Security+ Study Guide Errata Page

Page 25

Update to Kindle has been submitted.

CompTIA changed their link to the Recertification Requirements page. Use this link instead of the link in the third paragraph of the Recertification Requirements section:

http://certification.comptia.org/stayCertified.aspx

Page 40

Update to Kindle has been submitted.

Page 51

Update to Kindle has been submitted.

Internet Protocol security (IPsec) uses protocol ID 50.

UDP port 1721 is not relevant for the Security+ exam.

Page 54

Update to Kindle has been submitted.

You calculate the ALE as SLE x ARO.

Page 56

Update to Kindle has been submitted.

Answer for question 85.

The last sentence in the explanation states:
Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Message Digest 5 (MD5) are all block ciphers.

It should be:
Advanced Encryption Standard (AES) and Data Encryption Standard (DES) are block ciphers. Message Digest 5 (MD5) is a hashing algorithm.

Page 57

Update to Kindle has been submitted.

Answer for question 93.

Correct answer is A (CRL), not C (OCSP). The explanation is accurate.

Page 106

Update to Kindle has been submitted.

The second sentence is the Securing Door Access with Biometrics section. It mentions authorization, but it should be authentication. More specifically, the sentence should read as:

“One of the benefits is that some biometric methods provide both identification and authentication.”

Page 133

Update to Kindle has been submitted.

Answer for question 8.

Correct answer is A (bollards), not B (guards). The explanation is accurate.

Page 140

Update to Kindle has been submitted.

The Remember this block incorrectly states “ARP resolves MAC addresses to IPv4 addresses.”

It should read as “ARP resolves IPv4 addresses to MAC addresses.”

Page 168

The second bullet in the Reviewing Basic Networking Concepts section incorrectly states “ARP resolves MAC addresses to IPv4 addresses.”

It should read as “ARP resolves IPv4 addresses to MAC addresses.”

Page 182

Update to Kindle has been submitted.

The first paragraph in the “Reporting” section has the words alert and alarm swapped in one sentence. It should read as:

Some systems consider an alarm and an alert as the same thing. Other systems use an alarm for a potentially serious issue, and an alert as a relatively minor issue.

Page 183

Update to Kindle has been submitted.

In the fifth paragraph of the False Positives Versus False Negatives section, the words high and low are swapped in the last sentence. It should read as:

It’s important to set the IDS threshold high enough to reduce the number of false positives but low enough to alert on any actual attacks..

In the Remember This block, the words high and low are swapped in the last sentence. It should read as:

Administrators often set the IDS threshold high enough that it minimizes false positives but low enough that it does not allow false negatives.

Page 240

Update to Kindle has been submitted.

Second paragraph from bottom has “signal” instead of “single.” It should read as:

These methods don’t block or weaken authentication. Additionally, they don’t prevent single sign-on methods using transitive trusts.

Page 252

Update to Kindle has been submitted.

Question 1 is missing this phrase: “and protect against zero-day vulnerabilities.” It should read as:

1. Your organization wants to improve the security posture of internal database servers and protect against zero-day vulnerabilities. Of the following choices, what provides the BEST solution?

The explanation is accurate.

Page 317

Update to Kindle has been submitted.

Question 17. Which of the following is an attack against servers hosting a directory service?

A. XSS
B. LDAP
C. XSRF
D. Fuzzing

To be more accurate, these answers should have modifiers as follows:

A. XSS attack
B. LDAP injection attack
C. XSRF attack
D. Fuzzing attack

Page 332

Update to Kindle has been submitted.

It should read as:

Security administrators use vulnerability scanners to identify which systems are susceptible to attacks.

Note: A vulnerability scanner is a technical control. A vulnerability assessment is a management control.

Page 398

Update to Kindle has been submitted.

It should read as:

For example, if a question asks what you would use to hash and it lists encryption algorithms, you can quickly eliminate them because they don’t hash data.

Page 402

Update to Kindle has been submitted.

It should read as:

Although the processing power of computers has advanced since 2010, so has the number of bits in keys used by RSA.

Page 426

Update to Kindle has been submitted.

Explanation incorrectly states that AES and Twofish encrypt data in 12-bit blocks. However, as stated elsewhere in the chapter, they encrypt data in 128-bit blocks. It should read as:

Advanced Encryption Standard (AES) and Twofish encrypt data in 128-bit blocks.

Page 427

Update to Kindle has been submitted.

The second to last sentence in the explanation incorrectly states that “PBKDF2 is based on Blowfish, but Blowfish itself isn’t commonly used to encrypt passwords.”

It should state “Bcrypt is based on Blowfish, but Blowfish itself isn’t commonly used to encrypt passwords.”

Page 484

Update to Kindle has been submitted.

Answer for question 9.

Correct answer is C (RADIUS), not B (SAML). The explanation is accurate.

Page 487

Update to Kindle has been submitted.

Answer for question 28.

The second to last sentence should read as “Address Resolution Protocol (ARP) operates on Layer 2.”