Page 13 - StudyBook.pdf
P. 13
Foreword xix
dating identity through a trusted third party (certification server). Key management, certificate
issuance, expiration and revocation, and other elements of a PKI are discussed.
■ Operational/Organizational Security This section deals with the important topic of phys-
ical security and the environmental factors that affect security. We also cover disaster recovery
plans, encompassing backup policies, off-site storage, secure recovery, and business continuity.
Security policies and procedures are covered in detail, with a focus on acceptable use policies,
due care, privacy issues, separation of duties, need to know, password management, service level
agreements (SLAs), disposal/destruction policies, human resources policies, and incident
response policies. Privilege management, computer forensics awareness (including chain of cus-
tody and collection/preservation of evidence), risk identification, education and training of
users, executives and HR personnel, and documentation standards and guidelines are also
important components of this learning domain.
Test-Taking Tips
Different people work best using different methods. However, there are some common methods of prepa-
ration and approach to the exam that are helpful to many test-takers. In this section, we provide some tips
that other exam candidates have found useful in preparing for and actually taking the exam.
■ Exam preparation begins before exam day. Ensure that you know the concepts and terms well
and feel confident about each of the exam objectives. Many test-takers find it helpful to make
flash cards or review notes to study on the way to the testing center.A sheet listing acronyms
and abbreviations can be helpful, as the number of acronyms (and the similarity of different
acronyms) when studying IT topics can be overwhelming.The process of writing the material
down, rather than just reading it, will help to reinforce your knowledge.
■ Many test-takers find it especially helpful to take practice exams that are available on the
Internet and within books such as this one.Taking the practice exams not only gets you used to
the computerized exam-taking experience but also can be used as a learning tool.The best
practice tests include detailed explanations of why the correct answer is correct and why the
incorrect answers are wrong.
■ When preparing and studying, you should try to identify the main points of each objective sec-
tion. Set aside enough time to focus on the material and lodge it into your memory. On the
day of the exam, you should be at the point where you don’t have to learn any new facts or
concepts, but need simply to review the information already learned.
■ The Exam Warning sidebars in this book highlight concepts that are likely to be tested.You may
find it useful to go through and copy these into a notebook as you read the book (remem-
bering that writing something down reinforces your ability to remember it) and then review
them just prior to taking the exam.
■ The value of hands-on experience cannot be stressed enough.Although the Security+ exam
questions tend to be generic (not vendor specific), they are based on test-writers’ experiences in
the field, using various product lines.Thus, there might be questions that deal with the products
of particular hardware vendors, such as Cisco Systems, or particular operating systems, such as
Windows or UNIX. Working with these products on a regular basis, whether in your job envi-
ronment or in a test network that you’ve set up at home, will make you much more comfort-
able with these questions.
www.syngress.com
