CompTIA Security+ SY0-301 Authorized Cert Guide

( 2 )


Learn, prepare, and practice for CompTIA Security+ SY0-301 exam success with this CompTIA Cert Guide from Pearson IT Certification, a leader in IT Certification learning and a CompTIA Approved Platinum Partner. DVD features two complete practice exams and video tutorial solutions to the 25 hands-on labs.

  • Master CompTIA’s new Security+ ...
See more details below
$52.43 price
(Save 12%)$59.99 List Price

Pick Up In Store

Reserve and pick up in 60 minutes at your local store

Other sellers (Hardcover)
  • All (10) from $15.86   
  • New (6) from $34.72   
  • Used (4) from $15.86   
CompTIA Security+ SY0-301 Cert Guide

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac

Want a NOOK? Explore Now

NOOK Book (eBook)
$27.49 price
(Save 42%)$47.99 List Price


Learn, prepare, and practice for CompTIA Security+ SY0-301 exam success with this CompTIA Cert Guide from Pearson IT Certification, a leader in IT Certification learning and a CompTIA Approved Platinum Partner. DVD features two complete practice exams and video tutorial solutions to the 25 hands-on labs.

  • Master CompTIA’s new Security+ SY0-301 exam topics
  • Assess your knowledge with chapter-ending quizzes
  • Review key concepts with exam preparation tasks
  • Practice with realistic exam questions on the DVD
  • Includes complete video solutions to the 25 hands-on labs

Limited Time Offer: Buy CompTIA Security+ SY0-301 Cert Guide and receive a 10% off discount code for the CompTIA Security+ SYO-301 exam. To receive your 10% off discount code:

1. Register your product at

2. Follow the instructions

3. Go to your Account page and click on “Access Bonus Content”

CompTIA Security+ SY0-301 Cert Guide is a best-of-breed exam study guide. Best-selling author and expert instructor David Prowse shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your approach to passing the exam.

The companion DVD contains the powerful Pearson IT Certification Practice Test engine, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. The DVD also includes complete video solutions to the 25 Hands-On Labs in the book focused on key exam topics.

Hands-On Labs::

  • 2-1 Using Free Malware Scanning Programs
  • 2-2 How to Secure the BIOS
  • 3-1 Discerning & Updating Service Pack Level
  • 3-2 Creating a Virtual Machine
  • 3-3 Securing a Virtual Machine
  • 4-1 Securing the Browser
  • 4-2 Disabling Applications
  • 5-1 Port Scanning Basics
  • 6-1 Packet Filtering and NAT Firewalls
  • 6-2 Configuring Inbound Filter on a Firewall
  • 6-3 Enabling MAC Filtering
  • 7-1 Securing a Wireless Device: 8 Steps
  • 7-2 Wardriving and the Cure
  • 8-1 Enabling 802.1X on a Network Adapter
  • 8-2 Setting Up a VPN
  • 9-1 Password Policies and User Accounts
  • 9-2 Configuring User and Group Permissions
  • 10-1 Mapping and Scanning the Network
  • 10-2 Password Cracking and Defense
  • 11-1 Using Protocol Analyzers
  • 12-1 Disabling LM Hash in Windows Server 2003
  • 13-1 A Basic Example of PKI
  • 13-2 Making an SSH Connection
  • 14-1 Configuring RAID 1 and 5
  • 16-1 How to Approach Exam Questions

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA approved study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The CompTIA approved study guide helps you master all the topics on the Security+ exam, including

  • Core computer system security
  • OS hardening and virtualization
  • Application security
  • Network design elements and threats
  • Perimeter security
  • Network media and devices security
  • Physical security and authentication models
  • Access control
  • Vulnerability and risk assessment
  • Monitoring and auditing
  • Cryptography, including PKI
  • Redundancy and disaster recovery
  • Policies and procedures

Companion DVD

The DVD contains two free, complete practice exams and video solutions to the 25 hands-on labs. Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test.

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512 MB RAM; 650 MB hard disk space plus 50 MB for each downloaded practice exam.

Read More Show Less

Product Details

  • ISBN-13: 9780789749215
  • Publisher: Pearson IT Certification
  • Publication date: 1/11/2012
  • Series: Cert Guide Series
  • Edition number: 1
  • Pages: 800
  • Sales rank: 493,827
  • Product dimensions: 7.70 (w) x 9.30 (h) x 1.80 (d)

Meet the Author

David L. Prowse is an author, a computer network specialist, and a technical trainer. Over the past several years he has authored several titles for Pearson Education, including the well-received CompTIA A+ Exam Cram. As a consultant, he installs and secures the latest in computer and networking technology. Over the past decade he has also taught CompTIA A+, Network+, and Security+ certification courses, both in the classroom and via the Internet.

He runs the website, where he gladly answers questions from students and readers.

Read More Show Less

Table of Contents

Introduction xxv

Chapter 1 Introduction to Security 3

Foundation Topics 4

Security 101 4

The CIA of Computer Security 4

The Basics of Information Security 6

Think Like a Hacker 9

Exam Preparation Tasks 11

Review Key Topics 11

Define Key Terms 11

Answer Review Questions 11

Answers and Explanations 13

Chapter 2 Computer Systems Security 17

Foundation Topics 18

Computer Systems Security Threats 18

Malicious Software 18

Viruses 18

Worms 19

Trojan Horses 20

Spyware 21

Rootkits 21

Spam 21

Summary of Malware Threats 22

Ways to Deliver Malicious Software 23

Via Software, Messaging, and Media 23

Active Interception 23

Privilege Escalation 24

Backdoors 24

Logic Bombs 24

Botnets and Zombies 25

Preventing and Troubleshooting Malware 26

Preventing and Troubleshooting Viruses 26

Preventing and Troubleshooting Worms and Trojans 30

Preventing and Troubleshooting Spyware 30

Preventing and Troubleshooting Rootkits 32

Preventing and Troubleshooting Spam 33

You Can’t Save Every Computer from Malware! 35

Summary of Malware Prevention Techniques 35

Implementing Security Applications 36

Personal Software Firewalls 36

Host-Based Intrusion Detection Systems 38

Pop-Up Blockers 40

Data Loss Prevention Systems 42

Securing Computer Hardware and Peripherals 42

Securing the BIOS 43

Securing Storage Devices 44

Removable Storage 44

Network Attached Storage 45

Whole Disk Encryption 45

Hardware Security Modules 47

Securing Cell Phones and Smartphones 47

Exam Preparation Tasks 49

Review Key Topics 49

Complete Tables and Lists from Memory 49

Define Key Terms 50

Hands-On Labs 50

Equipment Needed 50

Lab 2-1: Using Free Malware Scanning Programs 50

Lab 2-2: How to Secure the BIOS 51

View Recommended Resources 53

Answer Review Questions 54

Answers and Explanations 60

Chapter 3 OS Hardening and Virtualization 67

Foundation Topics 68

Hardening Operating Systems 68

Removing Unnecessary Applications and Services 68

Service Packs 72

Windows Update, Patches, and Hotfixes 75

Patches and Hotfixes 77

Patch Management 79

Group Policies, Security Templates, and Configuration Baselines 80

Hardening File Systems and Hard Drives 82

Virtualization Technology 86

Types of Virtualization and Their Purposes 86

Working with Virtual Machines 88

Microsoft Virtual PC 88

Microsoft Windows XP Mode 90

Microsoft Virtual Server 90

VMware 91

Hypervisor 92

Securing Virtual Machines 92

Exam Preparation Tasks 94

Review Key Topics 94

Complete Tables and Lists from Memory 95

Define Key Terms 95

Hands-On Labs 95

Equipment Needed 95

Lab 3-1: Discerning and Updating the Service Pack Level 96

Lab 3-2: Creating a Virtual Machine in Virtual PC 2007 96

Lab 3-3: Securing a Virtual Machine 98

View Recommended Resources 101

Answer Review Questions 102

Answers and Explanations 105

Chapter 4 Application Security 109

Foundation Topics 110

Securing the Browser 110

General Browser Security Procedures 111

Implement Policies 111

Train Your Users 114

Use a Proxy and Content Filter 114

Secure Against Malicious Code 116

Securing Internet Explorer 116

Securing Firefox 121

Securing Other Applications 124

Secure Programming 127

Systems Development Life Cycle 128

Programming Testing Methods 130

Programming Vulnerabilities and Attacks 132

Backdoors 132

Buffer Overflows 132

XSS and XSRF 133

More Code Injection Examples 133

Directory Traversal 134

Zero Day Attack 135

Exam Preparation Tasks 136

Review Key Topics 136

Complete Tables and Lists from Memory 136

Define Key Terms 137

Hands-On Labs 137

Equipment Needed 137

Lab 4-1: Securing the Browser 137

Lab 4-2: Disabling Applications with a Windows Server 2008 Policy 138

View Recommended Resources 141

Answer Review Questions 141

Answers and Explanations 145

Chapter 5 Network Design Elements and Network Threats 149

Foundation Topics 150

Network Design 150

Network Devices 150

Hub 150

Switch 151

Router 152

Network Address Translation, and Private Versus Public IP 154

Network Zones and Interconnections 156

LAN Versus WAN 157

Internet 157

Demilitarized Zone (DMZ) 157

Intranets and Extranets 159

Cloud Computing 159

Network Access Control (NAC) 162

Subnetting 162

Virtual Local Area Network (VLAN) 164

Telephony Devices 165

Modems 166

PBX Equipment 166

VoIP 167

Ports and Protocols 167

Ports Ranges, Inbound Versus Outbound, and Common Ports 167

Protocols That Can Cause Anxiety on the Exam 174

Malicious Network Attacks 175

DoS 175

DDoS 178

Spoofing 178

Session Hijacking 179

Replay 181

Null Sessions 181

Transitive Access and Client-Side Attacks 182

DNS Poisoning and Other DNS Attacks 183

ARP Poisoning 184

Summary of Network Attacks 185

Exam Preparation Tasks 188

Review Key Topics 188

Complete Tables and Lists from Memory 189

Define Key Terms 189

Hands-On Labs 189

Equipment Needed 190

Lab 5-1: Port Scanning Basics 190

View Recommended Resources 191

Answer Review Questions 192

Answers and Explanations 199

Chapter 6 Network Perimeter Security 205

Foundation Topics 206

Firewalls and Network Security 206

Firewalls 207

Proxy Servers 212

Honeypots and Honeynets 215

Data Loss Prevention (DLP) 216

NIDS Versus NIPS 217

NIDS 217

NIPS 218

Summary of NIDS Versus NIPS 219

The Protocol Analyzer’s Role in NIDS and NIPS 220

Exam Preparation Tasks 220

Review Key Topics 220

Complete Tables and Lists from Memory 221

Define Key Terms 221

Hands-On Labs 221

Equipment Needed 222

Lab 6-1: Packet Filtering and NAT Firewalls 222

Lab 6-2: Configuring an Inbound Filter on a SOHO Router/Firewall 223

Lab 6-3: Enabling MAC Filtering 224

View Recommended Resources 225

Answer Review Questions 225

Answers and Explanations 229

Chapter 7 Securing Network Media and Devices 233

Foundation Topics 234

Securing Wired Networks and Devices 234

Network Device Vulnerabilities 234

Default Accounts 234

Weak Passwords 235

Privilege Escalation 236

Back Doors 237

Network Attacks 237

Other Network Device Considerations 238

Cable Media Vulnerabilities 238

Interference 239

Crosstalk 240

Data Emanation 241

Tapping into Data and Conversations 241

Securing Wireless Networks 244

Wireless Access Point Vulnerabilities 244

Secure the Administration Interface 244

SSID Broadcast 245

Rogue Access Points 245

Evil Twin 246

Weak Encryption 246

Other Wireless Access Point Security Strategies 248

Wireless Transmission Vulnerabilities 250

Bluetooth Vulnerabilities 250

Bluejacking 251

Bluesnarfing 251

Exam Preparation Tasks 252

Review Key Topics 252

Complete Tables and Lists from Memory 253

Define Key Terms 253

Hands-On Labs 253

Equipment Needed 254

Lab 7-1: Securing a Wireless Device: 8 Steps to a Secure Network 254

Lab 7-2: Wardriving...and The Cure 256

View Recommended Resources 257

Answer Review Questions 257

Answers and Explanations 261

Chapter 8 Physical Security and Authentication Models 265

Foundation Topics 267

Physical Security 267

General Building and Server Room Security 267

Door Access 268

Biometric Readers 270

Authentication Models and Components 271

Authentication Models 271

Localized Authentication Technologies 273

802.1X and EAP 273

LDAP 276

Kerberos and Mutual Authentication 277

Terminal Services 279

Remote Authentication Technologies 279

Remote Access Service 280

Virtual Private Networks 281


Exam Preparation Tasks 286

Review Key Topics 286

Complete Tables and Lists from Memory 287

Define Key Terms 287

Hands-On Labs 287

Equipment Needed 288

Lab 8-1: Enabling 802.1X on a Network Adapter 288

Lab 8-2: Setting Up a VPN 289

View Recommended Resources 291

Answer Review Questions 292

Answers and Explanations 299

Chapter 9 Access Control Methods and Models 305

Foundation Topics 306

Access Control Models Defined 306

Discretionary Access Control 306

Mandatory Access Control 308

Role-Based Access Control (RBAC) 309

Access Control Wise Practices 310

Rights, Permissions, and Policies 313

Users, Groups, and Permissions 313

Permission Inheritance and Propagation 317

Moving and Copying Folders and Files 318

Usernames and Passwords 318

Policies 322

User Account Control (UAC) 325

Exam Preparation Tasks 326

Review Key Topics 326

Complete Tables and Lists from Memory 327

Define Key Terms 327

Hands-On Labs 327

Equipment Needed 327

Lab 9-1: Configuring Password Policies and User Account Restrictions 328

Lab 9-2: Configuring User and Group Permissions 330

View Recommended Resources 331

Answer Review Questions 332

Answers and Explanations 337

Chapter 10 Vulnerability and Risk Assessment 341

Foundation Topics 342

Conducting Risk Assessments 342

Qualitative Risk Assessment 344

Quantitative Risk Assessment 344

Security Analysis Methodologies 346

Security Controls 347

Vulnerability Management 349

Penetration Testing 350

OVAL 351

Assessing Vulnerability with Security Tools 352

Network Mapping 352

Vulnerability Scanning 355

Network Sniffing 358

Password Analysis 359

Exam Preparation Tasks 363

Review Key Topics 363

Complete Tables and Lists from Memory 363

Define Key Terms 364

Hands-On Labs 364

Equipment Needed 364

Lab 10-1: Mapping and Scanning the Network 365

Lab 10-2: Password Cracking and Defense 366

View Recommended Resources 367

Answer Review Questions 368

Answers and Explanations 374

Chapter 11 Monitoring and Auditing 379

Foundation Topics 380

Monitoring Methodologies 380

Signature-Based Monitoring 380

Anomaly-Based Monitoring 381

Behavior-Based Monitoring 381

Using Tools to Monitor Systems and Networks 382

Performance Baselining 382

Protocol Analyzers 384

Wireshark 385

Network Monitor 386

SNMP 388

Conducting Audits 389

Auditing Files 389

Logging 392

Log File Maintenance and Security 394

Auditing System Security Settings 396

Exam Preparation Tasks 399

Review Key Topics 399

Complete Tables and Lists from Memory 400

Define Key Terms 400

Hands-On Labs 400

Equipment Needed 400

Lab 11-1: Using Protocol Analyzers 401

View Recommended Resources 403

Answer Review Questions 404

Answers and Explanations 409

Chapter 12 Encryption and Hashing Concepts 415

Foundation Topics 416

Cryptography Concepts 416

Symmetric Versus Asymmetric Key Algorithms 419

Symmetric Key Algorithms 420

Asymmetric Key Algorithms 421

Public Key Cryptography 421

Key Management 422

Steganography 423

Encryption Algorithms 423

DES and 3DES 424

AES 424

RC 425

Summary of Symmetric Algorithms 426

RSA 426

Diffie-Hellman 427

Elliptic Curve 428

More Encryption Types 428

One-Time Pad 428

PGP 429

Hashing Basics 430

Cryptographic Hash Functions 431

MD5 432

SHA 432

Happy Birthday! 432



NTLM and NTLM2 435

Exam Preparation Tasks 436

Review Key Topics 436

Complete Tables and Lists from Memory 436

Define Key Terms 436

Hands-On Lab 437

Equipment Needed 437

Lab 12-1: Disabling the LM Hash in Windows Server 2003 437

View Recommended Resources 438

Answer Review Questions 439

Answers and Explanations 445

Chapter 13 PKI and Encryption Protocols 451

Foundation Topics 452

Public Key Infrastructure 452

Certificates 452

Certificate Authorities 453

Single-Sided and Dual-Sided Certificates 456

Web of Trust 456

Security Protocols 457

S/MIME 457


SSH 459

PPTP, L2TP, and IPsec 459

PPTP 460

L2TP 460

IPsec 460

Exam Preparation Tasks 461

Review Key Topics 461

Define Key Terms 462

Hands-On Labs 462

Equipment Needed 462

Lab 13-1: A Basic Example of PKI 462

Lab 13-2: Making an SSH Connection 463

View Recommended Resources 465

Answer Review Questions 465

Answers and Explanations 470

Chapter 14 R edundancy and Disaster Recovery 475

Foundation Topics 476

Redundancy Planning 476

Redundant Power 478

Redundant Power Supplies 479

Uninterruptible Power Supplies 480

Backup Generators 481

Redundant Data 483

Redundant Networking 486

Redundant Servers 488

Redundant Sites 489

Disaster Recovery Planning and Procedures 490

Data Backup 490

DR Planning 494

Exam Preparation Tasks 497

Review Key Topics 497

Complete Tables and Lists from Memory 497

Define Key Terms 498

Hands-On Labs 498

Equipment Needed 498

Lab 14-1: Configuring RAID 1 and 5 498

View Recommended Resources 500

Answer Review Questions 500

Answers and Explanations 504

Chapter 15 Policies, Procedures, and People 509

Foundation Topics 510

Environmental Controls 510

Fire Suppression 510

Fire Extinguishers 510

Sprinkler Systems 512

Special Hazard Protection Systems 512

HVAC 513

Shielding 514

Social Engineering 515

Pretexting 516

Diversion Theft 516

Phishing 516

Hoaxes 518

Shoulder Surfing 518

Eavesdropping 518

Dumpster Diving 519

Baiting 519

Piggybacking/Tailgating 519

Summary of Social Engineering Types 519

User Education and Awareness 520

Legislative and Organizational Policies 521

Data Sensitivity and Classification of Information 522

Personnel Security Policies 524

Privacy Policies 525

Acceptable Use 525

Change Management 525

Separation of Duties/Job Rotation 526

Mandatory Vacations 526

Due Diligence 527

Due Care 527

Due Process 527

User Education and Awareness Training 527

Summary of Personnel Security Policies 528

How to Deal with Vendors 529

How to Dispose of Computers and Other IT Equipment Securely 529

Incident Response Procedures 531

Exam Preparation Tasks 534

Review Key Topics 534

Complete Tables and Lists from Memory 535

Define Key Terms 535

View Recommended Resources 535

Answer Review Questions 536

Answers and Explanations 543

Chapter 16 Taking the Real Exam 551

Foundation Topics 552

Getting Ready and the Exam Preparation Checklist 552

Tips for Taking the Real Exam 555

Beyond the CompTIA Security+ Certification 558

Hands-On Lab 559

Practice Exam 1 561

Practice Exam 2 611

Glossary 663

Master List of Key Topics 685

On the DVD:

Appendix A: Memory Tables

Appendix B: Memory Tables Answer Key

9780789749215 TOC 11/29/2011

Read More Show Less

Customer Reviews

Average Rating 5
( 2 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted February 7, 2014

    Excellent Book

    This was a great tool for preparing for the Security+ test! It has an easy-to-read format. With the chapter quizzes and the two practice exams added together, it gives you almost 300 practice questions. I didn't need to spend another $200 to get the Transcender practice exams. The electronic format was great for high-lighting, making notes, searching, and using the bookmarks to navigate the book and tests. I most strongly recommend getting this book when preparing for the Security+ exam!!!

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted October 20, 2012

    No text was provided for this review.

Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)