Embed Size (px)
Citation preview
ffi rs.indd 10/16/2017 Page i
PR AC TICE TESTS
Save 10% on Exam Vouchers
Coupon Inside!
Provides 1,000 questions, including a practice exam covering all sections of the CompTIA Security+ objective domains. Complements the CompTIA Security+ Study Guide, Exam SY0-501, Seventh Edition, and CompTIA Security+ Deluxe Study Guide, Exam SY0-501, Fourth Edition.
18–4
5311
4
Save $100 on the Sybex Security+ SY0-501 Exam Review Course
Enter code SECURITYVIP at checkout on www.sybex.com/go/securityplusfreetrial
Save 40% on Study MaterialsWhen you enter code VBQ68 at checkout on Wiley.comWhen you enter code VVBQ68 at checkoout on WWiley.coomm
S. RUSSELL CHRISTY AND CHUCK EASTTOM
PR AC TICE TESTS
Save 10% on Exam Vouchers
Coupon Inside!
Provides 1,000 questions, including a practice exam covering all sections of the CompTIA Security+ objective domains. Complements the CompTIA Security+ Study Guide, Exam SY0-501, Seventh Edition, and CompTIA Security+ Deluxe Study Guide, Exam SY0-501, Fourth Edition.
18–4
5311
4
Save $100 on the Sybex Security+ SY0-501 Exam Review Course
Enter code SECURITYVIP at checkout on www.sybex.com/go/securityplusfreetrial
Save 40% on Study MaterialsWhen you enter code VBQ68 at checkout on Wiley.com
CompTIA®
Security+® Study GuideSeventh Edition
CompTIA®
AASecurity+® Study Guide
Exam SY0-501
Seventh Edition
Emmett Dulaney
Chuck Easttom
Senior Acquisitions Editor: Kenyon BrownDevelopment Editor: Gary SchwartzTechnical Editors: Buzz Murphy and Warren WyrostekProduction Editor: Christine O’ConnorCopy Editor: Elizabeth WelchEditorial Manager: Mary Beth WakefieldProduction Manager: Kathleen WisorAssociate Publisher: Jim MinatelBook Designers: Bill Gibson and Judy FungProofreader: Kim WimpsettIndexer: John SleevaProject Coordinator, Cover: Brent SavageCover Designer: WileyCover Image: Getty Images Inc./Jeremy Woodhouse
Copyright © 2018 by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-119-41687-6ISBN: 978-1-119-41690-6 (ebk.)ISBN: 978-1-119-41689-0 (ebk.)
Manufactured in the United States of America
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit-ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978)646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department,John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, oronline at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or war-ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained hereinmay not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or thepublisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.
For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, youmay download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2017955410
TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not beused without written permission. CompTIA and Security+ are trademarks or registered trademarks of CompTIA, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
10 9 8 7 6 5 4 3 2 1
For Emmett Buis and Wolfgang Scisney: bookends.
—Emmett
Acknowledgments
This book would not exist were it not for Mike Pastore, the author of the fi rst edition. He took a set of convoluted objectives for a broad exam and wrote the foundation of the studyguide that you now hold in your hands. While the exam and their associated objectives improved with each iteration, all subsequent editions of this text are forever indebted tohis knowledge, hard work, and brilliance so early on.
Thanks are also due to Gary Schwartz, for being one of the best editors in publishing to work with, and to all of those at Wiley who helped with this title.
About the Authors
Emmett Dulaney is a professor at a small university in Indiana and the former director of training for Mercury Technical Solutions. He is a columnist for Certifi cation Magazine andthe author of more than 30 books on certifi cation, operating systems, and cross-platformintegration. Emmett can be reached at [email protected].
Chuck Easttom is a researcher, consultant, and trainer in computer science and computer security. He has expertise in software engineering, operating systems, databases, web development, and computer networking. He travels the world teaching and consulting on digital forensics, cyber security, cryptology, and related topics. He has authored 22 booksand counting, as well as dozens of research papers. Chuck is additionally an inventor with 10 patented computer-science inventions. He also frequently works as an expert witness incomputer-related cases. His website is http://chuckeasttom.com/ .
Contents at a Glance
Introduction xxiv
Assessment Test xli
Chapter 1 Managing Risk 1
Chapter 2 Monitoring and Diagnosing Networks 45
Chapter 3 Understanding Devices and Infrastructure 79
Chapter 4 Identity and Access Management 121
Chapter 5 Wireless Network Threats 169
Chapter 6 Securing the Cloud 183
Chapter 7 Host, Data, and Application Security 201
Chapter 8 Cryptography 231
Chapter 9 Threats, Attacks, and Vulnerabilities 277
Chapter 10 Social Engineering and Other Foes 315
Chapter 11 Security Administration 363
Chapter 12 Disaster Recovery and Incident Response 383
Appendix Answers to Review Questions 419
Index 435
ContentsIntroduction xxiv
Assessment Test xli
Chapter 1 Managing Risk 1
Risk Terminology 3Threat Assessment 6Risk Assessment 6
Computing Risk Assessment 7Assessing Privacy 12Acting on Your Risk Assessment 12Risks Associated with Cloud Computing 15Risks Associated with Virtualization 16
Developing Policies, Standards, and Guidelines 17Implementing Policies 17Understanding Control Types and False Positives/Negatives 26Risk Management Best Practices 28Change Management 38
Summary 38Exam Essentials 38Review Questions 40
Chapter 2 Monitoring and Diagnosing Networks 45
Monitoring and Diagnosing Networks Terminology 47Frameworks, Best Practices, and Configuration Guides 48
Industry-Standard Frameworks and Reference Architectures 48
National Institute of Standards and Technology (NIST) 51Benchmarks/Secure Configuration Guides 54
Secure Network Architecture Concepts 57Zones 57Tunneling/VPN 63Placing Security Devices 64SDN 67IDS vs. IPS 67
Secure Systems Design 68Hardware and Firmware Security 68Operating Systems 69Peripherals 73Secure Staging Deployment Concepts 73
xiv Contents
Summary 74Exam Essentials 74Review Questions 76
Chapter 3 Understanding Devices and Infrastructure 79
Infrastructure Terminology 81Designing with Security in Mind 84
Firewalls 84VPNs and VPN Concentrators 89Intrusion Detection Systems 91Router 104Switch 106Proxy 107Load Balancer 108Access Point 108SIEM 111DLP 111Network Access Control (NAC) 112Mail Gateway 112Bridge 113SSL/TLS Accelerators 113SSL Decryptors 113Media Gateway 114Hardware Security Module 114
Summary 115Exam Essentials 115Review Questions 116
Chapter 4 Identity and Access Management 121
Using Tools to Assess Your Network 125Protocol Analyzer 125Network Scanners 127Password Cracker 130Vulnerability Scanners 131Command-Line Tools 135Additional Tools 142
Troubleshooting Common Security Issues 143Access Issues 144Configuration Issues 145
Security Technologies 147Intrusion Detection Systems 147Antimalware 148Firewalls and Related Devices 149Other Systems 150
Contents xv
Identity and Access Management Concepts 151Identification vs. Authentication 151Authentication (Single Factor) and Authorization 152Multifactor Authentication 153Biometrics 153Federations 154Potential Authentication and Access Problems 154LDAP 155PAP, SPAP, and CHAP 155Kerberos 156Working with RADIUS 157TACACS, TACACS+, XTACACS 158OATH 158One-Time Passwords 158SAML 159
Install and Configure Identity and Access Services 159Mandatory Access Control 159Discretionary Access Control 160Role-Based Access Control 160Rule-Based Access Control 160ABAC 161Smartcards 161Tokens 162
File and Database Security 163Summary 163Exam Essentials 164Review Questions 165
Chapter 5 Wireless Network Threats 169
Wireless Threat Terminology 170Wireless Vulnerabilities to Know 171
Replay 172Rogue APs and Evil Twins 174Jamming 174WPS 175Bluejacking 175Bluesnarfing 175NFC and RFID 176Disassociation 176
Wireless Commonsense 176Wireless Attack Analogy 176Summary 177Exam Essentials 178Review Questions 179
xvi Contents
Chapter 6 Securing the Cloud 183
Cloud-Related Terminology 184Working with Cloud Computing 186
Software as a Service (SaaS) 186Platform as a Service (PaaS) 186Infrastructure as a Service (IaaS) 188Private Cloud 189Public Cloud 189Community Cloud 189Hybrid Cloud 190
Working with Virtualization 190Understanding Hypervisors 190Understanding Containers and Application Cells 192VDI/VDE 192On-Premise vs. Hosted vs. Cloud 192VM Escape Protection 193VM Sprawl Avoidance 193
Security and the Cloud 194Cloud Access Security Brokers 195Cloud Storage 195Security as a Service 195
Summary 196Exam Essentials 196Review Questions 197
Chapter 7 Host, Data, and Application Security 201
Threat Actors and Attributes 204Script Kiddies 205Hacktivist 206Organized Crime 207Nation-States/APT 207Insiders 207Competitors 207
Use of Open Source Intelligence 208Types of Vulnerabilities 211
Configuration Issues 211User Issues 212Zero-Day Exploits 212Other Issues 214
Embedded Systems Security 214Application Vulnerabilities 216
Input Vulnerabilities 216Memory Vulnerabilities 217
Secure Programming 217Programming Models 218Software Testing 218
Contents xvii
Specific Types of Testing 219Secure Coding Standards 220Application Configuration Baselining 221Operating System Patch Management 221Application Patch Management 222
Other Application Security Issues 222Databases and Technologies 222Database Security 225Secure Configurations 225
Code Issues 225Summary 226Exam Essentials 226Review Questions 227
Chapter 8 Cryptography 231
An Overview of Cryptography 234Historical Cryptography 234
Modern Cryptography 238Working with Symmetric Algorithms 239Working with Asymmetric Algorithms 243Cryptography Concepts 246Hashing Algorithms 247Rainbow Tables and Salt 249Key Stretching 249Cryptanalysis Methods 250Wi-Fi Encryption 252
Using Cryptographic Systems 254Confidentiality and Strength 254Integrity 254When to Encrypt 255Digital Signatures 256Authentication 257Nonrepudiation 257Key Features 258
Understanding Cryptography Standards and Protocols 258The Origins of Encryption Standards 259Public Key Infrastructure X.509/Public Key
Cryptography Standards 261X.509 262
Public Key Infrastructure 264Pretty Good Privacy 264SSL and TLS 266
Using Public Key Infrastructure 269Hardware-Based Encryption Devices 269Data Encryption 269
xviii Contents
Authentication 270Summary 271Exam Essentials 271Review Questions 273
Chapter 9 Threats, Attacks, and Vulnerabilities 277
Threat and Attack Terminology 278Living in a World of Viruses 282
Symptoms of a Virus Infection 282How Viruses Work 283Types of Viruses 284Managing Spam to Avoid Viruses 286Antivirus Software 287
Malware and Crypto-Malware 288Understanding Various Types of Application/Service Attacks 296
Identifying Denial-of-Service and Distributed Denial-of-Service Attacks 296
Man-in-the-Middle Attacks 298Buffer Overflow 299Injection 299Cross-Site Scripting and Request Forgery 302Privilege Escalation 303ARP Poisoning 304Amplification 304DNS Poisoning 304Domain Hijacking 304Man-in-the-Browser 305Zero-Day Exploits 305Replay Attacks 305Pass the Hash 306Hijacking and Related Attacks 306Driver Manipulation 307MAC and IP Spoofing Attacks 308
Summary 309Exam Essentials 309Review Questions 311
Chapter 10 Social Engineering and Other Foes 315
Social Engineering and Physical Security Terminology 316Understanding Social Engineering 318
Types of Social Engineering Attacks 319What Motivates an Attack? 325The Principles Behind Social Engineering 326Social Engineering Attack Examples 327
Contents xix
Understanding Physical Security 330Lighting 331Signs 331Fencing, Gates, and Cages 332Security Guards 333Alarms 333Safe 334Secure Cabinets and Enclosures 334Protected Distribution 335Protected Cabling 336Airgap 336Mantrap 336Faraday Cage 337Lock Types 337Biometrics 338Barricades/Bollards 339Tokens/Cards 339Environmental Controls 339Cable Locks 345Screen Filters 346Cameras 346Motion Detection 347Logs 347Infrared Detection 348Key Management 348
Various Control Types 348An Analogy of Control Types 349
Data Security and Privacy Practices 350Data Destruction and Media Sanitation 350Data Sensitivity Labeling and Handling 352Data Roles 355Data Retention 355Legal and Compliance 356
Summary 356Exam Essentials 356Review Questions 358
Chapter 11 Security Administration 363
Connection Types 365Cellular 365Bluetooth 365Wi-Fi 366Infrared 368SATCOM 369
xx Contents
Mobile Devices 369BYOD Issues 371Enforcement 373
Account Management Concepts 374Account Types 375General Concepts 376
Summary 378Exam Essentials 378Review Questions 379
Chapter 12 Disaster Recovery and Incident Response 383
Disaster and Incident Related Terminology 385Penetration Testing 387
What Should You Test? 387Vulnerability Scanning 388
Issues Associated with Business Continuity 389Types of Storage Mechanisms 390Crafting a Disaster-Recovery Plan 392Incident Response Procedures 403Understanding Incident Response 404Tabletop Exercises 412
Summary 412Exam Essentials 413Review Questions 414
Appendix Answers to Review Questions 419
Chapter 1: Managing Risk 420Chapter 2: Monitoring and Diagnosing Networks 421Chapter 3: Understanding Devices and Infrastructure 422Chapter 4: Identity and Access Management 423Chapter 5: Wireless Network Threats 425Chapter 6: Securing the Cloud 426Chapter 7: Host, Data, and Application Security 427Chapter 8: Cryptography 428Chapter 9: Threats, Attacks, and Vulnerabilities 429Chapter 10: Social Engineering and Other Foes 430Chapter 11: Security Administration 431Chapter 12: Disaster Recovery and Incident Response 432
Index 435
Table of ExercisesExercise 1.1 Risk Assessment Computations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Exercise 3.1 Verifying the Presence of a TPM Chip in Windows . . . . . . . . . . . . . . . . . . 114
Exercise 5.1 Configuring a Wireless Connection Not Broadcasting an SSID . . . . . . . 172
Exercise 8.1 Encrypting a Filesystem in Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Exercise 8.2 TLS Settings in Windows Server 2016 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Exercise 9.1 Viewing Running Processes on a Windows-Based Machine . . . . . . . . . 290
Exercise 9.2 Viewing Running Processes on a Linux-Based Machine . . . . . . . . . . . . . 291
Exercise 10.1 Test Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Exercise 10.2 Security Zones in the Physical Environment . . . . . . . . . . . . . . . . . . . . . . . 347
Exercise 12.1 Creating a Backup in SUSE Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Becoming a CompTIA Certified IT Professional is EasyIt’s also the best way to reach greater professional opportuni-ties and rewards.
Learn more: Certification.CompTIA.org/securityplus*Source: CompTIA 9th Annual Information Security Trends study: 500 U.S. IT and Business Executives Responsible for Security
** Source: CompTIA Employer Perceptions of IT Training and Certification
© 2015 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All cer-tification programs and education related to such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally. Other brands and com-pany names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduction or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 02190-Nov2015
Learn more aboutwhat the exam coversby reviewing thefollowing:
• Exam objectives for key study points.• Sample questions for a general overview of what to expect on the exam and examples of question format.• Visit online forums, like LinkedIn, to see what other IT professionals say about CompTIA exams.
Purchase a voucher ata Pearson VUE testingcenter or atCompTIAstore.com.
• Register for your exam at a Pearson VUE testing center:• Visit pearsonvue.com/ CompTIA to find the closest testing center to you.• Schedule the exam online. You will be required to enter your voucher number or provide payment information at registration.• Take your certification exam.
Congratulations on yourCompTIA certification!
• Make sure to add your certification to your resume.• Check out the CompTIA Certification Roadmap to plan your next career move.
LEARN CERTIFY WORK
• Growing Demand Labor estimates predict some technology fields will experience growth of over 20% by the year 2020.* CompTIA certification qualifies the skills required to join this workforce.
• Higher Salaries IT professionals with certifications on their resume command better jobs, earn higher salaries and have more doors open to new multi-industry opportunities.
• Verified Strengths 91% of hiring managers indicate CompTIA cer-tifications are valuable in validating IT expertise, making certifica-tion the best way to demonstrate your competency and knowledge to employers.**
• Universal Skills CompTIA certifications are vendor neutral—which means that certified professionals can proficiently work with an exten-sive variety of hardware and software found in most organizations.
Why Get CompTIA Certified?
Introduction If you’re preparing to take the Security+ exam, you’ll undoubtedly want to fi nd as much information as you can about computer and physical security. The more information you have at your disposal and the more hands-on experience you gain, the better off you’ll be when attempting the exam. This study guide was written with that in mind. The goal was to provide enough information to prepare you for the test, but not so much that you’ll be overloaded with information that’s outside the scope of the exam.
This book presents the material at an intermediate technical level. Experience with and knowledge of security concepts, operating systems, and application systems will help you get a full understanding of the challenges that you’ll face as a security professional.
We’ve included review questions at the end of each chapter to give you a taste of what it’s like to take the exam. If you’re already working in the security fi eld, we recommend that you check out these questions fi rst to gauge your level of expertise. You can then use the book mainly to fi ll in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam.
If you can answer 90 percent or more of the review questions correctly for a given chap-ter, you can feel safe moving on to the next chapter. If you’re unable to answer that many correctly, reread the chapter and try the questions again. Your score should improve.
Don’t just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions.
Before You Begin the CompTIA Security+ Certification Exam Before you begin studying for the exam, it’s imperative that you understand a few things about the Security+ certifi cation. Security+ is a certifi cation from CompTIA (an industry association responsible for many entry-level certifi cations) granted to those who obtain a passing score on a single entry-level exam. In addition to adding Security+ to your résumé as a stand-alone certifi cation, you can use it as an elective in many vendor-certifi cation tracks.
The CompTIA Advance Security Practitioner (CASP) certification is designed for those with up to 10 years of security experience. It builds on Security+ and authenticates knowledge at a higher level. Between Security+ and CASP, CompTIA created a Cybersecurity Analyst certification (CSA+) as a bridge that remains vendor-neutral and verifies that successful candidates have the knowledge and skills required to configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabili-ties, threats, and risks to an organization, with the end goal of securing and protecting applications and systems within an organization.
Introduction xxv
When you’re studying for any exam, the fi rst step in preparation should always be to fi nd out as much as possible about the test: the more you know up front, the better you can plan your course of study. The current exam, and the one addressed by this book, is the 2017 update. Although all variables are subject to change, as this book is being written, the exam consists of 100 questions. You have 90 minutes to take the exam, and the pass-ing score is based on a scale from 100 to 900. Pearson VUE testing centers administer the exam throughout the United States and several other countries.
The exam is predominantly multiple choice with short, concise questions, usually fol-lowed by four possible answers. Don’t expect lengthy scenarios and complex solutions. This is an entry-level exam of knowledge-level topics; you’re expected to know a great deal about security topics from an overview perspective rather than implementation. In many books, the glossary is fi ller added to the back of the text; this book’s glossary (located on the book’s online test bank at www.wiley.com/go/sybextestprep ) should be considered necessary reading. You’re likely to see a question on the exam about what a Trojan horse is, not how to identify it at the code level. Spend your study time learning the different secu-rity solutions and identifying potential security vulnerabilities and where they would be applicable. Don’t get bogged down in step-by-step details; those are saved for certifi cation exams beyond the scope of Security+.
You should also know that CompTIA is notorious for including vague questions on all of its exams. You might see a question for which two of the possible four answers are correct—but you can choose only one. Use your knowledge, logic, and intuition to choose the best answer and then move on. Sometimes, the questions are worded in ways that would make English majors cringe—a typo here, an incorrect verb there. Don’t let this frustrate you; answer the question, and go to the next. Although we haven’t intentionally added typos or other grammatical errors, the questions throughout this book make every attempt to re-create the structure and appearance of the real exam questions.
CompTIA frequently does what is called item seeding , which is the practice of including unscored questions on exams. It does so to gather psychomet-ric data, which is then used when developing new versions of the exam. Before you take it, you are told that your exam may include unscored questions. So, if you come across a question that does not appear to map to any of the exam objectives—or for that matter, does not appear to belong in the exam—it is likely a seeded question. You never really know whether or not a question is seeded, however, so always make your best effort to answer every question.
As you study, you need to know that the exam you’ll take was created at a certain point in time. You won’t see a question about the new virus that hit your systems last week, but you’ll see questions about concepts that existed when this exam was created. Updating the exam is a diffi cult process and results in an increment in the exam number.
xxvi Introduction
Why Become Security+ Certified?There are a number of reasons for obtaining a Security+ certification. These include the following:
It provides proof of professional achievement. Specialized certifications are the best way to stand out from the crowd. In this age of technology certifications, you’ll find hundreds of thousands of administrators who have successfully completed the Microsoft and Cisco certi-fication tracks. To set yourself apart from the crowd, you need a little bit more. The Secu-rity+ exam is part of the CompTIA certification track that includes A+, Network+, and other vendor-neutral certifications such as Linux+, Project+, and more. This exam will help you prepare for more advanced certifications because it provides a solid grounding in security concepts, and it will give you the recognition you deserve.
It increases your marketability. Almost anyone can bluff their way through an interview. Once you’re Security+ certified, you’ll have the credentials to prove your competency. Moreover, certifications can’t be taken from you when you change jobs—you can take that certification with you to any position you accept.
It provides opportunity for advancement. Individuals who prove themselves to be com-petent and dedicated are the ones who will most likely be promoted. Becoming certified is a great way to prove your skill level and show your employer that you’re committed to improving your skill set. Look around you at those who are certified: they are probably the people who receive good pay raises and promotions.
It fulfills training requirements. Many companies have set training requirements for their staff so that they stay up-to-date on the latest technologies. Having a certification program in security provides administrators with another certification path to follow when they have exhausted some of the other industry-standard certifications.
It raises customer confidence. As companies discover the advantages of CompTIA, they will undoubtedly require qualified staff to achieve these certifications. Many companies out-source their work to consulting firms with experience working with security. Firms that have certified staff have a definite advantage over firms that don’t.
How to Become a Security+ Certified ProfessionalThe first place to start to get your certification is to register for the exam at any Pearson VUE testing center. Exam pricing might vary by country or by CompTIA membership. You can contact Pearson at:
Pearson VUE
www.vue.com/comptia
U.S. and Canada: 877-551-PLUS (7587)
