CertCities.com -- The Ultimate Site for Certified IT Professionals
Listen, See, Win! Register for a Free Tech Library Webcast Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets


CertCities.com
Let us know what you
think! E-mail us at:



 
 
...Home ... Editorial ... Columns ..Column Story Saturday: April 5, 2014


 On the Plus Side  
Jeff Durham
Jeff Durham


 Security+: A Quick Overview
CompTIA answers the demand for security certs with -- what else? -- a low-level, vendor-neutral title. Here's an overview of this soon-to-debut cert, plus 10 practice questions to get you started.
by Jeff Durham  
10/9/2002 -- It seems that an event such as 9/11 tends to reverberate the idea of security and protection in a variety of professions and practices. With the recent anniversary of this tragic event, IT security is again on the minds of individuals and companies who have data, information and network architectures that they want safely secured. As a result, security-based certs such as Certified Information Systems Security Professional (CISSP), Cisco's Security Specialist designation and Certifed Internet Webmaster's (CIW) Security Professional series have received more press as IT professionals look for ways to qualify their security expertise. CompTIA has answered this interest with its own Security+ certification.

Why Security+ ?
According to CompTIA, recent surveys show that a wide variety of technology and Internet-related attacks on security occurred, despite a wide range of technologies and practices that were set up to thwart them. Because of the huge estimated loss of both information and financial assets due to hacks and break-ins, CompTIA recognized the need for the certification that will validate the skills of individuals working in the area of IT security.

CompTIA says that being able to verify a candidates security knowledge via the Security+ designation will lead to increased skills in the IT security workforce and lower financial losses for companies plagued by security issues, as well as add definition to different types of security-specific career paths.

What Does Security+ Cover?
Security+ is a certification that is designed for professionals with a minimum of two years networking experience. It's also recommended that candidates possess a complete knowledge of TCP/IP and skills equivalent to those tested in the A+ and Network+ exams. The test isn't specific to any one vendor. The Security+ exam consists of five domain arenas:

  • General Security Concepts (30 percent)
  • Communications Security (20 percent)
  • Infrastructure Security (20 percent)
  • Basics of Cryptography (15 percent)
  • Operational/Organizational Security (15 percent)

For the complete objectives for this exam (currently in beta form), click here.

Security+ Sample Questions
Because security can be such a wide-ranging topic, exam takers should be familiar with security as it applies to various vendor platforms as well as open source. Here are some practice questions. (Answers appear at the end of the column.)

1. Of the following services, which one determines what a user can change or view?

A. Data integrity

B. Data confidentiality

C. Data authentication

D. Access control

2. Which of the following describes the concept of data integrity?

A. A means of determining what resources a user can use and view.

B. A method of security that ensures all data is sequenced, and numbered.

C. A means of minimalizing vulnerabilities of assets and resources.

D. A mechanism applied to indicate a data's level of security.

3. Which two of the following are symmetric-key algorithms used for encryption?

A. stream-cipher

B. block

C. public

D. secret

4. By definition, how many keys are needed to lock and unlock data using symmetric-key encryption?

A. 3+

B. 2

C. 1

D. 0

5. By definition, how many keys are needed to lock and unlock data using asymmetric-key encryption?

A. 3+

B. 2

C. 1

D. 0

6. How many bits are employed when using hash encryption?

A. 32

B. 64

C. 128

D. 256

7. Dave is increasing the security of his Web site by adding SSL (Secure Sockets Layer). Which type of encryption does SSL use?

A. Asymmetric

B. Symmetric

C. Public Key

D. Secret

8. John wants to encrypt a sensitive message before sending it to one of his managers. Which type of encryption is often used for e-mail?

A. S/MIME

B. BIND

C. DES

D. SSL

9. You are explaining SSL to a junior administrator and come up to the topic of handshaking. How many steps are employed between the client and server in the SSL handshake process?

A. Five

B. Six

C. Seven

D. Eight

10. You have been alerted to the possibility of someone using an application to capture and manipulate packets as they are passing through your network. What type of threat does this represent?

A. DDoS

B. Back Door

C. Spoofing

D. Man in the Middle

Answers To Security+ Practice Questions
1. D. Access control is used to determine what a user can change, view or otherwise access.

2. B. Data integrity ensures that all data is sequenced, numbered and time stamped.

3. A, B. Stream-cipher mode and block mode are the two types of symmetric-key encryption algorithms.

4. C. Symmetric encryption uses a single key to lock and unlock the data.

5. B. Asymmetric encryption uses two keys: one to lock the data and one to unlock the data.

6. C. Hash encryption uses values of 128 bits.

7. B. Symmetric key encryption is used to sign data in SSL.

8. A. Secure MIME (S/MIME) is often used to encrypt e-mail.

9. B. SSL uses a six-step handshake to establish a connection between the server and the client.

10. D. A Man in the Middle threat is one where an application on your network is used to capture and manipulate packets sent across the network.


Jeff W. Durham, MCP, A+, i-Net+, Linux+, is the recent co-author of the Security+ Short Course. E-mail any questions or comments to .

 


More articles by Jeff Durham:

-- advertisement --


There are 50 CertCities.com user Comments for “Security+: A Quick Overview”
Page 1 of 5
10/10/02: Ron Beacom from Peterborough, Ontario, Canada says: Oh great. Another &%$$@$&(@@ certification. It seems everyone is on the certification (CASHCOW) bandwagon. Just another excuse to extract money from IT people
10/14/02: Peter Buletza from El Dorado, Arkansas says: Certifications like the Security+ provide benefits to two groups. One is an employer. The certificate lets the employer know that the existing or prospective employee has a certain level of academic competance and can narrow the field of applicants for hiring or promotion. The second group comprises those prospective or existing employees. A certificate helps to break them out of the crowd making them more competative. IT is only going to become more complex and hense more specialization required. On the personal side, you have to buy a ticket to win.
10/18/02: Moschino from Turkey says: I like Comptia exam because it includes concept not product specific.
10/24/02: Anonymous says: Wow, Peter really is brainwashed!
9/9/11: Stitches from AsxbRFWqr says: I can't believe you're not playing with me--that was so heplufl.
3/4/13: scrapebox from [email protected] says: I¡¦m no longer sure where you're getting your information, however great topic. I needs to spend a while learning much more or understanding more. Thanks for magnificent info I was looking for this info for my mission. scrapebox http://scrapebox.overblog.com/
5/16/13: akb48 dvd from [email protected] says: Hi, Neat post. There is an issue along with your web site in internet explorer, would test this? IE still is the market leader and a good component of people will leave out your great writing because of this problem. akb48 dvd http://www.uonobu.co.jp/shop/akb48.html
5/20/13: akb48 ?? from [email protected] says: Whats up very nice site!! Man .. Beautiful .. Superb .. I will bookmark your site and take the feeds also?I am|I'm} satisfied to seek out numerous helpful information right here within the publish, we need develop more strategies in this regard, thank you for sharing. akb48 ?? http://www.uonobu.co.jp/shop/akb48.html
5/21/13: ????? ???? from [email protected] says: I really like your writing style, good info , thanks for putting up : D. ????? ???? http://www.k-jinken.ne.jp/book21.htm
5/30/13: akb48 dvd box from [email protected] says: Good website! I truly love how it is simple on my eyes and the data are well written. I am wondering how I could be notified whenever a new post has been made. I have subscribed to your RSS feed which must do the trick! Have a nice day! akb48 dvd box http://www.uonobu.co.jp/shop/akb48.html
First Page   Next Page   Last Page
Your comment about: “Security+: A Quick Overview”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top