Atnaujinkite slapukų nuostatas

CompTIA Securityplus Study Guide with Online Labs: Exam SY0-501 7th Edition [Minkštas viršelis]

, (Lan Wrights, Inc., Austin, Texas), ,
  • Formatas: Paperback / softback, 528 pages, aukštis x plotis x storis: 231x185x31 mm, weight: 839 g
  • Išleidimo metai: 28-Dec-2020
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119784263
  • ISBN-13: 9781119784265
Kitos knygos pagal šią temą:
CompTIA Securityplus Study Guide with Online Labs: Exam SY0-501 7th EditionDidesnis paveikslėlis
  • Formatas: Paperback / softback, 528 pages, aukštis x plotis x storis: 231x185x31 mm, weight: 839 g
  • Išleidimo metai: 28-Dec-2020
  • Leidėjas: Sybex Inc.,U.S.
  • ISBN-10: 1119784263
  • ISBN-13: 9781119784265
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9781119784265.html

Covers 100% of exam objectives including threats, attacks, and vulnerabilities; technologies and tools; architecture and design; identity and access management; risk management; cryptography and PKI, and much more... Includes interactive online learning environment and study tools with:

  • + 2 custom practice exams
  • + 100 Electronic Flashcards
  • + Searchable key term glossary
  • + Plus 25 Online Security+ Practice Lab Modules

Expert Security+ SY0-501 exam preparation, endorsed by CompTIA, Now with 25 Online Lab Modules

The seventh edition of CompTIA Security+ Study Guide offers invaluable preparation for Exam SY0-501. Written by a team of expert authors, the book covers 100% of the exam objectives with clear and concise explanations. Discover how to handle threats, attacks, and vulnerabilities using industry-standard tools and technologies, while gaining and understanding the role of architecture and design. Spanning topics from everyday tasks like identity and access management to complex subjects such as risk management and cryptography, this study guide helps you consolidate your knowledge base in preparation for the Security+ exam. Illustrative examples show how these processes play out in real-world scenarios, allowing you to immediately translate essential concepts to on-the-job application.

Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for:

  • Managing Risk
  • Designing and Diagnosing Networks
  • Understanding Devices and Infrastructure
  • Identify and Access Management
  • Protecting Wireless Networks
  • Securing the Cloud
  • Data, Privacy, and Security Practices
  • Cryptography and PKI

Interactive learning environment

Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, type in your unique PIN, and instantly gain one year of FREE access to:

  • Interactive test bank with 2 bonus exams and 12 chapter tests. Practice questions help you identify areas where further review is needed. 325 questions total!
    •
  • 100 Electronic Flashcards to reinforce learning and last-minute prep before the exam.
    •
  • Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared.
    •

ABOUT THE PRACTICE LABS SECURITY+ LABS

So you can practice with hands-on learning in a real environment, Sybex has bundled Practice Labs virtual labs that run from your browser. The registration code is included with the book and gives you 6 months unlimited access to Practice Labs CompTIA Security+ Exam SY0-501 Labs with 25 unique lab modules to practice your skills.

Introduction xxiv
Assessment Test xli
Chapter 1 Managing Risk
1(44)
Risk Terminology
3(3)
Threat Assessment
6(1)
Risk Assessment
6(11)
Computing Risk Assessment
7(5)
Assessing Privacy
12(1)
Acting on Your Risk Assessment
12(3)
Risks Associated with Cloud Computing
15(1)
Risks Associated with Virtualization
16(1)
Developing Policies, Standards, and Guidelines
17(21)
Implementing Policies
17(9)
Understanding Control Types and False Positives/Negatives
26(2)
Risk Management Best Practices
28(10)
Change Management
38(1)
Summary
38(1)
Exam Essentials
38(2)
Review Questions
40(5)
Chapter 2 Monitoring and Diagnosing Networks
45(34)
Monitoring and Diagnosing Networks Terminology
47(1)
Frameworks, Best Practices, and Configuration Guides
48(9)
Industry-Standard Frameworks and Reference Architectures
48(3)
National Institute of Standards and Technology (NIST)
51(3)
Benchmarks/Secure Configuration Guides
54(3)
Secure Network Architecture Concepts
57(11)
Zones
57(6)
Tunneling/VPN
63(1)
Placing Security Devices
64(3)
SDN
67(1)
IDS vs. IPS
67(1)
Secure Systems Design
68(6)
Hardware and Firmware Security
68(1)
Operating Systems
69(4)
Peripherals
73(1)
Secure Staging Deployment Concepts
73(1)
Summary
74(1)
Exam Essentials
74(2)
Review Questions
76(3)
Chapter 3 Understanding Devices and Infrastructure
79(42)
Infrastructure Terminology
81(3)
Designing with Security in Mind
84(31)
Firewalls
84(5)
VPNs and VPN Concentrators
89(2)
Intrusion Detection Systems
91(13)
Router
104(2)
Switch
106(1)
Proxy
107(1)
Load Balancer
108(1)
Access Point
108(3)
SIEM
111(1)
DLP
111(1)
Network Access Control (NAC)
112(1)
Mail Gateway
112(1)
Bridge
113(1)
SSL/TLS Accelerators
113(1)
SSL Decryptors
113(1)
Media Gateway
114(1)
Hardware Security Module
114(1)
Summary
115(1)
Exam Essentials
115(1)
Review Questions
116(5)
Chapter 4 Identity and Access Management
121(48)
Using Tools to Assess Your Network
125(18)
Protocol Analyzer
125(2)
Network Scanners
127(3)
Password Cracker
130(1)
Vulnerability Scanners
131(4)
Command-Line Tools
135(7)
Additional Tools
142(1)
Troubleshooting Common Security Issues
143(4)
Access Issues
144(1)
Configuration Issues
145(2)
Security Technologies
147(4)
Intrusion Detection Systems
147(1)
Antimalware
148(1)
Firewalls and Related Devices
149(1)
Other Systems
150(1)
Identity and Access Management Concepts
151(8)
Identification vs. Authentication
151(1)
Authentication (Single Factor) and Authorization
152(1)
Multifactor Authentication
153(1)
Biometrics
153(1)
Federations
154(1)
Potential Authentication and Access Problems
154(1)
LDAP
155(1)
PAP, SPAP, and CHAP
155(1)
Kerberos
156(1)
Working with RADIUS
157(1)
TACACS, TACACS+, XTACACS
158(1)
OATH
158(1)
One-Time Passwords
158(1)
SAML
159(1)
Install and Configure Identity and Access Services
159(4)
Mandatory Access Control
159(1)
Discretionary Access Control
160(1)
Role-Based Access Control
160(1)
Rule-Based Access Control
160(1)
ABAC
161(1)
Smartcards
161(1)
Tokens
162(1)
File and Database Security
163(1)
Summary
163(1)
Exam Essentials
164(1)
Review Questions
165(4)
Chapter 5 Wireless Network Threats
169(14)
Wireless Threat Terminology
170(1)
Wireless Vulnerabilities to Know
171(5)
Replay
172(2)
Rogue APs and Evil Twins
174(1)
Jamming
174(1)
WPS
175(1)
Bluejacking
175(1)
Bluesnarfing
175(1)
NFC and RFID
176(1)
Disassociation
176(1)
Wireless Commonsense
176(1)
Wireless Attack Analogy
176(1)
Summary
177(1)
Exam Essentials
178(1)
Review Questions
179(4)
Chapter 6 Securing the Cloud
183(18)
Cloud-Related Terminology
184(2)
Working with Cloud Computing
186(4)
Software as a Service (SaaS)
186(1)
Platform as a Service (PaaS)
186(2)
Infrastructure as a Service (IaaS)
188(1)
Private Cloud
189(1)
Public Cloud
189(1)
Community Cloud
189(1)
Hybrid Cloud
190(1)
Working with Virtualization
190(4)
Understanding Hypervisors
190(2)
Understanding Containers and Application Cells
192(1)
VDI/VDE
192(1)
On-Premise vs. Hosted vs. Cloud
192(1)
VM Escape Protection
193(1)
VM Sprawl Avoidance
193(1)
Security and the Cloud
194(2)
Cloud Access Security Brokers
195(1)
Cloud Storage
195(1)
Security as a Service
195(1)
Summary
196(1)
Exam Essentials
196(1)
Review Questions
197(4)
Chapter 7 Host, Data, and Application Security
201(30)
Threat Actors and Attributes
204(4)
Script Kiddies
205(1)
Hacktivist
206(1)
Organized Crime
207(1)
Nation-States/APT
207(1)
Insiders
207(1)
Competitors
207(1)
Use of Open Source Intelligence
208(3)
Types of Vulnerabilities
211(3)
Configuration Issues
211(1)
User Issues
212(1)
Zero-Day Exploits
212(2)
Other Issues
214(1)
Embedded Systems Security
214(2)
Application Vulnerabilities
216(1)
Input Vulnerabilities
216(1)
Memory Vulnerabilities
217(1)
Secure Programming
217(5)
Programming Models
218(1)
Software Testing
218(1)
Specific Types of Testing
219(1)
Secure Coding Standards
220(1)
Application Configuration Baselining
221(1)
Operating System Patch Management
221(1)
Application Patch Management
222(1)
Other Application Security Issues
222(3)
Databases and Technologies
222(3)
Database Security
225(1)
Secure Configurations
225(1)
Code Issues
225(1)
Summary
226(1)
Exam Essentials
226(1)
Review Questions
227(4)
Chapter 8 Cryptography
231(46)
An Overview of Cryptography
234(4)
Historical Cryptography
234(4)
Modern Cryptography
238(16)
Working with Symmetric Algorithms
239(4)
Working with Asymmetric Algorithms
243(3)
Cryptography Concepts
246(1)
Hashing Algorithms
247(2)
Rainbow Tables and Salt
249(1)
Key Stretching
249(1)
Cryptanalysis Methods
250(2)
Wi-Fi Encryption
252(2)
Using Cryptographic Systems
254(4)
Confidentiality and Strength
254(1)
Integrity
254(1)
When to Encrypt
255(1)
Digital Signatures
256(1)
Authentication
257(1)
Nonrepudiation
257(1)
Key Features
258(1)
Understanding Cryptography Standards and Protocols
258(6)
The Origins of Encryption Standards
259(2)
Public Key Infrastructure X.509/Public Key Cryptography Standards
261(1)
X.509
262(2)
Public Key Infrastructure
264(5)
Pretty Good Privacy
264(2)
SSL and TLS
266(3)
Using Public Key Infrastructure
269(1)
Hardware-Based Encryption Devices
269(1)
Data Encryption
269(1)
Authentication
270(1)
Summary
271(1)
Exam Essentials
271(2)
Review Questions
273(4)
Chapter 9 Threats, Attacks, and Vulnerabilities
277(38)
Threat and Attack Terminology
278(4)
Living in a World of Viruses
282(6)
Symptoms of a Virus Infection
282(1)
How Viruses Work
283(1)
Types of Viruses
284(2)
Managing Spam to Avoid Viruses
286(1)
Antivirus Software
287(1)
Malware and Crypto-Malware
288(8)
Understanding Various Types of Application/Service Attacks
296(13)
Identifying Denial-of-Service and Distributed Denial-of-Service Attacks
296(2)
Man-in-the-Middle Attacks
298(1)
Buffer Overflow
299(1)
Injection
299(3)
Cross-Site Scripting and Request Forgery
302(1)
Privilege Escalation
303(1)
ARP Poisoning
304(1)
Amplification
304(1)
DNS Poisoning
304(1)
Domain Hijacking
304(1)
Man-in-the-Browser
305(1)
Zero-Day Exploits
305(1)
Replay Attacks
305(1)
Pass the Hash
306(1)
Hijacking and Related Attacks
306(1)
Driver Manipulation
307(1)
MAC and IP Spoofing Attacks
308(1)
Summary
309(1)
Exam Essentials
309(2)
Review Questions
311(4)
Chapter 10 Social Engineering and Other Foes
315(48)
Social Engineering and Physical Security Terminology
316(2)
Understanding Social Engineering
318(12)
Types of Social Engineering Attacks
319(6)
What Motivates an Attack?
325(1)
The Principles Behind Social Engineering
326(1)
Social Engineering Attack Examples
327(3)
Understanding Physical Security
330(18)
Lighting
331(1)
Signs
331(1)
Fencing, Gates, and Cages
332(1)
Security Guards
333(1)
Alarms
333(1)
Safe
334(1)
Secure Cabinets and Enclosures
334(1)
Protected Distribution
335(1)
Protected Cabling
336(1)
Airgap
336(1)
Mantrap
336(1)
Faraday Cage
337(1)
Lock Types
337(1)
Biometrics
338(1)
Barricades/Bollards
339(1)
Tokens/Cards
339(1)
Environmental Controls
339(6)
Cable Locks
345(1)
Screen Filters
346(1)
Cameras
346(1)
Motion Detection
347(1)
Logs
347(1)
Infrared Detection
348(1)
Key Management
348(1)
Various Control Types
348(2)
An Analogy of Control Types
349(1)
Data Security and Privacy Practices
350(6)
Data Destruction and Media Sanitation
350(2)
Data Sensitivity Labeling and Handling
352(3)
Data Roles
355(1)
Data Retention
355(1)
Legal and Compliance
356(1)
Summary
356(1)
Exam Essentials
356(2)
Review Questions
358(5)
Chapter 11 Security Administration
363(20)
Connection Types
365(4)
Cellular
365(1)
Bluetooth
365(1)
Wi-Fi
366(2)
Infrared
368(1)
SATCOM
369(1)
Mobile Devices
369(5)
BYOD Issues
371(2)
Enforcement
373(1)
Account Management Concepts
374(4)
Account Types
375(1)
General Concepts
376(2)
Summary
378(1)
Exam Essentials
378(1)
Review Questions
379(4)
Chapter 12 Disaster Recovery and Incident Response
383(36)
Disaster and Incident Related Terminology
385(2)
Penetration Testing
387(2)
What Should You Test?
387(1)
Vulnerability Scanning
388(1)
Issues Associated with Business Continuity
389(23)
Types of Storage Mechanisms
390(2)
Crafting a Disaster-Recovery Plan
392(11)
Incident Response Procedures
403(1)
Understanding Incident Response
404(8)
Tabletop Exercises
412(1)
Summary
412(1)
Exam Essentials
413(1)
Review Questions
414(5)
Appendix: Answers to Review Questions
419(16)
Chapter 1 Managing Risk
420(1)
Chapter 2 Monitoring and Diagnosing Networks
421(1)
Chapter 3 Understanding Devices and Infrastructure
422(1)
Chapter 4 Identity and Access Management
423(2)
Chapter 5 Wireless Network Threats
425(1)
Chapter 6 Securing the Cloud
426(1)
Chapter 7 Host, Data, and Application Security
427(1)
Chapter 8 Cryptography
428(1)
Chapter 9 Threats, Attacks, and Vulnerabilities
429(1)
Chapter 10 Social Engineering and Other Foes
430(1)
Chapter 11 Security Administration
431(1)
Chapter 12 Disaster Recovery and Incident Response
432(3)
Index 435
Emmett Dulaney is a Professor at a small university in Indiana. He has written several certification books on Windows, Security, IT project management, and UNIX, and was co-author of two of Sybexs leading certification titles: CompTIA Security+ Study Guide and CompTIA A+ Complete Study Guide.

Chuck Easttom is CEO and Chief Trainer for CEC-Security, which specializes in IT security training and CISP and Security+ exam preparation. He has over 18 years in the IT industry, 10 years teaching and training, and has authored 15 published books.