Dont worry about SY0-401 exam - bilgis.com.tr

Extract of all SY0-401 course contents in Q&A format.

SY0-401 sample test | SY0-401 pass exam | SY0-401 exam papers | SY0-401 essay questions | SY0-401 online exam - bilgis.com.tr.com



SY0-401 - CompTIA Security+ - Dump Information

Vendor : CompTIA
Exam Code : SY0-401
Exam Name : CompTIA Security+
Questions and Answers : 1776 Q & A
Updated On : June 26, 2017
PDF Download Mirror : SY0-401 Brain Dump
Get Full Version : Pass4sure SY0-401 Full Version


Got no problem! 3 days preparation of SY0-401 real questions is required.

SY0-401 questions from bilgis.com.tr are excellent, and mirror exactly what test center gives you at the SY0-401 exam. I loved everything about the bilgis.com.tr preparation material. I passed with over 80%.

Try out these real SY0-401 questions.

I have passed the SY0-401 exam with this! This is the first time I used bilgis.com.tr, but now I know its not gonna be the last one! With the practice exams and real questions, taking this exam was surprisingly easy. This is a great way to get certified - which are nothing like anything else. If youve been through any of their exams, youll know what I mean. SY0-401 is hard, but bilgis.com.tr is a blessing!

No cheaper source of SY0-401 Q&A found yet.

bilgis.com.tr provided me with valid exam questions and answers. Everything was accurate and real, so I had no trouble passing this exam, even though I didnt spend that much time studying. Even if you have a very basic knowledge of SY0-401 exam and services, you can pull it off with this bundle. I was a little stressed purely because of the huge amount of information, but as I kept going through the questions, things started falling into place, and my confusion disappeared. All in all, I had a great experience with bilgis.com.tr, and hope that so will you.

Surprised to see SY0-401 real questions!

It is hard to get the study material which has all the necessary features to required to take the SY0-401 exam. Im so lucky in that manner, I used the bilgis.com.tr material which has all the required information and features and also very helpful. The topics was something understandable in the provided Dumps. It really makes the preparation and learning in each topic, seamless process. I am urging my friends to go through it.

Do a smart move, prepare these SY0-401 Questions and Answers.

SY0-401 is the hardest exam I have ever come across. I spent months studying for it, with all official resources and everything one could find - and failed it miserably. But I didnt give up! A few months later, I added bilgis.com.tr to my preparation schedule and kept practicing on the testing engine and the real exam questions they provide. I believe this is exactly what helped me pass the second time around! I wish I hadnt wasted the time and money on all this unnecessary stuff (their books arent bad in general, but I believe they dont give you the best exam preparation).

Very comprehensive and authentic Q&A of SY0-401 exam.

I am not a fan of online brain dumps, because they are often posted by irresponsible people who mislead you into learning stuff you dont need and missing things that you really need to know. Not bilgis.com.tr. This company provides absolutely valid questions answers that help you get through your exam preparation. This is how I passed SY0-401 exam. First time, First I relied on free online stuff and I failed. I got bilgis.com.tr SY0-401 exam simulator - and I passed. This is the only proof I need. Thanks bilgis.com.tr.

Did you tried this great source of real questions.

I am very happy right now. You must be wondering why I am so happy, well the reason is quite simple, I just got my SY0-401 test results and I have made it through them quite easily. I write over here because it was this bilgis.com.tr that taught me for SY0-401 test and I cant go on without thanking it for being so generous and helpful to me throughout.

Extract of all SY0-401 course contents in Q&A format.

I was 2 weeks short of my SY0-401 exam and my preparation was not all done as my SY0-401 books got burnt in fire incident at my place. All I thought at that time was to quit the option of giving the paper as I didnt have any resource to prepare from. Then I opted for bilgis.com.tr and I still am in a state of shock that I cleared my SY0-401 exam. With the free demo of bilgis.com.tr, I was able to grasp things easily.

New Syllabus SY0-401 Exam q and a are provided here.

I passed this exam SY0-401 today with a 92% score. bilgis.com.tr was my main preparation resource, so if you plan to take this exam, you can totally count on this SY0-401 questions source. All information is relevant, the SY0-401 questions are correct. I am very happy with bilgis.com.tr. This is the first time I used it, but now Im confident Ill come back to this website for all my SY0-401 certification exams

Right place to find SY0-401 real question paper.

Asking my father to help me with something is like entering in to huge trouble and I certainly didnt want to disturb him during my SY0-401 preparation. I knew someone else has to help me. I just didnt who it would be until one of my cousins told me of this bilgis.com.tr. It was like a great gift to me since it was extremely helpful and useful for my SY0-401 test preparation. I owe my great marks to the people working on here because their dedication made it possible.

Latest Exams added on bilgis.com.tr

1Z0-453 | 210-250 | 300-210 | 500-205 | 500-210 | 70-765 | 9A0-409 | C2010-555 | C2090-136 | C9010-260 | C9010-262 | C9020-560 | C9020-568 | C9050-042 | C9050-548 | C9050-549 | C9510-819 | C9520-911 | C9520-923 | C9520-928 | C9520-929 | C9550-512 | CPIM-BSP | C_TADM70_73 | C_TB1200_92 | C_TBW60_74 | C_TPLM22_64 | C_TPLM50_95 | DNDNS-200 | DSDPS-200 | E20-562 | E20-624 | E_HANABW151 | E_HANAINS151 | JN0-1330 | JN0-346 | JN0-661 | MA0-104 | MB2-711 | NSE6 | OMG-OCRES-A300 | P5050-031 |

See more dumps on bilgis.com.tr

HP2-N26 | 190-720 | FM0-306 | 000-N55 | 000-433 | ST0-079 | MOPF | 642-883 | 1Z0-067 | 000-M47 | HP2-H19 | 1Z0-141 | HP0-Y13 | 650-251 | 000-919 | 642-279 | 77-605 | HP2-T16 | VCP-410 | BCP-620 | 250-240 | ISEE | 70-695 | F50-536 | HP3-C29 | 74-343 | 920-158 | 000-197 | HP2-B100 | 000-400 | 000-908 | 4A0-108 | HP3-R95 | 650-667 | A4040-122 | 000-R13 | P2090-050 | C2090-422 | 000-M40 | A4040-129 | LOT-407 | 9L0-062 | NS0-320 | 00M-246 | M2180-716 | P2070-092 | 000-052 | 642-889 | 1D0-435 | PRF |

SY0-401 Questions and Answers

SY0-401

QUESTION: 262

An organization receives an email that provides instruction on how to protect a system from being a target of new malware that is rapidly infecting systems. The incident response team investigates the notification and determines it to invalid and notifies users to disregard the email. Which of the following Best describes this occurrence?


  1. Phishing

  2. Scareware

  3. SPAM

  4. Hoax


Answer: D


QUESTION: 263

During an office move a sever containing the employee information database will be shut down and transported to a new location. Which of the following would BEST ensure the availability of the employee database should happen to the server during the move?


  1. The contents of the database should be encrypted; the encryption key should be stored off-site

  2. A hash of the database should be taken and stored on an external drive prior to the move

  3. The database should be placed on a drive that consists of a RAID array prior to the move

  4. A backup of the database should be stored on an external hard drive prior to the move


Answer: D


QUESTION: 264

Which of the following is primarily used to provide fault tolerance at the application level? (Select TWO)


  1. Load balancing

  2. RAID array

  3. RAID 6

  4. Server clustering

  5. JBOD array


QUESTION: 265

A security administrator needs to implement a technology that creates a secure key exchange. Neither party involved in the key exchange will have pre-existing knowledge of one another. Which of the following technologies would allow for this?


  1. Blowfish

  2. NTLM

  3. Diffie-Hellman

  4. CHAP


Answer: C


QUESTION: 266

A portable data storage device has been determined to have malicious firmware. Which of the following is the BEST course of action to ensure data confidentiality?


  1. Format the device

  2. Re-image the device

  3. Perform virus scan in the device

  4. Physically destroy the device


Answer: C


QUESTION: 267

Ann, a security administrator, has been instructed to perform fuzz-based testing on the company’s applications. Which of the following best describes what she will do?


  1. Enter random or invalid data into the application in an attempt to cause it to fault

  2. Work with the developers to eliminate horizontal privilege escalation opportunities

  3. Test the applications for the existence of built-in- back doors left by the developers

  4. Hash the application to verify it won’t cause a false positive on the HIPS.


QUESTION: 268

a malicious attacker has intercepted HTTP traffic and inserted an ASCII line that sets the referrer URL. Which of the following is the attacker most likely utilizing?


  1. Header manipulation

  2. Cookie hijacking

  3. Cross-site scripting

  4. Xml injection


Answer: D


QUESTION: 269

A user attempts to install a new and relatively unknown software program recommended by a colleague. The user is unable to install the program, dispute having successfully installed other programs previously. Which of the following is MOST likely the cause for the user’s inability to complete the installation?


  1. Application black listing

  2. Network Intrusion Prevention System

  3. Group Policy

  4. Application White Listing


Answer: A


QUESTION: 270

A Company has recently identified critical systems that support business operations. Which of the following will once defined, be the requirement for restoration of these systems within a certain period of time?


  1. Mean Time Between Failure

  2. Mean Time to Restore

  3. Recovery Point Objective

  4. Recovery Time Objective


Answer: A

QUESTION: 271

A network manager needs a cost-effective solution to allow for the restoration of information with a RPO of 24 hours. The disaster recovery plan also requires that backups occur within a restricted timeframe during the week and be take offsite weekly. Which of the following should the manager choose to BEST address these requirements?


  1. Daily incremental backup to tape

  2. Disk-to-disk hourly server snapshots

  3. Replication of the environment at a hot site

  4. Daily differential backup to tape

  5. Daily full backup to tape


Answer: A


QUESTION: 272

While reviewing the security controls in place for a web-based application, a security controls assessor notices that there are no password strength requirements in place. Because of this vulnerability, passwords might be easily discovered using a brute force attack. Which of the following password requirements will MOST effectively improve the security posture of the application against these attacks? (Select two)


  1. Minimum complexity

  2. Maximum age limit

  3. Maximum length

  4. Minimum length

  5. Minimum age limit

  6. Minimum re-use limit


Answer: D, F


QUESTION: 273

A security administrator implements a web server that utilizes an algorithm that requires other hashing standards to provide data integrity. Which of the following algorithms would meet the requirement?


  1. SHA

  2. MD5

  3. RIPEMD

  4. HMAC


QUESTION: 274

A technician has installed new vulnerability scanner software on a server that is joined to the company domain. The vulnerability scanner is able to provide visibility over the patch posture of all company’s clients. Which of the following is being used?


  1. Gray box vulnerability testing

  2. Passive scan

  3. Credentialed scan

  4. Bypassing security controls


Answer: A


QUESTION: 275

A global gaming console manufacturer is launching a new gaming platform to its customers. Which of the following controls reduces the risk created by malicious gaming customers attempting to circumvent control by way of modifying consoles?


  1. Firmware version control

  2. Manual software upgrades

  3. Vulnerability scanning

  4. Automatic updates

  5. Network segmentation

  6. Application firewalls


Answer: A, D


QUESTION: 276

A company is deploying a new VoIP phone system. They require 99.999% uptime for their phone service and are concerned about their existing data network interfering with the VoIP phone system. The core switches in the existing data network are almost fully saturated. Which of the following options will pro-vide the best performance and availability for both the VoIP traffic, as well as the traffic on the existing data network?


  1. Put the VoIP network into a different VLAN than the existing data network.

  2. Upgrade the edge switches from 10/100/1000 to improve network speed

  3. Physically separate the VoIP phones from the data network


Answer: A


CompTIA SY0-401 Exam (CompTIA Security+) Detailed Information

SY0-401 - CompTIA Security+


SY0-401 Test Objectives


CompTIA Security+

Certification Exam Objectives

EXAM NUMBER: SY0-401

About the Exam

The CompTIA Security+ certification is a vendor-neutral, internationally recognized credential used by organizations and security professionals around the globe to validate foundation- level security skills and knowledge. Candidates are encouraged to use this document to

help prepare for CompTIA Security+ SY0-401, which measures necessary skills for IT security professionals. Successful candidates will have the knowledge required to:

  • Identify risk

  • Participate in risk mitigation activities

  • Provide infrastructure, application, information and operational security

  • Apply security controls to maintain confidentiality, integrity and availability

  • Identify appropriate technologies and products

  • Troubleshoot security events and incidents

  • Operate with an awareness of applicable policies, laws and regulations

    These content examples are meant to clarify the test objectives and should not be construed as a comprehensive listing of all content in this examination.

    EXAM ACCREDITATION

    CompTIA Security+ is accredited by ANSI to show compliance with the ISO 17024 Standard and, as such, the exam objectives undergo regular reviews and updates.

    EXAM DEVELOPMENT

    CompTIA exams result from subject matter expert workshops and industry-wide survey results regarding the skills and knowledge required of an IT professional.

    TEST DETAILS

    Required exam CompTIA Security+ SY0-401 Number of questions Maximum of 90

    Types of questions Multiple choice and performance-based Length of test 90 minutes

    Recommended experience At least two years of experience

    in IT administration with a focus on security

    Passing score 750 (on a scale of 100–900)

    EXAM OBJECTIVES (DOMAINS)

    The table below lists the domains measured by this examination and the extent to which they are represented:

    DOMAIN PERCENTAGE OF EXAMINATION

    1.0 Network Security 20%

    2.0 Compliance and Operational Security 18%

    3.0 Threats and Vulnerabilities 20%

    4.0 Application, Data and Host Security 15%

    5.0 Access Control and Identity Management 15%

  • Cryptography 12%

    Total 100%

    1.0 Network Security

    1.1

    Implement security configuration parameters on network devices and other technologies.

    • Firewalls

    • Routers

    • Switches

    • Load balancers

    • Proxies

    • Web security gateways

    • VPN concentrators

    • NIDS and NIPS

      • Behavior-based

      • Signature-based

      • Anomaly-based

      • Heuristic

    • Protocol analyzers

    • Spam filter

    • UTM security appliances

      • URL filter

      • Content inspection

      • Malware inspection

    • Web application firewall vs. network firewall

    • Application aware devices

      • Firewalls

      • IPS

      • IDS

      • Proxies

        1.2

        Given a scenario, use secure network administration principles.

    • Rule-based management

    • Firewall rules

    • VLAN management

    • Secure router configuration

    • Access control lists

    • Port security

      • 802.1x

    • Flood guards

    • Loop protection

    • Implicit deny

    • Network separation

    • Log analysis

    • Unified threat management

      1.3

      Explain network design elements and components.

    • DMZ

    • Subnetting

    • VLAN

    • NAT

    • Remote access

    • Telephony

    • NAC

    • Virtualization

    • Cloud computing

      • PaaS

      • SaaS

      • IaaS

      • Private

      • Public

      • Hybrid

      • Community

    • Layered security/defense in depth

      1.0 Network Security

      1.4

      Given a scenario, implement common protocols and services.

    • Protocols

      • IPSec

      • SNMP

      • SSH

      • DNS

      • TLS

      • SSL

      • TCP/IP

      • FTPS

      • HTTPS

      • SCP

      • ICMP

        • IPv4

        • IPv6

        • iSCSI

        • Fibre Channel

        • FCoE

        • FTP

        • SFTP

        • TFTP

        • TELNET

        • HTTP

        • NetBIOS

    • Ports

      - 21

      - 22

      - 25

      - 53

      - 80

      - 110

      - 139

      - 143

      - 443

      - 3389

    • OSI relevance

      1.5

      Given a scenario, troubleshoot security issues related to wireless networking.

    • WPA

    • WPA2

    • WEP

    • EAP

    • PEAP

    • LEAP

    • MAC filter

    • Disable SSID broadcast

    • TKIP

    • CCMP

    • Antenna placement

    • Power level controls

    • Captive portals

    • Antenna types

    • Site surveys

    • VPN (over open wireless)

      2.0 Compliance and Operational Security

      2.1

      Explain the importance of risk related concepts.

    • Control types

      • Technical

      • Management

      • Operational

    • False positives

    • False negatives

    • Importance of policies in reducing risk

      • Privacy policy

      • Acceptable use

      • Security policy

      • Mandatory vacations

      • Job rotation

      • Separation of duties

      • Least privilege

    • Risk calculation

      • Likelihood

      • ALE

      • Impact

      • SLE

      • ARO

      • MTTR

      • MTTF

      • MTBF

    • Quantitative vs. qualitative

    • Vulnerabilities

    • Threat vectors

    • Probability/threat likelihood

    • Risk avoidance, transference, acceptance, mitigation, deterrence

    • Risks associated with cloud computing and virtualization

    • Recovery time objective and recovery point objective

      2.2

      Summarize the security implications of integrating systems and data with third parties.

    • On-boarding/off-boarding business partners

    • Social media networks and/or applications

    • Interoperability agreements

      • SLA

      • BPA

      • MOU

      • ISA

    • Privacy considerations

    • Risk awareness

    • Unauthorized data sharing

    • Data ownership

    • Data backups

    • Follow security policy and procedures

    • Review agreement requirements to verify compliance and performance standards

      2.3

      Given a scenario, implement appropriate risk mitigation strategies.

      • Change management

      • Incident management

      • User rights and permissions reviews

      • Perform routine audits

      • Enforce policies and procedures to prevent data loss or theft

      • Enforce technology controls

        • Data Loss Prevention (DLP)

          2.4

          2.0 Compliance and Operational Security

          Given a scenario, implement basic forensic procedures.

      • Order of volatility

      • Capture system image

      • Network traffic and logs

      • Capture video

      • Record time offset

      • Take hashes

      • Screenshots

      • Witnesses

      • Track man hours and expense

      • Chain of custody

      • Big Data analysis

        2.5

        Summarize common incident response procedures.

      • Preparation

      • Incident identification

      • Escalation and notification

      • Mitigation steps

      • Lessons learned

      • Reporting

      • Recovery/reconstitution procedures

      • First responder

      • Incident isolation

        • Quarantine

        • Device removal

      • Data breach

      • Damage and loss control

        2.6

        Explain the importance of security related awareness and training.

      • Security policy training and procedures

      • Role-based training

      • Personally identifiable information

      • Information classification

        • High

        • Medium

        • Low

        • Confidential

        • Private

        • Public

      • Data labeling, handling and disposal

      • Compliance with laws, best practices and standards

      • User habits

        • Password behaviors

        • Data handling

        • Clean desk policies

        • Prevent tailgating

        • Personally owned devices

      • New threats and new security trends/alerts

        • New viruses

        • Phishing attacks

        • Zero-day exploits

      • Use of social networking and P2P

      • Follow up and gather training metrics to validate compliance and security posture

        2.7

        Compare and contrast physical security and environmental controls.

      • Environmental controls

        • HVAC

        • Fire suppression

        • EMI shielding

        • Hot and cold aisles

        • Environmental monitoring

        • Temperature and humidity controls

      • Physical security

        • Hardware locks

        • Mantraps

        • Video surveillance

          • Fencing

          • Proximity readers

          • Access list

          • Proper lighting

          • Signs

          • Guards

          • Barricades

          • Biometrics

          • Protected distribution (cabling)

          • Alarms

          • Motion detection

      • Control types

        • Deterrent

        • Preventive

        • Detective

        • Compensating

        • Technical

        • Administrative

          2.8

          2.0 Compliance and Operational Security

          Summarize risk management best practices.

      • Business continuity concepts

        • Business impact analysis

        • Identification of critical systems and components

        • Removing single points of failure

        • Business continuity planning and testing

        • Risk assessment

        • Continuity of operations

        • Disaster recovery

        • IT contingency planning

        • Succession planning

        • High availability

        • Redundancy

        • Tabletop exercises

      • Fault tolerance

        • Hardware

        • RAID

        • Clustering

        • Load balancing

        • Servers

      • Disaster recovery concepts

        • Backup plans/policies

        • Backup execution/frequency

        • Cold site

        • Hot site

        • Warm site

          2.9

          Given a scenario, select the appropriate control to meet the goals of security.

      • Confidentiality

        • Encryption

        • Access controls

        • Steganography

      • Integrity

        • Hashing

        • Digital signatures

        • Certificates

        • Non-repudiation

      • Availability

        • Redundancy

        • Fault tolerance

        • Patching

      • Safety

        • Fencing

        • Lighting

        • Locks

        • CCTV

          • Escape plans

          • Drills

          • Escape routes

          • Testing controls

            3.0 Threats and Vulnerabilities

            3.1

            Explain types of malware.

      • Adware

      • Virus

      • Spyware

      • Trojan

      • Rootkits

      • Backdoors

      • Logic bomb

      • Botnets

      • Ransomware

      • Polymorphic malware

      • Armored virus

        3.2

        Summarize various types of attacks.

      • Man-in-the-middle

      • DDoS

      • DoS

      • Replay

      • Smurf attack

      • Spoofing

      • Spam

      • Phishing

      • Spim

      • Vishing

      • Spear phishing

      • Xmas attack

      • Pharming

      • Privilege escalation

      • Malicious insider threat

      • DNS poisoning and ARP poisoning

      • Transitive access

      • Client-side attacks

      • Password attacks

        • Brute force

        • Dictionary attacks

        • Hybrid

        • Birthday attacks

        • Rainbow tables

      • Typo squatting/URL hijacking

      • Watering hole attack

        3.3

        Summarize social engineering attacks and the associated effectiveness with each attack.

      • Shoulder surfing

      • Dumpster diving

      • Tailgating

      • Impersonation

      • Hoaxes

      • Whaling

      • Vishing

      • Principles (reasons for effectiveness)

        • Authority

        • Intimidation

          • Consensus/social proof

          • Scarcity

          • Urgency

          • Familiarity/liking

          • Trust

          3.4

          Explain types of wireless attacks.

      • Rogue access points

      • Jamming/interference

      • Evil twin

      • War driving

      • Bluejacking

      • Bluesnarfing

      • War chalking

      • IV attack

      • Packet sniffing

      • Near field communication

      • Replay attacks

      • WEP/WPA attacks

      • WPS attacks

3.5

Explain types of application attacks.

  • Threats and Vulnerabilities

    • Cross-site scripting

    • SQL injection

    • LDAP injection

    • XML injection

    • Directory traversal/command injection

    • Buffer overflow

    • Integer overflow

    • Zero-day

    • Cookies and attachments

    • Locally Shared Objects (LSOs)

    • Flash cookies

    • Malicious add-ons

    • Session hijacking

    • Header manipulation

    • Arbitrary code execution/remote code execution

      3.6

      Analyze a scenario and select the appropriate type of mitigation and deterrent techniques.

    • Monitoring system logs

      • Event logs

      • Audit logs

      • Security logs

      • Access logs

    • Hardening

      • Disabling unnecessary services

      • Protecting management interfaces and applications

      • Password protection

      • Disabling unnecessary accounts

    • Network security

      • MAC limiting and filtering

        - 802.1x

      • Disabling unused interfaces

        and unused application service ports

      • Rogue machine detection

    • Security posture

      • Initial baseline configuration

      • Continuous security monitoring

      • Remediation

    • Reporting

      • Alarms

      • Alerts

      • Trends

    • Detection controls vs. prevention controls

      • IDS vs. IPS

      • Camera vs. guard

        3.7

        Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities.

        • Interpret results of security assessment tools

        • Tools

          • Protocol analyzer

          • Vulnerability scanner

          • Honeypots

          • Honeynets

          • Port scanner

          • Passive vs. active tools

          • Banner grabbing

        • Risk calculations

          • Threat vs. likelihood

        • Assessment types

          • Risk

          • Threat

          • Vulnerability

        • Assessment technique

          • Baseline reporting

          • Code review

          • Determine attack surface

          • Review architecture

          • Review designs

            3.8

            Explain the proper use of penetration testing versus vulnerability scanning.

        • Penetration testing

          • Verify a threat exists

          • Bypass security controls

          • Actively test security controls

          • Exploiting vulnerabilities

        • Vulnerability scanning

          • Passively testing security controls

          • Identify vulnerability

          • Identify lack of security controls

          • Identify common misconfigurations

          • Intrusive vs. non-intrusive

          • Credentialed vs. non-credentialed

          • False positive

        • Black box

        • White box

        • Gray box

          4.0 Application, Data and Host Security

          4.1

          Explain the importance of application security controls and techniques.

        • Fuzzing

        • Secure coding concepts

          • Error and exception handling

          • Input validation

        • Cross-site scripting prevention

        • Cross-site Request Forgery (XSRF) prevention

        • Application configuration baseline (proper settings)

        • Application hardening

        • Application patch management

        • NoSQL databases vs. SQL databases

        • Server-side vs. client-side validation

          4.2

          Summarize mobile security concepts and technologies.

        • Device security

          • Full device encryption

          • Remote wiping

          • Lockout

          • Screen locks

          • GPS

          • Application control

          • Storage segmentation

          • Asset tracking

          • Inventory control

          • Mobile device management

          • Device access control

          • Removable storage

          • Disabling unused features

        • Application security

          • Key management

          • Credential management

          • Authentication

          • Geo-tagging

          • Encryption

          • Application whitelisting

          • Transitive trust/authentication

        • BYOD concerns

          • Data ownership

          • Support ownership

          • Patch management

          • Antivirus management

          • Forensics

            • Privacy

            • On-boarding/off-boarding

            • Adherence to corporate policies

            • User acceptance

            • Architecture/infrastructure considerations

            • Legal concerns

            • Acceptable use policy

            • On-board camera/video

            4.3

            Given a scenario, select the appropriate solution to establish host security.

        • Operating system security and settings

        • OS hardening

        • Anti-malware

          • Antivirus

          • Anti-spam

          • Anti-spyware

          • Pop-up blockers

        • Patch management

        • Whitelisting vs. blacklisting applications

    • Trusted OS

    • Host-based firewalls

    • Host-based intrusion detection

    • Hardware security

      • Cable locks

      • Safe

      • Locking cabinets

    • Host software baselining

    • Virtualization

      • Snapshots

      • Patch compatibility

      • Host availability/elasticity

      • Security control testing

      • Sandboxing

        4.4

        4.0 Application, Data and Host Security

        Implement the appropriate controls to ensure data security.

    • Cloud storage

    • SAN

    • Handling Big Data

    • Data encryption

      • Full disk

      • Database

      • Individual files

      • Removable media

      • Mobile devices

    • Hardware-based encryption devices

      • TPM

      • HSM

      • USB encryption

      • Hard drive

    • Data in transit, data at rest, data in use

    • Permissions/ACL

    • Data policies

      • Wiping

      • Disposing

      • Retention

      • Storage

        4.5

        Compare and contrast alternative methods to mitigate security risks in static environments.

    • Environments

      • SCADA

      • Embedded (printer, smart TV, HVAC control)

      • Android

      • iOS

      • Mainframe

      • Game consoles

      • In-vehicle computing systems

    • Methods

      • Network segmentation

      • Security layers

      • Application firewalls

      • Manual updates

      • Firmware version control

      • Wrappers

      • Control redundancy and diversity

        5.0 Access Control and Identity Management

        5.1

        Compare and contrast the function and purpose of authentication services.

    • RADIUS

    • TACACS+

    • Kerberos

    • LDAP

    • XTACACS

    • SAML

    • Secure LDAP

      5.2

      Given a scenario, select the appropriate authentication, authorization or access control.

    • Identification vs. authentication vs. authorization

    • Authorization

      • Least privilege

      • Separation of duties

      • ACLs

      • Mandatory access

      • Discretionary access

      • Rule-based access control

      • Role-based access control

      • Time of day restrictions

    • Authentication

      • Tokens

      • Common access card

      • Smart card

      • Multifactor authentication

      • TOTP

      • HOTP

      • CHAP

      • PAP

      • Single sign-on

      • Access control

      • Implicit deny

      • Trusted OS

    • Authentication factors

      • Something you are

      • Something you have

      • Something you know

      • Somewhere you are

      • Something you do

    • Identification

      • Biometrics

      • Personal identification verification card

      • Username

    • Federation

    • Transitive trust/authentication

      5.3

      Install and configure security controls when performing account management, based on best practices.

    • Mitigate issues associated with users with multiple account/ roles and/or shared accounts

    • Account policy enforcement

      • Credential management

      • Group policy

      • Password complexity

      • Expiration

      • Recovery

      • Disablement

      • Lockout

      • Password history

      • Password reuse

      • Password length

      • Generic account prohibition

    • Group-based privileges

    • User-assigned privileges

    • User access reviews

    • Continuous monitoring

      6.0 Cryptography

      6.1

      Given a scenario, utilize general cryptography concepts.

    • Symmetric vs. asymmetric

    • Session keys

    • In-band vs. out-of-band key exchange

    • Fundamental differences and encryption methods

      • Block vs. stream

    • Transport encryption

    • Non-repudiation

    • Hashing

    • Key escrow

    • Steganography

    • Digital signatures

    • Use of proven technologies

    • Elliptic curve and quantum cryptography

    • Ephemeral key

    • Perfect forward secrecy

      6.2

      Given a scenario, use appropriate cryptographic methods.

    • WEP vs. WPA/WPA2 and pre-shared key

    • MD5

    • SHA

    • RIPEMD

    • AES

    • DES

    • 3DES

    • HMAC

    • RSA

    • Diffie-Hellman

    • RC4

    • One-time pads

    • NTLM

    • NTLMv2

    • Blowfish

    • PGP/GPG

    • Twofish

    • DHE

    • ECDHE

    • CHAP

    • PAP

    • Comparative strengths and performance of algorithms

    • Use of algorithms/protocols with transport encryption

      • SSL

      • TLS

      • IPSec

      • SSH

      • HTTPS

    • Cipher suites

      • Strong vs. weak ciphers

    • Key stretching

      • PBKDF2

      • Bcrypt

        6.3

        Given a scenario, use appropriate PKI, certificate management and associated components.

    • Certificate authorities and digital certificates

      • CA

      • CRLs

      • OCSP

      • CSR

    • PKI

    • Recovery agent

    • Public key

    • Private key

    • Registration

    • Key escrow

    • Trust models

    CompTIA Security+ Acronyms

    The following is a list of acronyms that appear on the CompTIA Security+ exam. Candidates are encouraged to review the complete list and attain a working knowledge of all listed acronyms as a

    part of a comprehensive exam preparation program.

    ACRONYM

    SPELLED OUT

    ACRONYM

    SPELLED OUT

    3DES

    Triple Digital Encryption Standard

    CIRT

    Computer Incident Response Team

    AAA

    Authentication, Authorization and Accounting

    CMS

    Content Management System

    ACL

    Access Control List

    COOP

    Continuity Of Operation Planning

    AES

    Advanced Encryption Standard

    CP

    Contingency Planning

    AES256

    Advanced Encryption Standards 256-bit

    CRC

    Cyclical Redundancy Check

    AH

    Authentication Header

    CRL

    Certificate Revocation List

    ALE

    Annualized Loss Expectancy

    CRM

    Customer Relationship Management

    AP

    Access Point

    CSO

    Chief Security Officer

    API

    Application Programming Interface

    CSP

    Cloud Service Provider

    APT

    Advanced Persistent Threat

    CSR

    Certificate Signing Request

    ARO

    Annualized Rate of Occurrence

    CSRF

    Cross-Site Request Forgery

    ARP

    Address Resolution Protocol

    CSU

    Channel Service Unit

    ASLR

    Address Space Layout Randomization

    CTO

    Chief Technology Officer

    ASP

    Application Service Provider

    DAC

    Discretionary Access Control

    AUP

    Acceptable Use Policy

    DBA

    Database Administrator

    AV

    Antivirus

    DDoS

    Distributed Denial of Service

    BAC

    Business Availability Center

    DEP

    Data Execution Prevention

    BCP

    Business Continuity Planning

    DES

    Digital Encryption Standard

    BIA

    Business Impact Analysis

    DHCP

    Dynamic Host Configuration Protocol

    BIOS

    Basic Input/Output System

    DHE

    Data-Handling Electronics

    BPA

    Business Partners Agreement

    DHE

    Diffie-Hellman Ephemeral

    BPDU

    Bridge Protocol Data Unit

    DLL

    Dynamic Link Library

    BYOD

    Bring Your Own Device

    DLP

    Data Loss Prevention

    CA

    Certificate Authority

    DMZ

    Demilitarized Zone

    CAC

    Common Access Card

    DNAT

    Destination Network Address Transaction

    CAN

    Controller Area Network

    DNS

    Domain Name Service (Server)

    CAPTCHA

    Completely Automated Public Turing

    DoS

    Denial of Service

    test to tell Computers and Humans Apart

    DRP

    Disaster Recovery Plan

    CAR

    Corrective Action Report

    DSA

    Digital Signature Algorithm

    CCMP

    Counter-mode/CBC-MAC Protocol

    DSL

    Digital Subscriber Line

    CCTV

    Closed-Circuit Television

    DSU

    Data Service Unit

    CERT

    Computer Emergency Response Team

    EAP

    Extensible Authentication Protocol

    CFB

    Cipher Feedback

    ECC

    Elliptic Curve Cryptography

    CHAP

    Challenge Handshake Authentication Protocol

    ECDHE

    Elliptic Curve Diffie-Hellman Exchange

    CIO

    Chief Information Officer

    ECDSA

    Elliptic Curve Digital Signature Algorithm

    ACRONYM

    SPELLED OUT

    ACRONYM

    SPELLED OUT

    EFS

    Encrypted File System

    IRP

    Incident Response Procedure

    EMI

    Electromagnetic Interference

    ISA

    Interconnection Security Agreement

    ERP

    Enterprise Resource Planning

    ISP

    Internet Service Provider

    ESN

    Electronic Serial Number

    ISSO

    Information Systems Security Officer

    ESP

    Encapsulated Security Payload

    ITCP

    IT Contingency Plan

    FACL

    File system Access Control List

    IV

    Initialization Vector

    FDE

    Full Disk Encryption

    JBOD

    Just a Bunch Of Disks

    FQDN

    Fully Qualified Domain Name

    KDC

    Key Distribution Center

    FRR

    False Rejection Rate

    KEK

    Key Encryption Key

    FTP

    File Transfer Protocol

    L2TP

    Layer 2 Tunneling Protocol

    FTPS

    Secured File Transfer Protocol

    LAN

    Local Area Network

    GCM

    Galois Counter Mode

    LDAP

    Lightweight Directory Access Protocol

    GPG

    GNU Privacy Guard

    LEAP

    Lightweight Extensible Authentication Protocol

    GPO

    Group Policy Object

    MaaS

    Monitoring as a Service

    GPS

    Global Positioning System

    MAC

    Mandatory Access Control or Media Access Control

    GPU

    Graphic Processing Unit

    MAC

    Message Authentication Code

    GRE

    Generic Routing Encapsulation

    MAN

    Metropolitan Area Network

    HA

    High Availability

    MBR

    Master Boot Record

    HDD

    Hard Disk Drive

    MD5

    Message Digest 5

    HIDS

    Host-based Intrusion Detection System

    MDF

    Main Distribution Frame

    HIPS

    Host-based Intrusion Prevention System

    MITM

    Man-In-The-Middle

    HMAC

    Hashed Message Authentication Code

    MOU

    Memorandum Of Understanding

    HOTP

    HMAC-based One Time Password

    MPLS

    Multi-Protocol Layer Switch

    HSM

    Hardware Security Module

    MSCHAP

    Microsoft Challenge Handshake

    HSRP

    Hot Standby Router Protocol

    Authentication Protocol

    HTML

    Hypertext Markup Language

    MTBF

    Mean Time Between Failures

    HTTP

    Hypertext Transfer Protocol

    MTTR

    Mean Time To Recover

    HTTPS

    Hypertext Transfer Protocol over SSL

    MTTF

    Mean Time To Failure

    HVAC

    Heating, Ventilation and Air Conditioning

    MTU

    Maximum Transmission Unit

    IaaS

    Infrastructure as a Service

    NAC

    Network Access Control

    ICMP

    Internet Control Message Protocol

    NAT

    Network Address Translation

    ICS

    Industrial Control Systems

    NDA

    Non-Disclosure Agreement

    ID

    Identification

    NFC

    Near Field Communication

    IDEA

    International Data Encryption Algorithm

    NIDS

    Network-based Intrusion Detection System

    IDF

    Intermediate Distribution Frame

    NIPS

    Network-based Intrusion Prevention System

    IdP

    Identity Provider

    NIST

    National Institute of Standards and Technology

    IDS

    Intrusion Detection System

    NOS

    Network Operating System

    IKE

    Internet Key Exchange

    NTFS

    New Technology File System

    IM

    Instant Messaging

    NTLM

    New Technology LANMAN

    IMAP4

    Internet Message Access Protocol v4

    NTP

    Network Time Protocol

    IoT

    Internet of Things

    OAUTH

    Open Authorization

    IP

    Internet Protocol

    OCSP

    Online Certificate Status Protocol

    IPSec

    Internet Protocol Security

    OLA

    Open License Agreement

    IR

    Incident Response

    OS

    Operating System

    IRC

    Internet Relay Chat

    OVAL

    Open Vulnerability Assessment Language

    ACRONYM

    P2P

    SPELLED OUT

    Peer to Peer

    ACRONYM

    SEH

    SPELLED OUT

    Structured Exception Handler

    PAC

    Proxy Auto Configuration

    SHA

    Secure Hashing Algorithm

    PAM

    Pluggable Authentication Modules

    SFTP

    Secured File Transfer Protocol

    PAP

    Password Authentication Protocol

    SHTTP

    Secure Hypertext Transfer Protocol

    PAT

    Port Address Translation

    SIEM

    Security Information and Event Management

    PBKDF2

    Password-Based Key Derivation Function 2

    SIM

    Subscriber Identity Module

    PBX

    Private Branch Exchange

    SLA

    Service Level Agreement

    PCAP

    Packet Capture

    SLE

    Single Loss Expectancy

    PEAP

    Protected Extensible Authentication Protocol

    SMS

    Short Message Service

    PED

    Personal Electronic Device

    SMTP

    Simple Mail Transfer Protocol

    PFS

    Perfect Forward Secrecy

    SMTPS

    Simple Mail Transfer Protocol Secure

    PGP

    Pretty Good Privacy

    SNMP

    Simple Network Management Protocol

    PII

    Personally Identifiable Information

    SOAP

    Simple Object Access Protocol

    PIV

    Personal Identity Verification

    SONET

    Synchronous Optical Network Technologies

    PKI

    Public Key Infrastructure

    SPIM

    Spam over Internet Messaging

    POTS

    Plain Old Telephone Service

    SQL

    Structured Query Language

    PPP

    Point-to-Point Protocol

    SSD

    Solid State Drive

    PPTP

    Point-to-Point Tunneling Protocol

    SSH

    Secure Shell

    PSK

    Pre-Shared Key

    SSL

    Secure Sockets Layer

    PTZ

    Pan-Tilt-Zoom

    SSO

    Single Sign-On

    RA

    Recovery Agent

    STP

    Shielded Twisted Pair or

    RA

    Registration Authority

    Spanning Tree Protocol

    RAD

    Rapid Application Development

    TACACS+

    Terminal Access Controller Access

    RADIUS

    Remote Authentication Dial-In User Server

    Control System Plus

    RAID

    Redundant Array of Inexpensive Disks

    TCP/IP

    Transmission Control Protocol/Internet Protocol

    RAS

    Remote Access Server

    TFTP

    Trivial File Transfer Protocol

    RBAC

    Role-Based Access Control

    TGT

    Ticket Granting Ticket

    RBAC

    Rule-Based Access Control

    TKIP

    Temporal Key Integrity Protocol

    RC4

    RSA Variable Key Size Encryption Algorithm

    TLS

    Transport Layer Security

    RDP

    Remote Desktop Protocol

    TOTP

    Time-based One-Time Password

    RIPEMD

    RACE Integrity Primitives Evaluation Message Digest

    TPM

    Trusted Platform Module

    ROI

    Return On Investment

    TSIG

    Transaction Signature

    RPO

    Recovery Point Objective

    UAT

    User Acceptance Testing

    RSA

    Rivest, Shamir and Adleman

    UEFI

    Unified Extensible Firmware Interface

    RTBH

    Remote Triggered Black Hole

    UDP

    User Datagram Protocol

    RTO

    Recovery Time Objective

    UPS

    Uninterruptable Power Supply

    RTP

    Real-time Transport Protocol

    URI

    Uniform Resource Identifier

    S/MIME

    Secure/Multipurpose Internet Mail Extensions

    URL

    Universal Resource Locator

    SAML

    Security Assertions Markup Language

    USB

    Universal Serial Bus

    SaaS

    Software as a Service

    UTM

    Unified Threat Management

    SAN

    Storage Area Network

    UTP

    Unshielded Twisted Pair

    SCADA

    System Control and Data Acquisition

    VDI

    Virtualization Desktop Infrastructure

    SCAP

    Security Content Automation Protocol

    VLAN

    Virtual Local Area Network

    SCEP

    Simple Certificate Enrollment Protocol

    VLSM

    Variable Length Subnet Masking

    SCSI

    Small Computer System Interface

    VM

    Virtual Machine

    SDLC

    Software Development Life Cycle

    VoIP

    Voice over IP

    SDLM

    Software Development Life Cycle Methodology

    VPN

    Virtual Private Network

    ACRONYM SPELLED OUT

    VTC Video Teleconferencing

    WAF Web-Application Firewall

    WAP Wireless Access Point

    WEP Wired Equivalent Privacy

    WIDS Wireless Intrusion Detection System WIPS Wireless Intrusion Prevention System WPA WiFi Protected Access

    WPA2 WiFi Protected Access 2

    WPS WiFi Protected Setup

    WTLS Wireless TLS

    XML Extensible Markup Language

    XSRF Cross-Site Request Forgery

    XSS Cross-Site Scripting

    Security+ Proposed Hardware and Software List

    CompTIA has included this sample list of hardware and software to assist candidates as they prepare for the Security+ exam. This list may also be helpful for training companies who wish to create a lab component to their training offering. The bulleted lists below each topic are a sample list and not exhaustive.

    EQUIPMENT

    • Router

    • Firewall

    • Access point

    • Switch

    • IDS/IPS

    • Server

    • Content filter

    • Client

    • Mobile device

    • VPN concentrator

    • All-in-one appliance

    • Enterprise security managers/SIEM suite

    • Load balancer

      SPARE PARTS/HARDWARE

    • Keyboards, mice

    • Network cables

    • Monitors

      TOOLS

    • WiFi analyzers

      SOFTWARE

    • BackTrack

    • Proxy server

    • Kali/BackTrack

    • Virtualization software

    • Virtualized appliances

    • Wireshark

    • TCPdump

    • NMAP

    • OpenVAS

    • Metasploit

    • Back Orifice

    • Cain & Abel

    • John the Ripper

    • pfSense

    • Security Onion

    • Roo

    • Any UTM

      OTHER

    • SourceForge

    © 2016 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally. Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduc- tion or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 01754-Feb2016



    References:


    Pass4sure Certification Exam Questions and Answers - www.founco.com
    Killexams Exam Study Notes | study guides - www.founco.com
    Pass4sure Certification Exam Questions and Answers - st.edu.ge
    Killexams Exam Study Notes | study guides - st.edu.ge
    Pass4sure Certification Exam Questions and Answers - www.jabbat.com
    Killexams Exam Study Notes | study guides - www.jabbat.com
    Pass4sure Certification Exam Questions and Answers - www.jorgefrazao.esy.es
    Killexams Exam Study Notes | study guides - www.jorgefrazao.esy.es
    Pass4sure Certification Exam Questions and Answers and Study Notes - www.makkesoft.com
    Killexams Exam Study Notes | study guides | QA - www.makkesoft.com
    Pass4sure Exam Study Notes - maipu.gob.ar
    Pass4sure Certification Exam Study Notes - idprod.esy.es
    Download Hottest Pass4sure Certification Exams - cscpk.org
    Killexams Study Guides and Exam Simulator - www.simepe.com.br
    Comprehensive Questions and Answers for Certification Exams - www.ynb.no
    Exam Questions and Answers | Brain Dumps - www.4seasonrentacar.com
    Certification Training Questions and Answers - www.interactiveforum.com.mx
    Pass4sure Training Questions and Answers - www.menchinidesign.com
    Real exam Questions and Answers with Exam Simulators - www.pastoriaborgofuro.it
    Real Questions and accurate answers for exam - playmagem.com.br
    Certification Questions and Answers | Exam Simulator | Study Guides - www.rafflesdesignltd.com
    Kill exams certification Training Exams - www.sitespin.co.za
    Latest Certification Exams with Exam Simulator - www.philreeve.com
    Latest and Updated Certification Exams with Exam Simulator - www.tmicon.com.au
    Pass you exam at first attempt with Pass4sure Questions and Answers - tractaricurteadearges.ro
    Latest Certification Exams with Exam Simulator - addscrave.net
    Pass you exam at first attempt with Pass4sure Questions and Answers - alessaconsulting.com
    Get Great Success with Pass4sure Exam Questions/Answers - alchemiawellness.com
    Best Exam Simulator and brain dumps for the exam - andracarmina.com
    Real exam Questions and Answers with Exam Simulators - empoweredbeliefs.com
    Real Questions and accurate answers for exam - www.alexanndre.com
    Certification Questions and Answers | Exam Simulator | Study Guides - allsoulsholidayclub.co.uk

    Mesajımız

    Kurulduğu günden bugüne sektörde uctan uca çözümler sunan Bilgis; çalışanları, müşterileri ve iş ortakları nezdinde dürüst, güvenilir ve saygın bir şirket olarak kalmaya devam edecek bu yönde kurumsallaşacaktır.

    Türkiye’de son çeyrek yüzyılda köyden şehirlere göç şehir nüfusun % 25 oranında artmıştır. Bu sebeble kentte yaşayanların sosyo ekonomik sıkıntılar oluşmasına neden olmuştur . Şirketimizin Türkiye’nin çeşitli ilçelerinde yapmış olduğu Sosyal Doku Analizi çalışmalarında Kentlerimizin marka değerinin yükseltilmesi, ekonomik ve sosyal problemlerin iyileştirilmesi, engelliler için daha fazla alan sağlanması Ülkemizin küresel boyutta kalkınması için gerekliliği ortaya konulmuştur.

    Bu anlamda Bilgis; ülke ekonomisi, yerel yönetimlerin en yüksek teknolojiyi kullanarak yeni iş modelleri üzerinde büyük AR-GE yatırımları yapmıştır. Her yerel yönetimin marka olabilmesi, vatandaşların isteklerinin anında karşılanması ve bunun için kaynak bulunması için Bilgisçalışanları, tedarikçileri uyum içinde çalışmaktadır.

    Bilgis olarak ürün ve hizmetlerimizin en iyi teknolojide olmasını sağlamak, müşterilerimizin ihtiyaç ve beklentilerinin ötesine geçerek uluslararası kalite ve standartlarda ürün ve hizmet sunmak ilk önceliğimizdir.

    Kurulduğu yıldan bugüne sektörde öncü ve yönlendirici bir kuruluş olmayı kendine ilke edinmiş olan Bilgis; çalışanları, müşterileri ve iş ortakları nezdinde dürüst, güvenilir ve saygın bir kuruluş olarak kalmaya devam edecektir.

    Saygı ve Sevgilerimle…

     

    Adınız (gerekli)

    Epostanız (gerekli)

    Konu

    İletiniz