Home > Store

CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition, 3rd Edition

Add To My Wish List

CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition, 3rd Edition

By Dave Prowse
Published Jul 16, 2014 by Pearson IT Certification.

Book

Sorry, this book is no longer in print.

Not for Sale

About

Description

Extras

Sample Content

Updates

Premium Edition

More Information

About

Features

Case studies and hands-on video exercises in each chapter
Three full practice tests based on the real Security + exam
New! Video explanations of all answers in practice tests
Memory tables, study strategies, tips, cautions, key terms, troubleshooting scenarios, last-minute review tearsheet, and more



Description

Copyright 2015
Dimensions: 7-3/8" x 9-1/8"
Pages: 800
Edition: 3rd

Book
ISBN-10: 0-7897-5333-2
ISBN-13: 978-0-7897-5333-5

DVD Features Three Complete Practice Exams, 31 videos, and 31 Interactive Exercises

Master every topic on CompTIA’s new Security+ SY0-401 exam
Assess your knowledge and focus your learning
Review key concepts with chapter-ending activities

CompTIA Security+ SY0-401 Authorized Cert Guide,Deluxe Edition, Third Edition, is a best-of-breed exam study guide. Best-selling author and expert instructor David L. Prowse shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Chapter-ending review activities help you drill on key concepts you must know thoroughly. Practice exam questions help you assess your knowledge, and a final preparation chapter sets you on the path to passing the exam.

The companion DVD contains the powerful Pearson IT Certification Practice Test engine, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. The DVD also includes video solutions and interactive exercises to the Case Studies in the book.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this authorized study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The authorized study guide helps you master all the topics on the Security+ exam, including

Core computer system security
OS hardening and virtualization
Application security
Network design elements
Networking ports, protocols, and threats
Perimeter security
Network media and devices security
Physical security and authentication models
Access control
Vulnerability and risk assessment
Monitoring and auditing
Cryptography, including PKI
Redundancy and disaster recovery
Policies and procedures

Companion DVD

Your purchase includes three free, complete practice exams as well as video solutions and interactive exercises to the Case Studies in the book.

Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), Windows 7, or Windows 8; Microsoft .NET Framework 4.0 Client; Pentium class 1 GHz processor (or equivalent); 512MB RAM; 65



Extras

Author's Site

Link to author site



Premium Edition

Limited Time Offer: Buy CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition, Premium Edition eBook and Practice Test and receive a 10% off discount code for the CompTIA Security+ SYO-401 exam. To receive your 10% off discount code:

1. Register your product at pearsonITcertification.com/register

2. When prompted, enter ISBN: 9780133836509

3. Go to your Account page and click on “Access Bonus Content”

The exciting new CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test with an added bonus of complete video solutions to the 31 hands-on labs and 31 interactive flash-based learning activities that include drag-n-drop and matching to reinforce the learning. The Premium Edition eBook and Practice Test contains the following items:

The Security+ SY0-401 Premium Edition Practice Test, including four full practice exams and enhanced practice test features
PDF and EPUB formats of the CompTIA Security+ SY0-401 Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and Smartphone
Complete video solutions to the 31 hands-on labs
Plus 31 interactive learning activities on key exam topics

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package:

Allows you to focus on individual topic areas or take complete, timed exams
Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
Provides unique sets of exam-realistic practice questions
Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements:

Windows XP (SP3), Windows Vista (SP2), Windows 7 or Windows 8;

Microsoft .NET Framework 4.0 Client;

Pentium class 1GHz processor (or equivalent);

512 MB RAM;

650 MB disc space plus 50 MB for each downloaded practice exam

About the Premium Edition eBook and Video Solutions and Activities

CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition is a best-of-breed exam study guide. Best-selling author and expert instructor David Prowse shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

CompTIA Security+ SY0-401 Cert Guide, Deluxe Edition presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The Deluxe Edition eBook also contains access to the complete video solutions to the 31 case studies in the book and 31 interactive learning activities on key exam topics to reinforce the learning by doing. Learning activities such as test password strength, match the type of Malware with its definition, find the security issues in the network map, and disallow a user access to the network on Saturday and Sunday. Go to the back pages of your eBook for instructions on how to access the video solutions.

Interactive Learning Activities:

2.1 Identifying Malware Types
2.2 Securing the BIOS
2.4 Filtering E-mails
3.3 Stopping Services in the Command Prompt
4.1 Securing Web Browers
5.1 Creating a DMZ
5.3 Defending Against the Web Shell
6.1a Understanding Port Numbers, Part A
6.1b Understanding Port Numbers, Part B
6.1c Understanding Port Numbers, Part C
6.2a Identifying Network Attacks, Part A
6.2b Identifying Network Attacks, Part B
6.2c Identifying Network Attacks, Part C
6.2d Identifying Network Attacks, Part D
7.1 Configuring a Firewall's Ruleset
8.4 Planning Network Security
9.1 Choosing Physical Security Methods
9.2 Selecting the Correct Authentication Technology
9.3 Underdstanding 802.1X
10.1 Password Strength
10.2 Configuring Logon Hours
10.3 Understanding Access Control Models
11.1a Risk Assessment, Part A
11.1b Risk Assessment, Part B
11.1c Vulnerability Management Process
12.1 Capturing and Analyzing Packets
12.2 Deciphering Log Files
13.1 Understanding Symmetric and Asymmetric Algorithms
15.1 Configuring RAID
16.1a Identifying Social Engineering Attacks Part A
16.1b Identifying Social Engineering Attacks Part B

Case Studies Video Solutions:

1-1 Introducing Computer Security
2-1 Using Free Malware Scanning Programs
2-2 Securing the BIOS
2-3 Securing Mobile Devices
3-1 Discerning & Updating Service Pack Level
3-2 Securing a Virtual Machine
3-3 Working with Services in Windiws and Linux
4-1 SecuringWeb Browsers
4-2 Whitelisting and Blacklisting Applications with a Windows Server Policy
5-2 Subnetting a Network
6.1 Scanning Ports
7-2 Configuring Packet Filtering and NAT
7-3 Configuring an Inbound Filter
8-1 Securing a Wireless Device
8-2 Enabling MAC Filtering
8-3 Wardriving and the Cure
9-3 Understanding 802.1X
9-4 Setting Up a Secure VPN
10-1 Configuring Complex Passwords
10-2 Configuring Password Policies and User Accounts
10-4 Configuring User and Group Permissions
11-2 Mapping and Scanning the Network
11-3 Defending Against Password Cracking
12-1 Capturiing and Analyzing Packets
12-2 Deciphering Log Files
12-3 Auditing Files
13-1 Understanding Symmetric and Asymmetric Algorithms
13-2 Disabling the LM Hash
14-1 Understanding PKI
14-2 Making an SSH Connection
15-1 Configuring RAID
17-1 Analyzing Test Questions

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA approved study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The CompTIA approved study guide helps you master all the topics on the Security+ exam, including:

Core computer system security concepts
OS hardening and virtualization
Application security
Network design elements and threats
Perimeter security
Network media and devices security
Physical security and authentication models
Access control methods and models
Vulnerability and risk assessment
Monitoring and auditing
Cryptography, including PKI
Redundancy and disaster recovery
Policies and procedures



Sample Content

Online Sample Chapter

CompTIA Security+ SY0-401 Authorized Cert Guide: OS Hardening and Virtualization

Introduction xxii

Chapter 1 Introduction to Security 3

Foundation Topics 3

Security 101 3

The CIA of Computer Security 3

The Basics of Information Security 5

Think Like a Hacker 8

Chapter Review Activities 10

Review Key Topics 10

Define Key Terms 11

Review Questions 11

Answers and Explanations 13

Chapter 2 Computer Systems Security 17

Foundation Topics 17

Computer Systems Security Threats 17

Malicious Software 18

Viruses 18

Worms 19

Trojan Horses 20

Ransomware 20

Spyware 21

Rootkits 22

Spam 22

Summary of Malware Threats 23

Ways to Deliver Malicious Software 24

Via Software, Messaging, and Media 24

Botnets and Zombies 25

Active Interception 26

Privilege Escalation 26

Backdoors 26

Logic Bombs 27

Preventing and Troubleshooting Malware 28

Preventing and Troubleshooting Viruses 28

Preventing and Troubleshooting Worms and Trojans 32

Preventing and Troubleshooting Spyware 33

Preventing and Troubleshooting Rootkits 35

Preventing and Troubleshooting Spam 36

You Can’t Save Every Computer from Malware! 38

Summary of Malware Prevention Techniques 38

Implementing Security Applications 39

Personal Software Firewalls 39

Host-Based Intrusion Detection Systems 41

Pop-Up Blockers 43

Data Loss Prevention Systems 45

Securing Computer Hardware, Peripherals, and Mobile Devices 45

Securing the BIOS 46

Securing Storage Devices 47

Removable Storage 47

Network Attached Storage 48

Whole Disk Encryption 48

Hardware Security Modules 50

Securing Mobile Devices 50

Malware 51

Botnet Activity 52

SIM Cloning 52

Wireless Attacks 53

Theft 53

Application Security 54

BYOD Concerns 57

Chapter Summary 60

Chapter Review Activities 62

Review Key Topics 62

Define Key Terms 62

Review Questions 63

Answers and Explanations 71

Case Studies for Chapter 2 77

Case Study Solutions 79

Chapter 3 OS Hardening and Virtualization 83

Foundation Topics 83

Hardening Operating Systems 83

Removing Unnecessary Applications and Services 84

Service Packs 92

Windows Update, Patches, and Hotfixes 95

Patches and Hotfixes 96

Patch Management 99

Group Policies, Security Templates, and Configuration Baselines 100

Hardening File Systems and Hard Drives 103

Virtualization Technology 107

Types of Virtualization and Their Purposes 107

Hypervisor 109

Securing Virtual Machines 110

Chapter Summary 112

Chapter Review Activities 113

Review Key Topics 113

Define Key Terms 114

Review Questions 114

Answers and Explanations 118

Case Studies for Chapter 3 121

Case Study Solutions 123

Chapter 4 Application Security 127

Foundation Topics 127

Securing the Browser 127

General Browser Security Procedures 129

Implement Policies 129

Train Your Users 132

Use a Proxy and Content Filter 133

Secure Against Malicious Code 135

Securing Internet Explorer 135

Securing Firefox 141

Securing Other Browsers 145

Securing Other Applications 147

Secure Programming 151

Systems Development Life Cycle 151

Programming Testing Methods 154

Programming Vulnerabilities and Attacks 156

Backdoors 157

Buffer Overflows 157

Arbitrary Code Execution/Remote Code Execution 158

XSS and XSRF 159

More Code Injection Examples 159

Directory Traversal 161

Zero Day Attack 161

Chapter Summary 163

Chapter Review Activities 164

Review Key Topics 164

Define Key Terms 165

Review Questions 165

Answers and Explanations 170

Case Studies for Chapter 4 174

Case Study Solutions 175

Chapter 5 Network Design Elements 179

Foundation Topics 179

Network Design 179

The OSI Model 180

Network Devices 182

Hub 182

Switch 182

Router 184

Network Address Translation, and Private Versus Public IP 185

Network Zones and Interconnections 188

LAN Versus WAN 188

Internet 189

Demilitarized Zone (DMZ) 189

Intranets and Extranets 190

Network Access Control (NAC) 192

Subnetting 192

Virtual Local Area Network (VLAN) 194

Telephony Devices 196

Modems 196

PBX Equipment 197

VoIP 197

Cloud Security and Server Defense 198

Cloud Computing 198

Cloud Security 200

Server Defense 203

File Servers 203

Network Controllers 204

E-mail Servers 204

Web Servers 205

FTP Server 207

Chapter Summary 208

Chapter Review Activities 210

Review Key Topics 210

Define Key Terms 210

Review Questions 210

Answers and Explanations 215

Case Studies for Chapter 5 219

Case Study Solutions 220

Chapter 6 Networking Protocols and Threats 225

Foundation Topics 225

Ports and Protocols 225

Ports Ranges, Inbound Versus Outbound, and Common Ports 225

Protocols That Can Cause Anxiety on the Exam 235

Malicious Attacks 236

DoS 236

DDoS 239

Sinkholes and Blackholes 239

Spoofing 240

Session Hijacking 241

Replay 243

Null Sessions 244

Transitive Access and Client-Side Attacks 244

DNS Poisoning and Other DNS Attacks 245

ARP Poisoning 247

Summary of Network Attacks 247

Chapter Summary 251

Chapter Review Activities 252

Review Key Topics 252

Define Key Terms 252

Review Questions 252

Answers and Explanations 258

Case Studies for Chapter 6 262

Case Study Solutions 263

Chapter 7 Network Perimeter Security 267

Foundation Topics 268

Firewalls and Network Security 268

Firewalls 268

Proxy Servers 274

Honeypots and Honeynets 277

Data Loss Prevention (DLP) 278

NIDS Versus NIPS 279

NIDS 279

NIPS 280

Summary of NIDS Versus NIPS 282

The Protocol Analyzer’s Role in NIDS and NIPS 282

Unified Threat Management 283

Chapter Summary 283

Chapter Review Activities 284

Review Key Topics 284

Define Key Terms 285

Review Questions 285

Answers and Explanations 290

Case Studies for Chapter 7 294

Case Study Solutions 295

Chapter 8 Securing Network Media and Devices 299

Foundation Topics 299

Securing Wired Networks and Devices 299

Network Device Vulnerabilities 300

Default Accounts 300

Weak Passwords 300

Privilege Escalation 302

Back Doors 303

Network Attacks 303

Other Network Device Considerations 303

Cable Media Vulnerabilities 304

Interference 305

Crosstalk 305

Data Emanation 306

Tapping into Data and Conversations 307

Securing Wireless Networks 309

Wireless Access Point Vulnerabilities 309

The Administration Interface 310

SSID Broadcast 310

Rogue Access Points 311

Evil Twin 311

Weak Encryption 311

Wi-Fi Protected Setup 313

VPN over Open Wireless 314

Wireless Access Point Security Strategies 314

Wireless Transmission Vulnerabilities 317

Bluetooth Vulnerabilities 318

Bluejacking 319

Bluesnarfing 319

Chapter Summary 321

Chapter Review Activities 323

Review Key Topics 323

Define Key Terms 323

Review Questions 324

Answers and Explanations 328

Case Studies for Chapter 8 330

Case Study Solutions 333

Chapter 9 Physical Security and Authentication Models 339

Foundation Topics 340

Physical Security 340

General Building and Server Room Security 340

Door Access 342

Biometric Readers 344

Authentication Models and Components 345

Authentication Models 345

Localized Authentication Technologies 348

802.1X and EAP 348

LDAP 351

Kerberos and Mutual Authentication 352

Remote Desktop Services 354

Remote Authentication Technologies 356

Remote Access Service 356

Virtual Private Networks 358

RADIUS Versus TACACS 360

Chapter Summary 362

Chapter Review Activities 363

Review Key Topics 363

Define Key Terms 364

Review Questions 365

Answers and Explanations 372

Case Studies for Chapter 9 376

Case Study Solutions 379

Chapter 10 Access Control Methods and Models 383

Foundation Topics 383

Access Control Models Defined 383

Discretionary Access Control 384

Mandatory Access Control 386

Role-Based Access Control (RBAC) 387

Access Control Wise Practices 388

Rights, Permissions, and Policies 391

Users, Groups, and Permissions 391

Permission Inheritance and Propagation 396

Moving and Copying Folders and Files 397

Usernames and Passwords 397

Policies 400

User Account Control (UAC) 403

Chapter Summary 404

Chapter Review Activities 405

Review Key Topics 405

Define Key Terms 406

Review Questions 406

Answers and Explanations 412

Case Studies for Chapter 10 416

Case Study Solutions 417

Chapter 11 Vulnerability and Risk Assessment 423

Foundation Topics 423

Conducting Risk Assessments 423

Qualitative Risk Assessment 425

Quantitative Risk Assessment 426

Security Analysis Methodologies 429

Security Controls 430

Vulnerability Management 431

Penetration Testing 433

OVAL 434

Assessing Vulnerability with Security Tools 435

Network Mapping 435

Vulnerability Scanning 438

Network Sniffing 441

Password Analysis 443

Chapter Summary 446

Chapter Review Activities 447

Review Key Topics 447

Define Key Terms 448

Review Questions 448

Answers and Explanations 454

Case Studies for Chapter 11 459

Case Study Solutions 460

Chapter 12 Monitoring and Auditing 465

Foundation Topics 465

Monitoring Methodologies 465

Signature-Based Monitoring 466

Anomaly-Based Monitoring 466

Behavior-Based Monitoring 467

Using Tools to Monitor Systems and Networks 467

Performance Baselining 468

Protocol Analyzers 470

Wireshark 471

Network Monitor 472

SNMP 474

Analytical Tools 475

Conducting Audits 478

Auditing Files 478

Logging 481

Log File Maintenance and Security 485

Auditing System Security Settings 486

Chapter Summary 490

Chapter Review Activities 491

Review Key Topics 491

Define Key Terms 492

Review Questions 492

Answers and Explanations 498

Case Studies for Chapter 12 503

Case Study Solutions 504

Chapter 13 Encryption and Hashing Concepts 507

Foundation Topics 507

Cryptography Concepts 507

Symmetric Versus Asymmetric Key Algorithms 512

Symmetric Key Algorithms 512

Asymmetric Key Algorithms 513

Public Key Cryptography 513

Key Management 515

Steganography 515

Encryption Algorithms 516

DES and 3DES 516

AES 517

RC 518

Blowfish and Twofish 518

Summary of Symmetric Algorithms 519

RSA 519

Diffie-Hellman 521

Elliptic Curve 521

More Encryption Types 523

One-Time Pad 523

PGP 524

Hashing Basics 526

Cryptographic Hash Functions 527

MD5 527

SHA 527

RIPEMD and HMAC 528

Happy Birthday! 528

LANMAN, NTLM, and NTLMv2 529

LANMAN 529

NTLM and NTLMv2 531

Additional Password Hashing Concepts 531

Chapter Summary 533

Chapter Review Activities 534

Review Key Topics 534

Define Key Terms 535

Review Questions 535

Answers and Explanations 542

Case Studies for Chapter 13 546

Case Study Solutions 547

Chapter 14 PKI and Encryption Protocols 551

Foundation Topics 551

Public Key Infrastructure 551

Certificates 552

Certificate Authorities 552

Single-Sided and Dual-Sided Certificates 556

Web of Trust 556

Security Protocols 557

S/MIME 557

SSL/TLS 558

SSH 559

PPTP, L2TP, and IPsec 560

PPTP 560

L2TP 560

IPsec 561

Chapter Summary 561

Chapter Review Activities 562

Review Key Topics 562

Define Key Terms 563

Review Questions 563

Answers and Explanations 568

Case Studies for Chapter 14 571

Case Study Solutions 571

Chapter 15 Redundancy and Disaster Recovery 575

Foundation Topics 575

Redundancy Planning 575

Redundant Power 577

Redundant Power Supplies 579

Uninterruptible Power Supplies 579

Backup Generators 581

Redundant Data 582

Redundant Networking 586

Redundant Servers 587

Redundant Sites 588

Redundant People 589

Disaster Recovery Planning and Procedures 590

Data Backup 590

DR Planning 594

Chapter Summary 598

Chapter Review Activities 598

Review Key Topics 598

Define Key Terms 599

Review Questions 599

Answers and Explanations 604

Case Study for Chapter 15 607

Case Study Solution 607

Chapter 16 Policies, Procedures, and People 611

Foundation Topics 611

Environmental Controls 611

Fire Suppression 611

Fire Extinguishers 612

Sprinkler Systems 613

Special Hazard Protection Systems 614

HVAC 615

Shielding 616

Social Engineering 617

Pretexting 618

Malicious Insider 618

Diversion Theft 619

Phishing 619

Hoaxes 621

Shoulder Surfing 621

Eavesdropping 622

Dumpster Diving 622

Baiting 622

Piggybacking/Tailgating 622

Summary of Social Engineering Types 623

User Education and Awareness 624

Legislative and Organizational Policies 625

Data Sensitivity and Classification of Information 626

Personnel Security Policies 628

Privacy Policies 628

Acceptable Use 629

Change Management 629

Separation of Duties/Job Rotation 630

Mandatory Vacations 630

Onboarding and Offboarding 631

Due Diligence 631

Due Care 631

Due Process 632

User Education and Awareness Training 632

Summary of Personnel Security Policies 633

How to Deal with Vendors 633

How to Dispose of Computers and Other IT Equipment Securely 634

Incident Response Procedures 636

Chapter Summary 642

Chapter Review Activities 643

Review Key Topics 643

Review Questions 644

Answers and Explanations 653

Case Studies for Chapter 16 658

Case Study Solutions 659

Chapter 17 Taking the Real Exam 663

Getting Ready and the Exam Preparation Checklist 663

Tips for Taking the Real Exam 667

Beyond the CompTIA Security+ Certification 670

Case Study for Chapter 17 671

Case Study 17-1: Analyzing Test Questions 671

Practice Exam 1: SY0-401 673

Glossary 725

On the DVD:

APPENDIX A View Recommended Resources

APPENDIX B Master List of Key Topics

Acronyms

Case Studies

Case Study Solutions (Video and Simulations)

Table 6-2

TOC, 978078975335, 6/19/2014



Updates

Submit Errata



More Information



Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Privacy Notice

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
Such marketing is consistent with applicable law and Pearson's legal obligations.
Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

As required by law.
With the consent of the individual (or their parent, if the individual is a minor)
In response to a subpoena, court order or legal process, to the extent permitted or required by law
To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
To investigate or address actual or suspected fraud or other illegal activities
To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020

Email Address