CompTIA Security+ (Exam SY0-201) Certification Guide

In my previous article on IT Security, we explored the key concepts of IT Security and looked at some of the more prominent IT Security Certifications available today.

In continuation of my series focusing on IT Security, today’s article addresses the key objectives for passing the CompTIA Security+ (SY0-201) exam.

CompTIA Security+ (SY0-201) Exam Overview

The SY0-201 exam is an entry-level security exam and candidates seeking to acquire this certification are expected to understand a variety of security topics from an overview perspective, rather than implementation. With that said, practical experience in IT Security or networking concepts is a huge plus, but not required.

The latest version of the exam was launched in 2008, consists of 100 multiple choice questions, and the time limit of the exam is 90 minutes.

Note: For the Security+ certificate holders of the previous exam, CompTIA offers a bridge exam, BR0-001, which contains 50 questions and requires 60 minutes to complete.

Once you pass the exam, a Security+ certificate and a CompTIA ID card will be sent to you in the mail. The certificate is stated to be good for life, but that is subject to change in 2011 once the new Certification Renewal Policy goes into effect.

My suggestion: get your Security+ cert before the end of 2010.

CompTIA Security+ Key Objectives

The SY0-201 exam requires the exam candidate to understand several topics or key objectives related to IT Security. These key objectives are viewed to be the core components in the development of an IT Security professional and they consist of the following:

• Systems Security
• Network Infrastructure
• Access Control
• Assessment and Audits
• Cryptography
• Organizational Security

SY0-201: Systems Security

Systems security is an important topic in the battle to protect information and prevent intrusion. The SY0-201 exam will test the candidate’s knowledge of threats, which are typically characterized as: viruses, worms, spyware, spam, botnets, and privilege escalation.

Candidates will need to know the difference between a threat and a risk or vulnerability. Questions will pertain to vulnerabilities and risks with hardware and peripherals such as: USB devices, removable storage, network attached storage (NAS0, cell phones (especially smart-phones or blackberries), and system BIOS.

The exam will also cover ways to prevent attacks though the implementation of hardening procedures and practices, particularly for workstations and servers. The exam will also include questions on procedures for application security and how they apply to items like: ActiveX, Java, Simple Mail Transfer Protocol (SMTP), instant messaging, cookies, buffer overflows, and web browsers.

Lastly, this topic addresses the implementation of security applications like firewalls, anti-virus, and pop-up blockers and will cover the purpose and use of virtualization technology.

SY0-201: Network Infrastructure

The next key objective in the SY0-201 exam is network infrastructure.

Candidates need to have a good grasp of some key network topics, particularly network ports and protocols. Understanding threats and the proper mitigation practices is needed, as these topics will be covered for issues like: TCP/IP hijacking, spoofing, man-in-the-middle, and denial of service attacks.

Candidates need to be prepared for threat and mitigation questions related to network design components like VLANs, DMZs, and wireless networking. Additional questions will also concentrate on areas related to Network Address Translation (NAT), telephony, and subnetting.

Finally, this key objective covers the use and implementation of key network tools often seen in the defense of your networks. These tools include: Network Intrusion Devices (NIDS), proxy servers, and protocol analyzers.

SY0-201: Access Control

Controlling access to systems and data is extremely important and covered well in the SY0-201 exam. Best practices need to be understood for the following methods: implicit deny, least privilege, separation of duties, and job rotation. Candidates will also be asked questions related common access control methods and what are their differences.

Logical access to services and data is important in the workplace and adequately covered in this objective. Security controls for files, printers, and appropriate policies for user names, passwords, Access Control Lists (ACL), and time of day restrictions need to be understood.

Access to systems and data requires in today’s IT environments requires some form of authentication. Understanding the method of identity proofing, or authentication is vital in this exam and should not be overlooked. Candidates need to know the differences between one, two, and three factor authentication or single sign-on. Additional authentication models that need to be understood include: RADIUS, LDAP, TACACS, Kerberos, and VPN.

The last issue to be concerned with in this objective is physical security. Restricting physical access to IT equipment is crucial not only for preventing equipment theft, but also controlling access to data and system control. Having physical access to a system can provide a person with access to consoles or management interfaces not available to the outside. The exam covers topics related to different policies and procedures for the prevention of physical intrusion such as: ID badges, hardware locks, video surveillance, and physical access lists and policies.

SY0-201: Assessments and Audits

Proper review and assessment of the secure nature of your system, network, and data are required to maintaining a healthy and secure infrastructure. Keeping up to date on the latest vulnerabilities and threats is inherent in the IT Security professional’s job, but so is the use of tools for detecting them.

The SY0-201 covers the proper use of many vulnerability assessment tools such as: port scanners, vulnerability scanners, system performance monitors, and protocol analyzers.

The exam also is concerned with the differences between monitoring methodologies and logging procedures. The monitoring methodologies that are covered include behavior-based, signature- based, and anomaly-based. Candidates need to be prepared to contrast them to each other. Logging procedures for systems logs and key applications like DNS, firewalls, and anti-virus software will also be addressed.

SY0-201: Cryptography

Confidentiality of data is extremely important in the world of IT Security and as I had mentioned in the previous article on IT Security, confidentiality is the defining principle of cryptography or data encryption. The SY0-201 exam includes questions related to several topics related to this objective.

Candidates need to understand several general cryptography concepts including: key management, symmetric and asymmetric keys, steganography, strength of algorithms, disk encryption, and digital signatures.

In addition, the exam covers hashing concepts such as SHA and MD5, but candidates must also understand basic encryption concepts like DES, 3DES, PGP, AES, and RSA. Candidates will need to prepare to explain protocols that utilize the encryption algorithms including: SSL/TLS, PPTP, HTTP (web browser), HTTPS, IPSec, and secure shell (SSH).

One of the more prominent cryptography methods today is public key cryptography (PKI). The SY0-201 exam covers many of the core concepts, but candidates must be ready to answer questions related to its implementation and certificate management.

SY0-201: Organizational Security

The final key objective that the SY0-201 exam covers is organizational security. This topic is very rich in policy and understanding how organizations function or continue to function after an incident.

Exam candidates need to understand redundancy planning concepts for the IT facility including the use of backup generators, Uninterruptable Power Supplies (UPS), redundant connections, redundant servers, disk RAID, and the planning definitions for hot, cold, and warm sites. The elimination of single points of failure is critical in redundancy planning and this concept is stressed throughout this objective.

This exam includes questions concerning incident response procedures, but has a strong focus on disaster recovery planning and recovery procedures. Companies that have effective disaster recovery plans and protect their data are the ones that survive major incidents to their corporate IT infrastructure.

Also included in this objective are important policies related to organizational function and training. These policies involve issues of equipment disposal, change management, user education, information assurance training, classification of information, and Personally Identifiable Information (PII). These policies typically raise awareness to methods of information gathering by potentially hostile sources and include preventative measures. These methods are referred to as social engineering and common examples include: hoaxes, phishing, and yes, even dumpster diving.

CompTIA Security+: Certification with Strong Core Security Concepts

As you can see from the key objectives, the Security+ exam is a very well rounded exam that focuses on the core concepts of IT Security and how those concepts mesh with an organizations’ infrastructure.

Exam candidates often take the CompTIA A+ or Network+ exam before they attempt Security+, but this is not required.

Understanding the topics and definitions of many of the security terms listed above is imperative for passing this exam, but also for practical application of IT Security for your network, computer system, or organization.

More Related Posts

1. My First IT Certification! Part 9: CompTIA A+
2. IT Security: Concept and Certification Options
3. CompTIA Network+ 2009 Certification Information
4. CompTIA A+ 2009 Certification Information
5. CompTIA Network+: Certification Exam Results!