Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CompTIA Security+ Certification Guide

You're reading from   CompTIA Security+ Certification Guide Master IT security essentials and exam topics for CompTIA Security+ SY0-501 certification

Arrow left icon
Product type Paperback
Published in Sep 2018
Publisher Packt
ISBN-13 9781789348019
Length 532 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Ian Neil Ian Neil
Author Profile Icon Ian Neil
Ian Neil
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Understanding Security Fundamentals FREE CHAPTER 2. Conducting Risk Analysis 3. Implementing Security Policies and Procedures 4. Delving into Identity and Access Management 5. Understanding Network Components 6. Understanding Cloud Models and Virtualization 7. Managing Hosts and Application Deployment 8. Protecting Against Attacks and Vulnerabilities 9. Implementing the Public Key Infrastructure 10. Responding to Security Incidents 11. Managing Business Continuity 12. Mock Exam 1
13. Mock Exam 2
14. Preparing for the CompTIA Security+ 501 Exam 15. Acronyms
16. Assessment 17. Other Books You May Enjoy

Answers and Explanations

  1. Confidentiality means only allowing those authorized to access data. Integrity means that data has not been tampered with. Availability means that data is available when you need it, for example when purchasing an airline ticket.
  2. We could place a CCTV camera in a prominent location as a deterrent; people walking past cannot tell if it has film or not, so we are using it as a deterrent.
  3. Confidentiality means that we are limiting access to data to only those who should have access.
  4. To stop people entering a data center, we would install a mantrap, a turnstile device, so that we can control who accesses the data center, one at a time.
  5. An air gap is what it says on the tin, it is a gap between your network and a machine you would use an air gap maybe between Research and Development Machine and the corporate network. You basically isolated a system.
  6. Administrative controls could be writing a new policy to make the company run smoothly; we may have just implemented change management. You could implement a new form to ensure that all of the data required for an application is supplied. We could run an annual security awareness training day, complete a risk assessment, or perform penetration testing.
  7. Physical control is huge. Remember that these can be physically touched. You can choose three from: cable locks, laptop safe, biometric locks, fences, gates, burglar alarms, fire alarms, lights, security guards, bollards, barricades, a Faraday cage, key management, proximity cards, tokens, HVAC, an air gap, motion sensors, and cameras and biometric devices such as an iris scanner.
  8. If we investigate an incident, we need to collect all of the facts about the incident; this is a detective control. Think of a detective such as Sherlock Holmes who is always investigating mysteries.
  9. If we hash the data before and after, and the hash value remains the same, then the integrity of the data is intact. If the second hash is different, the data has been tampered with.
  10. A corrective control is a one-way function where an incident has happened and we want to redeem the situation. For example, if the hard drive on my laptop fails, then I will purchase a new hard drive, put it into my laptop, install the operating system and application, then obtain a copy of my data from a backup.

  1. Hashing is a technique that lets you know if data has been tampered with, but it does not hide the data.
  2. If the same data is hashed with two different applications that can hash data with SHA1, then the hash value will be the same.
  3. HMAC provides data integrity and data authentication. You can use HMAC-SHA1 or HMAC-MD5.
  4. If I change firewall rules, I am doing this to reduce risk; it is carried out by administrators, therefore it is a technical control.
  5. A smart card is a credit card-type device that has a chip built in; once inserted into the keyboard or USB card reader, you will then be asked to enter a PIN.
  6. The person who stores and manages classified data is called the custodian. The person who gives access to the classified data is the security administrator. Prior to getting access to the data, the person may well be vetted.
  7. In the DAC model, the data is unclassified and the data creator, who is also called the owner, will decide who gains access to the data and its classification.
  8. Least privilege is a technique that says that people should only get the most limited access to data that they need to perform their job.
  9. SELinux uses the MAC model to access data. This is the secure version of Linux.
  10. In Linux 777, give the owner who is the first digit, the group that is the sent digit and all users who are the third group read, write, and execute. It could also be a rwx.
  11. The Linux permission for execute (x) allows you to search for or view data.
  12. An access control method that applies either a time restriction or location restriction is called rule-based access.
  13. A subset of a department with access to a subset of duties is called role-based access.
  14. The defense in depth model has many different layers; the idea behind this is if one layer is broken through, the next layer will provide protection.
  15. When someone leaves the company, we should disable their account so that the keys associated with it are still available. The next stage is to change the password so nobody can access it, especially the person who has just left.
You have been reading a chapter from
CompTIA Security+ Certification Guide
Published in: Sep 2018
Publisher: Packt
ISBN-13: 9781789348019
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image