 3.1.5: Modems
      6. Objective 3.1.6: RAS
      7. Objective 3.1.7: Telecom/PBX
      8. Objective 3.1.8: VPN
      9. Objective 3.1.9: IDS
      10. Objective 3.1.10: Network Monitoring/Diagnostic
      11. Objective 3.1.11: Workstations
      12. Objective 3.1.12: Servers
      13. Objective 3.1.13. Mobile Devices
    2. Objective 3.2: Media
      1. Objective 3.2.1: Coax
      2. Objective 3.2.2: UTP/STP
      3. Objective 3.2.3: Fiber
      4. Objective 3.2.4: Removable Media
        1. Objective 3.2.4.1: Tape
        2. Objective 3.2.4.2: CDR
        3. Objective 3.2.4.3: Hard Drives
        4. Objective 3.2.4.4: Diskettes
        5. Objective 3.2.4.5: Flashcards
        6. Objective 3.2.4.6: Smartcards
    3. Objective 3.3: Security Topologies
      1. Objective 3.3.1: Security Zones
        1. Objective 3.3.1.1: DMZ
        2. Objective 3.3.1.2: Intranet
        3. Objective 3.3.1.3: Extranet
      2. Objective 3.3.2: VLANs
      3. Objective 3.3.3: NAT
      4. Objective 3.3.4: Tunneling
    4. Objective 3.4: Intrusion Detection
      1. Objective 3.4.1: Network Based
      2. Objective 3.4.2: Host Based
        1. Objective 3.4.2.2: Active Detection
        2. Objective 3.4.2.2: Passive Detection
      3. Objective 3.4.3: Honey Pots
      4. Objective 3.4.4: Incident Response
    5. Objective 3.5: Security Baselines
      1. Objectives 3.5.1: OS/NOS Hardening (Concepts and Processes)
        1. 3.5.1.1. File System
        2. Objective 3.5.1.2: Updates (Hotfixes, Service Packs, and Patches)
      2. Objective 3.5.2: Network Hardening
        1. Objective 3.5.2.1: Updates (Firmware)
        2. Objective 3.5.2.2: Configuration
          1. Objective 3.5.2.2.1: Enabling and Disabling Services and Protocols
          2. Objective 3.5.2.2.2: Access Control Lists
      3. Objective 3.5.3: Application Hardening
        1. Objective 3.5.3.1: Updates (Hotfixes, Service Packs, and Patches)
        2. Objective 3.5.3.2: Web Servers
        3. Objective 3.5.3.3: Email Servers
        4. Objective 3.5.3.4: FTP Servers
        5. Objective 3.5.3.5: DNS Servers
        6. Objective 3.5.3.6: NNTP Servers
        7. Objective 3.5.3.7: File/Print Servers
        8. Objective 3.5.3.8: DHCP Servers
        9. Objective 3.5.3.9: Data Repositories
          1. Objective 3.5.3.9.1: Directory Services
          2. Objective 3.5.3.9.2: Databases
    6. Quick Check Answer Key
      1. Objective 3.1: Devices
        1. Objective 3.1.1: Firewalls
        2. Objective 3.1.2: Routers
        3. Objective 3.1.3: Switches
        4. Objective 3.1.4: Wireless
        5. Objective 3.1.5: Modems
        6. Objective 3.1.6: RAS
        7. Objective 3.1.7: Telecom/PBX
        8. Objective 3.1.8: VPN
        9. Objective 3.1.9: IDS
        10. Objective 3.1.10: Network Monitoring/Diagnostic
        11. Objective 3.1.11: Workstations
        12. Objective 3.1.12: Servers
        13. Objective 3.1.13: Mobile Devices
      2. Objective 3.2: Media
        1. Objective 3.2.1: Coax
        2. Objective 3.2.2: UTP/STP
        3. Objective 3.2.3: Fiber
        4. Objective 3.2.4: Removable Media
          1. Objective 3.2.4.1: Tape
          2. Objective 3.2.4.2: CDR
          3. Objective 3.2.4.3: Hard Drives
          4. Objective 3.2.4.4: Diskettes
          5. Objective 3.2.4.5: Flashcards
          6. Objective 3.2.4.6: Smartcards
      3. Objective 3.3: Security Topologies
        1. Objective 3.3.1: Security Zones
          1. Objective 3.3.1.1: DMZ
          2. Objective 3.3.1.2: Intranet
          3. Objective 3.3.1.3: Extranet
        2. Objective 3.3.2: VLANs
        3. Objective 3.3.3: NAT
        4. Objective 3.3.4: Tunneling
      4. Objective 3.4: Intrusion Detection
        1. Objective 3.4.1: Network Based
        2. Objective 3.4.2: Host Based
          1. Objective 3.4.2.2: Active Detection
          2. Objective 3.4.2.2: Passive Detection
        3. Objective 3.4.3: Honey Pots
        4. Objective 3.4.4: Incident Response
      5. Objective 3.5: Security Baselines
        1. Objective 3.5.1: OS/NOS Hardening (Concepts and Processes)
          1. Objective 3.5.1.1: File System
          2. Objective 3.5.1.2: Updates (Hotfixes, Service Packs, and Patches)
        2. Objective 3.5.2: Network Hardening
          1. Objective 3.5.2.1: Updates (Firmware)
          2. Objective 3.5.2.2: Configuration
            1. Objective 3.5.2.2.1: Enabling and Disabling Services and Protocols
            2. Objective 3.5.2.2.2: Access Control Lists
        3. Objective 3.5.3: Application Hardening
          1. Objective 3.5.3.1: Updates (Hotfixes, Service Packs, and Patches)
          2. Objective 3.5.3.2: Web Servers
          3. Objective 3.5.3.3: Email Servers
          4. Objective 3.5.3.4: FTP Servers
          5. Objective 3.5.3.5: DNS Servers
          6. Objective 3.5.3.6: NNTP Servers
          7. Objective 3.5.3.7: File/Print Servers
          8. Objective 3.5.3.8: DHCP Servers
          9. Objective 3.5.3.9: Data Repositories
            1. Objective 3.5.3.9.1: Directory Services
            2. Objective 3.5.3.9.2: Databases
    7. Answers and Explanations
      1. Objective 3.1: Devices
        1. Objective 3.1.1: Firewalls
        2. Objective 3.1.2: Routers
        3. Objective 3.1.3: Switches
        4. Objective 3.1.4: Wireless
        5. Objective 3.1.5: Modems
        6. Objective 3.1.6: RAS
        7. Objective 3.1.7: Telecom/PBX
        8. Objective 3.1.8: VPN
        9. Objective 3.1.9: IDS
        10. Objective 3.1.10: Network Monitoring/Diagnostic
        11. Objective 3.1.11: Workstations
        12. Objective 3.1.12: Servers
        13. Objective 3.1.13: Mobile Devices
      2. Objective 3.2: Media
        1. Objective 3.2.1: Coax
        2. Objective 3.2.2: UTP/STP
        3. Objective 3.2.3: Fiber
        4. Objective 3.2.4: Removable Media
          1. Objective 3.2.4.1: Tape
          2. Objective 3.2.4.2: CDR
          3. Objective 3.2.4.3: Hard Drives
          4. Objective 3.2.4.4: Diskettes
          5. Objective 3.2.4.5: Flashcards
          6. Objective 3.2.4.6: Smartcards
      3. Objective 3.3: Security Topologies
        1. Objective 3.3.1: Security Zones
          1. Objective 3.3.1.1: DMZ
          2. Objective 3.3.1.2: Intranet
          3. Objective 3.3.1.3: Extranet
        2. Objective 3.3.2: VLANs
        3. Objective 3.3.3: NAT
        4. Objective 3.3.4: Tunneling
      4. Objective 3.4: Intrusion Detection
        1. Objective 3.4.1: Network Based
        2. Objective 3.4.2: Host Based
          1. Objective 3.4.2.2: Active Detection
          2. Objective 3.4.2.2: Passive Detection
        3. Objective 3.4.3: Honey Pots
        4. Objective 3.4.4: Incident Response
      5. Objective 3.5: Security Baselines
        1. Objective 3.5.1: OS/NOS Hardening (Concepts and Processes)
          1. Objective 3.5.1.1: File System
          2. Objective 3.5.1.2: Updates (Hotfixes, Service Packs, and Patches)
        2. Objective 3.5.2: Network Hardening
          1. Objective 3.5.2.1: Updates (Firmware)
          2. Objective 3.5.2.2: Configuration
            1. Objective 3.5.2.2.1: Enabling and Disabling Services and Protocols
            2. Objective 3.5.2.2.2: Access Control Lists
        3. Objective 3.5.3: Application Hardening
          1. Objective 3.5.3.1: Updates (Hotfixes, Service Packs, and Patches)
          2. Objective 3.5.3.2: Web Servers
          3. Objective 3.5.3.3: Email Servers
          4. Objective 3.5.3.4: FTP Servers
          5. Objective 3.5.3.5: DNS Servers
          6. Objective 3.5.3.6: NNTP Servers
          7. Objective 3.5.3.7: File/Print Servers
          8. Objective 3.5.3.8: DHCP Servers
          9. Objective 3.5.3.9: Data Repositories
            1. Objective 3.5.3.9.1: Directory Services
            2. Objective 3.5.3.9.2: Databases
  10. 4. Basics of Cryptography
    1. Objective 4.1: Algorithms
      1. Objective 4.1.1: Hashing
      2. Objective 4.1.2: Symmetric
      3. Objective 4.1.3: Asymmetric
    2. Objective 4.2: Concepts of Using Cryptography
      1. Objective 4.2.1: Confidentiality
      2. Objective 4.2.2: Integrity
        1. Objective 4.2.2.1: Digital Signatures
      3. Objective 4.2.3: Authentication
      4. Objective 4.2.4: Non-Repudiation
        1. Objective 4.2.4.1: Digital Signatures
      5. Objective 4.2.5: Access Control
    3. Objective 4.3: PKI
      1. Objective 4.3.1: Certificates—Distinguish Which Certificates Are Used for What Purpose. Basics Only
        1. Objective 4.3.1.1: Certificate Policies
        2. Objective 4.3.1.2: Certificate Practice Statements
      2. Objective 4.3.2: Revocation
      3. Objective 4.3.3: Trust Models
    4. Objective 4.4: Standards and Protocols
    5. Objective 4.5: Key Management/Certificate Lifecycle
      1. Objective 4.5.1: Centralized Versus Decentralized
      2. Objective 4.5.2: Storage
        1. Objective 4.5.2.1: Hardware Versus Software
        2. Objective 4.5.2.2: Private Key Protection
      3. Objective 4.5.3: Escrow
      4. Objective 4.5.4: Expiration
      5. Objective 4.5.5: Revocation
        1. Objective 4.5.5.1: Status Checking
      6. Objective 4.5.6: Suspension
        1. Objective 4.5.6.1: Status Checking
      7. Objective 4.5.7: Recovery
        1. Objective 4.5.7.1: M of N Control
      8. Objective 4.5.8: Renewal
      9. Objective 4.5.9: Destruction
      10. Objective 4.5.10: Key Usage
        1. Objective 4.5.10.1: Multiple Key Pairs (Single, Dual)
    6. Quick Check Answer Key
      1. Objective 4.1: Algorithms
        1. Objective 4.1.1: Hashing
        2. Objective 4.1.2: Symmetric
        3. Objective 4.1.3: Asymmetric
      2. Objective 4.2: Concepts of Using Cryptography
        1. Objective 4.2.1: Confidentiality
        2. Objective 4.2.2: Integrity
          1. Objective 4.2.2.1: Digital Signatures
        3. Objective 4.2.3: Authentication
        4. Objective 4.2.4: Non-Repudiation
          1. Objective 4.2.4.1: Digital Signatures
        5. Objective 4.2.5: Access Control
      3. Objective 4.3: PKI
        1. Objective 4.3.1: Certificates—Distinguish Which Certificates Are Used for What Purpose. Basics Only
          1. Objective 4.3.1.1: Certificate Policies
          2. Objective 4.3.1.2: Certificate Practice Statements
        2. Objective 4.3.2: Revocation
        3. Objective 4.3.3: Trust Models
      4. Objective 4.4: Standards and Protocols
      5. Objective 4.5: Key Management/Certificate Lifecycle
        1. Objective 4.5.1: Centralized Versus Decentralized
        2. Objective 4.5.2: Storage
          1. Objective 4.5.2.1: Hardware Versus Software
          2. Objective 4.5.2.2: Private Key Protection
        3. Objective 4.5.3: Escrow
        4. Objective 4.5.4: Expiration
        5. Objective 4.5.5: Revocation
          1. Objective 4.5.5.1: Status Checking
        6. Objective 4.5.6: Suspension
          1. Objective 4.5.6.1: Status Checking
        7. Objective 4.5.7: Recovery
          1. Objective 4.5.7.1: M of N Control
        8. Objective 4.5.8: Renewal
        9. Objective 4.5.9: Destruction
        10. Objective 4.5.10: Key Usage
          1. Objective 4.5.10.1: Multiple Key Pairs (Single, Dual)
    7. Answers and Explanations
      1. Objective 4.1: Algorithms
        1. Objective 4.1.1: Hashing
        2. Objective 4.1.2: Symmetrical
        3. Objective 4.1.3: Asymmetric
      2. Objective 4.2: Concepts of Using Cryptography
        1. Objective 4.2.1: Confidentiality
        2. Objective 4.2.2: Integrity
          1. Objective 4.2.2.1: Digital Signatures
        3. Objective 4.2.3: Authentication
        4. Objective 4.2:4: Non-Repudiation
          1. Objective 4.2.4.1: Digital Signatures
        5. Objective 4.2.5: Access Control
      3. Objective 4.3: PKI
        1. Objective 4.3.1: Certificates—Distinguish Which Certificates Are Used for What Purpose. Basics Only
          1. Objective 4.3.1.1: Certificate Policies
          2. Objective 4.3.1.2: Certificate Practice Statements
        2. Objective 4.3.2: Revocation
        3. Objective 4.3.3: Trust Models
      4. Objective 4.4: Standards and Protocols
      5. Objective 4.5: Key Management/Certificate Lifecycle
        1. Objective 4.5.1: Centralized Versus Decentralized
        2. Objective 4.5.2: Storage
          1. Objective 4.5.2.1: Hardware Versus Software
          2. Objective 4.5.2.2: Private Key Protection
        3. Objective 4.5.3: Escrow
        4. Objective 4.5.4: Expiration
        5. Objective 4.5.5: Revocation
          1. Objective 4.5.5.1: Status Checking
        6. Objective 4.5.6: Suspension
          1. Objective 4.5.6.1: Status Checking
        7. Objective 4.5.7: Recovery
          1. Objective 4.5.7.1: M of N Control
        8. Objective 4.5.8: Renewal
        9. Objective 4.5.9: Destruction
        10. Objective 4.5.10: Key Usage
          1. Objective 4.5.10.1: Multiple Key Pairs (Single, Dual)
  11. 5. Domain 5.0: Operational/Organizational Security
    1. Objective 5.1: Physical Security
      1. Objective 5.1.1: Access Control
        1. Objective 5.1.1.1: Physical Barriers
        2. Objective 5.1.1.2: Biometrics
      2. Objective 5.1.2: Social Engineering
      3. Objective 5.1.3: Environment
        1. Objective 5.1.3.1: Wireless Cells
        2. Objective 5.1.3.2: Location
        3. Objective 5.1.3.3: Shielding
        4. Objective 5.1.3.4: Fire Suppression
    2. Objective 5.2: Disaster Recovery
      1. Objective 5.2.1: Backups
        1. Objective 5.2.1.1: Off Site Storage
      2. Objective 5.2.2: Secure Recovery
        1. Objective 5.2.2.1: Alternate Sites
      3. Objective 5.2.3: Disaster Recovery Plan
    3. Objective 5.3: Business Continuity
      1. Objective 5.3.1: Utilities
      2. Objective 5.3.2: High Availability/Fault Tolerance
      3. Objective 5.3.3: Backups
    4. Objective 5.4: Policy and Procedures
      1. Objective 5.4.1: Security Policy
        1. Objective 5.4.1.1: Acceptable Use
        2. Objective 5.4.1.2: Due Care
        3. Objective 5.4.1.3: Privacy
        4. Objective 5.4.1.4: Separation of Duties
        5. Objective 5.4.1.5: Need to Know
        6. Objective 5.4.1.6: Password Management
        7. Objective 5.4.1.7: SLA
        8. Objective 5.4.1.8: Disposal/Destruction
        9. Objective 5.4.1.9: HR Policy
          1. Objective 5.4.1.9.1: Termination—Adding/Revoking Passwords, Privileges, etc
          2. Objective 5.4.1.9.2: Hiring—Adding/Revoking Passwords, Privileges, etc
          3. Objective 5.4.1.9.3: Code of Ethics
      2. Objective 5.4.2: Incident Response Policy
    5. Objective 5.5: Privilege Management
      1. Objective 5.5.1: User/Group/Role Management
      2. Objective 5.5.2: Single Sign-on
      3. Objective 5.5.3: Centralized Versus Decentralized
      4. Objective 5.5.4: Auditing (Privilege, Usage, Escalation)
      5. Objective 5.5.5: MAC/DAC/RBAC
    6. Objective 5.6: Forensics (Awareness, Conceptual Knowledge, and Understanding—Know What Your Role Is)
      1. Objective 5.6.1: Chain of Custody
      2. Objective 5.6.2: Preservation of Evidence
      3. Objective 5.6.3: Collection of Evidence
    7. Objective 5.7: Risk Identification
      1. Objective 5.7.1: Asset Identification
      2. Objective 5.7.2: Risk Assessment
      3. Objective 5.7.3: Threat Identification
      4. Objective 5.7.4: Vulnerabilities
    8. Objective 5.8: Education—Training of End Users, Executives, and HR
      1. Objective 5.8.1: Communication
      2. Objective 5.8.2: User Awareness
      3. Objective 5.8.3: Education
      4. Objective 5.8.4: Online Resources
    9. Objective 5.9: Documentation
      1. Objective 5.9.1: Standards and Guidelines
      2. Objective 5.9.2: Systems Architecture
      3. Objective 5.9.3: Change Documentation
      4. Objective 5.9.4: Logs and Inventories
      5. Objective 5.9.5: Classification
        1. Objective 5.9.5.1: Notification
      6. Objective 5.9.6: Retention/Storage
      7. Objective 5.9.7: Destruction
    10. Quick Check Answer Key
      1. Objective 5.1: Physical Security
        1. Objective 5.1.1: Access Control
          1. Objective 5.1.1.1: Physical Barriers
          2. Objective 5.1.1.2: Biometrics
        2. Objective 5.1.2: Social Engineering
        3. Objective 5.1.3: Environment
          1. Objective 5.1.3.1: Wireless Cells
          2. Objective 5.1.3.2: Location
          3. Objective 5.1.3.3: Shielding
          4. Objective 5.1.3.4: Fire Suppression
      2. Objective 5.2: Disaster Recovery
        1. Objective 5.2.1: Backups
          1. Objective 5.2.1.1: Off Site Storage
        2. 5.2.2: Secure Recovery
          1. Objective 5.2.2.1: Alternate Sites
        3. Objective 5.2.3: Disaster Recovery Plan
      3. Objective 5.3: Business Continuity
        1. Objective 5.3.1: Utilities
        2. Objective 5.3.2: High Availability/Fault Tolerance
        3. Objective 5.3.3: Backups
      4. Objective 5.4: Policy and Procedures
        1. Objective 5.4.1: Security Policy
          1. Objective 5.4.1.1: Acceptable Use
          2. Objective 5.4.1.2: Due Care
          3. Objective 5.4.1.3: Privacy
          4. Objective 5.4.1.4: Separation of Duties
          5. Objective 5.4.1.5: Need to Know
          6. Objective 5.4.1.6: Password Management
          7. Objective 5.4.1.7: SLA
          8. Objective 5.4.1.8: Disposal/Destruction
          9. Objective 5.4.1.9: HR Policy
            1. Objective 5.4.1.9.1: Termination—Adding/Revoking Passwords, Privileges, etc
            2. Objective 5.4.1.9.2: Hiring—Adding/Revoking Passwords, Privileges, etc
            3. Objective 5.4.1.9.3: Code of Ethics
        2. Objective 5.4.2: Incident Response Policy
      5. Objective 5.5: Privilege Management
        1. Objective 5.5.1: User/Group/Role Management
        2. Objective 5.5.2: Single Sign-on
        3. Objective 5.5.3: Centralized Versus Decentralized
        4. Objective 5.5.4: Auditing (Privilege, Usage, Escalation)
        5. Objective 5.5.5: MAC/DAC/RBAC
      6. Objective 5.6: Forensics (Awareness, Conceptual Knowledge, and Understanding—Know What Your Role Is)
        1. Objective 5.6.1: Chain of Custody
        2. Objective 5.6.2: Preservation of Evidence
        3. Objective 5.6.3: Collection of Evidence
      7. Objective 5.7: Risk Identification
        1. Objective 5.7.1: Asset Identification
        2. Objective 5.7.2: Risk Assessment
        3. Objective 5.7.3: Threat Identification
        4. Objective 5.7.4: Vulnerabilities
      8. Objective 5.8: Education—Training of End Users, Executives, and HR
        1. Objective 5.8.1: Communication
        2. Objective 5.8.2: User Awareness
        3. Objective 5.8.3: Education
        4. Objective 5.8.4: Online Resources
      9. Objective 5.9: Documentation
        1. Objective 5.9.1: Standards and Guidelines
        2. Objective 5.9.2: Systems Architecture
        3. Objective 5.9.3: Change Documentation
        4. Objective 5.9.4: Logs and Inventories
        5. Objective 5.9.5: Classification
          1. Objective 5.9.5.1: Notification
        6. Objective 5.9.6: Retention/Storage
        7. Objective 5.9.7: Destruction
    11. Answers and Explanations
      1. Objective 5.1: Physical Security
        1. Objective 5.1.1: Access Control
          1. Objective 5.1.1.1: Physical Barriers
          2. Objective 5.1.1.2: Biometrics
        2. Objective 5.1.2: Social Engineering
        3. Objective 5.1.3: Environment
          1. Objective 5.1.3.1: Wireless Cells
          2. Objective 5.1.3.2: Location
          3. Objective 5.1.3.3: Shielding
          4. Objective 5.1.3.4: Fire Suppression
      2. Objective 5.2: Disaster Recovery
        1. Objective 5.2.1: Backups
          1. Objective 5.2.1.1: Off Site Storage
        2. Objective 5.2.2: Secure Recovery
          1. Objective 5.2.2.1: Alternate Sites
        3. Objective 5.2.3: Disaster Recovery Plan
      3. Objective 5.3: Business Continuity
        1. Objective 5.3.1: Utilities
        2. Objective 5.3.2: High Availability/Fault Tolerance
        3. Objective 5.3.3: Backups
      4. Objective 5.4: Policy and Procedures
        1. Objective 5.4.1: Security Policy
          1. Objective 5.4.1.1: Acceptable Use
          2. Objective 5.4.1.2: Due Care
          3. Objective 5.4.1.3: Privacy
          4. Objective 5.4.1.4: Separation of Duties
          5. Objective 5.4.1.5: Need to Know
          6. Objective 5.4.1.6: Password Management
          7. Objective 5.4.1.7: SLA
          8. Objective 5.4.1.8: Disposal/Destruction
          9. Objective 5.4.1.9: HR Policy
            1. Objective 5.4.1.9.1: Termination—Adding/Revoking Passwords, Privileges, etc
            2. Objective 5.4.1.9.2: Hiring—Adding/Revoking Passwords, Privileges, etc
            3. Objective 5.4.1.9.3: Code of Ethics
        2. Objective 5.4.2: Incident Response Policy
      5. Objective 5.5: Privilege Management
        1. Objective 5.5.1: User/Group/Role Management
        2. Objective 5.5.2: Single Sign-on
        3. Objective 5.5.3: Centralized Versus Decentralized
        4. Objective 5.5.4: Auditing (Privilege, Usage, Escalation)
        5. Objective 5.5.5: MAC/DAC/RBAC
      6. Objective 5.6: Forensics (Awareness, Conceptual Knowledge, and Understanding—Know What Your Role Is)
        1. Objective 5.6.1: Chain of Custody
        2. Objective 5.6.2: Preservation of Evidence
        3. Objective 5.6.3: Collection of Evidence
      7. Objective 5.7: Risk Identification
        1. Objective 5.7.1: Asset Identification
        2. Objective 5.7.2: Risk Assessment
        3. Objective 5.7.3: Threat Identification
        4. Objective 5.7.4: Vulnerabilities
      8. Objective 5.8: Education—Training of End Users, Executives, and HR
        1. Objective 5.8.1: Communication
        2. Objective 5.8.2: User Awareness
        3. Objective 5.8.3: Education
        4. Objective 5.8.4: Online Resources
      9. Objective 5.9: Documentation
        1. Objective 5.9.1: Standards and Guidelines
        2. Objective 5.9.2: Systems Architecture
        3. Objective 5.9.3: Change Documentation
        4. Objective 5.9.4: Logs and Inventories
        5. Objective 5.9.5: Classification
          1. Objective 5.9.5.1: Notification
        6. Objective 5.9.6: Retention/Storage
        7. Objective 5.9.7: Destruction
  12. A. CD Contents and Installation Instructions
    1. Multiple Test Modes
      1. Study Mode
      2. Certification Mode
      3. Custom Mode
      4. Missed Question Mode
      5. Non-Duplicate Mode
    2. Random Questions and Order of Answers
    3. Detailed Explanations of Correct and Incorrect Answers
    4. Attention to Exam Objectives
    5. Installing the CD
      1. Creating a Shortcut to the MeasureUp Practice Tests
    6. Technical Support