This thread contains any errata concerning incorrect or incomplete information in the Security+ Cert Guide 2nd Edition. It also has additions to the text. If you find anything in the book that you believe is incorrect, please Contact Me.
Virtual PC 2007 issues. Virtual PC 2007 is available at the following link: http://www.microsoft.com/en-us/download/details.aspx?id=4580. Depending on your version of Windows, you might have trouble installing/running Virtual PC 2007. I recommend that anyone studying for the Security+ be running Windows 7 Ultimate. This should eliminate any problems running Virtual PC 2007, and will allow you full access to Windows 7 options such as BitLocker and others. For those of you that can not upgrade to Windows 7 Ultimate, you can also try plain "Virtual PC" available at this link: http://www.microsoft.com/en-us/download/details.aspx?id=3702.
Addition: Chapter 3, Pg. 73. Section: Service Packs (add to note at top of page): Another tool you can use to find out the SP level besides msinfo32.exe is the winver command. This can be run in the Run prompt, in the search box, or in the Command Prompt. Either way, it will bring up the "About Windows" window. You can also discern SP levels directly in the Command Prompt. For example, if you open the Command Prompt in Windows 7 and see on the top line "Microsoft Windows [Version 6.1.7600]" then no SP is installed. But if you do this on Windows 7 with SP1 you will see "Microsoft Windows [Version 6.1.7601]". Note the difference in the last number. You can also see this by simply typing ver. You can also find out the OS name, version, and SP level with the following syntax:
systeminfo|findstr /B /C:"OS Name" /C:"OS Version"
Note the pipe symbol between systeminfo and findstr. Also, the text within the quotes is case sensitive.
In this example, the resulting output on a Windows 7 Ultimate OS with SP1 installed would be:
OS Name: Microsoft Windows 7 Ultimate
OS Version: 6.1.7601 Service Pack 1 Build 7601
For the Version/SP level only, omit the following: /C:"OS Name"
Typo: Chapter 3, Pg. 75, Table 3-1. Section: Service Packs: The 9th row of the first column says "Office 201". This should be "Office 2010". Also, to be more accurate, the column header should say "Operating System/Application."
Error: Chapter 5, Pg. 175, 2nd
paragraph. The FTP ports 20 and 21 descriptions are reversed.
Port 21 makes the connections, and port 20 does the data transfers (or
dynamically assigned ports). So the text should read: "So, in summary,
regular FTP uses port 21 as the control port by default, and possibly
Error: Chapter 5, Pg. 170, 174 & 175. Section: Ports and Protocols: (incorrect port listing): The port listed for FTPS is incorrect. FTPS does not use port 443. Port 443 is used by HTTPS. In Implicit mode FTPS uses 990 as the control port, and port 989 as the data port. The term FTPS should be stricken from Table 5-5, port 443 on page 170. On pages 174-175 in the section "Protocols that can cause anxiety on the exam" FTPS should show ports 990/989, not port 443.
Error: Chapter 5, Pg. 184, ARP Poisoning section: ARP is described in reverse. It should state: "ARP resolves IP addresses to MAC addresses."
Addition: Chapter 7, Pg. 250. Section: Wireless Transmission Vulnerabilities (insert as note after third paragraph): Warchalking: Warchalking is the act of physically drawing symbols in public places that denote open, closed, or protected wireless networks. This is done by attackers to let other attackers know about open wireless networks. However, some organizations use the symbols as well to let people know that they have an open wireless network available to the public. In this case, the symbols will be professionally presented. Various symbols are used including the open node (two half circles back to back), closed node (a closed circle), and a circle with a W which stands for a WEP or WPA-encrypted network.
Error: Chapter 11, Pg. 409. Section: Chapter End Questions (Duplicate question): Question 24. This question is a duplicate of question 6. Please disregard question 24.
Addition: Chapter 12 Pg 425. Section: Encryption Algorithms (Insert as note after RC topic): Blowfish and Twofish are two ciphers designed by Bruce Schneier. The original Blowfish is a block cipher designed as an alternative to DES (the name also pertains to a suite of products). It has a 64-bit block size and variable key size between 1 and 448 bits. Bruce Schneier recommends the newer Twofish cipher which has a block size of 128 bits and a key size up to 256 bits. These symmetrical ciphers have not been compromised as of 2011.
Addition: Chapter 12 Pg 432. Section: Cryptographic Hash Functions (Insert as new topic after SHA topic): RIPEMD and HMAC: RIPEMD stands for the RACE Integrity Primitives Evaluation Message Digest. As of 2011, the latest version (RIPEMD-160) is a 160-bit message digest algorithm used in cryptographic hashing. It is used less than SHA-1 and was designed as an open source hashing algorithm. HMAC stands for Hash-based Message Authentication Code. It is a calculation of MACs through the use of a cryptographic hash function such as MD5 or SHA-1. If for example SHA-1 is used, the corresponding MAC would be known as HMAC-SHA1.
Removal: Chapter 13 Pg 469. Question 23: This question is being removed from the book. Though it is possible to have a public key decrypt a message that was encrypted with a private key in a PKI, it is rare, and would be insecure. Therefore, the second answer to the question is not entirely accurate in my opinion, and the entire question is being removed from the book.
Error: Chapter 14 Pg 491. Section: Disaster Recovery Planning and Procedures (Table 14-2 is incorrectly shown): Table 14-2 should have been broken down into two sections as shown below. This shows two different backup schedules. One that is a full/incremental schedule, and the second which is a full/differential schedule.
Clarification: Chapter 14 Pg 503. Chapter end questions, Question
15. Technically, this question could
be answer A "Incremental" or B "Differential", but
A "Incremental" is the accepted answer. CompTIA expects a
person to understand that an incremental backup will backup anything
that was created/changed since the last incremental backup, or the last
full backup if that was the last one completed. So, the answer CompTIA
is looking for is A: incremental.
Addition: Chapter 15 Pg 532. Section: Incident Response Procedures (insert directly after the seven steps of incident response):
There are many basic forensic procedures that can be utilized within the incident response process. Most commonly, these are applied during steps 3, 4 and 7. Some of these include:
Typo Error: Practice Exam 2, Question 32, Pg 618 and 643. In the question, answer 26n should be 26n, meaning 26 to the power of n. In the explanation where it says "26 to the power of 8 or 268", the 268 should be 268, meaning 26 to the power of 8.
Error: Practice Exam 3 (test engine only), Question ID Question Id: SY0-301-03-058. There are two possible correct answers here. Diffie-Hellman and RSA are both correct for TLS-based sessions.
|About Dave||Testimonials||FAQ||Site Map||Contact|
Copyright © David L. Prowse – Official Website - All Rights Reserved