* All percentages are approximate and are subject to change.

Transcription

1 CmpTIA Security+ Examinatin Objectives Versin 1.0 Intrductin The skills and knwledge measured by the CmpTIA Security+ examinatin were derived and validated thugh input frm a cmmittee and ver 1,000 subject matter experts representative f industry. A jb task analysis (JTA), glbal survey, beta examinatin and beta results review were each milestnes in the develpment prcess. The results f these milestnes were used in weighing the dmains and ensuring that the weighting assigned t each dmain is representative f the relative imprtance f the cntent. The CmpTIA Security+ certificatin is an internatinally recgnized validatin f the technical knwledge required f fundatin-level security practitiners. A CmpTIA Security+ certified individual has successfully prven hlding a fundatin-level f skill and knwledge in General Security Cncepts, Cmmunicatin Security, Infrastructure Security, Basics f Cryptgraphy and Operatinal / Organizatinal Security. Candidates are recmmended t have tw years experience in a netwrking rle with preexisting knwledge f TCP/IP, experience in a security related rle, CmpTIA Netwrk+ r equivalent certificatin, and adequate training and self-study materials. All candidates are encuraged t review the CmpTIA Security+ bjectives thrughly prir t attempting the exam. This examinatin includes blueprint weighting, test bjectives and example cntent. Example cncepts are included t clarify the test bjectives and shuld nt be cnstrued as a cmprehensive listing f the cntent f the examinatin. The table belw lists the dmains measured by this examinatin and the extent t which they are represented in the examinatin. CmpTIA Security+ (2007 Editin) exams are based n these bjectives. CmpTIA Security+ Certificatin Dmains % f Exam* 1.0 General Security Cncepts 30% 2.0 Cmmunicatin Security 20% 3.0 Infrastructure Security 20% 4.0 Basics f Cryptgraphy 15% 5.0 Operatinal / Organizatinal Security 15% * All percentages are apprximate and are subject t change. CmpTIA is cnstantly reviewing the cntent f ur exams and updating test questins t be sure ur exams are current and the security f the questins is prtected. When necessary, we will publish updated exams based n existing exam bjectives. Please knw that all related exam preparatin materials will still be valid. 1

2 CmpTIA Security+ Examinatin Objectives Versin 1.0 Dmain 1.0 General Security Cncepts (30%) 1.1 Recgnize and be able t differentiate and explain the fllwing access cntrl mdels MAC (Mandatry Access Cntrl) DAC (Discretinary Access Cntrl) RBAC (Rle Based Access Cntrl) 1.2 Recgnize and be able t differentiate and explain the fllwing methds f authenticatin Kerbers CHAP (Challenge Handshake Authenticatin Prtcl) Certificates Username / Passwrd Tkens Multi-factr Mutual Bimetrics 1.3 Identify nn-essential services and prtcls and knw what actins t take t reduce the risks f thse services and prtcls 1.4 Recgnize the fllwing attacks and specify the apprpriate actins t take t mitigate vulnerability and risk DOS / DDOS (Denial f Service / Distributed Denial f Service) Back Dr Spfing Man in the Middle Replay TCP/IP Hijacking Weak Keys Mathematical Scial Engineering Birthday Passwrd Guessing Brute Frce Dictinary Sftware Explitatin 1.5 Recgnize the fllwing types f malicius cde and specify the apprpriate actins t take t mitigate vulnerability and risk Viruses Trjan Hrses Lgic Bmbs Wrms 1.6 Understand the cncept f and knw hw t reduce the risks f scial engineering 1.7 Understand the cncept and significance f auditing, lgging and system scanning 2

3 CmpTIA Security+ Examinatin Objectives Versin 1.0 Dmain 2.0 Cmmunicatin Security - 20% 2.1 Recgnize and understand the administratin f the fllwing types f remte access technlgies 802.1x VPN (Virtual Private Netwrk) RADIUS (Remte Authenticatin Dial-In User Service) TACACS (Terminal Access Cntrller Access Cntrl System) L2TP / PPTP (Layer Tw Tunneling Prtcl / Pint t Pint Tunneling Prtcl) SSH (Secure Shell) IPSEC (Internet Prtcl Security) Vulnerabilities 2.2 Recgnize and understand the administratin f the fllwing security cncepts S/MIME (Secure Multipurpse Internet Mail Extensins) PGP (Pretty Gd Privacy) like technlgies Vulnerabilities SPAM Haxes 2.3 Recgnize and understand the administratin f the fllwing Internet security cncepts SSL / TLS (Secure Sckets Layer / Transprt Layer Security) HTTP/S (Hypertext Transfer Prtcl / Hypertext Transfer Prtcl ver Secure Sckets Layer) Instant Messaging Vulnerabilities Packet Sniffing Privacy Vulnerabilities Java Script ActiveX Buffer Overflws Ckies Signed Applets CGI (Cmmn Gateway Interface) SMTP (Simple Mail Transfer Prtcl) Relay 2.4 Recgnize and understand the administratin f the fllwing directry security cncepts SSL / TLS (Secure Sckets Layer / Transprt Layer Security) LDAP (Lightweight Directry Access Prtcl) 2.5 Recgnize and understand the administratin f the fllwing file transfer prtcls and cncepts S/FTP (File Transfer Prtcl) Blind FTP (File Transfer Prtcl) / Annymus File Sharing Vulnerabilities Packet Sniffing 8.3 Naming Cnventins 2.6 Recgnize and understand the administratin f the fllwing wireless technlgies and cncepts WTLS (Wireless Transprt Layer Security) and x WEP / WAP (Wired Equivalent Privacy / Wireless Applicatin Prtcl) 3

4 CmpTIA Security+ Examinatin Objectives Versin 1.0 Vulnerabilities Site Surveys Dmain 3.0 Infrastructure Security 20% 3.1 Understand security cncerns and cncepts f the fllwing types f devices Firewalls Ruters Switches Wireless Mdems RAS (Remte Access Server) Telecm / PBX (Private Branch Exchange) VPN (Virtual Private Netwrk) IDS (Intrusin Detectin System) Netwrk Mnitring / Diagnstics Wrkstatins Servers Mbile Devices 3.2 Understand the security cncerns fr the fllwing types f media Caxial Cable UTP / STP (Unshielded Twisted Pair / Shielded Twisted Pair) Fiber Optic Cable Remvable Media Tape CD-R (Recrdable Cmpact Disks) Hard Drives Diskettes Flashcards Smartcards 3.3 Understand the cncepts behind the fllwing kinds f Security Tplgies Security Znes DMZ (Demilitarized Zne) Intranet Extranet VLANs (Virtual Lcal Area Netwrk) NAT (Netwrk Address Translatin) Tunneling 3.4 Differentiate the fllwing types f intrusin detectin, be able t explain the cncepts f each type, and understand the implementatin and cnfiguratin f each kind f intrusin detectin system Netwrk Based Active Detectin Passive Detectin Hst Based Active Detectin Passive Detectin Hney Pts Incident Respnse 3.5 Understand the fllwing cncepts f Security Baselines, be able t explain what a Security Baseline is, and understand the implementatin and cnfiguratin f each kind f intrusin detectin system OS / NOS (Operating System / Netwrk Operating System) Hardening File System 4

5 CmpTIA Security+ Examinatin Objectives Versin 1.0 Updates (Htfixes, Service Packs, Patches) Netwrk Hardening Updates (Firmware) Cnfiguratin Enabling and Disabling Services and Prtcls Access Cntrl Lists Applicatin Hardening Updates (Htfixes, Service Packs, Patches) Web Servers Servers FTP (File Transfer Prtcl) Servers DNS (Dmain Name Service) Servers NNTP (Netwrk News Transfer Prtcl) Servers File / Print Servers DHCP (Dynamic Hst Cnfiguratin Prtcl) Servers Data Repsitries Directry Services Databases 5

6 CmpTIA Security+ Examinatin Objectives Versin 1.0 Dmain 4.0 Basics f Cryptgraphy 15% 4.1 Be able t identify and explain each f the fllwing different kinds f cryptgraphic algrithms Hashing Symmetric Asymmetric 4.2 Understand hw cryptgraphy addresses the fllwing security cncepts Cnfidentiality Integrity Digital Signatures Authenticatin Nn-Repudiatin Digital Signatures Access Cntrl 4.3 Understand and be able t explain the fllwing cncepts f PKI (Public Key Infrastructure) Certificates Certificate Plicies Certificate Practice Statements Revcatin Trust Mdels 4.4 Identify and be able t differentiate different cryptgraphic standards and prtcls 4.5 Understand and be able t explain the fllwing cncepts f Key Management and Certificate Lifecycles Centralized vs. Decentralized Strage Hardware vs. Sftware Private Key Prtectin Escrw Expiratin Revcatin Status Checking Suspensin Status Checking Recvery M-f-N Cntrl (Of M apprpriate individuals, N must be present t authrize recvery) Renewal Destructin Key Usage Multiple Key Pairs (Single, Dual) 6

7 CmpTIA Security+ Examinatin Objectives Versin 1.0 Dmain 5.0 Operatinal / Organizatinal Security 15% 5.1 Understand the applicatin f the fllwing cncepts f physical security Access Cntrl Physical Barriers Bimetrics Scial Engineering Envirnment Wireless Cells Lcatin Shielding Fire Suppressin 5.2 Understand the security implicatins f the fllwing tpics f disaster recvery Backups Off Site Strage Secure Recvery Alternate Sites Disaster Recvery Plan 5.3 Understand the security implicatins f the fllwing tpics f business cntinuity Utilities High Availability / Fault Tlerance Backups 5.4 Understand the cncepts and uses f the fllwing types f plicies and prcedures Security Plicy Acceptable Use Due Care Privacy Separatin f Duties Need t Knw Passwrd Management SLAs (Service Level Agreements) Dispsal / Destructin HR (Human Resurces) Plicy Terminatin (Adding and revking passwrds and privileges, etc.) Hiring (Adding and revking passwrds and privileges, etc.) Cde f Ethics Incident Respnse Plicy 5.5 Explain the fllwing cncepts f privilege management User / Grup / Rle Management Single Sign-n Centralized vs. Decentralized Auditing (Privilege, Usage, Escalatin) MAC / DAC / RBAC (Mandatry Access Cntrl / Discretinary Access Cntrl / Rle Based Access Cntrl) 5.6 Understand the cncepts f the fllwing tpics f frensics Chain f Custdy 7

8 CmpTIA Security+ Examinatin Objectives Versin 1.0 Preservatin f Evidence Cllectin f Evidence 5.7 Understand and be able t explain the fllwing cncepts f risk identificatin Asset Identificatin Risk Assessment Threat Identificatin Vulnerabilities 5.8 Understand the security relevance f the educatin and training f end users, executives and human resurces Cmmunicatin User Awareness Educatin On-line Resurces 5.9 Understand and explain the fllwing dcumentatin cncepts Standards and Guidelines Systems Architecture Change Dcumentatin Lgs and Inventries Classificatin Ntificatin Retentin / Strage Destructin 8