Copyright © 2003 by Microsoft Corporation

PUBLISHED BY
Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399

Copyright © 2003 by Microsoft Corporation

All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher.

Library of Congress Cataloging-in-Publication Data

Security+ Certification Training Kit / Microsoft Corporation.
          p. cm.
     Includes index.
     ISBN 0-7356-1822-4
     1. Electronic data processing personnel--Certification. 2. Computer
   security--Examinations--Study guides. I. Microsoft Corporation.

   QA76.3 .S43   2003
   005.8--dc21                                                2002043072
 

Printed and bound in the United States of America.

1 2 3 4 5 6 7 8 9 QWT 8 7 6 5 4 3

Distributed in Canada by H.B. Fenn and Company Ltd.

A CIP catalogue record for this book is available from the British Library.

Microsoft Press books are available through booksellers and distributors worldwide. For further information about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to tkinput@microsoft.com.

ActiveX, Microsoft, Microsoft Press, MSDN, Outlook, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Acquisitions Editor: Kathy Harding
Project Editor: Jean Trenary
Technical Editor: Bob Dean

About This Book

Welcome to the Security+ Certification Training Kit. This training kit introduces the basic concepts of computer security. It is designed to prepare you to take the Security+ Certification exam administered by the Computing Technology Industry Association (CompTIA). The Security+ Certification program covers the computer security technologies most commonly used today. Passing the Security+ Certification exam means you are certified as possessing the basic knowledge and skills needed to work in computer security. However, this book is not just about getting you through the exam. The lessons in these chapters also provide you with knowledge you'll use to create a more secure computing environment.

Each chapter in this book is divided into lessons. Most lessons include hands-on procedures that allow you to practice or demonstrate a particular concept or skill. Each lesson ends with a short summary and a set of review questions to test your knowledge of the lesson material.

Intended Audience

This book is appropriate for anyone who has experience working on computer networks and wants to learn more about computer security. This book is specifically designed for candidates preparing to take the CompTIA Security+ examination SY0-101. CompTIA describes the Security+ certified professional as follows:

"Those holding the Security+ certification have demonstrated the aptitude and ability to master such knowledge areas as: general security concepts, communications security, infrastructure security, basics of cryptography, and operational/organizational security."

Prerequisites

No one is prevented from registering for or attempting the Security+ exam. However, you are more likely to achieve the Security+ certification if you meet certain prerequisites. At a minimum, you should be capable of installing, configuring, and connecting computers to the Internet before reading this book. Security+ Certification candidates should also have A+ and Network+ certifications or equivalent knowledge and skills, in addition to at least two years of experience in computer networking, and a thorough knowledge of Transmission Control Protocol/Internet Protocol (TCP/IP). This book will make the most sense to people who meet those criteria.

Reference Materials

Throughout this book, you will find references to RFC (Request for Comment), NIST (National Institute for Standards and Technology), and CC (Common Criteria) documents which supplement the topic being discussed. Unless otherwise noted, these documents can be found at the following Web sites:

CC: http://www.commoncriteria.org

NIST: http://www.csrc.nist.gov/publications

RFC: http://www.icann.rfceditor.org

For your convenience, some key RFC, NIST, and CC documents are included on the Supplemental Course Materials CD-ROM. These documents are provided as supplemental information. However, we recommend that you go to the respective Web sites to get the most up-to-date documents if you intend to use the information to manage your security issues.

About the CD-ROM

The Supplemental Course Materials CD-ROM contains a variety of informational aids that can be used throughout this book.

• eBook. A complete electronic version of this training kit.
• Preview content. Three preview chapters from the Microsoft Windows
  Security Resource Kit are included on the CD-ROM in the \WinSecureRK folder.
• RFC articles. Included on the CD-ROM in the \RFC folder.
• NIST publications. Included on the CD-ROM in the \NIST folder.
• Common Criteria standards. Included on the CD-ROM in the \CC folder.
• Practice test. To practice taking the certification exam, you can use the practice test provided on the CD-ROM. The sample questions help you assess your understanding of the concepts presented in this book.

For additional support information regarding this book and the CD-ROM, visit the Microsoft Press Technical Support Web site at www.microsoft.com/mspress/support. You can also e-mail TKINPUT@MICROSOFT.COM or send a letter to Microsoft Press, Attn: Microsoft Press Technical Support, One Microsoft Way, Redmond, WA 98052-6399.

Features of This Book

Each chapter has a "Before You Begin" section, which prepares you for completing the chapter.

The chapters are broken into lessons. Some lessons contain practice exercises that give you an opportunity to use the information presented or to explore the part of the application being described.

The "Lesson Summary" section at the end of each lesson identifies key points discussed in the text.

The "Lesson Review" section at the end of each lesson allows you to test yourself on what you have learned in that lesson.

Appendix A, "Questions and Answers," contains all the book's questions and provides the appropriate answers.

Notes

Several types of notes appear throughout the lessons.

• Notes marked Note contain supplemental information.
• Notes marked Tip contain explanations of possible results or alternative methods for performing tasks.
• Notes marked Important contain information that is essential to completing a task.
• Notes marked Caution contain warnings about possible loss of data.

Notational Conventions

The following notational conventions are used throughout this book.

• Characters or commands that you type appear in bold type.
• Italic in syntax statements indicates placeholders for variable information. Italic is also used for book titles and to indicate newly introduced terms.
• Names of files and folders appear in initial capital letters except when you are to type them directly. Unless otherwise indicated, you can use lowercase letters when you type a file name in a dialog box or at a command prompt.
• File name extensions, when they appear without a file name, are in lowercase letters.
• Acronyms appear in all uppercase letters.
• Monospace type represents code samples.
• Square brackets [ ] are used in syntax statements to enclose optional items. For example, [filename ] in command syntax indicates that you can choose to type a file name with the command. Type only the information within the brackets, not the brackets themselves.
• Braces { } are used in syntax statements to enclose required items. Type only the information within the braces, not the braces themselves.

Icons represent specific sections in the book as follows:

Icon	Represents
	Supplemental course materials. You will find these materials on the Supplemental Course Materials CD-ROM.
	An exercise containing questions about the lesson just presented. Answers to the exercises are contained in Appendix A, "Questions and Answers," at the end of the book.
	Lesson review questions. These questions at the end of each lesson allow you to test what you have learned in the lesson. You will find the answers to the review questions in Appendix A, "Questions and Answers," at the end of the book.

Keyboard Conventions

• A plus sign (+) between two key names means that you must press those keys at the same time. For example, "Press Alt+Tab" means that you hold down Alt while you press Tab.
• A comma ( , ) between two or more key names means that you must press each of the keys consecutively, not together. For example, "Press Alt, F, X" means that you press and release each key in sequence. "Press Alt+W, L" means that you first press Alt and W together, and then release them and press L.
• You can choose menu commands with the keyboard. Press the Alt key to activate the menu bar, and then sequentially press the keys that correspond to the highlighted or underlined letter of the menu name and the command name. For some commands, you can also press a key combination listed in the menu.
• You can select or clear check boxes or options in dialog boxes with the keyboard. Press the Alt key, and then press the key that corresponds to the underlined letter of the option name. Or you can press Tab until the option is highlighted, and then press Spacebar to select or clear the check box or option button.
• You can cancel the display of a dialog box by pressing the Esc key.

Chapter and Appendix Overview

This self-paced training kit combines notes, exercises, and review questions to help you prepare for the Security+ Certification exam. The book is designed to be worked through from beginning to end, but you can choose a customized track and complete only the sections that interest you. (See the next section, "Finding the Best Starting Point for You," for more information.) If you choose the customized track option, see the "Before You Begin" section in each chapter. Any hands-on procedures that require preliminary work from preceding chapters refer to the appropriate chapters.

The book is divided into the following chapters:

• The section you are reading, "About This Book," contains a self-paced training overview and introduces the components of this training course. Read this section thoroughly to get the greatest educational value from this course and to plan which lessons you will complete.
• Chapter 1 , "General Networking and Security Concepts," overviews many of the concepts discussed throughout the book. This chapter discusses the "big picture" of organizational and operational security, including security threats, intrusions, and defenses.
• Chapter 2 , "TCP/IP Basics," presents an overview and review of the TCP/IP suite of protocols. This chapter also illustrates ways in which the TCP/IP protocol suite can be compromised.
• Chapter 3 , "Certificate Basics," explains how encryption and certificates help you to increase security. The chapter describes cryptography and encryption keys, Public Key Infrastructure (PKI), and certification authorities.
• Chapter 4 , "Network Infrastructure Security," describes a wide variety of security concerns related to the network infrastructure, including network device and cabling security, security zones, and monitoring network resources.
• Chapter 5 , "Communications Security," describes ways to secure remote connections using a variety of encrypted connections and tunnels. You also learn about wireless security in this chapter.
• Chapter 6 , "Application Security," explains the ways in which your e-mail, Web browser, and File Transfer Protocol (FTP) clients might be compromised by attackers. Further, you learn measures you can take to increase the security of those components.
• Chapter 7 , "User Security," describes access control measures, such as mandatory and role-based authentication. This chapter also explains how you can increase security by using Kerberos, Challenge Handshake Authentication Protocol (CHAP), biometric authentication, and mutual authentication.
• Chapter 8 , "Security Baselines," covers measures to increase the security of your network by ensuring that your hosts and devices are as safe as possible. This chapter focuses on how to keep servers secure, whereas Chapter 6 focused on how to secure client software.
• Chapter 9 , "Operational Security," draws your attention to ways that your information security systems might be compromised by attacks from the world outside the computer. Issues such as social engineering, fire suppression, and disaster recovery are discussed. The chapter also discusses user and group management, removable media, and ways to protect your business continuity.
• Chapter 10 , "Organizational Security," focuses on the policies, procedures, laws, and regulations that apply to your organization. Further, you learn to identify risks and methods for promoting your security policy and educating users.
• Chapter 11 , " Incident Detection and Response," looks at the types of attacks your organization might encounter. This chapter also discusses intrusion detection systems and how to handle intrusions.
• Appendix A, "Questions and Answers," lists all of the exercise and review questions from the book, showing the page number where the question
  appears and the suggested answer.
• Appendix B, "Ports and Protocol IDs," reiterates the Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Protocol (IP) identifiers that you should know. This appendix is assembled as a study reference for your convenience.
• The Glossary provides definitions of key networking terms used throughout the book.

Finding the Best Starting Point for You

Because this book is self-paced, you can skip some lessons and revisit them later.

If You	Follow This Learning Path
Are preparing to take the CompTIA Certification Exam SY0-101	Read the "Getting Started" section. Then work through the remaining chapters in any order.
Want to review information about specific topics from the exam	Use the "Where to Find Specific Skills in This Book" section that follows this table.

The following tables provide a list of the skills measured on certification exam Security+ Examination SY0-101. The table lists the skills, as defined in the objectives for the exam, and where in this book you will find the lesson relating to a particular skill.

Exam objectives are subject to change without prior notice.

Domain 1.0 General Security Concepts

Skill Being Measured	Location in Book
1.1. Access Control MAC/DAC/RBAC	Chapter 9, Lesson 1 Chapter 7, Lesson 2 Chapter 9, Lesson 2
1.2. Authentication Kerberos CHAP Certificates Username/Password Tokens Multi-Factor Mutual Authentication Biometrics	Chapter 7, Lesson 3
1.3. Non-essential Services and Protocols	Chapter 8, Lesson 1
1.4. Attacks DoS/DDoS Back Door Spoofing Man in the Middle Replay TCP/IP Hijacking Weak Keys Mathematical Social Engineering Birthday Password Guessing Brute Force Dictionary Software Exploitation	Chapter 11, Lesson 1
1.5. Malicious Code Viruses Trojan Horses Logic Bombs Worms	Chapter 11, Lesson 1
1.6. Social Engineering	Chapter 1, Lesson 2 Chapter 9, Lesson 1 Chapter 11, Lesson 1
1.7. Auditing	Chapter 1, Lesson 4 Chapter 9, Lesson 2

Domain 2.0 Protocols and Standards

Skill Being Measured	Location in Book
2.1. Remote Access 802.1x VPN RADIUS TACACS/+ L2TP/PPTP SSH IPSEC Vulnerabilities	Chapter 5, Lesson 2
2.2. E-mail S/MIME PGP Vulnerabilities Spam Hoaxes	Chapter 6, Lesson 1
2.3. Web SSL/TLS HTTP/S Instant Messaging	Chapter 6, Lesson 2	Vulnerabilities 8.3 Naming Conventions Packet Sniffing Privacy	Chapter 6, Lesson 1 Chapter 6, Lesson 2
Vulnerabilities Java Script ActiveX Buffer Overflows Cookies Signed Applets CGI SMTP Relay	Chapter 6, Lesson 1 Chapter 6, Lesson 2
2.4. Directory SSL/TLS LDAP	Chapter 8, Lesson 2
2.5. File Transfer S/FTP Blind FTP/Anonymous File Sharing Vulnerabilities Packet Sniffing	Chapter 8, Lesson 2 Chapter 6, Lesson 2 Chapter 8, Lesson 2 Chapter 6, Lesson 3 Chapter 6, Lesson 1 Chapter 6, Lesson 1 and Lesson 2
2.6. Wireless WTLS 802.11x WEP/WAP Vulnerabilities Site Surveys	Chapter 5, Lesson 3

Domain 3.0 Infrastructure Security

Skill Being Measured	Location in Book
3.1. Devices Firewalls Routers Switches Wireless Modems RAS Telecom/PBX	Chapter 4, Lesson 3
VPN IDS Network Monitoring/Diagnostic Workstations Servers Mobile Devices	Chapter 4, Lesson 4
3.2. Media Coax UTP/STP Fiber	Chapter 4, Lesson 2
Removable Media Tape CDR Hard Drives Diskettes Flash Cards Smart Cards	Chapter 9, Lesson 3
3.3. Security Topologies Security Zones DMZ Intranet Extranet VLANs NAT	Chapter 4, Lesson 4
Tunneling	Chapter 5, Lesson 2
3.4. Intrusion Detection Network Based Active Detection Passive Detection Host Based Active Detection Passive Detection Honeypots Incident Response	Chapter 11, Lesson 2
3.5. Security Baselines OS/NOS Hardening File System Updates (Hotfixes, Service Packs, Patches) Network Hardening Updates (Firmware) Configuration	Chapter 8, Lesson 1
Application Hardening Updates (Hotfixes, Service Packs, Patches) Web Servers E-Mail Servers FTP Servers DNS Servers NNTP Servers File/Print Servers DHCP Servers Data Repositories	Chapter 8, Lesson 2 Chapter 8, Lesson 1 Chapter 8, Lesson 2

Domain 4.0 Basics of Cryptography

Skill Being Measured	Location in Book
4.1. Algorithms Hashing Symmetric Asymmetric	Chapter 3, Lesson 1
4.2. Concepts of Using Cryptography Confidentiality Integrity Digital Signatures Authentication Nonrepudiation Digital Signatures Access Control	Chapter 3, Lesson 2
4.3. PKI Certificates Certificate Policies Certificate Practice Statements Revocation Trust Models	Chapter 3, Lesson 1
4.4. Standards and Protocols	Chapter 3, Lesson 1
4.5. Key Management/Certificate Lifecycle Centralized vs. Decentralized Storage Hardware vs. Software Private Key Protection Escrow Expiration Revocation Status Checking Suspension Status Checking Recovery M of N Control Renewal Destruction Key Usage	Chapter 3, Lesson 5

Domain 5.0 Operational/Organizational Security

Skill Being Measured	Location in Book
5.1. Physical Security Access Control Physical Barriers Biometrics Social Engineering Environment Wireless Cells Location Shielding Fire Suppression	Chapter 9, Lesson 1
5.2. Disaster Recovery Backups Offsite Storage Secure Recovery Alternate Sites Disaster Recovery Plan	Chapter 9, Lesson 1
5.3. Business Continuity Utilities High Availability/Fault Tolerance Backups	Chapter 9, Lesson 4
5.4. Policy and Procedures Security Policy Acceptable Use Due Care Privacy Separation of Duties Need to Know Password Management SLA Disposal/Destruction HR Policy	Chapter 10, Lesson 1
Incident Response Policy	Chapter 10, Lesson 1
5.5. Privilege Management User/Group/Role Management Single Sign-on Centralized vs. Decentralized Auditing (Privilege, Usage, Escalation) MAC/DAC/RBAC	Chapter 9, Lesson 2
5.6. Forensics Chain of Custody Preservation of Evidence Collection of Evidence	Chapter 11, Lesson 3
5.7. Risk Identification Asset Identification Risk Assessment Threat Identification Vulnerabilities	Chapter 10, Lesson 2
5.8. Education: Training of End Users, Executives, and HR Communication User Awareness Education Online Resources	Chapter 10, Lesson 3
5.9. Documentation Standards and Guidelines Systems Architecture Change Documentation Logs and Inventories Classification Notification Retention/Storage Destruction	Chapter 10, Lesson 1

Getting Started

This self-paced training kit comes with a companion CD-ROM, which contains additional material to enhance and supplement the text. The following sections discuss the hardware and software required to complete the exercises and view the items on the companion CD-ROM.

Hardware Requirements

You can perform most exercises without any computer at all. However, a few exercises ask you to install and use certain security programs. To perform these exercises, you will need a computer and an operating system. Almost any computer produced after 1994 can be used for the computer-related exercises in this book. However, the exercises themselves were written on an Intel-compatible system running the Microsoft Windows 2000 Professional operating system. If you choose to utilize Windows 2000 Professional to complete all of the exercises in this book you'll require a minimum of:

• 133-MHz Intel-based Pentium level processor
• 64 MB of random access memory (RAM)
• 650 MB to 1.5 GB of free space on a 2-GB hard disk
• CD-ROM drive
• Mouse or pointing device
• SVGA monitor
• Network connection or modem (allowing Internet access)

The most important requirement is to be sure that your computer supports the software and operating system that you load on it. This information can be obtained from the manufacturer of your operating system. Many of the exercises that involve a computer require you to connect to the Internet.

Software Requirements

There is no particular operating system required to work with the software referenced in this book. The step-by-step instructions were written to work precisely on a Windows 2000 Professional computer, but they should work similarly on any Windows 95 or later operating system. If you have another operating system, you might need to look up specific steps on how to install the software referenced in this book on your particular operating system. All other software you require to perform any exercise can be downloaded for free from the Internet.

To view the eBook you must have Microsoft Internet Explorer 5.01 or later and the proper Hypertext Markup Language (HTML) components on your system. If your system does not meet these requirements, you can install Internet Explorer 6 Service Pack 1 from the CD-ROM prior to installing the eBook.

You must have the Supplemental Course Materials CD-ROM inserted in your CD-ROM drive to run the eBook.

Setup Instructions

To perform these exercises, you must set up your computer according to the manufacturer's instructions. All other instructions should be accurate for a Windows 2000 Professional operating system and very similar for Windows 95 or later operating systems. As previously mentioned, you should already be capable of installing, configuring, and connecting computers to the Internet before reading this book or attempting any of these exercises. Those tasks must be accomplished according to your software and hardware vendor instructions before you attempt any computer-related exercise in this book.

The eBook

The companion CD also includes a fully searchable electronic version of the book (eBook).

To use the eBook

1. Insert the Supplemental Course Materials CD-ROM into your CD-ROM drive.

   If AutoRun is disabled on your machine, run StartCD.exe in the root folder of the CD-ROM or refer to the Readme.txt file on the CD-ROM.

2. Click eBook on the user interface menu and follow the prompts.

   If AutoRun is disabled on your machine, run StartCD.exe in the root folder of the CD-ROM or refer to the Readme.txt file on the CD-ROM.

The Sample Exam Questions

The CD-ROM also includes an assessment tool that generates 50-question practice exams with automated scoring and answer feedback.

To install the sample exam questions on your hard disk drive

1. Insert the Supplemental Course Materials CD-ROM into your CD-ROM drive.

   If AutoRun is disabled on your machine, run StartCD.exe in the root directory of the CD-ROM or refer to the Readme.txt file on the CD-ROM.

2. Click Sample Exam Questions on the user interface menu and follow the prompts.

The Security+ Certification Program

The CompTIA Security+ Certification is a testing program sponsored by the Computing Technology Industry Association (CompTIA) that certifies the knowledge of networking technicians who have accumulated 24 months of experience in the information technology (IT) industry. You can find more information about CompTIA certifications at http://www.comptia.org/certification.

Leading experts from all sectors of the IT industry developed the Security+ Certification Exam SY0-101. CompTIA conducted a multilevel review process for all questions to ensure that they are accurate as well as psychometrically sound.

Benefits of Certification

For most individuals, Security+ Certification is the first step on the path to becoming a security professional. It can also be thought of as the next step after CompTIA's A+ and Network+ certifications for people who want to specialize in computer security. Passing the Security+ examination certifies you as possessing the basic knowledge and skills needed to become a computer security specialist. If you are interested in becoming a Microsoft Certified Systems Engineer (MCSE), the Security+ Certification Training Kit provides just the foundation you need to get on your way with confidence.

With Security+ Certification, you will receive many benefits, including the
following:

• Recognized proof of professional achievement. The Security+ credential asserts that the holder has reached a level of competence commonly accepted and valued by the industry.
• Enhanced job opportunities. Many employers give hiring preference to applicants with Security+ Certification.
• Opportunity for advancement. The Security+ credential can be a plus when an employer awards job promotions.
• Training requirement. Security+ Certification is being adopted as a recommended prerequisite to enrollment in certain vendors' training courses.
• Customer confidence. As the general public learns about Security+ Certification, customers will request that only certified technicians be assigned to their accounts.
• Improved productivity. Certified employees perform work faster and more accurately. Statistics show that certified employees can work up to 75 percent faster than employees without certification.
• Customer satisfaction. When employees have credentials that prove their competency, customer expectations are more likely to be met. More business can be generated for the employer through repeat sales to satisfied customers.

The Security+ Exam

The text in this book prepares you to master the skills needed to pass the Security+ exam. By mastering all course work, you will be able to complete the Security+ Certification exam with the confidence you need to ensure success. Individuals are permitted to take the exam as many times as they like.

The exam is broken down into five sections, called objective domains. The following table lists the objective domains and the extent to which they are represented in the examination.

Security+ Certification Domain Area	Percentage of Examination
1.0 General Security Concepts	30 percent
2.0 Communications Security	20 percent
3.0 Infrastructure Security	20 percent
4.0 Basics of Cryptography	15 percent
5.0 Operational/Organizational Security	15 percent

Registering for the Security+ Exam

Anyone can take the Security+ exam. There are no specific requirements or prerequisites, except payment of the fee. However, exam content is targeted to computer technicians with 24 months of experience in the IT industry. A typical candidate will have CompTIA A+ and Network+ certifications or have equivalent knowledge, but those certifications are not required to register for the exam.

The tests are administered at both Thompson Prometric and VUE testing centers.
The phone number for registering with Thompson Prometric Security+ in the US is 1-800-977-3926. The phone number for registering with VUE in the US and Canada
is 1-877-551-PLUS (7587). To find registration phone numbers for other countries, or to register online, visit the VUE (http://www.vue.com ) or Thompson Prometric (http://www.2test.com ) Web sites.

When you call, please have the following information available:

• Name and number of the exam, which is Security+ SY0-101
• Social Security number or testing ID
• Mailing address and telephone number
• Employer or organization
• Date on which you want to take the test
• Testing location (you can find this online from the test provider's Web site)
• Method of payment (credit card or check)

Payment is made at the time of registration, either by credit card or by requesting that an invoice be sent to you or your employer. Vouchers and coupons are also redeemed at that time.

Preparing for the Security+ Exam

The process of preparing for the Security+ exam is unique to every student, but there are a wide variety of resources to aid you in the process, including the following:

• Classroom instruction. There are many organizations that offer instructor-led training courses for the Security+ exam. The advantages of this type of training are that you have access to a networking lab in which you can experiment and a teacher whom you can ask questions. This type of training can be quite expensive, however, often running several hundred dollars per day.
• Computer-based training (CBT). CBT courses come on one or more CD-ROMs and can contain multimedia-training materials such as audio and video, in addition to graphics and text. A typical CBT includes software that you install on your computer that enables you to track the lessons you've completed and the amount of time you've spent on each one, as well as your results for any exercises and practice exams that might be included. The advantage of a CBT is that you can work with it at your own pace without having to travel to a training center. CBTs can also be expensive, but not as expensive as classroom training.
• Online training. Some training companies offer Security+ courses using Web-based training, which is usually similar in format to a CBT, but delivered online instead of from a CD-ROM. One advantage of online training is that usage information and quiz scores can be maintained by the training company on its servers, making it a good solution for corporations looking for an employee-training program. Some courses also offer feedback from a live instructor, through online message boards or chat applications, which can place this medium a step above CBTs. Depending on the format of the course, however, online training might not be satisfactory for users limited to relatively low-speed dial-up Internet connections. For corporate customers, however, who usually have high-speed connections, online training could be ideal, and is generally comparable in cost to CBTs.
• Study guides. Books always provide the most information for your training dollar. A student who is disciplined enough to work through a comprehensive Security+ study guide is likely to absorb more information from books than from CBTs or online training courses, and for substantially less money. There are many different Security+ books available, many with exercises and practice questions that provide feedback and progress indicators similar to those in the electronic training formats.
• Practice exams. Practice exams for the Security+ Certification are available in book form, on CD-ROM, and on Web sites. The interface used for the examination by the testing centers should not present a challenge to users familiar with computers, so it should make little difference to most people whether their practice tests are in printed or electronic form. What is more important is the content of the practice exams. In addition to providing the correct answers, a good practice exam should also explain why each possible answer to a question is either right or wrong.

Taking the Security+ Exam

The Security+ exam is administered by computer, and is completely "closed book." You are not permitted to bring any written materials into the testing room with you, although you are given a pencil and a blank piece of paper or a scratch tablet on which you can write any information you want before the exam begins. Many candidates memorize a page full of crucial facts and jot them down in the testing room before the exam begins. You can then use your own notes during the exam, but you must turn them in afterward; you cannot take them out with you.

The testing room typically contains a group of computers, with cubicles or dividers to prevent any distraction or communication between candidates. In most cases, there is a window through which a proctor observes the testing process. You are given time in the testing room to make your own notes. You can then take an orientation exam on the testing computer to familiarize yourself with the format of the software.

The exam is preloaded on the computer when you arrive, and you can start the test at any time. The exam consists of 100 questions, chosen at random from a pool, so that the probability of two people taking the exact same exam is very slight. You have 90 minutes to take the exam; a clock on the computer screen keeps you informed of the time remaining. Each question appears on a separate screen, and you can move forward and backward through the questions by clicking the appropriate arrows. Instructions for using the testing software appear on each screen, although most users familiar with graphical user interfaces don't need them.

The questions are all multiple choice. Some questions require you to select a single answer; these questions have radio buttons on the answers so you can make only one choice. Some questions require more than one answer. These questions have check boxes and also indicate how many selections you can make. All questions are graded either right or wrong; there is no partial credit. If you do not select the required number of responses to a question, the software flags that question and reminds you that it is incomplete at the end of the exam. In some cases, questions include graphics, such as charts or network diagrams. You are asked a question about the graphic, and you might have to click on a particular part of the graphic to indicate your answer.

As you take the test, you can answer each question as it appears, or you can fill a check box that flags an unanswered question to review later. This feature is for user convenience only. You can return to any question at any time in the exam by clicking the forward and backward arrows. The flags only enable you to return to specific questions without having to go through all the questions you have already completed.

Candidates have different techniques for taking multiple-choice exams. Some people read all of the questions first before selecting any responses. This can be beneficial, because later questions might provide a hint or trigger your memory about the subject of an earlier question. However, don't waste too much time doing this, or you might find yourself rushing through the last few questions. Answering 100 questions in 90 minutes works out to less than one minute for each question, so you can't afford to spend too much time on any one question.

The key to taking an exam of this type is to read each question carefully. The language of the questions is chosen very carefully, and sometimes rather deviously. In many cases, questions are designed to trick you into thinking that they are easier than they actually are. If an answer seems painfully obvious, read the question over again. Chances are, the obvious answer is not the correct one. In some cases, all of the responses are correct, and you are instructed to select the one that best answers the question, so always be sure to read all of the possible responses, even when the first one seems correct.

Even if you are completely stumped about a question, you should take a guess before the exam is over. Leave yourself a few minutes at the end of the test to make any guesses you need to, so that you don't leave any questions unanswered.

At the end of the exam there is a brief delay as the computer totals your score. You then receive the results on the spot, with a printed report that breaks down your score into several topics. If you fail the test, this report can be an excellent guide to the material that requires further study. If you pass, the report contains the certification number that you can use to prove your status. Although you receive a score for the exam, the Security+ Certification exam is strictly pass/fail. You can use your high score for bragging rights among your friends and colleagues, but all candidates passing the exam receive the same certification, which is a certificate that CompTIA mails to you a few weeks after the exam.

Technical Support

Every effort has been made to ensure the accuracy of this book and the contents of the companion disc. If you have comments, questions, or ideas regarding this book or the companion disc, please send them to Microsoft Press using either of the following methods:

E-mail: TKINPUT@MICROSOFT.COM

Postal Mail: Microsoft Press
Attn: Security+ Certification Training Kit Editor
One Microsoft Way
Redmond, WA 98052-6399

The Microsoft Press Web site (http://www.microsoft.com/mspress/support ) provides corrections for books. Please note that product support is not offered through this Web site. For further information regarding Microsoft software support options, please connect to http://www.microsoft.com/support.

For information about ordering the full version of any Microsoft software, please connect to http://www.microsoft.com.