CompTIA®
Security+® Study Guide
Exam SY0-501
Seventh Edition

Emmett Dulaney
Chuck Easttom



Senior Acquisitions Editor: Kenyon Brown
Development Editor: Gary Schwartz
Technical Editors: Buzz Murphy and Warren Wyrostek
Production Editor: Christine O’Connor
Copy Editor: Elizabeth Welch
Editorial Manager: Mary Beth Wakefield
Production Manager: Kathleen Wisor
Associate Publisher: Jim Minatel
Book Designers: Bill Gibson and Judy Fung
Proofreader: Kim Wimpsett
Indexer: John Sleeva
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: Getty Images Inc./Jeremy Woodhouse
Copyright © 2018 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-41687-6
ISBN: 978-1-119-41690-6 (ebk.)
ISBN: 978-1-119-41689-0 (ebk.)
Manufactured in the United States of America

No part of this publication may be reproduced, stored in a retrieval system or transmitted in
any form or by any means, electronic, mechanical, photocopying, recording, scanning or
otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright
Act, without either the prior written permission of the Publisher, or authorization through
payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood
Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher
for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc.,
111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at
/>Limit of Liability/Disclaimer of Warranty: The publisher and the author make no
representations or warranties with respect to the accuracy or completeness of the contents of
this work and specifically disclaim all warranties, including without limitation warranties of
fitness for a particular purpose. No warranty may be created or extended by sales or
promotional materials. The advice and strategies contained herein may not be suitable for
every situation. This work is sold with the understanding that the publisher is not engaged in
rendering legal, accounting, or other professional services. If professional assistance is
required, the services of a competent professional person should be sought. Neither the
publisher nor the author shall be liable for damages arising herefrom. The fact that an
organization or Web site is referred to in this work as a citation and/or a potential source of
further information does not mean that the author or the publisher endorses the information
the organization or Web site may provide or recommendations it may make. Further, readers
should be aware that Internet Web sites listed in this work may have changed or disappeared


between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support,
please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the
U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some
material included with standard print versions of this book may not be included in e-books or
in print-on-demand. If this book refers to media such as a CD or DVD that is not included in

the version you purchased, you may download this material at .
For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2017955410
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered
trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other
countries, and may not be used without written permission. CompTIA and Security+ are
trademarks or registered trademarks of CompTIA, Inc. All other trademarks are the property
of their respective owners. John Wiley & Sons, Inc. is not associated with any product or
vendor mentioned in this book.


For Emmett Buis and Wolfgang Scisney: bookends.
—Emmett


Acknowledgments
This book would not exist were it not for Mike Pastore, the author of
the first edition. He took a set of convoluted objectives for a broad
exam and wrote the foundation of the study guide that you now hold
in your hands. While the exam and their associated objectives
improved with each iteration, all subsequent editions of this text are
forever indebted to his knowledge, hard work, and brilliance so early
on.
Thanks are also due to Gary Schwartz, for being one of the best editors
in publishing to work with, and to all of those at Wiley who helped
with this title.


About the Authors
Emmett Dulaney is a professor at a small university in Indiana and

the former director of training for Mercury Technical Solutions. He is
a columnist for Certification Magazine and the author of more than
30 books on certification, operating systems, and cross-platform
integration. Emmett can be reached at
Chuck Easttom is a researcher, consultant, and trainer in computer
science and computer security. He has expertise in software
engineering, operating systems, databases, web development, and
computer networking. He travels the world teaching and consulting on
digital forensics, cyber security, cryptology, and related topics. He has
authored 22 books and counting, as well as dozens of research papers.
Chuck is additionally an inventor with 10 patented computer-science
inventions. He also frequently works as an expert witness in
computer-related cases. His website is />

Contents
Acknowledgments
About the Authors
Introduction
Before You Begin the CompTIA Security+ Certification Exam
Why Become Security+ Certified?
How to Become a Security+ Certified Professional
Who Should Read This Book?
What Does This Book Cover?
Tips for Taking the Security+ Exam
What’s Included in the Book
Interactive Online Learning Environment and Test Bank
How to Use This Book and Study Tools
Exam SY0-501 Exam Objectives
SY0-501 Certification Exam Objective Map
Assessment Test

Answers to Assessment Test
Chapter 1 Managing Risk
Risk Terminology
Threat Assessment
Risk Assessment
Developing Policies, Standards, and Guidelines
Summary
Exam Essentials
Review Questions
Chapter 2 Monitoring and Diagnosing Networks
Monitoring and Diagnosing Networks Terminology
Frameworks, Best Practices, and Configuration Guides


Secure Network Architecture Concepts
Secure Systems Design
Summary
Exam Essentials
Review Questions
Chapter 3 Understanding Devices and Infrastructure
Infrastructure Terminology
Designing with Security in Mind
Summary
Exam Essentials
Review Questions
Chapter 4 Identity and Access Management
Using Tools to Assess Your Network
Troubleshooting Common Security Issues
Security Technologies
Identity and Access Management Concepts

Install and Configure Identity and Access Services
File and Database Security
Summary
Exam Essentials
Review Questions
Chapter 5 Wireless Network Threats
Wireless Threat Terminology
Wireless Vulnerabilities to Know
Wireless Commonsense
Wireless Attack Analogy
Summary
Exam Essentials
Review Questions


Chapter 6 Securing the Cloud
Cloud-Related Terminology
Working with Cloud Computing
Working with Virtualization
Security and the Cloud
Summary
Exam Essentials
Review Questions
Chapter 7 Host, Data, and Application Security
Threat Actors and Attributes
Use of Open Source Intelligence
Types of Vulnerabilities
Embedded Systems Security
Application Vulnerabilities
Secure Programming

Other Application Security Issues
Code Issues
Summary
Exam Essentials
Review Questions
Chapter 8 Cryptography
An Overview of Cryptography
Modern Cryptography
Using Cryptographic Systems
Understanding Cryptography Standards and Protocols
Public Key Infrastructure
Using Public Key Infrastructure
Authentication
Summary


Exam Essentials
Review Questions
Chapter 9 Threats, Attacks, and Vulnerabilities
Threat and Attack Terminology
Living in a World of Viruses
Malware and Crypto-Malware
Understanding Various Types of Application/Service Attacks
Summary
Exam Essentials
Review Questions
Chapter 10 Social Engineering and Other Foes
Social Engineering and Physical Security Terminology
Understanding Social Engineering
Understanding Physical Security

Various Control Types
Data Security and Privacy Practices
Summary
Exam Essentials
Review Questions
Chapter 11 Security Administration
Connection Types
Mobile Devices
Account Management Concepts
Summary
Exam Essentials
Review Questions
Chapter 12 Disaster Recovery and Incident Response
Disaster and Incident Related Terminology
Penetration Testing


Issues Associated with Business Continuity
Summary
Exam Essentials
Review Questions
Appendix Answers to Review Questions
Chapter 1 : Managing Risk
Chapter 2 : Monitoring and Diagnosing Networks
Chapter 3 : Understanding Devices and Infrastructure
Chapter 4 : Identity and Access Management
Chapter 5 : Wireless Network Threats
Chapter 6 : Securing the Cloud
Chapter 7 : Host, Data, and Application Security
Chapter 8 : Cryptography

Chapter 9 : Threats, Attacks, and Vulnerabilities
Chapter 10 : Social Engineering and Other Foes
Chapter 11 : Security Administration
Chapter 12 : Disaster Recovery and Incident Response
Advert
EULA


List of Tables
Chapter 1
TABLE 1.1
TABLE 1.2
TABLE 1.3
Chapter 4
TABLE 4.1
TABLE 4.2
TABLE 4.3
TABLE 4.4
TABLE 4.5
TABLE 4.6
TABLE 4.7
Chapter 5
TABLE 5.1
Chapter 7
TABLE 7.1
Chapter 8
TABLE 8.1
Chapter 9
TABLE 9.1
Chapter 10

TABLE 10.1


List of Illustrations
Chapter 1
FIGURE 1.1 The four primary RAID technologies used in
systems
Chapter 2
FIGURE 2.1 PCI-DSS control objectives
FIGURE 2.2 A typical DMZ
FIGURE 2.3 Network segmentation
FIGURE 2.4 Two LANs connected using a VPN across the
Internet
FIGURE 2.5 A proxy firewall blocking network access from
external networks
FIGURE 2.6 Windows 10 Control Panel
FIGURE 2.7 Windows 10 System and Security
FIGURE 2.8 Windows 10 Administrative Tools screen
FIGURE 2.9 Windows 10 Services
Chapter 3
FIGURE 3.1 A proxy firewall blocking network access from
external networks
FIGURE 3.2 Two LANs connected using a VPN across the
Internet
FIGURE 3.3 An IDS and a firewall working together to secure
a network
FIGURE 3.4 The components of an IDS working together to
provide network monitoring
FIGURE 3.5 A signature-based detection system in action
FIGURE 3.6 AD-IDS using expert system technology to



evaluate risks
FIGURE 3.7 NIDS placement in a network determines what
data will be analyzed.
FIGURE 3.8 A hub being used to attach the NIDS to the
network
FIGURE 3.9 An IPS instructing TCP to reset all connections
FIGURE 3.10 An IPS instructing the firewall to close port 80
for 60 seconds to thwart an IIS attack
FIGURE 3.11 A network honeypot deceives an attacker and
gathers intelligence.
FIGURE 3.12 A host-based IDS interacting with the operating
system
FIGURE 3.13 Router connecting two LANs
FIGURE 3.14 A corporate network implementing routers for
segmentation and security
FIGURE 3.15 Switching between two systems
Chapter 4
FIGURE 4.1 tcpdump
FIGURE 4.2 Wireshark
FIGURE 4.3 Wireshark follow conversation
FIGURE 4.4 SolarWinds network topology scan
FIGURE 4.5 SolarWinds scan results
FIGURE 4.6 LanHelper
FIGURE 4.7 Aircrack
FIGURE 4.8 pwdump
FIGURE 4.9 Ophcrack
FIGURE 4.10 Nessus report
FIGURE 4.11 MBSA output



FIGURE 4.12 OWASP ZAP output
FIGURE 4.13 ping
FIGURE 4.14 netstat
FIGURE 4.15 tracert
FIGURE 4.16 nslookup
FIGURE 4.17 arp
FIGURE 4.18 ipconfig
FIGURE 4.19 netcat
FIGURE 4.20 Malwarebytes
FIGURE 4.21 Windows Firewall
FIGURE 4.22 A logon process occurring on a workstation
FIGURE 4.23 Kerberos authentication process
FIGURE 4.24 The RADIUS client manages the local
connection and authenticates against a central server
Chapter 5
FIGURE 5.1 Wireless security settings for a simple router
FIGURE 5.2 Examples of some questionable wireless
networks
Chapter 6
FIGURE 6.1 The SaaS service model
FIGURE 6.2 The PaaS service model
FIGURE 6.3 The IaaS service model
FIGURE 6.4 Type I hypervisor model
FIGURE 6.5 Type II hypervisor model
Chapter 7
FIGURE 7.1 Dark web market
FIGURE 7.2 ThreatCrowd



FIGURE 7.3 OpenPhish
FIGURE 7.4 OSINT framework
FIGURE 7.5 Shodan
FIGURE 7.6 Firefox
FIGURE 7.7 Prototyping
Chapter 8
FIGURE 8.1 A simple transposition cipher in action
FIGURE 8.2 Symmetric encryption system
FIGURE 8.3 A two-key system in use
FIGURE 8.4 The MAC value is calculated by the sender and
receiver using the same algorithm.
FIGURE 8.5 Digital signature processing steps
FIGURE 8.6 The PGP encryption system
FIGURE 8.7 The SSL connection process
FIGURE 8.8 The TLS connection process
Chapter 9
FIGURE 9.1 Virus spreading from an infected system using
the network or removable media
FIGURE 9.2 An email virus spreading geometrically to other
users
FIGURE 9.3 A logic bomb being initiated
FIGURE 9.4 A backdoor attack in progress
FIGURE 9.5 Distributed denial-of-service attack
FIGURE 9.6 A man-in-the-middle attack occurring between a
client and a web server
FIGURE 9.7 A replay attack occurring
FIGURE 9.8 A spoofing attack during logon



Chapter 10
FIGURE 10.1 An example of vishing
FIGURE 10.2 An example of tailgating
FIGURE 10.3 An example of dumpster diving
FIGURE 10.4 An example of shoulder surfing
FIGURE 10.5 Falsely sounding an alarm is a type of hoax.
FIGURE 10.6 The three-layer security model
FIGURE 10.7 A cable can be used to keep a desktop machine
from easily being taken.
FIGURE 10.8 If theft of equipment is a possibility, run one
end of the cable from the monitor to the desktop computer
through a hole in the work desk.
FIGURE 10.9 A mantrap in action
FIGURE 10.10 A hot and cold aisle design
FIGURE 10.11 Water-based fire-suppression system
FIGURE 10.12 Electromagnetic interference (EMI) pickup in
a data cable
FIGURE 10.13 RF desensitization occurring as a result of cell
phone interference
FIGURE 10.14 A cable in the security slot keeps the laptop
from easily being removed.
Chapter 11
FIGURE 11.1 Bluesnarfing
FIGURE 11.2 Evil twin rogue access point
FIGURE 11.3 Geofencing
Chapter 12
FIGURE 12.1 Database transaction auditing process
FIGURE 12.2 Grandfather, Father, Son backup method



FIGURE 12.3 Full Archival backup method
FIGURE 12.4 A backup server archiving server files
FIGURE 12.5 System regeneration process for a workstation
or server




Introduction
If you’re preparing to take the Security+ exam, you’ll undoubtedly
want to find as much information as you can about computer and
physical security. The more information you have at your disposal and
the more hands-on experience you gain, the better off you’ll be when
attempting the exam. This study guide was written with that in mind.
The goal was to provide enough information to prepare you for the
test, but not so much that you’ll be overloaded with information that’s
outside the scope of the exam.
This book presents the material at an intermediate technical level.
Experience with and knowledge of security concepts, operating
systems, and application systems will help you get a full understanding
of the challenges that you’ll face as a security professional.
We’ve included review questions at the end of each chapter to give you
a taste of what it’s like to take the exam. If you’re already working in
the security field, we recommend that you check out these questions
first to gauge your level of expertise. You can then use the book mainly
to fill in the gaps in your current knowledge. This study guide will help
you round out your knowledge base before tackling the exam.
If you can answer 90 percent or more of the review questions correctly
for a given chapter, you can feel safe moving on to the next chapter. If
you’re unable to answer that many correctly, reread the chapter and

try the questions again. Your score should improve.

Don’t just study the questions and answers! The questions
on the actual exam will be different from the practice questions
included in this book. The exam is designed to test your knowledge
of a concept or objective, so use this book to learn the objectives
behind the questions.


Before You Begin the CompTIA Security+
Certification Exam
Before you begin studying for the exam, it’s imperative that you
understand a few things about the Security+ certification. Security+ is
a certification from CompTIA (an industry association responsible for
many entry-level certifications) granted to those who obtain a passing
score on a single entry-level exam. In addition to adding Security+ to
your résumé as a stand-alone certification, you can use it as an elective
in many vendor-certification tracks.

The CompTIA Advance Security Practitioner (CASP)
certification is designed for those with up to 10 years of security
experience. It builds on Security+ and authenticates knowledge at
a higher level. Between Security+ and CASP, CompTIA created a
Cybersecurity Analyst certification (CSA+) as a bridge that remains
vendor-neutral and verifies that successful candidates have the
knowledge and skills required to configure and use threat detection
tools, perform data analysis, and interpret the results to identify
vulnerabilities, threats, and risks to an organization, with the end
goal of securing and protecting applications and systems within an
organization.

When you’re studying for any exam, the first step in preparation
should always be to find out as much as possible about the test: the
more you know up front, the better you can plan your course of study.
The current exam, and the one addressed by this book, is the 2017
update. Although all variables are subject to change, as this book is
being written, the exam consists of 100 questions. You have 90
minutes to take the exam, and the passing score is based on a scale
from 100 to 900. Pearson VUE testing centers administer the exam
throughout the United States and several other countries.


The exam is predominantly multiple choice with short, concise
questions, usually followed by four possible answers. Don’t expect
lengthy scenarios and complex solutions. This is an entry-level exam
of knowledge-level topics; you’re expected to know a great deal about
security topics from an overview perspective rather than
implementation. In many books, the glossary is filler added to the back
of the text; this book’s glossary (located on the book’s online test bank
at www.wiley.com/go/sybextestprep) should be considered necessary
reading. You’re likely to see a question on the exam about what a
Trojan horse is, not how to identify it at the code level. Spend your
study time learning the different security solutions and identifying
potential security vulnerabilities and where they would be applicable.
Don’t get bogged down in step-by-step details; those are saved for
certification exams beyond the scope of Security+.
You should also know that CompTIA is notorious for including vague
questions on all of its exams. You might see a question for which two
of the possible four answers are correct—but you can choose only one.
Use your knowledge, logic, and intuition to choose the best answer and
then move on. Sometimes, the questions are worded in ways that

would make English majors cringe—a typo here, an incorrect verb
there. Don’t let this frustrate you; answer the question, and go to the
next. Although we haven’t intentionally added typos or other
grammatical errors, the questions throughout this book make every
attempt to re-create the structure and appearance of the real exam
questions.

CompTIA frequently does what is called item seeding,
which is the practice of including unscored questions on exams. It
does so to gather psychometric data, which is then used when
developing new versions of the exam. Before you take it, you are
told that your exam may include unscored questions. So, if you
come across a question that does not appear to map to any of the
exam objectives—or for that matter, does not appear to belong in
the exam—it is likely a seeded question. You never really know