Atnaujinkite slapukų nuostatas

El. knyga: CompTIA Security+ Study Guide: Exam SY0-501

3.55/5 (62 ratings by Goodreads)
,
  • Formatas: PDF+DRM
  • Išleidimo metai: 05-Oct-2017
  • Leidėjas: John Wiley & Sons Inc
  • Kalba: eng
  • ISBN-13: 9781119416906
Kitos knygos pagal šią temą:
CompTIA Security+ Study Guide: Exam SY0-501Didesnis paveikslėlis
  • Formatas: PDF+DRM
  • Išleidimo metai: 05-Oct-2017
  • Leidėjas: John Wiley & Sons Inc
  • Kalba: eng
  • ISBN-13: 9781119416906
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Some copies of CompTIA Security+ Study Guide: Exam SY0-501 (9781119416876) were printed without discount exam vouchers in the front of the books. If you did not receive a discount exam voucher with your book, please visit http://media.wiley.com/product_ancillary/5X/11194168/DOWNLOAD/CompTIA_Coupon. pdf to download one.



Expert preparation covering 100% of Security+ exam SY0-501 objectives CompTIA Security+ Study Guide, Seventh Edition offers invaluable preparation for Exam SY0-501. Written by an expert author team, this book covers 100% of the exam objectives with clear, concise explanation. You'll learn how to handle threats, attacks, and vulnerabilities using industry-standard tools and technologies, while understanding the role of architecture and design. From everyday tasks like identity and access management to complex topics like risk management and cryptography, this study guide helps you consolidate your knowledge base in preparation for the Security+ exam. Practical examples illustrate how these processes play out in real-world scenarios, allowing you to immediately translate essential concepts to on-the-job application. You also gain access to the Sybex online learning environment, which features a robust toolkit for more thorough prep: flashcards, glossary of key terms, practice questions, and a pre-assessment exam equip you with everything you need to enter the exam confident in your skill set.

This study guide is approved and endorsed by CompTIA, and has been fully updated to align with the latest version of the exam.





Master essential security technologies, tools, and tasks Understand how Security+ concepts are applied in the real world Study on the go with electronic flashcards and more Test your knowledge along the way with hundreds of practice questions

To an employer, the CompTIA Security+ certification proves that you have the knowledge base and skill set to secure applications, devices, and networks; analyze and respond to threats; participate in risk mitigation, and so much more. As data threats loom larger every day, the demand for qualified security professionals will only continue to grow. If you're ready to take the first step toward a rewarding career, CompTIA Security+ Study Guide, Seventh Edition is the ideal companion for thorough exam preparation.
Introduction xxiv
Assessment Test xli
Chapter 1 Managing Risk 1(44)
Risk Terminology
3(3)
Threat Assessment
6(1)
Risk Assessment
6(11)
Computing Risk Assessment
7(5)
Assessing Privacy
12(1)
Acting on Your Risk Assessment
12(3)
Risks Associated with Cloud Computing
15(1)
Risks Associated with Virtualization
16(1)
Developing Policies, Standards, and Guidelines
17(21)
Implementing Policies
17(9)
Understanding Control Types and False Positives/Negatives
26(2)
Risk Management Best Practices
28(10)
Change Management
38(1)
Summary
38(1)
Exam Essentials
38(2)
Review Questions
40(5)
Chapter 2 Monitoring and Diagnosing Networks 45(34)
Monitoring and Diagnosing Networks Terminology
47(1)
Frameworks, Best Practices, and Configuration Guides
48(9)
Industry-Standard Frameworks and Reference Architectures
48(3)
National Institute of Standards and Technology (NIST)
51(3)
Benchmarks/Secure Configuration Guides
54(3)
Secure Network Architecture Concepts
57(11)
Zones
57(6)
Tunneling/VPN
63(1)
Placing Security Devices
64(3)
SDN
67(1)
IDS vs. IPS
67(1)
Secure Systems Design
68(6)
Hardware and Firmware Security
68(1)
Operating Systems
69(4)
Peripherals
73(1)
Secure Staging Deployment Concepts
73(1)
Summary
74(1)
Exam Essentials
74(2)
Review Questions
76(3)
Chapter 3 Understanding Devices and Infrastructure 79(42)
Infrastructure Terminology
81(3)
Designing with Security in Mind
84(31)
Firewalls
84(5)
VPNs and VPN Concentrators
89(2)
Intrusion Detection Systems
91(13)
Router
104(2)
Switch
106(1)
Proxy
107(1)
Load Balancer
108(1)
Access Point
108(3)
SIEM
111(1)
DLP
111(1)
Network Access Control (NAC)
112(1)
Mail Gateway
112(1)
Bridge
113(1)
SSL/TLS Accelerators
113(1)
SSL Decryptors
113(1)
Media Gateway
114(1)
Hardware Security Module
114(1)
Summary
115(1)
Exam Essentials
115(1)
Review Questions
116(5)
Chapter 4 Identity and Access Management 121(48)
Using Tools to Assess Your Network
125(18)
Protocol Analyzer
125(2)
Network Scanners
127(3)
Password Cracker
130(1)
Vulnerability Scanners
131(4)
Command-Line Tools
135(7)
Additional Tools
142(1)
Troubleshooting Common Security Issues
143(4)
Access Issues
144(1)
Configuration Issues
145(2)
Security Technologies
147(4)
Intrusion Detection Systems
147(1)
Antimalware
148(1)
Firewalls and Related Devices
149(1)
Other Systems
150(1)
Identity and Access Management Concepts
151(8)
Identification vs. Authentication
151(1)
Authentication (Single Factor) and Authorization
152(1)
Multifactor Authentication
153(1)
Biometrics
153(1)
Federations
154(1)
Potential Authentication and Access Problems
154(1)
LDAP
155(1)
PAP, SPAP, and CHAP
155(1)
Kerberos
156(1)
Working with RADIUS
157(1)
TACACS, TACACS+, XTACACS
158(1)
OATH
158(1)
One-Time Passwords
158(1)
SAML
159(1)
Install and Configure Identity and Access Services
159(4)
Mandatory Access Control
159(1)
Discretionary Access Control
160(1)
Role-Based Access Control
160(1)
Rule-Based Access Control
160(1)
ABAC
161(1)
Smartcards
161(1)
Tokens
162(1)
File and Database Security
163(1)
Summary
163(1)
Exam Essentials
164(1)
Review Questions
165(4)
Chapter 5 Wireless Network Threats 169(14)
Wireless Threat Terminology
170(1)
Wireless Vulnerabilities to Know
171(5)
Replay
172(2)
Rogue APs and Evil Twins
174(1)
Jamming
174(1)
WPS
175(1)
Bluejacking
175(1)
Bluesnarfing
175(1)
NFC and RFID
176(1)
Disassociation
176(1)
Wireless Commonsense
176(1)
Wireless Attack Analogy
176(1)
Summary
177(1)
Exam Essentials
178(1)
Review Questions
179(4)
Chapter 6 Securing the Cloud 183(18)
Cloud-Related Terminology
184(2)
Working with Cloud Computing
186(4)
Software as a Service (SaaS)
186(1)
Platform as a Service (PaaS)
186(2)
Infrastructure as a Service (IaaS)
188(1)
Private Cloud
189(1)
Public Cloud
189(1)
Community Cloud
189(1)
Hybrid Cloud
190(1)
Working with Virtualization
190(4)
Understanding Hypervisors
190(2)
Understanding Containers and Application Cells
192(1)
VDI/VDE
192(1)
On-Premise vs. Hosted vs. Cloud
192(1)
VM Escape Protection
193(1)
VM Sprawl Avoidance
193(1)
Security and the Cloud
194(2)
Cloud Access Security Brokers
195(1)
Cloud Storage
195(1)
Security as a Service
195(1)
Summary
196(1)
Exam Essentials
196(1)
Review Questions
197(4)
Chapter 7 Host, Data, and Application Security 201(30)
Threat Actors and Attributes
204(4)
Script Kiddies
205(1)
Hacktivist
206(1)
Organized Crime
207(1)
Nation-States/APT
207(1)
Insiders
207(1)
Competitors
207(1)
Use of Open Source Intelligence
208(3)
Types of Vulnerabilities
211(3)
Configuration Issues
211(1)
User Issues
212(1)
Zero-Day Exploits
212(2)
Other Issues
214(1)
Embedded Systems Security
214(2)
Application Vulnerabilities
216(1)
Input Vulnerabilities
216(1)
Memory Vulnerabilities
217(1)
Secure Programming
217(5)
Programming Models
218(1)
Software Testing
218(1)
Specific Types of Testing
219(1)
Secure Coding Standards
220(1)
Application Configuration Baselining
221(1)
Operating System Patch Management
221(1)
Application Patch Management
222(1)
Other Application Security Issues
222(3)
Databases and Technologies
222(3)
Database Security
225(1)
Secure Configurations
225(1)
Code Issues
225(1)
Summary
226(1)
Exam Essentials
226(1)
Review Questions
227(4)
Chapter 8 Cryptography 231(46)
An Overview of Cryptography
234(4)
Historical Cryptography
234(4)
Modern Cryptography
238(16)
Working with Symmetric Algorithms
239(4)
Working with Asymmetric Algorithms
243(3)
Cryptography Concepts
246(1)
Hashing Algorithms
247(2)
Rainbow Tables and Salt
249(1)
Key Stretching
249(1)
Cryptanalysis Methods
250(2)
Wi-Fi Encryption
252(2)
Using Cryptographic Systems
254(4)
Confidentiality and Strength
254(1)
Integrity
254(1)
When to Encrypt
255(1)
Digital Signatures
256(1)
Authentication
257(1)
Nonrepudiation
257(1)
Key Features
258(1)
Understanding Cryptography Standards and Protocols
258(6)
The Origins of Encryption Standards
259(2)
Public Key Infrastructure X.509/Public Key Cryptography Standards
261(1)
X.509
262(2)
Public Key Infrastructure
264(5)
Pretty Good Privacy
264(2)
SSL and TLS
266(3)
Using Public Key Infrastructure
269(1)
Hardware-Based Encryption Devices
269(1)
Data Encryption
269(1)
Authentication
270(1)
Summary
271(1)
Exam Essentials
271(2)
Review Questions
273(4)
Chapter 9 Threats, Attacks, and Vulnerabilities 277(38)
Threat and Attack Terminology
278(4)
Living in a World of Viruses
282(6)
Symptoms of a Virus Infection
282(1)
How Viruses Work
283(1)
Types of Viruses
284(2)
Managing Spam to Avoid Viruses
286(1)
Antivirus Software
287(1)
Malware and Crypto-Malware
288(8)
Understanding Various Types of Application/Service Attacks
296(13)
Identifying Denial-of-Service and Distributed Denial-of-Service Attacks
296(2)
Man-in-the-Middle Attacks
298(1)
Buffer Overflow
299(1)
Injection
299(3)
Cross-Site Scripting and Request Forgery
302(1)
Privilege Escalation
303(1)
ARP Poisoning
304(1)
Amplification
304(1)
DNS Poisoning
304(1)
Domain Hijacking
304(1)
Man-in-the-Browser
305(1)
Zero-Day Exploits
305(1)
Replay Attacks
305(1)
Pass the Hash
306(1)
Hijacking and Related Attacks
306(1)
Driver Manipulation
307(1)
MAC and IP Spoofing Attacks
308(1)
Summary
309(1)
Exam Essentials
309(2)
Review Questions
311(4)
Chapter 10 Social Engineering and Other Foes 315(48)
Social Engineering and Physical Security Terminology
316(2)
Understanding Social Engineering
318(12)
Types of Social Engineering Attacks
319(6)
What Motivates an Attack?
325(1)
The Principles Behind Social Engineering
326(1)
Social Engineering Attack Examples
327(3)
Understanding Physical Security
330(18)
Lighting
331(1)
Signs
331(1)
Fencing, Gates, and Cages
332(1)
Security Guards
333(1)
Alarms
333(1)
Safe
334(1)
Secure Cabinets and Enclosures
334(1)
Protected Distribution
335(1)
Protected Cabling
336(1)
Airgap
336(1)
Mantrap
336(1)
Faraday Cage
337(1)
Lock Types
337(1)
Biometrics
338(1)
Barricades/Bollards
339(1)
Tokens/Cards
339(1)
Environmental Controls
339(6)
Cable Locks
345(1)
Screen Filters
346(1)
Cameras
346(1)
Motion Detection
347(1)
Logs
347(1)
Infrared Detection
348(1)
Key Management
348(1)
Various Control Types
348(2)
An Analogy of Control Types
349(1)
Data Security and Privacy Practices
350(6)
Data Destruction and Media Sanitation
350(2)
Data Sensitivity Labeling and Handling
352(3)
Data Roles
355(1)
Data Retention
355(1)
Legal and Compliance
356(1)
Summary
356(1)
Exam Essentials
356(2)
Review Questions
358(5)
Chapter 11 Security Administration 363(20)
Connection Types
365(4)
Cellular
365(1)
Bluetooth
365(1)
Wi-Fi
366(2)
Infrared
368(1)
SATCOM
369(1)
Mobile Devices
369(5)
BYOD Issues
371(2)
Enforcement
373(1)
Account Management Concepts
374(4)
Account Types
375(1)
General Concepts
376(2)
Summary
378(1)
Exam Essentials
378(1)
Review Questions
379(4)
Chapter 12 Disaster Recovery and Incident Response 383(36)
Disaster and Incident Related Terminology
385(2)
Penetration Testing
387(2)
What Should You Test?
387(1)
Vulnerability Scanning
388(1)
Issues Associated with Business Continuity
389(23)
Types of Storage Mechanisms
390(2)
Crafting a Disaster-Recovery Plan
392(11)
Incident Response Procedures
403(1)
Understanding Incident Response
404(8)
Tabletop Exercises
412(1)
Summary
412(1)
Exam Essentials
413(1)
Review Questions
414(5)
Appendix Answers to Review Questions 419(16)
Chapter 1: Managing Risk
420(1)
Chapter 2: Monitoring and Diagnosing Networks
421(1)
Chapter 3: Understanding Devices and Infrastructure
422(1)
Chapter 4: Identity and Access Management
423(2)
Chapter 5: Wireless Network Threats
425(1)
Chapter 6: Securing the Cloud
426(1)
Chapter 7: Host, Data, and Application Security
427(1)
Chapter 8: Cryptography
428(1)
Chapter 9: Threats, Attacks, and Vulnerabilities
429(1)
Chapter 10: Social Engineering and Other Foes
430(1)
Chapter 11: Security Administration
431(1)
Chapter 12: Disaster Recovery and Incident Response
432(3)
Index 435
Emmett Dulaney is a Professor at a small university in Indiana. He has written several certification books on Windows, Security, IT project management, and UNIX, and was co-author of two of Sybex's leading certification titles: CompTIA Security+ Study Guide and CompTIA A+ Complete Study Guide. Chuck Easttom is CEO and Chief Trainer for CEC-Security, which specializes in IT security training and CISP and Security+ exam preparation. He has over 18 years in the IT industry, 10 years teaching and training, and has authored 15 published books.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97811194169062e.html
Raktažodžiai: