BKSCRPEC.RVW 20030421 "Security+ Exam Cram", Kirk Hausman/Diane Barrett/Martin Weiss, 2003, 0-7897-2910-5, U$29.99/C$46.99/UK#21.99 %A Kirk Hausman %A Diane Barrett dm_barrett@msn.com %A Martin Weiss marty@castadream.com %C 201 W. 103rd Street, Indianapolis, IN 46290 %D 2003 %E Ed Tittel etittel@jump.net %G 0-7897-2910-5 %I Macmillan Computer Publishing (MCP) %O U$29.99/C$46.99/UK#21.99 800-858-7674 info@mcp.com %O http://www.amazon.com/exec/obidos/ASIN/0789729105/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0789729105/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0789729105/robsladesin03-20 %P 484 p. + CD-ROM %T "Security+ Exam Cram" Much of the introduction reads like an advertisement for CompTIA and its various certifications, but there are some useful tips on preparing and practising for the Security+ exam. Chapter one covers the exam itself, with some interesting (and potentially very useful) tips on the exam software and operation. Chapter two starts into the test material with the basic concepts of access control. Having dealt with several Security+ guides (including another from Que just a couple of days ago, cf. BKSCRPTG.RVW) I was quite delightfully surprised to find a very high quality in the explanations and content of this text. Hardening and attacks, in chapter three, is similarly good (with the exception of the malware material). Chapters four, on communications security technologies, and five, on attacks, are collections of brief listings, without much structure, but do contain important points all too often missed in other Security+ works. Infrastructure security, basically network security devices, is quite solid, particularly with respect to firewall basics, in chapter six, as is the material on intrusion detection, in chapter seven. Cryptography gets the usual division into two chapters, eight on the fundamental concepts, and nine on application in the real world. Organizational security is assumed to relate to physical security and disaster recovery, in chapter ten. Chapter eleven starts, rather oddly, with a brief recap of access control, and then a somewhat lightweight review of forensics and security policies. The book closes with not one but two sample exams (with answer keys). The material is clear and readable: concise, but including the important points. The sample questions likewise appear to be of a higher quality than those encountered in other Security+ books. The lack of structure in some chapters is understandable: the Security+ exam is only meant as an entry-level certification, and therefore the guide should be concerned more with familiarity than with a complete understanding. In spite of that limitation, this work easily surpasses Krutz and Vines' "Security+ Prep Guide" (cf. BKSCRTPG.RVW), previously the preferred primer, in terms of accuracy and basic understanding of the material, even though it may be slightly shy on breadth of coverage. I could also recommend that this be a basic reference work for new security staff, quite aside from those who are candidates for the Security+ certification. copyright Robert M. Slade, 2003 BKSCRPEC.RVW 20030421