Exam codes: SY0-301 or JK0-018
Format: Conventional multiple choice and Performance-based questions
Number of questions: 100
Passing Score: 750 (scale 100 - 900)
Official Sample Questions
Covers access control, access control models, DAC, MAC, and RBAC.
Covers username/password, CHAP, certificates, Kerberos, mutual authentication, biometrics, tokens, and smartcard authentication.
Covers the different type of attackers, their level of skills and resources, and their motivation.
Covers the concept of Denial of Service attacks and Distributed Denial of Service attacks, including a technical overview of the most common type of DoS attacks such as TCP SYN, UDP flooding and Smurfing.
Covers spoofing attacks such as IP spoofing, ARP spoofing, and spoofing websites.
Covers password, replay, back doors, Man-in-the-Middle, TCP Hijacking, mathematical, birthday, weak keys, and software exploitation attacks.
Covers the human aspect of security.
Covers S/MIME, message encryption and digital signatures, PGP, SPAM, relaying and reverse lookups.
Remote Access Technologies
Covers remote access services, PPP, VPNs, tunneling, IPSec, SSH, L2TP, PPTP, 802.1x, RADIUS, and TACACS.
Covers Internet security, Intranet, Extranet, SSL, HTTPS, S-HTTP, TLS, SFTP, Blind/anonymous FTP, ActiveX, CGI, Java script, Java, signed applets, cookies, buffer overflows, and instant messaging.
Covers viruses, Trojan Horses, back door attacks, worms and logic bombs.
Covers security concerns of using switches, routers, PBXs, firewalls, NAT, and mobile devices, as well as security zones such as DMZ and VLANs.
Network and Storage Media*
Covers security concerns of coaxial, UTP, STP, and fiber optic cabling, and removable media such as diskettes, CDs, hard drives, flashcards, tapes, and smartcards.
Covers 802.11x, WEP, WAP, WTLS, vulnerabilities and various related wireless security technologies.
Detection Systems (IDS)
Covers intrusion detection systems concepts and characteristics. Passive vs Active response, host vs network-based, signature vs behavior-based, limitations and drawbacks, and honey pots.
Covers physical security aspects such as physical barriers, access controls, environmental security, shielding, and fire suppression.
Covers asset identification, vulnerability assessment, threat identification, and risk identication.
Covers computer forensics, identification and collection of evidence, preservation of evidence, and chain of custody.