CompTIA Sec+ | Microsoft MTA Security: Certification Cram Guide & Study Notes
In this cram guide, we would like to give you some short tips on what to study for the Security+ exam to ensure a great score. It is organized by the same criteria that CompTIA organizes the actual exam and is therefore comprehensive, covering many of the specialized points that you will encounter while taking the exam.
Topic 1: General Security Concepts
- Your ability to understand the CIA triangle (Confidentiality, Integrity, and Availability) will help you in many questions that are indirectly related to the triangle on the exam. Remember that confidentiality refers to the idea that information should remain only accessible to those who are meant to access it; integrity is the concept that information should remain in the same form as it was originally intended (i.e. not maliciously changed); availability refers to the idea that information should be accessible (think Denial of Service)
- Remember that access control refers to the ability to protect the confidentiality of information through controlling a user’s access to that information. Remember the three types of authentication factors:
- Type 1: What you know: Information, like passwords
- Type 2: What you have: Items, like lock-and-key or cards
- Type 3: What you are (Most secure): Biometrics, like fingerprints
- Accountability refers to the idea that a user should be accountable to actions performed under his/her name. Non-repudiation is the idea that a user should not be able to repudiate that he/she is responsible for something (for example, a file may say to have been edited by John, but how do we know John actually edited it?)
- Make sure you understand Kerberos. Here is a condensed sequence of events: Client sends login information to KDC (Key Distribution Center), which verifies a client’s credentials and sends a request to TGS (Ticket Granting Server). The TGS sends a TGT (Ticket Granting Ticket) to the client.
- Make sure you understand and can recognize each of these attacks, as you will be tested on at least two of these on the exam:
- SYN Flood: Sending TCP packets to deny availability
- ICMP Flood: Sending ICMP (usually ping) packets to deny availability
- UDP Flood: Sending UDP packets to deny availability
- Smurf: A special ICMP Flood attack that broadcasts ICMP requests
- Buffer Overflow: Sending a malformed packet that overflows a memory address to deny availability and possibly gain privileges (destroy confidentiality/integrity)
- Backdoor: Gain access through a secret program (Trojan horse)
- Sniffing: Read information off the network
- Spoofing: Hiding or disguising an address to make it appear that the requests come from another source
- Man-in-the-Middle: Intercepting packets and changing the contents (denies confidentiality and integrity)
- Replay: Session key sniffed and then used
- Birthday attack: Probability-based
- Social engineering: Low-tech attack on people who don’t understand security
- Virus: Propagates through user action (usually email)
- Worm: Self-propagating and uses exploits
Topic 2: Communication Security
- Remote Access Technologies include PPP (widely used for dial-up TCP/IP access), PPTP (tunneled PPP), RADIUS (UDP-based), TACACS+ (similar to radius, but TCP-based and Cisco proprietary)
- L2TP operates on the Data-Link layer; IPSec operates over Network layer and has two protocols: AH and ESP
- S/MIME, MOSS, PEM, PGP all email security programs. PGP is popular and uses IDEA
- Applets are programs that run in a browser: Some include C#, VB.Net, Java, and ActiveX
- S-HTTP is connectionless while SSL is connection-oriented; SSL 3.0 is known as TLS
- Cookies simply store information for websites to use (they are not inherently malicious)
- S-FTP is FTP over SSH; TFTP offers no authentication or encryption
- Active Directory is Microsoft’s implementation of LDAP
- Disk spanning allows a file system to be spread over multiple physical drives
- WTLS is WAP’s built-in security system and operates over TLS
- 802.11 is the standard for wireless, and includes sub-standards a, b, g, and n
- SSID is the name of a network based in infrastructure mode
- WEP is weak security system for wireless LAN’s; WEP operates on Layers 1 and 2 (Physical and Data link)
- 802.1x is a key management protocol that uses EAP
Topic 3: Infrastructure Security
- Make sure you know some basic networking concepts and hardware:
- Cladding is the glass insulator in fiber optic cabling
- STP cabling is said to be shielded against EMI, or electric interference
- Also, for the Security+ exam, an understanding of the types of firewalls is essential:
- Packet filtering: Works by examining headers
- Circuit-level gateway: Maintains state information (connection-based)
- Application-level gateway: Examines each packet coming in for content
- Proxy server: Special application-level gateway that ensures no direct connection between an un-trusted and trusted network
- ACL is the list that defines the rules that a packet filtering firewall follows
- The exam tests heavily on the security zone designs or topologies:
- Screening router: One router between the trusted and un-trusted
- Dual-homed gateway: A bastion host and router between trusted and un-trusted
- Screened host gateway: A bastion host that can examine traffic between trusted and un-trusted
- Screened-subnet: A bastion host (and DMZ zone) between two routers
- It’s important to understand the distinctions of IDS systems:
- Active: Finds and attempts to circumvent threats (more susceptible to attacks)
- Passive: Finds threats and alerts administrator
- Network-based: Operates as independent network node
- Host-based: Requires that special software be installed on each node
- Knowledge-based: Works using signatures and known attacks
- Behavior-based: Works by analyzing baseline v. real-time network traffic
- Relaying refers to the behavior of SMTP servers that will send a message from any source (should be disabled)
- Patches fix security issues from vendors
- Anonymous services allow access without authentication
Topic 4: Basics of Cryptography
- The work factor of an algorithm refers to the amount of resources and time it takes for the algorithm to operate
- A key is the value that can encrypt or decrypt text
- Public-key or asymmetric algorithms are more scalable and easier to manage than symmetric or secret key algorithms, but they require more overhead and are slower
- End-to-End encryption refers to the idea that packets are encrypted at the source and decrypted at the destination
- AES is a symmetric algorithm based on Rijndael Block Cipher
- Block ciphers encrypt clear text “block-by-block” while stream ciphers encrypt text in “real time”
- Symmetric algorithms include: DES, 3DES, AES, IDEA
- Asymmetric algorithms include: Diffie-Hellman, RSA, El Gamal
- Hashes do not allow for the decryption of cipher text. Think of a hash as a special type of cryptographic “one-way,” one-to-one function
- Here is a brief overview of how asymmetric or public-key cryptography works:
- Billy wants to send Sue information. Billy encrypts the information with Sue’s public key, which everyone knows
- Sue receives the information Bill sent and decrypts it with her private key, which only Sue knows
- Sue sends Bill information back, encrypting it with his public key
- Bill decrypts the information using his private key
Topic 5: Organizational Security
- Business Continuity Planning refers to continuing normal day-to-day operations after a disaster
- Disaster Recovery Planning refers to fixing the problems a disaster causes
- Backup types that you should know for the exam:
- Full: The information is backed up in entirety
- Differential: Only the data changed since the last full backup is backed up
- Incremental: Only the data changed since the last full or incremental backup is backed up
- The greatest amount of time that a system can withstand being un-operational is called the MTD or maximum tolerable downtime
- Risk analysis is the practice of assessing which threats are relevant and pressing
Topic 6: Tables & Charts
Cryptographic Algorithms and Protocols
| Name | Type | Algorithm | Size | Strength | Replaced By |
| DES | Symmetric | Block cipher | 64 bit (56 + 8 parity) | Very weak | 3DES |
| 3DES | Symmetric | Block cipher | 192 bit (168 bit + 24 parity) | Moderate | AES |
| AES | Symmetric | Rijndael Block cipher | Variable (128, 192, 256) | Strong | N/A |
| RC5 | Symmetric | RSA Block mode cipher | Variable (up to 2048) | Very Strong | N/A |
| RSA | Asymmetric | Key transport | 512 | Strong | N/A |
| Diffie-Hellman | Asymmetric | Key exchange | N/A | Moderate | El Gamal |
| El Gamal | Asymmetric | Key exchange | N/A | Very Strong | N/A |
| MD5 | Hash (Digest) | Rivest MD5 Block Hash | 512 bit block processing/ 128 bit digest | Strong | MD6, et. Al. |
| SHA-1 | Hash | Rivest SHA Hash | 512-bit processing/160 bit digest | Very Strong | N/A |
| HMAC | Hash | Keyed Digest | Variable | Very Strong | N/A |
Fire Suppression Technology
| Fire Class | Fuel | Suppression Tech |
| A | Common organic combustibles | Water |
| B | Fuels | Carbon dioxide, soda acid, Halon |
| C | Electrical fires | Carbon dioxide, Halon |
| D | Chemical | Halon, specialized agents |
Remote Access Technologies
| Name | Type | Features | Protocol | Replaced By |
| PPP | RAS | PAP, CHAP, EAP | TCP/IP | N/A |
| RADIUS | RAS | PAP, CHAP | UDP | N/A |
| TACACS | RAS | PAP, CHAP | UDP | TACACS+ |
| TACACS+ | RAS | Many | TCP | N/A |
| PPTP | VPN | PPP tunneling, PAP, CHAP, EAP | Layer 2 | L2F, L2TP |
| L2F | VPN | Cisco Based | Layer 2 | N/A |
| L2TP | VPN | Combines PPTP and Cisco | Layer 2 | N/A |
| IPSec | VPN | Transport / Tunnel mode | Layer 3 | N/A |
Source by: <www.proprofs.com>
To Become Certified For CompTIA Security+ Please Visit This Link ;
