| |
Exam: SY0-101
CompTIA Exam Objectives
Domain 1.0 General Security Concepts
o MAC (Mandatory Access Control)
o DAC (Discretionary Access Control)
o RBAC (Role Based Access Control)
o Kerberos
o CHAP (Challenge Handshake Authentication Protocol)
o Certificates
o Username / Password
o Tokens
o Multi-factor
o Mutual
o Biometrics
o DOS / DDOS (Denial of Service / Distributed Denial of Service)
o Back Door
o Spoofing
o Man in the Middle
o Replay
o TCP/IP Hijacking
o Weak Keys
o Mathematical
o Social Engineering
o Birthday
o Password Guessing
o Brute Force
o Dictionary
o Software Exploitation
o Viruses
o Trojan Horses
o Logic Bombs
o Worms
Domain 2.0 – Communication
Security
o VPN (Virtual Private Network)
o RADIUS (Remote Authentication Dial-In User Service)
o TACACS (Terminal Access Controller Access Control System)
o L2TP / PPTP (Layer Two Tunneling Protocol / Point to Point Tunneling Protocol)
o SSH (Secure Shell)
o IPSEC (Internet Protocol Security)
o Vulnerabilities
o S/MIME (Secure Multipurpose Internet Mail Extensions)
o PGP (Pretty Good Privacy) like technologies
o Vulnerabilities
o SPAM
o Hoaxes o SSL / TLS (Secure Sockets Layer / Transport
Layer Security)
o HTTP/S (Hypertext Transfer Protocol / Hypertext Transfer Protocol over Secure
Sockets Layer)
o Instant Messaging
o Vulnerabilities
o Packet Sniffing
o Privacy
o Vulnerabilities
o Java Script
o ActiveX
o Buffer Overflows
o Cookies
o Signed Applets
o CGI (Common Gateway Interface)
o SMTP (Simple Mail Transfer Protocol) Relay
o SSL / TLS (Secure Sockets Layer / Transport Layer Security)
o LDAP (Lightweight Directory Access Protocol)
o S/FTP (File Transfer Protocol)
o Blind FTP (File Transfer Protocol) / Anonymous
o File Sharing
o Vulnerabilities
o Packet Sniffing
o 8.3 Naming Conventions
o WTLS (Wireless Transport Layer Security)
o 802.11 and 802.11x
o WEP / WAP (Wired Equivalent Privacy / Wireless Application Protocol)
o Vulnerabilities
o Site Surveys
Domain 3.0 Infrastructure
Security – 20%
3.1 Understand security concerns and concepts of the following
types of devices
o Firewalls
o Routers
o Switches
o Wireless
o Modems
o RAS (Remote Access Server)
o Telecom / PBX (Private Branch Exchange)
o VPN (Virtual Private Network)
o IDS (Intrusion Detection System)
o Network Monitoring / Diagnostics
o Workstations
o Servers
o Mobile Devices
o Coaxial Cable
o UTP / STP (Unshielded Twisted Pair / Shielded Twisted Pair)
o Fiber Optic Cable
o Removable Media
o Tape
o CD-R (Recordable Compact Disks)
o Hard Drives
o Diskettes
o Flashcards
o Smartcards
3.3 Understand the concepts behind the following kinds of
Security Topologies
o Security Zones
o DMZ (Demilitarized Zone)
o Intranet
o Extranet
o VLANs (Virtual Local Area Network)
o NAT (Network Address Translation)
o Tunneling
o Network Based
o Active Detection
o Passive Detection
o Host Based
o Active Detection
o Passive Detection
o Honey Pots
o Incident Response
o OS / NOS (Operating System / Network Operating System)
Hardening
o File System
o Updates (Hotfixes, Service Packs, Patches)
o Network Hardening
o Updates (Firmware)
o Configuration
o Application Hardening
o Updates (Hotfixes, Service Packs, Patches)
o Web Servers
o E-mail Servers
o FTP (File Transfer Protocol) Servers
o DNS (Domain Name Service) Servers
o NNTP (Network News Transfer Protocol) Servers
o File / Print Servers
o DHCP (Dynamic Host Configuration Protocol) Servers
o Data Repositories
Domain 4.0 Basics of Cryptography –
15%
o Hashing
o Symmetric
o Asymmetric
o Confidentiality
o Integrity
o Digital Signatures
o Authentication
o Non-Repudiation
o Digital Signatures
o Access Control o Certificates
o Certificate Policies
o Certificate Practice Statements
o Revocation
o Trust Models
o Centralized vs. Decentralized
o Storage
o Hardware vs. Software
o Private Key Protection
o Escrow
o Expiration
o Revocation
o Status Checking
o Suspension
o Status Checking
o Recovery
o M-of-N Control (Of M appropriate individuals, N must be present to authorize
recovery)
o Renewal
o Destruction
o Key Usage
o Multiple Key Pairs (Single, Dual)
Domain 5.0 Operational
/ Organizational Security
o Access Control
o Physical Barriers
o Biometrics
o Social Engineering
o Environment
o Wireless Cells
o Location
o Shielding
o Fire Suppression
o Backups
o Off Site Storage
o Secure Recovery
o Alternate Sites
o Disaster Recovery Plan
o Utilities
o High Availability / Fault Tolerance
o Backups
o Security Policy
o Acceptable Use
o Due Care
o Privacy
o Separation of Duties
o Need to Know
o Password Management
o SLAs (Service Level Agreements)
o Disposal / Destruction
o HR (Human Resources) Policy
o Incident Response Policy
o User / Group / Role Management
o Single Sign-on
o Centralized vs. Decentralized
o Auditing (Privilege, Usage, Escalation)
o Chain of Custody
o Preservation of Evidence
o Collection of Evidence
o Risk Assessment
o Threat Identification
o Vulnerabilities
o Communication
o User Awareness
o Education
o On-line Resources
o Standards and Guidelines
o Systems Architecture
o Change Documentation
o Logs and Inventories
o Classification
o Notification
o Retention / Storage
o Destruction