## Monday, December 17, 2012

### Comparing Decimal, Hexadecimal, and Binary

If you're working on a certification exam such as the CompTIA A+Network+, or Security+ certification, you might need to review your knowledge of decimal, hexadecimal, and binary. It's basic knowledge, but it's needed and I've found that some people never learned it.

## Decimal

Decimal numbers use a base of ten and include the numbers 0 to 9.

Hexadecimal numbers use a base of 16 and include the numbers 0 to 9 and the characters A to F.

## Binary

Binary numbers use a base of 2 and include only the numbers 0 and 1. The following table shows how binary is raised to different powers to give different values in a four bit binary number.
2^32^22^12^0
8421
•  Any number raised to the power of 0 is 1 so 2^0 is 1.
• Any number raised to the power of 1 is itself so 2^1 is 2
• 2 raised to the power of 2 is the same as 2 x 2 (2 squared or4)
• 2 raised to the power of 3 is the same as 2 x 2 x 2 (2 cubed or 8)

## Comparing Numbers

The following table compares each of these number systems side by side.
2^32^22^12^0
000000
110001
220010
330011
440100
550101
660110
770111
881000
991001
10A1010
11B1011
12C1100
13D1101
14E1110
15F1111

## Other Resources

If you plan on taking the A+,  Network+ or Security+ exams to give yourself the CompTIA Trio, check out these resources:

## CISSP Rapid Review

If you're planning on taking the CISSP exam, you know that it covers an extensive amount of knowledge and takes quite a bit of time to prepare. Your best bet is to get a comprehensive book such as the CISSP: Certified Information Systems Security Professional Study Guide (ISBN-13: 978-1118314173) by Darril Gibson, James Stewart, and Mike Chapple to learn as much as possible about the exam domains. You'll also want to take some practice test questions to get an idea of the exam questions.

As a late stage study tool, you might like to use a recently released book titled CISSP Rapid Review (ISBN-13: 978-0735666788) by Darril Gibson. The book is currently available as an eBook on O'Reilly's site.

This book is designed to remind you of the important concepts and help you determine if you still understand them. A common phrase with the CISSP exam is that it's a mile deep and an inch deep.  That's certainly true, but when you're studying you often have to study topics at some depth so that you understand them even if the actual questions might only expect you to have surface knowledge.

With that in mind, you won't find a lot of depth in this book, but instead, it gets right to the point reminding you know what's important. It includes listings of key exam topics, true/false questions to check your knowledge, and key information for each of the domains.

The following is a short excerpt from chapter 5 covering objectives 5.3 to give you an idea of how the book is laid out.

Of course, there also some great courses out there that are valuable to take prior to the exam. Infosec Institute hosts a seven-day CISSP Prep Course Overview that reports a 93 percent pass rate by the students.

Full post continued here....

## Monday, December 10, 2012

### CompTIA CEUs

If you have the CompTIA A+Network+Security+, Storage+, or CompTIA Advanced Security Practitioner (CASP)  certification, you're required to complete and register continuing education units (CEUs). This blog covers many of the common questions surrounding CEUs.

# Common Questions

Here are some of the common questions related to CEUs. You can also view some questions and answers on the CompTIA site at the following pages:

## Which Certifications Require CEUs?

Only the following certifications are currently in the CompTIA CEU program.
• CompTIA A+
• CompTIA Network+
• CompTIA Security+
• CompTIA Storage+
• CompTIA Advanced Security Practitioner (CASP)

## How Much Does it Cost?

The following list shows the annual fee and cost for each of these certifications.
• CompTIA A+ \$25 (Total \$75)
• CompTIA Network+ \$49 (Total \$147)
• CompTIA Security+ \$49 (Total \$147)
• CompTIA Storage+ 49 (Total \$147)
• CompTIA Advanced Security Practitioner (CASP) \$49 (Total \$147)

## Do I Have to Earn CEUs for All CompTIA Certifications

No. You only need to earn certifications for the highest level of certification.  The following list shows the order of lowest to highest level of certification.
• CompTIA A+
• CompTIA Network+
• CompTIA Security+
• CompTIA Storage+
• CompTIA Advanced Security Practitioner (CASP)
In other words, if you have A, Network+, and Security+, you only need to meet the requirements of Security+.

## How Many CEUs Do I Need

The following list shows how many CEUs you need for each certification.
• CompTIA A+ 20 CEUs
• CompTIA Network+ 30 CEUs
• CompTIA Security+ 50 CEUs
• CompTIA Storage+ 50CEUs
• CompTIA Advanced Security Practitioner (CASP) 75CEUs

## What Can I Do To Earn CEUs?

The most common way to earn CEUs is to pass the most current version of the exam or a higher level exam.  For example, if you have the A+, you're required to gain 20 CEUs. If you then pass the Network+, you earn 30 CEUs and met the requirement for the A+.
You can also meet the requirement taking and passing another vendor's higher level certification.  For example, if you have the CompTIA Security+, you'll meet he requirement by taking and passing the ISC2 SSCP or CISSP. This page lists the other certifications that give full credit.  Click on the [+] to view the qualifying certifications for each group.
Some other activities that qualify are:
• Teaching or lecturing on relevant topics.
• Attending courses or computer based training
• Attending relevant conferences or events
• Attending a CompTIA exam development workshop
• Publishing, books, blogs, articles, or whitepapers
A full list of qualifying activities including how many credits for each are listed in this PDF.

## Do I Need To Pay If I'm In The DoD?

No. If you're in the United States Department of Defense (DoD), these fees are paid for by the DoD. This does not apply to DoD contractors but instead only active duty and civil service employees. This page has most of the information you need.

## How Do I Register my CEUs?

You first need to register with the CompTIA site. You can do so from here. If you've registered before, you can log in from here.
You are required to comply with the CompTIA Code of Ethics Policy and be up to date for the required maintenance fees before you can register.

# Summary

The following list summarizes the order of the CompTIA certifications requiring CEUs, the annual and total cost of each, and how many CEUs are required.
• CompTIA A+ \$25 (Total \$75), 20 CEUs required
• CompTIA Network+ \$49 (Total \$147), 30 CEUs required
• CompTIA Security+ \$49 (Total \$147), 50 CEUs required
• CompTIA Storage+ 49 (Total \$147), 50 CEUs required
• CompTIA Advanced Security Practitioner (CASP) \$49 (Total \$147), 75CEUs required

## Friday, December 7, 2012

### A+ and RAM

If you're planning on taking the CompTIA A+ exams, you should know some basics about random access memory (RAM) including how to recognize it, how to install it, and how to troubleshoot it. I just had to troubleshoot a minor problem with a system that required me to do some basic troubleshooting with RAM and it reminded of how easy things can be if you know the right steps and can follow them.

# Some Basics

First, here are some basics about RAM used in most PCs:
• The primary type of RAM used in a PC is Double Data Rate 3 (DDR3).
• DDR and DDR2 are also used but have largely been replaced with DDR3.
• You can't mix and match DDR versions. In other words, DDR2 memory won't fit in DDR3 slots.
• RAM comes in memory sticks known as Dual Inline Memory Modules (DIMMs).
• RAM for laptop computers comes in small outline DIMMS (SODIMMs).
• Error Correcting Control (ECC) is an added feature that improves the reliability of RAM by detecting and correcting errors. However, it is rarely used in desktop or laptop PCs. Instead, it is used in high-end servers to improve their reliability.
• Parity is another added feature in that can improve the reliability of RAM by detecting errors but it is rarely used in desktop or laptop PCs.
• When replacing RAM, you should use the same speed. If speeds are mismatched, the RAM will operate at the slower speed. Also, if the RAM is rated at a faster speed than the motherboard can handle, the RAM will run at the slower speed of the motherboard.
• When installing dual-channel RAM, you should install a matched set of DIMMS into the same bank. A bank will be two slots of the same color.

# Calculating RAM Speeds

You should also be able to calculate the names and performance characteristics of RAM based on the the clock, or identify the clock based on the name.  First, there are two types of names.
• DDR Standard Name (such as DDR3 800)
• DDR Module Name (such as PC3 10600)
It's important to understand these names, especially when you're purchasing replacement RAM or upgrading RAM. DDR3 is often listed with the PC3 name. If you know what clock your system is using (you can check the BIOS), you can identify what RAM to purchase. For example, if your system is running a 200 MHz clock, you can purchase DDR3 RAM named PC3-12800 or DDR3-1600. If you buy faster more expensive RAM, it will still run at the slower speed of the clock.

## DDR Standard Names

You can calculate the standard names when you know the clock with the following formulas for DDR, DDR2, and DDR3 type RAM.
• DDR Standard Name
Clock x 2 (double pumping)
• DDR2 Standard Name
Clock x 2 (Clock Multiplier) x 2 (double pumping)
• DDR Standard  Name
Clock x 4 (Clock Multiplier) x 2 (double pumping)
For example, if the clock on a system is 100 MHz, the RAM would have the following names:
• DDR Standard Name = DDR-200
100 Mhz x 2 (double pumping)
• DDR2 Standard Name = DDR2-400
100 Mhz x 2 (Clock Multiplier) x 2 (double pumping)
• DDR Standard Name = DDR3-800
100 Mhz x 4 (Clock Multiplier) x 2 (double pumping)
The shortcut formulas for these DDR Standard Names are:
• DDR Standard Name
Clock X 2
• DDR2 Standard Name
Clock X 4
• DDR3 Standard Name
Clock X 8

## DDR Module Names

You can calculate the module names when you know the clock with the following formulas for DDR, DDR2, and DDR3 type RAM.
• DDR Module Name
Clock x 2 (double pumping) x 64 (bits) / 8 (Bytes)
• DDR2 Module Name
Clock x 2 (Clock Multiplier) x 2 (double pumping) x 64 (bits) / 8 (Bytes)
• DDR Module Name
Clock x 4 (Clock Multiplier) x 2 (double pumping)  x 64 (bits) / 8 (Bytes)
For example, if the clock on a system is 100 MHz, the RAM would have the following names:
• DDR Module Name = PC-1600
100MHz x 2 (double pumping) x 64 (bits) / 8 (Bytes)
• DDR2 Module Name = PC-3200
100MHz x 2 (Clock Multiplier) x 2 (double pumping) x 64 (bits) / 8 (Bytes)
• DDR Module Name = PC-6400
100MHz x 4 (Clock Multiplier) x 2 (double pumping)  x 64 (bits) / 8 (Bytes)
The shortcut formulas for these DDR Module Names are:
• DDR Module Name
Clock X 2 X 8
• DDR2 Module  Name
Clock X 4 X 8
• DDR3 Module Name
Clock X 8 X 8

# Troubleshooting RAM

I was just working on a computer running Windows 7 that has 12 GB of RAM installed. I added two virtual machines (VMs) with 3 GB each, but the second machine wouldn't run. I figured with 3 GB each for two VMs, that left 6 GB for Windows 7 and everything should have been fine.
I double-checked how much RAM was installed using the Computer Properties page.  (Click Start, right-click Computer and select Properties.) It showed 12 GB of RAM was installed.
I started the System Information applet (click Start, type in msinfo32 and press Enter). I looked at the system summary page and saw that the Installed Physical Memory was listed at 12 GB but the Available Physical Memory was only 8 GB.  Hmmm..
If I was running Windows 7 Home Basic, my system is limited to only 8 GB but I was running Windows 7 Ultimate which supports as much as 192 GB of RAM.  That's not the problem.

## Hardware or Operating System

At this point, I know I have 12 GB of RAM, but the operating system is only seeing 8 GB. The way to tell if this is a hardware problem is check BIOS.
I restarted by system and pressed F2 to access the BIOS Setup page. (F2 and Delete keys are commonly used to access the BIOS.) When it started, I checked the System Information page and saw that the BIOS was only recognizing 8 GB of RAM. Aha! The problem is hardware.

## Reseat the DIMMS

I shut down the system and opened up the case with the goal of reseating the RAM sticks.
When installing or upgrading RAM, you should follow electrostatic discharge (ESD) damage prevention practices such as with an ESD wrist strap. I didn't have one handy and didn't plan on touching any electrical components. However, I still did the standard self-grounding practice of touching the power supply case.  I also unplugged the power from the system to ensure soft power was not applied to the motherboard.
I then slightly pushed the tab on the left side of a DIMM to push it out of the slot slightly and then I pushed it back in until I heard a click. I repeated the same step on the right side tab and then I did the same two steps on each of the DIMMs.
Next, I closed up the case, plugged it back in and checked the BIOS. 12 GB was now recognized. I booted into Windows 7 and went back to work.

## Other Resources

If you plan on following up your A+ studies with Network+ and Security+ to give yourself the CompTIA Trio, check out these resources:
If you're preparing for the A+ exams, make sure you know some basics about RAM. Also, when you're troubleshooting any PC components, don't forget about the simple steps to verify the BIOS can recognize the hardware, and if it can't try reseating the component. Sometimes, that's all it takes.

## Tuesday, December 4, 2012

### You Can Pass the Security+ Certification

Many times I hear from people asking if they can pass the Security+ SY0-301 exam and earn the Security+ certification. My answer is almost always a hearty yes, but I also spend some time telling them how.  If you were thinking of pursuing this, you might want to know how you can earn the certification. If you've been working with computers for a while (and most people have), this is achievable. And when you have you'll find that it often opens up doors of opportunity for you.

# What's Required?

First, there are no prerequisites except for some money to pay for the voucher. The voucher is \$276 though you can often find  discounted vouchers for cheaper. For example, this company often has discounted vouchers for cheaper. Sometimes they're just a little cheaper, and sometimes they are a lot cheaper.
 Browse categories: CompTIA Microsoft MOS Novell Check Point Cisco IC3 CWNP EC-Council EXIN Sun Microsystems
Beware of some unscrupulous people selling vouchers on eBay. Some have sold bogus voucher numbers that aren't valid and the buyers have lost their money. However, some people have had success this way too.

# What's Recommended?

CompTIA recommends the following:
• A minimum of 2 years' experience in IT administration with a focus on security
• Day to day technical information security experience
• Broad knowledge of security concerns and implementation including the topics listed in the Security+ objectives
The objectives include six domains:
• 1.0 Network Security (21% of exam)
• 2.0 Compliance and Operational Security (18% of exam)
• 3.0 Threats and Vulnerabilities (21% of exam)
• 4.0 Application, Data and Host Security (16% of exam)
• 5.0 Access Control and Identity Management (13% of exam)
• 6.0 Cryptography (11% of exam)
The exam is heavy on networking topics so ideally you will have some networking knowledge.  Ideally, you will have taken and passed the Network+ exam first but I have taught many students without this knowledge and they have taken and passed the exam.  If you're studying for the Network+ exam, check out these quality practice test questions for only \$9.99.

# What Should You Study?

Many people have used the  CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide to study for this exam. If you take a look at the reviews on Amazon you can see that over 85 people have given it five star reviews after using to take and pass the Security+ exam the first time they tried.
Some people with technical backgrounds have posted that they read the book over the weekend and took and passed the exam on Monday. I'm impressed that anyone could read that many pages over the weekend and I'm not in that category. However, it does give an idea of how the book has been able to fill in the right knowledge gaps for people so that they could quickly pass the exam.
Similarly, I've taught many classes with this book in a Monday through Friday daytime setting and people have taken and passed the exam on Friday afternoon or Sunday morning.
This blog includes multiple pages on Security+ you can check out too.

# Are There Any Practice Test Questions?

The  CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide includes over 450 practice test questions in it. This includes practice test question in a pre-assessment, after the end of each chapter, and a post assessment at the end. I recommend the study guide as the primary study source but if you've already been studying from another source and want to test your readiness with some practice test questions, you might like to check out one of these sources.
If you use any practice test questions you should ensure that they have explanations. In my experience, I've noticed that practice test questions without explanations often aren't the best quality and include incorrect answers. I have taught students that have memorized the incorrect answers to these types of practice test questions and they had a hard time unlearning the faulty knowledge they hammered into their head.
Also, you should take the time to ensure you know why the correct answers are correct, and why the incorrect answers are incorrect. Ideally, you should be able look at any question and be able to identify the correct answer knowing why it is correct, and why the incorrect answers are incorrect. This way, you'll be prepared to correctly answer the questions no matter how they are worded.

# How Long Will It Take To Get Ready?

Exactly 64, 800 minutes. That might sound like a better answer than "it depends" but "it depends" is a more realistic answer. In truth, it depends on what your background knowledge is, how much time you have to study, and how determined you are to stick to a study schedule. However, here's a formula that works. Pick a day 45 days from today and set a goal. For example, it might be February 19th and your goal will be:
• I will take and pass the Security+ exam by midnight on February 19th.
• Repeat that goal to yourself every day between now and February 19th and start taking action to make it happen.
• Buy a book such as the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide and spend time studying it every day.
• If something doesn't come clear, post a question to a public forum such as at TechExams.net where friendly people are willing to help you achieve your goal
• Buy a voucher and schedule the exam at a Pearson Vue testing center as soon as you can. You can reschedule later if you have to but when you're scheduled, you're more likely to follow through.
By the way, 64,800 minutes works out to 45 days.

# Celebrate

If you follow these steps, you'll join the thousands of people before you that have become Security+ certified.  Other people have done this. You can too.

# Summary

If you want to take and pass the Security+ SY0-301 exam and earn the Security+ certification, these steps can help you do so. The key is to take action now to get started. Good luck.

## Monday, December 3, 2012

### Network+ Performance Based Questions

Performance based testing is one of the biggest changes that have been occurring with CompTIA certification exams. They are in current 800 series  A+ exams, the Network+ exam, and coming after the first of the year in Security+ exams.  Instead of just multiple choice questions, you can expect to see a mixture of different types of questions.
An earlier blog titled CompTIA Performance Based Testing talks about some of the changes in more depth but here's just a few tidbits on the types of questions you might run across on  the Network+ exam. Overall, it's good news.
You probably won't see more than three of these types of questions and they are less about doing something than actively showing you have the knowledge.
Realistic Practice Test Questions for the Network+ exam.
CompTIA Network+ N10-005 Practice Test Questions (Get Certified Get Ahead)

## Identify

As an example, objective 3.2 "Categorize standard connector types based on network media" expects you to be able to identify different types of connectors. You should be familiar with each of the media listed. One way to make sure you're prepared is to view pictures of the different types of media. You can easily do so with Google images to remind yourself.
This page includes some multiple choice practice test questions related to different connector types.
Realistic practice test questions for the Network+ N10-005 exam
Available through LearnZapp on your mobile phone

## Tools

Similarly, you might be required to identify a tool based on a specific requirement. For example, objective 4.2 "Given a scenario, use appropriate hardware tools to troubleshoot connectivity issues" expects you to know the purpose of many common tools.  If you need to identify a tool by sight that can identify a short or open, what tool would you use?
A past post titled Network+ Hardware Tools includes basic explanations of these tools along with links to images of them.

# Summary

If you're planning on taking the Network+ exam soon, make sure you can identify many of the different connectors and tools by sight. Good luck.

## Friday, November 30, 2012

### Free Network+ Practice Test Questions 3.3

If you're preparing for the Network+ SY0-301 exam, you might like to check your readiness with a few free practice test questions. This page includes three free practice test questions from the following objective in the N10-005 exam.

## Objective 3.3 Compare and contrast different wireless standards

• 802.11 a/b/g/n standards
• Distance
• Speed
• Latency
• Frequency
• Channels
• MIMO
• Channel bonding
These practice test questions came from CompTIA Network+ N10-005: Practice Test Questions (Get Certified Get Ahead). This resource includes 275 realistic practice test questions and over 175 flash cards to help test your readiness so that you can take and pass the exam the first time you take it. It's available for only \$9.99 in the Kindle version and you can download free Kindle apps from Amazon for just about any platform.

# Practice Test Question 1

Q.  Which of the following uses MIMO and OFDM?

A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

# Practice Test Question 2

Q. Which of the following wireless standards has the fastest transfer rate?

A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n
Realistic practice test questions for the Network+ N10-005 exam
Available through LearnZapp on your mobile phone

# Practice Test Question 3

Q.  During regular conference sessions, an 802.11g wireless network is overwhelmed with the amount of traffic it needs to process by wireless clients. Most of the additional traffic is from attendees’ mobile devices such as smart phones. What can be done to improve the performance of the wireless network?

A. Use a channel that doesn’t interfere with the smart phones
B. Use channel bonding
C. Switch to the 2.4 GHz frequency band
D. Add MIMO capabilities to the 802.11g network

These practice test questions are from the CompTIA Network+ N10-005 Practice Test Questions (Get Certified Get Ahead)  book. It includes 275 realistic practice test questions with in-depth explanations for the CompTIA Network+ N10-005 exam. If you've been studying for this exam and want to test your readiness, this book is for you.
It is available as Kindle ebook for only \$9.99 and the Kindle version includes dozens of flash cards to help you reinforce key testable topics. You can download free Kindle apps from Amazon so that you can access the ebook from just about any platform including:
• Windows PC
• MAC
• iPhone
• Android
• BlackBerry
• Windows Phone 7
You can also get it on the Barnes and Noble Nook here.

You may also like to check out other the Network+ blogs and practice test questions from this link or individually here:

Q.  Which of the following uses MIMO and OFDM?

A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

D is correct. 802.11n uses multiple-input multiple-output (MIMO) technologies and orthogonal frequency-division multiplexing (OFDM). 802.11n is the only one of the listed wireless standards that uses MIMO.

A is incorrect. 802.11a uses OFDM but not MIMO.
B is incorrect. 802.11b uses direct-sequence spread spectrum (DSSS) instead of OFDM and it does not use  MIMO.
C is incorrect. 802.11g uses OFDM and DSSS, but not MIMO.

Objective:  3.3 Compare and contrast different wireless standards.

Realistic practice test questions for the Network+ N10-005 exam
Available through LearnZapp on your mobile phone

Q.Which of the following wireless standards has the fastest transfer rate?

A. 802.11a
B. 802.11b
C. 802.11g
D. 802.11n

Answer D is correct. 802.11n has a maximum transfer rate of 600 Mbps, which is faster than the other standards.

A is incorrect. 802.11a has a maximum transfer rate of 54 Mbps.
B is incorrect. 802.11b has a maximum transfer rate of 11 Mbps.
C is incorrect. 802.11g has a maximum transfer rate of 54 Mbps.

Objective:  3.3 Compare and contrast different wireless standards.

If you're looking for more information on the CompTIA Network+ exam, click here.
The link provides a listing of relevant blogs on the Get Certified Get Ahead site.

Q.  During regular conference sessions, an 802.11g wireless network is overwhelmed with the amount of traffic it needs to process by wireless clients. Most of the additional traffic is from attendees’ mobile devices such as smart phones. What can be done to improve the performance of the wireless network?

A. Use a channel that doesn’t interfere with the smart phones
B. Use channel bonding
C. Switch to the 2.4 GHz frequency band
D. Add MIMO capabilities to the 802.11g network

Answer B is correct. Channel bonding can be used to increase the maximum transfer rate from 54 Mbps to 108 Mbps on 802.11g.
A is incorrect. If cordless telephones were interfering with a wireless networks, changing the channel would reduce the interference. However, smart phones are the wireless clients using the wireless network, and they are not interfering with the wireless network.
C is incorrect. 802.11g uses the 2.4 GHz frequency band already.
D is incorrect. 802.11g does not support multiple-input multiple-output (MIMO) with multiple antennas. MIMO is used with 802.11n.
Objective:  3.3 Compare and contrast different wireless standards.

What's next after Network+ for you?
If you want to take and pass the Security+ exam the first time you take it, check out the
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide.

## Wednesday, November 28, 2012

### Free Security+ Practice Test Questions 3.2

If you're preparing for the Security+ SY0-301 exam, you might like to check your readiness with a few free practice test questions. This page includes three free practice test questions from the following objective in the SY0-301 exam.

## Objective 3.2 Analyze and differentiate among types of attacks

• Man-in-the-middle
• DDoS
• DoS
• Replay
• Smurf attack
• Spoofing
• Spam
• Phishing
• Spim
• Vishing
• Spear phishing
• Xmas attack
• Pharming
• Privilege escalation
• Malicious insider threat
• DNS poisoning and ARP poisoning
• Transitive access
• Client-side attacks
The full explanations of all these questions are covered in the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide.  This study guide includes over 450 realistic practice test questions to help you pass the Security+ exam, the first time you take it.
"Passed exam with this book  as my only source"
- Amazon reviewer for
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

# Practice Test Question 1

Q. Bob reported receiving a message from his bank prompting him to call back about a credit card. When he called back, an automated recording prompted him to provide personal information to verify his identity and then provide details about his bank and credit card accounts. What type of attack is this?
A. Phishing
B. Whaling
C. Vishing
D. VoIP

Learn by listening
Key points from the CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide
Over one hour and 20 minutes of audio from the "Remember This" blocks
Over three hours and 20 minutes of questions and answers on audio

# Practice Test Question 2

Q.Attackers sent a targeted email attack to the President of a company. What best describes this attack?

A. Phishing
B. Spam
C. Whaling
D. Botnet

Realistic practice test questions for the Security+ SY0-301 exam
Available through LearnZapp on your mobile phone

# Practice Test Question 3

Q.  What can mitigate ARP poisoning attacks in a network?

A.  Disable unused ports on a switch
B. Man-in-the-middle
C. DMZ
D. VLAN segregation

These practice test questions are derived from the CompTIA Security+: Get Certified Get Ahead- SY0-301 Practice Test Questions book. It includes 275 realistic practice test questions with in-depth explanations for the CompTIA Security+ SY0-301 exam. If you've been studying for this exam and want to test your readiness, this book is for you.
It is also available as Kindle ebook for only \$9.99 and the Kindle version also includes dozens of flash cards to help you reinforce key testable topics. You can download free Kindle apps from Amazon so that you can access the ebook from just about any platform including:
• Windows PC
• MAC
• iPhone
• Android
• BlackBerry
• Windows Phone 7

You may also like to check out other the Security+ blogs and practice test questions from this link or individually here:

Q. Bob reported receiving a message from his bank prompting him to call back about a credit card. When he called back, an automated recording prompted him to provide personal information to verify his identity and then provide details about his bank and credit card accounts. What type of attack is this?
A. Phishing
B. Whaling
C. Vishing
D. VoIP

Answer C is correct. Vishing is a form of phishing that uses recorded voice over the telephone.
A is incorrect. Phishing sends e-mail to users with the purpose of tricking them into revealing personal information (such as bank account information).
B is incorrect.  Whaling is a phishing attack that targets high-level executives.
D is incorrect. Voice over IP (VoIP) is a method used to send voice transmissions over a network. It is not an attack.
Objective: 3.2 Analyze and differentiate among types of attacks

All Security+ domain objectives are fully explained in the
CompTIA Security+: Get Certified Get Ahead: SY0-301 Study Guide

Q.Attackers sent a targeted email attack to the President of a company. What best describes this attack?

A. Phishing
B. Spam
C. Whaling
D. Botnet

Answer C is correct. Whaling is a phishing attack that targets high-level executives and phishing is an email attack.

A is incorrect. Whaling is a phishing attack that targets high-level executives.
B is incorrect. Spam is unsolicited email and phishing and whaling attacks are sent as spam, but spam itself isn’t a targeted attack.
D is incorrect. A botnet is a group of computers joined to a network and criminals control them with command and control servers.
Objective: 3.2 Analyze and differentiate among types of attacks

If you're looking for more information on the CompTIA Security+ exam, click here.
The link provides a listing of relevant blogs on the Get Certified Get Ahead site.

Q.  What can mitigate ARP poisoning attacks in a network?

A.  Disable unused ports on a switch
B. Man-in-the-middle
C. DMZ
D. VLAN segregation

Answer D is correct. Address Resolution Protocol (ARP) poisoning attacks modify the hardware addresses in ARP cache to redirect traffic, and virtual local area network (VLAN) segregation can limit the scope of these attacks.
A is incorrect. Disabling unused physical ports on a switch is a good security practice, but it doesn’t prevent ARP poisoning attacks.
B is incorrect. A man-in-the middle attack can interrupt traffic, insert malicious code, and ARP poisoning is one way to launch a man-in-the middle attack.