CompTIA Security+: Get Certified Get Ahead SY0-501 Study Guide Darril Gibson CompTIA Security+: Get Certified Get Ahead SY0- 501 Study Guide Copyright © 2017 by Darril Gibson All rights reserved. Printed in the United States of America. No part of this book may be used or reproduced in any manner whatsoever without written permission except in the case of brief quotations embodied in critical articles and review. For information, contact YCDA, LLC 1124 Knights Bridge Lane, Virginia Beach, VA, 23455 YCDA, LLC books may be purchased for educational, business, or sales promotional use. For information, please contact Darril Gibson at Dedication To my wife, who even after 25 years of marriage continues to remind me how wonderful life can be if you’re in a loving relationship. Thanks for sharing your life with me. Acknowledgments Books of this size and depth can’t be done by a single person, and I’m grateful for the many people who helped me put this book together. First, thanks to my wife. She has provided me immeasurable support throughout this project. The technical editor, Chris Crayton, provided some great feedback on each of the chapters and the online labs. If you have the paperback copy of the book in your hand, you’re enjoying some excellent composite editing work done by Susan Veach. I’m extremely grateful for all the effort Karen Annett put into this project. She’s an awesome copy editor and proofer and the book is tremendously better due to all the work she’s put into it. Last, thanks to my assistant Jaena Nerona who helped with many of the details behind the scenes. She helped me with some quality control and project management. More, she managed most of the daily tasks associated with maintaining online web sites. While I certainly appreciate all the feedback everyone gave me, I want to stress that any errors that may have snuck into this book are entirely my fault and no reflection on anyone who helped. I always strive to identify and remove every error, but they still seem to sneak in. Special thanks to: • Chief Wiggum for bollards installation. • Nelson Muntz for personal physical security services. • Martin Prince for educating us about downgrade attacks. • Comp-Global-Hyper-Mega-Net for intermittent HTTP services. • Edna Krabapple for her thoughtful continuing education lessons. • Apu Nahasapeemapetilon for technical advice on secure coding concepts. • Moe Szyslak for refreshments and uplifting our spirits with his talks about RATs. About the Author Darril Gibson is the CEO of YCDA, LLC (short for You Can Do Anything). He has contributed to more than 40 books as the author, coauthor, or technical editor. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications, including CompTIA A+, Network+, Security+, and CASP; (ISC)2 SSCP and CISSP; Microsoft MCSE and MCITP; and ITIL Foundations. In response to repeated requests, Darril created the http://gcgapremium.com/ site where he provides study materials for several certification exams, including the CompTIA Security+ exam. Darril regularly posts blog articles at http://blogs.getcertifiedgetahead.com/, and uses the site to help people stay abreast of changes in certification exams. You can contact him through either of these sites. Additionally, Darril publishes the Get Certified Get Ahead newsletter. This weekly newsletter typically lets readers know of new blog posts and about updates related to CompTIA certification exams. Yo u can sign up at http://eepurl.com/g44Of. Darril lives in Virginia Beach with his wife and two dogs. Whenever possible, they escape to a small cabin in the country on over twenty acres of land that continue to provide them with peace, tranquility, and balance. Table of Contents Dedication iii Acknowledgments iv About the Author iv Introduction. .............................................. 1 Who This Book Is For 1 About This Book 2 How to Use This Book 2 Conventions 3 Remember This 3 Vendor Neutral 4 Free Online Resources 4 Additional Web Resources 5 Assumptions 5 Set a Goal 6 About the Exam 6 Passing Score 6 Exam Prerequisites 6 Beta Questions 7 Exam Format 7 Question Types 7 Multiple Choice 7 Performance-Based Questions 7 Question Complexity 9 Video 10 Exam Test Provider 10 Voucher Code for 10 Percent Off 10 Exam Domains 11 Objective to Chapter Map 11 1.0 Threats, Attacks and Vulnerabilities 21% 11 2.0 Technologies and Tools 22% 15 3.0 Architecture and Design 15% 19 4.0 Identity and Access Management 16% 24 5.0 Risk Management 14% 26 6.0 Cryptography and PKI 12% 29 Recertification Requirements 32 Pre-Assessment Exam ..................................... 35 Assessment Exam Answers 49 Chapter 1. ................................................ 61 Mastering Security Basics 61 Understanding Core Security Goals 62 What Is a Use Case? 62 Ensure Confidentiality 63 Encryption 63 Access Controls 63 Steganography and Obfuscation 64 Provide Integrity 64 Hashing 64 Digital Signatures, Certificates, and Non-Repudiation 66 Increase Availability 67 Redundancy and Fault Tolerance 67 Patching 68 Resource Versus Security Constraints 68 Introducing Basic Risk Concepts 68 Understanding Control Types 69 Technical Controls 70 Administrative Controls 70 Physical Controls 71 Control Goals 71 Preventive Controls 72 Detective Controls 73 Comparing Detection and Prevention Controls 74 Corrective Controls 74 Deterrent Controls 74 Compensating Controls 74 Combining Control Types and Goals 75 Implementing Virtualization 75 Comparing Hypervisors 76 Application Cell or Container Virtualization 76 Secure Network Architecture 77 Snapshots 77 VDI/VDE and Non-Persistence 78 VMs as Files 78 Risks Associated with Virtualization 79 Running Kali Linux in a VM 80 Using Command-Line Tools 80 Windows Command Line 80 Linux Terminal 81 Understanding Switches and Getting Help 82 Understanding Case 82 Ping 82 Using Ping to Check Name Resolution 83 Beware of Firewalls 84 Using Ping to Check Security Posture 84 Ipconfig, ifconfig, and ip 84 Netstat 86 Tracert 87 Arp 88 Chapter 1 Exam Topic Review 88 Chapter 1 Practice Questions 90 Chapter 1 Practice Question Answers 92 Chapter 2. ................................................ 95 Understanding Identity and Access Management 95 Exploring Authentication Concepts 96 Comparing Identification and AAA 96 Comparing Authentication Factors 97 Something You Know 97 Something You Have 103 Something You Are 106 Somewhere You Are 107 Something You Do 108 Dual-Factor and Multifactor Authentication 109 Summarizing Identification Methods 109 Troubleshooting Authentication Issues 109 Comparing Authentication Services 110 Kerberos 110 NTLM 111 LDAP and LDAPS 111 Single Sign-On 112 SSO and Transitive Trusts 113 SSO and SAML 114 SAML and Authorization 114 SSO and a Federation 114 OAuth and OpenID Connect 115 Managing Accounts 115 Least Privilege 116 Need to Know 116 Account Types 117 Require Administrators to Use Two Accounts 117 Standard Naming Convention 118 Prohibiting Shared and Generic Accounts 118 Disablement Policies 119 Recovering Accounts 119 Time-of-Day Restrictions 120 Location-Based Policies 120