The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

Security+ Certification - The First Version

Written by Michael C. Gregg
Published: 14 January 2002
JW_DISQUS_VIEW_COMMENTS
Page 1 of 3

This article described CompTIA's Security+ credential, as it was when it was first released.

A new security certification, named Security+ is close to release. It was created by CompTIA (Computing Technology Industry Association), the folks that brought us A+ certification, and recently completed its beta period.

"You may have heard that the Security+ exam is not that hard, but be forewarned; it covers a vast range of information."
During a beta period, a superset of the questions that will appear on the final exam are administered to early test takers. After a statistically significant number of people take the exam, the test results are compiled and reviewed by subject matter experts (SMEs) to determine the best questions for the live version of the exam, based on the predefined objectives. Then the final exam is released to the general public.

Security+ certification requires you to pass a single exam, costing $199. Although there's only one test, it covers a very wide range of security knowledge. If you are working toward the TICSA or CISSP exam, this would be a good first step. Preparing for Security + can help you fill in those knowledge gaps and be better prepared for subsequent exams. To help you along the road to security certification, we've prepared a blueprint of what you can expect to find on the exam.

Test Objectives

The Security+ exam contains five domains:

  • general security concepts
  • communications security
  • infrastructure security
  • basics of cryptography
  • operational/organizational security
Each of these domains is made up of topics and subtopics that must be mastered to successfully complete the exam. You may have heard that the Security+ exam is not that hard, but be forewarned; it covers a vast range of information. The exam entails all aspects of security and security related topics, so come fully prepared. Let's take a look at each of the five domains.

General Security Concepts (30%)

This first section covers all the general security concepts. To successfully pass this section of the exam you will need to understand all of the various forms of attacks. If you have never experimented with a password cracker you may want to download John the Ripper or L0phtcrack. Do not run these applications at your workplace without the full consent of management. Also make sure that you download these from a trusted source such as packet storm. Many sites run an MD5 checksum on these types of programs to verify that no one has added anything to them. We are talking Trojans here folks! The best place to experiment with these programs is on your home network or an approved test system.

You will also need to know about multi-factor authentication. If you have a bankcard you are familiar with multifactor authentication. Bankcards require two items to successfully access an account: Something you have, and something you know. Together these two items, the card itself and your PIN, allow you access to the account. General security concept subcategories include:

  • Authentication
  • Attacks
  • Malicious Code
  • Social Engineering
  • Auditing