• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Book Review - All In One Security+ Certification Exam Guide

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles

View previous topic :: View next topic  
Author Message
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Thu Sep 25, 2003 9:28 am    Post subject: Book Review - All In One Security+ Certification Exam Guide Reply with quote

All In One - Security+ Certification Exam Guide

Author: Gregory White
Publisher: Osborne McGraw-Hill
Book Specifications: Hard Cover, 558 pages, CD
Category: Certification
User Level: Assumes basic underlyings of Security
Special Discounted Security Forums Price : £30 UK GBP - http://www.mcgraw-hill.co.uk/securityforums
ISBN: 0072226331
Amazon.co.uk: All In One Security+ Certification Exam Guide
Amazon.com: All In One Security+ Certification Exam Guide




Description

This All-In-One guide is a comprehensive exam guide covering the new foundation level security certification for networking professionals; Security+ from CompTIA. The book includes 100% coverage of all exam objectives for the Security+ Certification, and also serves as an in-depth reference for use in the workplace after the exams

Introduction

My reasons for reading the book are based on both interest and certification. From compTIA themselves:
Quote:
The CompTIA Security+ certification tests for security knowledge mastery of an individual with two years on-the-job networking experience, with emphasis on security


Based purely on the above information and after recently passing the CCNA, I wanted another 'formal' qualification dealing with general security and the exam seems a good stepping stone. More detailed information can be found at the compTIA site : http://www.comptia.org/certification/security/

For anyone taking Microsoft certifications this exam can be used as an elective exam for MCSA and MCSE, more specifics can be found on the MS site : http://www.microsoft.com/traincert/mcp/comptia.asp

To deviate slightly from the standard review format I have decided to break the review down into two parts. The first will be an overview into the book as a whole with a more detailed focus on an area I am inexperienced in such as cryptography. The second part of the review will follow when I find time to take the exam and comment on its usefulness directly to the test itself

Contents

The book has 19 chapters, each ending with a review and answers / questions relating to the test. Also attached is a CDROM containing simulated exams with practice questions & answers, learnkey video training and the complete ebook.

Chapters


Part I: Authentication
1: General Security Concepts

Part II: Malware and Attacks
2: Types of Attacks and Malicious Software

Part III: Security in Transmissions
3: Remote Access
4: E-Mail
5: Web Components
6: Wireless and Instant Messaging

Part VI: Security for the Infrastructure
7: Infrastructure Security
8: Intrusion Detection Systems
9: Security Baselines

Part V: Cryptography and Applications
10: Cryptography
11: Public Key Infrastructure
12: Standards and Protocols

Part VI: Operational Security
13: Operational/Organizational Security
14: Disaster Recovery, Business Continuity, and Organizational Policies

Part VII: Administrative Controls
15: Security and Law
16: Privilege Management
17: Computer Forensics
18: Risk Management
19: Change Management

Part VIII: Appendixes
A: About the CD-ROM
B: OSI Model and Internet Protocols


Style And Detail

A link to an example chapter is provided, chapter 13 covers Operational / Organizational Security : http://www.osborne.com/products/0072226331/0072226331_ch13.pdf


The book is laid out into topics within each chapter which generally are split into paragraphs aided by diagrams where relevant. Some sections describe a service or a daemon in general whereas others give real examples and screenshots or different operating systems, for example: SSL certificates in IIS, enabling public services in Mac OS X through to console dumps from Linux based systems.

Notes & Tips are scattered throughout reinforcing specific exam points or pointing to more information such as RFCs. At the end of each chapter there are multiple choice questions with their answers following and brief reasoning.

The book is geared towards the exam and is presented in definition format so could be used for reference if needed. I found some sections did not go into enough detail, whereas others such as public key infrastructure were more comprehensive. There is a balance between technical definitions and theory, which is good as gives you the chance to think about the likes of risk management and physical security which are easily brushed aside.

The attached CD contains each chapter in pdf format for easy and searchable reference. Next is the mastersim which is a simulation based assessment tool with 14 random questions at a time. They imitate an actual system, for example one question prompts you to run a dictionary attack using l0phtCrack on a windows 2000 server account, another emulates basic IIS security , others are simple answers based on diagrams

Lastly on the CD is the masterexam test software which has three training modes of increased complexity. This also checks for live updates online to ensure the latest questions are presented. This also has both open and closed book modes for reference and exam testing respectively.

Conclusion

I found the book interesting to read, the diversity of the chapters also helped with the mixture of cryptography, forensics, intrusion detection and remote access.

In relation to the exam itself I cannot say how similar the questions are although the weighting of the chapters reflects the breakdown of exam questions. The questions are easily answered based on the chapters context and the CD compliments the book well with its test simulator. A lot of the information I am already familiar with which is a bonus, I would be confident to take the exam based on reading the book and using the test material provided.

I will post a reply to this thread if I manage to find the time to take this exam with results and how relevant the book was.

Security Forums Discount

The publishers Mcgraw Hill have kindly setup a discount section for Security Forums' users. Discounts can be up to 30% off the RRP and postage is free on all orders over £20 in the UK & Central Europe.

http://www.mcgraw-hill.co.uk/securityforums


Rating

Highly Recommended 8 / 10



This review is copyright 2003 by the author and Security-Forums.com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.


Last edited by chris on Wed Feb 04, 2004 12:40 am; edited 3 times in total
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Fri Sep 26, 2003 7:22 am    Post subject: Reply with quote

Thanks for the review. After seeing that the UK people get a discount and we dont i was bummed. But squidly is doing some research to see if we in the U.S. could also get a discount. Im still trying to decide between this book and ST's DVD based book that he reviewed.

WOOOHOO!!! I just bought this book online for $30. Pretty good deal i'd say. Can't wait to start studyin for the exam.
Back to top
View user's profile Send private message
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Mon Dec 29, 2003 12:58 am    Post subject: Reply with quote

Since I took the beta Security + test version, it wasn't the same as is current production version. But I didn't have the luxury of any cert books available so all my study material was from individual chapters from different books and many info sources from the net.

My one suggestion for any interested in Security + is don't put all your study material resoucres into any one book. A main reference/learning book is good along with other resources being other books or articles from the net. i.e. if your weak in crypto (I am) then search the net for into articles and build upon that.

I didn't have any questions on wireless security 802.11b or Bluetooth which blew me away and I made it know known at our sme meetings that was not acceptable for a professional level cert. I'm glad to see it's there now. This was not the only hole in the exam but is a good illustration of one.

Security information has come along way in just a few years for people new to security. I'm glad to see it, since there was virtually none just a few years back for new people.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register