The exam is entirely multiple-choice, which some also call 'multiple guess.' The reason: the answer is actually given to you in the form of a choice! Multiple choice (guess) tests can be considerably easier for the test taker when appropriate test strategies are employed. In the Study Guide, we cover some of these strategies, but just for example: One of the most common techniques in test-taking, especially on CompTIA exams, is to learn word association. In any given question, one or two of the answer choices will be almost entirely unassociated with the question. By utilizing word association, you can ensure that your choice is at least associated with what may be the correct answer.
Even beyond the test format, however, there is much to know about the exam. One of the questions we get all the time is: 'Should I guess' Absolutely! The test does not penalize the test taker for guessing and so you should never, under any circumstances, leave a test answer blank. It is always statistically to your benefit to guess on a given question. Another common question is: 'How hard is the exam?' Actually, the passing score for Security+ is relatively higher than that for the A+ or Network+ exams; this however doesn't imply that the Security+ exam is any harder. In fact, many students find the Security+ exam the least difficult of the CompTIA exams because it is straightforward and usually only covers material specifically noted in the syllabus.
Why Become Security+ Certified?
There are several reasons to become Security+ certified, including:
* An array of exciting and rewarding careers in information security * To supplement an existing career in networking or administration * Expansion of your own personal knowledge and expertise * We'll talk more about the career options available to the CompTIA Security+ certified professional in the next article on career paths.
A quick note on vouchers Vouchers can be used to reduce or eliminate the cost of the exam. You will almost always have to pay something for the exam fee, but vouchers can significantly reduce the fee.
Some tips on vouchers:
* Much like coupons, vouchers expire and cannot be extended beyond expiration date. Be sure to check the expiry date of the voucher before making a purchase. In general, the closer the expiry date on the voucher, the larger is the discount offered. These high discount vouchers are sometimes also described as "early expiry vouchers" or "short term vouchers". You
* MUST register for the exam before the expiry of the voucher to get the discount.
* Refund or exchange is typically not permitted, so be sure when you make the purchase.
* Typical saving through a voucher can be 10%-45% of the exam price.
Do I really need to be A+ or Network+ certified as CompTIA suggests?
While it never hurts to have more certifications, the truth of the matter is that A+ and Network+ certification have little to do with Security+ and the test is not cumulative over material covered in the A+ or Network+ examinations.
That being said, there is much information that is covered on both the A+ and Network+ exams. For example, the Network+ exam does cover remote access protocols in great detail. However, the wealth of information that is covered on the Network+ exam is not particularly applicable to the Security+ exam. It is therefore probably not worth your time to review this information.
Some Final Thoughts The decision to pursue the Security+ certification is a major one that require an investment of some money and a lot of time. However, the return on that investment - certifcation, expertise, and insight - is invaluable. Therefore we would encourage anyone who believes that the Security+ certification may benefit them to go ahead and learn the information that is necessary to do well on the exam. While it won't be necessarily easy to pass the Security+ exam, the end result is quite rewarding.
Firewalls are one of the most thoroughly misunderstood concepts around in networking and security today. It is your duty to dispel some of the most common misconceptions about firewalls not just for the purpose of passing the Comptia Security+ exam but also for the sake of the information security community!
What is a Firewall? A firewall is any hardware or software designed to prevent unwanted network traffic. Some firewalls are simplistic in nature; in fact, many people use NAT devices as firewalls as they do effectively prevent direct incoming connections to hosts behind the NAT. Other firewalls are intricate operations, based on whitelists and blacklists, rules, and alerts. What all firewalls have in common, however, is an ability to block incoming traffic that may be deemed harmful.
Types of Firewalls Because the definition of a firewall (at least as given above) is somewhat generalized, it is hard to define the general actions and methods of firewalls. Instead, we look at the ways different types of firewalls work. Each type of firewall has abilities, advantages, and drawbacks; to do well on the Security+ exam, you should understand these.
Packet Filtering Firewall A packet filtering firewall polices traffic on the basis of packet headers. IP, UDP, TCP, and even ICMP have enough header information for a packet filtering firewall to make an informed decision as to whether to accept or reject that packet. You can think of a packet filtering firewall as a bouncer at a party. The bouncer may have a list of people that are allowed to come in (a whitelist) or a list of people to specifically exclude (a blacklist). The bouncer may even check a guest's identification to assure that the guest is above 18. Similarly, a packet filtering firewall simply inspects the source and destination of traffic in making a decision on whether to allow the packet to pass through. For example, some traffic may be addressed to a sensitive recipient and would therefore be blocked.
A packet filtering firewall can also filter traffic on the basis of port numbers. For example, many companies now block traffic on port 27374 because it is well-known to be a port used by the Trojan horse 'SubSeven.'
Note that a packet filtering firewall basically operates through a special ACL (access control list) in which both the white and black list of IP addresses and port numbers are listed. In essence, this firewall operates at the Network and Transport layers of the OSI Model. This model is notable for its simplicity, speed, and transparency ' however, traffic is not inspected for malicious content. In addition, IP addresses and DNS addresses can be hidden or 'spoofed,' as discussed in the Attacks lesson.
Circuit-Level Gateway A circuit-level gateway is a type of firewall that operates on the Session layer of the OSI model. Instead of inspecting packets by header/source or port information, it instead maintains a connection between two hosts that is approved to be safe. This is something akin to a parent who approves the people that their children can speak with on the phone once they trust those people. In this scenario, the parent does not have to listen into the conversation because they know they can trust the two communicating children. Similarly, a circuit-level gateway establishes a secure connection between two hosts that have been authenticated and trust each other.
Application-Level Gateway As the name suggests, an application-level gateway operates in the Application layer of the OSI model and actively inspects the contents of packets that are passed through to the gateway. It is for this reason that application-level gateways are considered the most secure as they can actively scan for malformed packets or malicious content. Think of an application-level gateway as the eavesdropping parent. An eavesdropping parent has the most complete knowledge of his or her child's activities because he or she can listen into all of the child's conversations. An application-level gateway does have drawbacks, however, including speed and routing problems. Application-level gateways are notorious for the amount of time it can take to inspect packets.
A special kind of application-level gateway is a proxy server, which is a server that serves as the 'middle man' between two hosts that wish to communicate. In the proxy server model, the host wishing to communicate sends a packet to the application-level gateway (proxy server), which then makes the decision whether to forward the packet to the intended recipient or to deny the request to send the packet.
James Brown has sinced written about articles on various topics from Stroke Treatment, Computers and The Internet and Computers and The Internet. ProProfs Free Online CompTIA Security+ Certification Exam School provides free study aids for the such as study guides, practice exams. James Brown's top article generates over 20400000 views. to your Favourites.