CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide
We work hard to ensure that the books come out without any errors, but some always sneak in.
This page is dedicated to sharing errors identified in the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. If you know of any errors in the book, please let me know.
Unfortunately, I repeated one error several times in the book.
I wrote incorrectly in the Certificate Formats section (Chapter 10) that Canonical Encoding Rules (CER) is a binary format and Distinguished Encoding Rules (DER) is an ASCII format. However, the following is accurate.
- Canonical Encoding Rules (CER) is ASCII.
- Distinguished Encoding Rules (DER) is binary.
- Check out the DER and CER Certificates blog post for clarification.
The following errors have been corrected in the Kindle edition.
Location | Correction |
Pg 82 | In the Understanding Switches and Getting Help section. The following paragraph in this section isn’t technically accurate, but the difference is subtle.
——————————————- Although Linux terminal commands use switches too, they don’t use the question mark for help. Instead, if you want basic help on a command, you can often just type the command without any switch, or use the pipe symbol (|) and the word help:
——————————————- Entering ping or ping | help results in an error with ping and ping outputs an error message. While the error message can be helpful, it doesn’t give you the same amount of help as the man ping command. A Linux expert let me know that you can almost always get help from a command with one of the following two options: ping –help man ping Check out the online Linux lab for different ways to query help on Linux systems. |
Pg 93 | The third sentence incorrectly states, “Non-persistence is used in a virtual desktop infrastructure (VDI), where user changes to the desktop are not changed.”
The correct sentence should be: |
Pg 96 | In the Comparing Identification and AAA section, the second sentence should have the phrase “proving the identity” instead of “providing the identity.”
The complete sentence should be: |
Pg 103 | In Chapter 2, Exploring Authentication Concepts, under section title “Something You Have”. The second sentence in the Remember This block is:
HOTP creates a one-time use password that does not expire. It should read as: HOTP creates a one-time use password that does not expire until it is used. |
Pg 111 | In Chapter 2, under NTLM section.
The second sentence in the second bullet is: When a user attempts to log on, NTMLv2 creates an HMAC-MD5 hash composed of a combination of the username, the logon domain name (or computer name), the user’s password, the current time, and more. It should be: When a user attempts to log on, NTLMv2 creates an HMAC-MD5 hash composed of a combination of the username, the logon domain name (or computer name), the user’s password, the current time, and more. The last sentence is: If not, it uses either NTLMv2 or NLTM2 Session depending on the capabilities of the systems involved in the session. It should be: If not, it uses either NTLMv2 or NTLM2 Session depending on the capabilities of the systems involved in the session. |
Pg 140 | In the Kindle version, Chapter 3, page 139, under section title “CompTIA Security+ objectives covered in this chapter”. The last objective is listed as:
1.3 Given a scenario, implement secure systems design. It should be: |
Pg 169 | In Chapter 3, Transparent Proxy Versus Nontransparent Proxy Remember This section. The definition for transparent proxy servers and nontransparent proxy servers is reversed.
It should read: A proxy server forwards requests for services from a client. It provides caching to improve performance and reduce Internet bandwidth usage. Transparent proxy servers accept and forward requests without modifying them. Nontransparent proxy servers use URL filters to restrict access to certain sites. Both types can log user activity. |
Pgs 191, 199-202, 214-215 | In the “IEEE 802.1x Security,” “PSK, Enterprise, and Open Modes,” and “RADIUS” sections.
802.1x should be 802.1X on these pages and throughout the book. The Security+ SY0-501 objectives consistently use 802.1x (lower case). 4.3 Given a scenario, implement identity and access management controls. 6.3 Given a scenario, install and configure wireless security settings. The 802.1 working group uses these guidelines: There is an IEEE 802.1X independent standard but there isn’t an 802.1x standard, so 802.1X is technically accurate. |
Pg 213
Pg 216 |
TACACS+ was created by Cisco, but is not proprietary to Cisco.
In the Identity and Access Services section, in the TACACS+ bullet, the first sentence in the first paragraph should be: TACACS+ is an alternative to RADIUS. In the TACACS section, the first sentence in the second paragraph should be: Although CISCO created TACACS+, it can interact with Kerberos. In the Remember this, the second sentence should be: TACACS+ can be used with Kerberos. |
Pg 433 | XOR bullet. The explanation is swapped.
It should read as: If the two inputs are the same, it outputs False (or a binary 0). |
Pg 459 | In Certificate Issues section,
The third sentence incorrectly states that a cached CRL results in more traffic. Instead of “…generates a lot of traffic sent…” it should read as |
Pg 461 | In the Certificate Formats section, CER and DER are incorrectly identified as binary and ASCII, respectively. Canonical Encoding Rules (CER) is ASCII. Distinguished Encoding Rules (DER) is binary. The last sentence in the third paragraph should be: |
Pgs 461-462 | In the Certificate Formats section, the first sentence in the fourth paragraph should be:
Some certificates include headers and footers to identify the contents. The last sentence in the fifth paragraph should be: DER-based certificates are binary encoded so they do not have headers and footers. |
Pg 462 | The following graphic shows a correction for Table 10-3.![]() In the paragraph right below Table 10-3 describing PEM, the fourth sentence should be: “They can be formatted as CER (ASCII files) or DER (binary files).” In the paragraph describing P7B certificates, the first sentence should be: In the paragraph describing P12 certificates. the first sentence should be: |
Pg 463 | Remember this block first sentence should be: “CER is an ASCII format for certificates and DER is a binary format.” |
Pg 466 | The third to last bullet in Exploring PKI Components Exam Topic Review section should be: “CER is an ASCII format and DER is a binary format.” |
Pg 471 | In Chapter 10, question 15, the second sentence in the explanation should be replaced with: “A Distinguished Encoding Rules (DER)–based certificate is a binary encoded file, but not as specific as a P12 certificate file type.” |
Pg 537 | 3DES definition in glossary. Change Digital to Data.
It should read as “Triple Data Encryption Standard” |
Pg 540 | CBC definition in glossary. The first sentence should be “A mode of operation used by some symmetric encryption ciphers.”
The full glossary definition should be: CBC—Cipher Block Chaining. A mode of operation used by some symmetric encryption ciphers. It uses an IV for the first block and each subsequent block is combined with the previous block. |
Pg 541 | The third sentence in the CER glossary definition should be: “They are ASCII encoded files.” |
Pg 544 | The third sentence in the DER glossary definition should be: “They are BASE64 binary encoded files.” |
Pg 547 | Firewall definition in glossary. The definitions for stateful and stateless firewalls were swapped. They are correct in the chapter. The definition should be:
firewall—A software or a network device used to filter traffic. Firewalls can be application-based (running on a host), or network-based. Stateless firewalls filter traffic using rules within an ACL. Stateful firewalls filter traffic based on its state within a session. |
Pg 555 | The second sentence in the P7B glossary definition should be: They are CER-based (ASCII) and commonly used to share public keys. The second sentence in the P12 glossary definition should be: |
Pg 567 | XOR definition in glossary. The explanation is swapped. It should read as:
If the two inputs are the same, it outputs False (or a binary 0). |