Atnaujinkite slapukų nuostatas

El. knyga: CompTIA Security+ All-in-One Exam Guide, Fourth Edition (Exam SY0-401)

3.97/5 (122 ratings by Goodreads)
, , , ,
  • Formatas: 704 pages
  • Išleidimo metai: 16-Dec-2014
  • Leidėjas: McGraw-Hill Professional
  • Kalba: eng
  • ISBN-13: 9780071837354
Kitos knygos pagal šią temą:
CompTIA Security+ All-in-One Exam Guide, Fourth Edition (Exam SY0-401)Didesnis paveikslėlis
  • Formatas: 704 pages
  • Išleidimo metai: 16-Dec-2014
  • Leidėjas: McGraw-Hill Professional
  • Kalba: eng
  • ISBN-13: 9780071837354
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.







Get complete coverage of all objectives included on the latest release of the CompTIA Security+ exam from this comprehensive resource. Cowritten by leading informationsecurity experts, this authoritative guide fully addresses the skills required for securing a network and managing risk. You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass CompTIA Security+ exam SY0-401, this definitive volume also serves as an essential on-the-job reference.

COVERS ALL EXAM DOMAINS, INCLUDING:

Network security Compliance and operational security Threats and vulnerabilities Application, data, and host security Access control and identity management Cryptography

ELECTRONIC CONTENT INCLUDESl





200 practice exam questions Test engine that provides practice exams or quizzesthat can be customized by chapter or exam objective PDF copy of the book
Preface xxxi
Acknowledgments xxxiii
Introduction xxxv
Part I Network Security
Chapter 1 Network Device Configuration
3(22)
Network Devices
3(16)
Firewalls
3(4)
Routers
7(1)
Switches
8(1)
Load Balancers
9(1)
Proxies
10(1)
Web Security Gateways
11(1)
VPN Concentrators
11(1)
Intrusion Detection Systems
12(2)
Intrusion Prevention Systems
14(1)
Protocol Analyzers
14(1)
Spam Filter
15(3)
UTM Security Appliances
18(1)
Web Application Firewall vs. Network Firewall
18(1)
Application-aware Devices
19(1)
Chapter Review
19(1)
Questions
20(2)
Answers
22(3)
Chapter 2 Secure Network Administration
25(10)
Secure Network Administration Principles
25(5)
Rule-based Management
25(1)
Firewall Rules
25(1)
VLAN Management
26(1)
Secure Router Configuration
27(1)
Access Control Lists
27(1)
Port Security
28(1)
802.1x
28(1)
Flood Guards
29(1)
Loop Protection
29(1)
Implicit Deny
29(1)
Network Separation
29(1)
Log Analysis
30(1)
Unified Threat Management
30(1)
Chapter Review
30(1)
Questions
30(3)
Answers
33(2)
Chapter 3 Secure Network Design
35(28)
Network Design Elements and Components
35(10)
DMZ Security Zones
35(2)
Sub netting
37(1)
VLAN
38(2)
NAT
40(1)
Remote Access
41(1)
Telephony
41(1)
Network Access Control (NAC)
42(1)
Virtualization
43(1)
Cloud Computing
43(2)
Layered Security/Defense in Depth
45(1)
Protocols
45(10)
IPsec
45(7)
SNMP
52(1)
SSH
52(1)
DNS
52(1)
TLS
53(1)
SSL
53(1)
TCP/IP
53(1)
FTP
53(1)
FTPS
53(1)
SFTP
53(1)
TFTP
54(1)
HTTP
54(1)
HTTPS
54(1)
SCP
54(1)
ICMP
54(1)
IPv4
54(1)
IPv6
54(1)
iSCSI
55(1)
Fibre Channel
55(1)
FCoE
55(1)
Tel net
55(1)
NetBIOS
55(1)
Ports
55(1)
OSI Relevance
56(1)
Chapter Review
57(1)
Questions
57(3)
Answers
60(3)
Chapter 4 Secure Wireless Networking
63(16)
Wireless Networking
63(5)
SSID
64(1)
WEP
64(1)
WPA
65(1)
TKIP
66(1)
WPA2
66(2)
EAP
68(1)
PEAP
68(1)
LEAP
68(1)
CCMP
68(1)
Wireless Operations
68(4)
MAC Filter
68(1)
Antenna Placement
69(1)
Power Level Controls
69(1)
Antenna Types
69(1)
Captive Portals
70(1)
Site Surveys
70(1)
VPN (Over Open Wireless)
71(1)
Chapter Review
72(1)
Questions
72(3)
Answers
75(4)
Part II Compliance and Operational Security
Chapter 5 Risk Concepts
79(22)
An Overview of Risk Management
79(15)
Key Terms for Understanding Risk Management
80(1)
Control Types
80(1)
False Positives
81(1)
False Negatives
81(1)
Importance of Policies in Reducing Risk
82(4)
Qualitative Risk Assessment
86(1)
Quantitative Risk Assessment
87(3)
Risk Calculation
90(1)
Quantitative vs. Qualitative
91(1)
Vulnerabilities
92(1)
Threat Vectors
93(1)
Probability/Threat Likelihood
93(1)
Risk Avoidance, Transference, Acceptance, Mitigation, Deterrence
94(1)
The Cloud
94(2)
Risks Associated with Cloud Computing and Virtualization
95(1)
Virtualization
95(1)
Recovery Time Objective and Recovery Point Objective
96(1)
Chapter Review
96(1)
Questions
97(3)
Answers
100(1)
Chapter 6 System Integration Processes
101(10)
System-Level Processes
101(1)
On-boarding/Off-boarding Business Partners
101(1)
Social Media Networks
102(1)
Interoperability Agreements
102(3)
Privacy Considerations
103(1)
Risk Awareness
104(1)
Data Issues
104(1)
Policies and Procedures
104(1)
Agreements
105(1)
Chapter Review
105(1)
Questions
105(3)
Answers
108(3)
Chapter 7 Risk Management
111(20)
Risk Mitigation Strategies
111(3)
Change Management
111(1)
Incident Management
112(1)
User Rights and Permissions Reviews
112(1)
Perform Routine Audits
113(1)
Data Loss or Theft
113(1)
Technology Controls
114(1)
Risk Management Best Practices
114(12)
Business Continuity Concepts
115(4)
Fault Tolerance
119(2)
Disaster Recovery Concepts
121(5)
Chapter Review
126(1)
Questions
126(3)
Answers
129(2)
Chapter 8 Digital Forensics and Incident Response
131(22)
Forensic Procedures
132(11)
Collection
132(5)
Examination
137(1)
Analysis
138(1)
Reporting
139(2)
Incident Response Procedures
141(1)
Preparation
142(1)
Incident Identification
143(4)
Escalation and Notification
143(1)
Mitigation Steps
144(1)
Lessons Learned
145(1)
Reporting
145(1)
Recovery/Reconstitution Procedures
146(1)
Incident Isolation
146(1)
Data Breach
147(1)
Damage and Loss Control
147(1)
Chapter Review
147(1)
Questions
148(2)
Answers
150(3)
Chapter 9 Security Awareness and Training
153(16)
Security Awareness and Training
153(8)
Security Policy Training and Procedures
154(1)
Role-based Training
154(1)
Personally Identifiable Information
154(2)
Information Classification
156(1)
Data Labeling, Handling, and Disposal
157(1)
Compliance with Laws, Best Practices, and Standards
157(1)
User Habits
158(3)
New Threats and Security Trends/Alerts
161(2)
New Viruses
161(1)
Phishing Attacks
162(1)
Zero-day Exploits
162(1)
Social Networking and P2P
163(1)
Training Metrics and Compliance
163(1)
Chapter Review
164(1)
Questions
164(2)
Answers
166(3)
Chapter 10 Physical Security and Environmental Controls
169(24)
Environmental Controls
169(6)
HVAC
170(1)
Fire Suppression
170(4)
EMI Shielding
174(1)
Hot and Cold Aisles
175(1)
Environmental Monitoring
175(1)
Temperature and Humidity Controls
175(1)
Physical Security
175(11)
Hardware Locks
176(1)
Mantraps
177(1)
Video Surveillance
177(2)
Fencing
179(1)
Proximity Readers
179(1)
Access List
180(1)
Proper Lighting
180(1)
Signs
180(1)
Guards
181(1)
Barricades
181(1)
Biometrics
182(3)
Protected Distribution (Cabling)
185(1)
Alarms
185(1)
Motion Detection
186(1)
Control Types
186(1)
Chapter Review
187(1)
Questions
187(3)
Answers
190(3)
Chapter 11 Security Controls
193(12)
Confidentiality
193(1)
Integrity
194(1)
Availability
194(1)
Safety
195(2)
Fencing
195(1)
Lighting
195(1)
Locks
196(1)
CCTV
196(1)
Escape Routes
196(1)
Escape Plans
196(1)
Drills
196(1)
Testing Controls
196(1)
Chapter Review
197(1)
Questions
197(3)
Answers
200(5)
Part III Threats and Vulnerabilities
Chapter 12 Attacks and Malware
205(30)
Malware
205(5)
Adware
205(1)
Virus
206(1)
Worms
206(1)
Spyware
206(1)
Trojan
207(1)
Rootkits
207(1)
Backdoors
208(1)
Logic Bomb
209(1)
Botnets
209(1)
Ransomware
210(1)
Polymorphic Malware
210(1)
Armored Virus
210(1)
Attack Methods
210(19)
Man-in-the-Middle
211(1)
Denial-of-Service
212(1)
Distributed Denial-of-Service
213(2)
Replay
215(1)
Spoofing
216(3)
Spam
219(1)
Spim
220(1)
Phishing
220(1)
Spear Phishing
220(1)
Vishing
220(1)
Xmas Attack
221(1)
Pharming
221(1)
Privilege Escalation
221(1)
Malicious Insider Threat
222(1)
Cache Poisoning
222(3)
TCP/IP Hijacking
225(1)
Transitive Access
226(1)
Client-side Attacks
226(1)
Password Attacks
226(2)
Typo Squatting/URL Hijacking
228(1)
Watering Hole Attack
229(1)
Chapter Review
229(1)
Questions
229(4)
Answers
233(2)
Chapter 13 Social Engineering
235(12)
Social Engineering Methods
235(5)
Shoulder Surfing
236(1)
Dumpster Diving
237(1)
Tailgating
237(1)
Impersonation
238(1)
Hoaxes
239(1)
Whaling
239(1)
Vishing
239(1)
Social Engineering Principles
240(1)
Tools
240(1)
Chapter Review
241(1)
Questions
241(4)
Answers
245(2)
Chapter 14 Application and Wireless Attacks
247(20)
Wireless Attacks
247(6)
Rogue Access Points
247(1)
Jamming/Interference
248(1)
Evil Twin
248(1)
War Dialing and War Driving
248(1)
Bluetooth Attacks
249(2)
Packet Sniffing
251(1)
Near Field Communication
251(1)
Replay Attacks
252(1)
IV Attack
252(1)
WEP/WPA Attacks
252(1)
WPS Attacks
253(1)
Application Attacks
253(9)
Cross-site Scripting
253(1)
Injections
254(1)
Directory Traversal/Command Injection
255(1)
Buffer Overflow
255(1)
Integer Overflow
256(1)
Zero-day
257(1)
Cookies and Attachments
257(3)
Locally Shared Objects
260(1)
Malicious Add-ons
261(1)
Session Hijacking
261(1)
Client-Side Attacks
261(1)
Arbitrary/Remote Code Execution
262(1)
Chapter Review
262(1)
Questions
263(2)
Answers
265(2)
Chapter 15 Mitigation Techniques
267(22)
Monitoring System Logs
267(2)
Common Logs
267(2)
Periodic Audits of Security Settings
269(1)
System Hardening
269(6)
Disabling Unused Interfaces and Unused Application Service Ports
270(1)
Protecting Management Interfaces and Applications
271(1)
Password Protection
271(3)
Disabling Unused Accounts
274(1)
Network Security
275(4)
Network Software Updates
275(1)
Network Device Configuration
276(1)
802.1x
277(1)
MAC Limiting and Filtering
278(1)
Disabling Unused Interfaces and Unused Application Service Ports
278(1)
Rogue Machine Detection
278(1)
Security Posture
279(2)
Initial Baseline Configuration
279(1)
Updates (aka Hotfixes, Service Packs, and Patches)
279(1)
Continuous Security Monitoring
280(1)
Remediation
281(1)
Reporting
281(1)
Detection Controls vs. Prevention Controls
282(1)
Chapter Review
282(1)
Questions
283(3)
Answers
286(3)
Chapter 16 Threat and Vulnerability Discovery
289(28)
Interpret Results of Security Assessment Tools
289(10)
Tools
289(10)
Risk Calculations
299(1)
Threat vs. Likelihood
299(1)
Assessment Types
299(1)
Risk
300(1)
Threat
300(1)
Vulnerability
300(1)
Assessment Technique
300(4)
Baseline Reporting
301(1)
Code Review
301(1)
Determine Attack Surface
302(2)
Review Architecture
304(1)
Review Designs
304(1)
Penetration Testing
304(1)
Verify a Threat Exists
305(1)
Bypass Security Controls
305(1)
Actively Test Security Controls
305(1)
Exploiting Vulnerabilities
305(1)
Vulnerability Scanning
305(2)
Passively Testing Security Controls
306(1)
Identify Vulnerability
306(1)
Identify Lack of Security Controls
306(1)
Identify Common Misconfigurations
306(1)
Intrusive vs. Non-intrusive
306(1)
Credentialed vs. Non-credentialed
307(1)
False Positive
307(1)
Testing
307(1)
Black Box
307(1)
White Box
308(1)
Gray Box
308(1)
Chapter Review
308(1)
Questions
309(3)
Answers
312(5)
Part IV Application, Data, and Host Security
Chapter 17 Application Security Controls
317(10)
Secure Coding Concepts
317(3)
Error and Exception Handling
318(1)
Input Validation
318(1)
Fuzzing
319(1)
Cross-site Scripting Prevention
319(1)
Cross-site Request Forgery
320(1)
Application Hardening
320(2)
Application Configuration Baseline
321(1)
Application Patch Management
321(1)
NoSQL Databases vs. SQL Databases
321(1)
Server-side vs. Client-side Validation
322(1)
Chapter Review
322(1)
Questions
322(2)
Answers
324(3)
Chapter 18 Mobile Device Security
327(14)
Device Security
327(5)
Full Device Encryption
327(1)
Remote Wiping
328(1)
Lockout
328(1)
Screen-locks
328(1)
GPS
329(1)
Application Control
329(1)
Storage Segmentation
330(1)
Asset Control
330(1)
Mobile Device Management
330(1)
Device Access Control
331(1)
Removable Storage
331(1)
Disabling Unused Features
331(1)
Mobile Application Security
332(1)
Key and Credential Management
332(1)
Authentication
332(1)
Geo-tagging
332(1)
Application Whitelisting
333(1)
Encryption
333(1)
Transitive Trust/Authentication
333(1)
BYOD Concerns
333(4)
Data Ownership
334(1)
Support Ownership
334(1)
Patch Management
334(1)
Antivirus Management
335(1)
Forensics
335(1)
Privacy
335(1)
On-boarding/Off-boarding
335(1)
Adherence to Corporate Policies
336(1)
User Acceptance
336(1)
Architecture/Infrastructure Considerations
336(1)
Legal Concerns
336(1)
Acceptable Use Policy
337(1)
On-board Camera/Video
337(1)
Chapter Review
337(1)
Questions
337(2)
Answers
339(2)
Chapter 19 Host-based Security
341(34)
Host Security
341(23)
Operating System Security and Settings
341(1)
OS Hardening
342(1)
Anti-malware
343(6)
Patch Management
349(4)
Whitelisting vs. Blacklisting Applications
353(1)
Trusted OS
354(1)
Host-based Firewalls
354(1)
Host-based Intrusion Detection
355(7)
Hardware Security
362(1)
Host Software Baselining
362(1)
Virtualization
363(1)
Host-based Security Controls
364(5)
Cloud Storage
364(1)
SAN
364(1)
Handling Big Data
365(1)
Data Encryption
365(1)
Hardware-based Encryption Devices
366(1)
Data Security
367(1)
Permissions/ACL
368(1)
Data Policies
368(1)
Chapter Review
369(1)
Questions
369(4)
Answers
373(2)
Chapter 20 Securing Alternative Environments
375(12)
Alternative Environments
375(4)
SCADA
376(1)
Embedded Systems
376(1)
Phones and Mobile Devices
377(1)
Mainframe
378(1)
Game Consoles
379(1)
In-vehicle Computing Systems
379(1)
Methods
379(2)
Network Segmentation
379(1)
Security Layers
380(1)
Application Firewalls
380(1)
Manual Updates
380(1)
Firmware Version Control
380(1)
Wrappers
380(1)
Control Redundancy and Diversity
381(1)
Chapter Review
381(1)
Questions
381(2)
Answers
383(4)
Part V Access Control and Identity Management
Chapter 21 Access Control and Authentication
387(30)
Authentication Services
387(10)
RADIUS
388(3)
TACACS+
391(3)
Common Remote Access Ports
394(1)
Kerberos
394(2)
LDAP
396(1)
Secure LDAP
396(1)
SAML
397(1)
Authorization
397(6)
Least Privilege
397(2)
Separation of Duties
399(1)
Access Control
399(3)
Job Rotation
402(1)
Time of Day Restrictions
403(1)
Authentication
403(4)
Biometrics
403(1)
Username
403(1)
Smart Card
403(1)
Common Access Card
403(1)
Personal Identity Verification Card
404(1)
Multifactor Authentication
404(1)
HOTP
404(1)
TOTP
405(1)
CHAP
405(1)
PAP
406(1)
EAP
406(1)
Implicit Deny
406(1)
Trusted OS
407(1)
Authentication Factors
407(4)
Identification
408(3)
Vulnerabilities
411(1)
Federation
412(1)
Transitive Trust/Authentication
412(1)
Chapter Review
412(1)
Questions
412(3)
Answers
415(2)
Chapter 22 Account Management
417(14)
User, Group, and Role Management
417(3)
User
417(1)
Groups
418(2)
Multiple Roles
420(1)
Account Policy Enforcement
420(1)
Credential Management
420(1)
Group Policy
420(1)
Password Policies
420(3)
Domain Password Policy
421(1)
Password Attacks
422(1)
Account Auditing
423(1)
Chapter Review
424(1)
Questions
424(2)
Answers
426(5)
Part VI Cryptography
Chapter 23 Cryptographic Concepts
431(16)
General Cryptographic Concepts
431(8)
Symmetric
432(1)
Public Key or Asymmetric
433(1)
Symmetric vs. Asymmetric
434(1)
Session Keys
434(1)
Key Exchange
435(1)
Fundamental Methods
435(1)
Block vs. Stream
435(1)
Elliptic Curve
436(1)
Quantum Cryptography
437(1)
Hashing
437(1)
Ephemeral Keys
438(1)
Cryptographic Objectives
439(3)
Perfect Forward Secrecy
439(1)
Transport Encryption
439(1)
Non-repudiation
439(1)
Key Escrow
439(1)
Steganography
440(1)
Digital Signatures
441(1)
Use of Proven Technologies
442(1)
Chapter Review
442(1)
Questions
442(3)
Answers
445(2)
Chapter 24 Cryptographic Methods
447(46)
Hashing
447(2)
MD5
447(1)
SHA
448(1)
RIPEMD
449(1)
Symmetric Encryption
449(2)
DES
449(1)
3DES
449(1)
AES
450(1)
RC4
451(1)
Blowfish
451(1)
Twofish
451(1)
Asymmetric Encryption
451(2)
RSA
452(1)
Diffie-Hellman
452(1)
ECC
452(1)
Cryptographic Applications
453(4)
PGP
453(1)
GnuPG/GPG
453(1)
PAP/CHAP
454(1)
NT LAN Manager
454(1)
Wireless
454(1)
One-time Pads
455(1)
Comparative Strengths and Performance of Algorithms
455(1)
Use of Algorithms/Protocols with Transport Encryption
455(1)
Cipher Suites
456(1)
Key Stretching
457(1)
The Basics of Public Key Infrastructures
457(3)
Certificate Authorities
460(1)
Registration Authorities
461(9)
Trust and Certificate Verification
463(4)
Digital Certificates
467(1)
Certificate Attributes
468(2)
Certificate Lifecycles
470(9)
Registration and Generation
470(1)
CSR
471(1)
Renewal
471(1)
Revocation
471(3)
Suspension
474(1)
Key Destruction
474(1)
Private Key Protection
475(1)
Key Recovery
476(2)
Key Escrow
478(1)
Public Certificate Authorities
478(1)
Trust Models
479(6)
Hierarchical Trust Model
481(1)
Walking the Certificate Path
482(1)
Peer-to-Peer Model
483(1)
Hybrid Trust Model
484(1)
Chapter Review
485(1)
Questions
485(3)
Answers
488(5)
Part VII Appendixes and Glossary
Appendix A OSI Model and Internet Protocols
493(10)
Networking Frameworks and Protocols
493(1)
OSI Model
494(4)
Application Layer
496(1)
Presentation Layer
497(1)
Session Layer
497(1)
Transport Layer
497(1)
Network Layer
497(1)
Data Link Layer
498(1)
Physical Layer
498(1)
Internet Protocols
498(3)
TCP
498(1)
UDP
499(1)
IP
499(1)
Message Encapsulation
500(1)
Review
501(2)
Appendix B About the CD-ROM
503(4)
System Requirements
503(1)
Total Tester Premium Practice Exam Software
503(1)
Installing and Running Total Tester Premium
Practice Exam Software
504(1)
PDF Copy of the Book
504(1)
Technical Support
505(2)
Total Seminars Technical Support
505(1)
McGraw-Hill Education Content Support
505(2)
Glossary 507(28)
Index 535
Wm. Arthur Conklin (Houston, TX), Security+, CISSP, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston. In addition to his PhD, Mr. Conklin has a MBA from UTSA, and two graduate degrees in Electrical Engineering from the Naval Postgraduate School in Monterey, California. Dr. Conklins interests are information security, systems theory, and secure software design.





Greg White (San Antonio, TX), CompTIA Security+, CISSP, is an Associate Professor in the Department of Computer Science at the University of Texas at San Antonio. Dr. White is the Director of the Center for Infrastructure Assurance and Security at UTSA.





Chuck Cothren is a Research Scientist at University of Texas at San Antonio (UTSA) Center for Infrastructure Assurance and Security (CIAS) and currently serves on the Information Security Associations Alamo Chapter Board of Directors. Mr. Cothren has a wide array of security experience including performing controlled penetration testing, network security policies, computer intrusion forensics, and computer training. He is a Certified Information Systems Security Professional (CISSP) and has co-authored other McGraw-Hill/Osborne titles. Mr. Cothren holds a B.S. in Industrial Distribution from Texas A&M University.





Roger L. Davis is a Senior Internal Audit Manager at NuSkin Enterprises and is responsible for evaluating global business operations in over 35 countries. He is a retired Air Force Colonel with over 20 years of military and information security experience. Mr. Davis is a Certified Information Systems Security Professional (CISSP) and holds a Masters Degree in Computer Science from George Washington University.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97800718373546e.html
Raktažodžiai: