Security+ (SY0-501) Study Guide Errata Page
CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide
We work hard to ensure that the books come out without any errors, but some always sneak in.
This page is dedicated to sharing errors identified in the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. If you know of any errors in the book, please let me know.
Unfortunately, I repeated one error several times in the book.
I wrote incorrectly in the Certificate Formats section (Chapter 10) that Canonical Encoding Rules (CER) is a binary format and Distinguished Encoding Rules (DER) is an ASCII format. However, the following is accurate.
- Canonical Encoding Rules (CER) is ASCII.
- Distinguished Encoding Rules (DER) is binary.
- Check out the DER and CER Certificates blog post for clarification.
The following errors have been corrected in the Kindle edition.
|Pg 82||In the Understanding Switches and Getting Help section. The following paragraph in this section isn’t technically accurate, but the difference is subtle.
Although Linux terminal commands use switches too, they don’t use the question mark for help. Instead, if you want basic help on a command, you can often just type the command without any switch, or use the pipe symbol (|) and the word help:
Entering ping or ping | help results in an error with ping and ping outputs an error message. While the error message can be helpful, it doesn’t give you the same amount of help as the man ping command. A Linux expert let me know that you can almost always get help from a command with one of the following two options:
Check out the online Linux lab for different ways to query help on Linux systems.
Some details from a Linux Expert
ping | help
For getting help with ping on Linux.
Drop the pipe to help. It doesn’t help.
On most Linuxes/shells (including bash, the default shell on Kali, the distro you recommend), “help” is a shell built-in command that offers help on the shell itself, *not* executables that can be called from the shell (such as ping). And it ignores its stdin, so piping anything into it has absolutely no effect on its output.
Furthermore, when you invoke ping without any arguments, that’s an error, so the usage message that ping spits out goes to stderr, not stdout. When you make a pipeline, only stdout gets redirected to the next command in the pipeline, not stderr (unless you add extra syntax, which you did not). So, despite the pipe, “help” was not even seeing the output of “ping”.
So if, as a result of entering the above command, you saw info on how to use ping, “help” had nothing to do with it. What happened is that *both* the output of help came out (which is of absolutely no use in trying to figure out how ping works) *and* the (stderr) output of ping came out (which you would have got anyway, even if you hadn’t piped to help).
And I very much take issue with the last paragraph of that section, in which you complain about the inconsistency of help availability. On nearly every distribution of Unix/Linux I’ve used over the past thirty-something years (probably a dozen or more), nearly every command (not to mention library calls, system calls, config files) had a very well written man page. Indeed, especially in my early years, the vast majority of what I knew about Unix (later Linux), I learned from reading man pages. I have always considered the built-in documentation on Unix/Linux vastly superior to that of DOS/Windows. (Exception: PowerShell’s documentation is stellar. But that’s such a late addition, relatively speaking, that you’d hope MS would have started getting things right by then.)
As for getting help with command line switches, your complaint of lack of consistency has a bit more legitimancy. Still, it’s relatively few commands that don’t support at least one of -h, -?, –help. And even for those that don’t, I haven’t run into a command yet that doesn’t give usage if you give it an option it doesn’t support, so –help and/or -? should nearly always get you what you need, even if only accidentally. (I supposed -h might be a bit more risky, since there’s a better chance that it’s supported but means something other than “help”.)
|Pg 96||In the Comparing Identification and AAA section, the second sentence should have the phrase “proving the identity” instead of “providing the identity.”
The complete sentence should be:
|Pg 103||In Chapter 2, Exploring Authentication Concepts, under section title “Something You Have”. The second sentence in the Remember This block is:
HOTP creates a one-time use password that does not expire.
It should read as:
HOTP creates a one-time use password that does not expire until it is used.
|Pg 136|| In Chapter 2, question 12.
Delete the word “former” in the question. It should read as:
A company recently hired you as a security administrator. You notice that some accounts used by temporary employees are currently enabled. Which of the following choices is the BEST next step?
|Pg 140||In the Kindle version, Chapter 3, page 139, under section title “CompTIA Security+ objectives covered in this chapter”. The last objective is listed as:
1.3 Given a scenario, implement secure systems design.
It should be:
|Pg 169|| In Chapter 3, Transparent Proxy Versus Nontransparent Proxy Remember This section. The definition for transparent proxy servers and nontransparent proxy servers is reversed.
It should read:
A proxy server forwards requests for services from a client. It provides caching to improve performance and reduce Internet bandwidth usage. Transparent proxy servers accept and forward requests without modifying them. Nontransparent proxy servers use URL filters to restrict access to certain sites. Both types can log user activity.
|Pgs 191, 199-202, 214-215|| In the “IEEE 802.1x Security,” “PSK, Enterprise, and Open Modes,” and “RADIUS” sections.
802.1x should be 802.1X on these pages and throughout the book.
The Security+ SY0-501 objectives consistently use 802.1x (lower case).
4.3 Given a scenario, implement identity and access management controls.
6.3 Given a scenario, install and configure wireless security settings.
The 802.1 working group uses these guidelines:
There is an IEEE 802.1X independent standard but there isn’t an 802.1x standard, so 802.1X is technically accurate.
|TACACS+ was created by Cisco, but is not proprietary to Cisco.
In the Identity and Access Services section, in the TACACS+ bullet, the first sentence in the second paragraph should be:
TACACS+ is an alternative to RADIUS.
In the TACACS section, the first sentence in the second paragraph should be:
Although CISCO created TACACS+, it can interact with Kerberos.
In the Remember this, the second sentence should be:
TACACS+ can be used with Kerberos.
|Pg 433|| XOR bullet. The explanation is swapped. It should read as: If the two inputs are the same, it outputs False (or a binary 0).
If the two inputs are different, it outputs True (or a binary 1).
|Pg 459|| The third sentence incorrectly states that a cached CRL results in more traffic. Instead of “…generates a lot of traffic sent…” it should read as
This reduces traffic sent between clients and the CA.
|Pg 461||In the Certificate Formats section, CER and DER are incorrectly identified as binary and ASCII, respectively.
Canonical Encoding Rules (CER) is ASCII.
Distinguished Encoding Rules (DER) is binary.The first sentence in the third paragraph should be:
“CER is an ASCII format and DER is a binary format.”
|Pg 462||The following graphic shows a correction for Table 10-3.
In the paragraph right below Table 10-3 describing PEM, the fourth sentence should be:
“They can be formatted as CER (ASCII files) or DER (binary files).”In the paragraph describing P7B certificates, the first sentence should be:
“P7B certificates use the PKCS version 7 (PKCS#7) format and they are CER-based (ASCII) .”In the paragraph describing P12 certificates. the first sentence should be:
“P12 certificates use the PKCS version 12 (PKCS#12) format and they are DER based (binary).”
|Pg 463||Remember this block first sentence should be:
“CER is an ASCII format for certificates and DER is a binary format.”
|Pg 466||The third to last bullet in Exploring PKI Components Exam Topic Review section should be:
“CER is an ASCII format and DER is a binary format.”
|Pg 471||In Chapter 10, question 15, the second sentence in the explanation should be replaced with:
“A Distinguished Encoding Rules (DER)–based certificate is a binary encoded file, but not as specific as a P12 certificate file type.”
|Pg 537||3DES definition in glossary. Change Digital to Data.
It should read as “Triple Data Encryption Standard”
|Pg 540||CBC definition in glossary. The first sentence should be “A mode of operation used by some symmetric encryption ciphers.”
The full glossary definition should be:
CBC—Cipher Block Chaining. A mode of operation used by some symmetric encryption ciphers. It uses an IV for the first block and each subsequent block is combined with the previous block.
|Pg 541||The third sentence in the CER glossary definition should be:
“They are ASCII encoded files.”
|Pg 544||The third sentence in the DER glossary definition should be:
“They are BASE64 binary encoded files.”
|Pg 547||Firewall definition in glossary. The definitions for stateful and stateless firewalls were swapped. They are correct in the chapter. The definition should be:
firewall—A software or a network device used to filter traffic. Firewalls can be application-based (running on a host), or network-based. Stateless firewalls filter traffic using rules within an ACL. Stateful firewalls filter traffic based on its state within a session.
|Pg 555||The second sentence in the P7B glossary definition should be:
They are DER-based (binary) and commonly used to share public keys.The second sentence in the P12 glossary definition should be:
“They are CER-based (ASCII) and often hold certificates with the private key.”
|Pg 567||XOR definition in glossary. The explanation is swapped. It should read as:
If the two inputs are the same, it outputs False (or a binary 0).