Atnaujinkite slapukų nuostatas

El. knyga: Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401)

4.08/5 (26 ratings by Goodreads)
,
  • Formatas: 1200 pages
  • Serija: Certification Press
  • Išleidimo metai: 30-Jul-2015
  • Leidėjas: McGraw-Hill Professional
  • Kalba: eng
  • ISBN-13: 9780071836180
Kitos knygos pagal šią temą:
Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401)Didesnis paveikslėlis
  • Formatas: 1200 pages
  • Serija: Certification Press
  • Išleidimo metai: 30-Jul-2015
  • Leidėjas: McGraw-Hill Professional
  • Kalba: eng
  • ISBN-13: 9780071836180
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

An all-new CompTIA Security+ exam guide from top CompTIA training and exam prep expert Mike Meyers

In Mike Meyers’ CompTIA Security+ Certification Guide (Exam SY0-401), the bestselling author and leading authority on CompTIA A+ certification brings his highly effective methodology to IT security for the first time. Like the exam, this book goes beyond knowledge application and is designed to ensure that security personnel anticipate security risks and guard against them. Meyers’ “in the trenches” voice and the clarity of his explanations make his books the bestselling self-study resources available for professional certification.

  • Digital content includes: 20+ lab simulations, 1+ hour of video training from Meyers, and hundreds of practice exam questions
  • McGraw-Hill Professional is a Platinum-Level CompTIA Authorized Partner
  • CAQC Authorized (CompTIA Approved Quality Curriculum)
  • Includes Mike's toolbox of favorite network security related freeware/shareware

Acknowledgments xxv
Introduction xxvii
Part I The CompTIA Security+ Exam
Module 1 Meet the Security+ Exam
3(12)
Why Do We Need Certification Exams?
3(4)
Demonstrating and Validating Skills and Knowledge
4(1)
The World of IT Security Certification
5(2)
The CompTIA Security+ Examination
7(4)
CompTIA as an Organization
7(1)
The Exam
8(3)
Questions and Answers
11(4)
Module 2 Assessment Exam
15(10)
Assessment Questions
15(5)
Answers
20(5)
Part II Stepping Up to IT Security
Module 3 The Basics of Security
25(14)
The Goals of Security
25(3)
Confidentiality
27(1)
Integrity
27(1)
Availability
27(1)
Other Elements of Security
28(2)
Identification
28(1)
Authentication
28(1)
Authorization
28(1)
Auditing and Accountability
29(1)
Non-repudiation
29(1)
Security Concepts
30(4)
Controls
30(1)
Defense-in-Depth
31(1)
Data Sensitivity and Classification
31(1)
Principle of Least Privilege
32(1)
Separation of Duties
33(1)
Multi-person Control
33(1)
Mandatory Vacations
33(1)
Job Rotation
33(1)
Due Diligence and Due Care
34(1)
Questions and Answers
34(5)
Module 4 Understanding Security Governance
39(12)
Security Governance
39(8)
Laws and Regulations
40(1)
Organizational Governance
41(3)
Security Policies
44(3)
Questions and Answers
47(4)
Module 5 Risk Management
51(12)
Risk Concepts
51(9)
Elements of Risk
51(4)
Putting It All Together: Risk
55(1)
Managing Risk
56(4)
Questions and Answers
60(3)
Module 6 IT Risk Assessment
63(14)
Assessing Risk
63(2)
Risk Factors
63(2)
Risk Assessment Methods
65(6)
Quantitative Assessment
66(3)
Qualitative Assessment
69(1)
Putting It All Together: Determining Risk
70(1)
Risk Response
70(1)
Questions and Answers
71(6)
Part III Core Security Concepts
Module 7 Understanding Cryptography
77(16)
Cryptography Concepts
77(13)
What Is Cryptography?
77(5)
Cryptography Components
82(8)
Questions and Answers
90(3)
Module 8 Cryptographic Methods
93(14)
Cryptographic Algorithms
93(10)
Symmetric Algorithms
93(4)
Asymmetric Algorithms
97(3)
Hashing Algorithms
100(3)
Questions and Answers
103(4)
Module 9 Application of Cryptographic Methods
107(10)
Application of Cryptographic Methods
107(7)
Cryptography Applications
107(5)
Cryptographic Method Considerations
112(2)
Questions and Answers
114(3)
Module 10 Public Key Infrastructure
117(18)
PKI Concepts
117(12)
Keys, Algorithms, and Standards
117(3)
PKI Services
120(1)
Digital Certificates and PM Structure
121(4)
PM Considerations
125(3)
Trust Models
128(1)
Questions and Answers
129(6)
Part IV Authentication and Authorization
Module 11 Understanding Identification and Authentication
135(12)
Authentication Concepts
135(8)
Authentication Factors
136(3)
Identification Methods
139(2)
Trusted Entity Authentication
141(2)
Questions and Answers
143(4)
Module 12 Understanding Authorization
147(10)
Authorization Concepts
147(6)
Supporting Authorization
147(4)
Access Control Models
151(2)
Questions and Answers
153(4)
Module 13 Authentication Methods and Services
157(12)
Authentication Concepts
157(9)
Authentication Protocols and Methods
157(6)
Remote Access Connection and Authentication Services
163(3)
Questions and Answers
166(3)
Module 14 User Account Management
169(18)
Managing User Accounts
169(13)
Account Policy Enforcement
169(8)
Managing Privileges with User Accounts
177(2)
Account Management Considerations
179(3)
Questions and Answers
182(5)
Part V Host Security
Module 15 Host Threats
187(18)
Host-based Threats and Vulnerabilities
187(14)
Malware
187(6)
Host Attacks
193(8)
Questions and Answers
201(4)
Module 16 Host Hardening
205(14)
Hardening Hosts
205(11)
Secure Configuration
205(3)
Operating System Hardening
208(4)
Other Host Hardening Measures
212(2)
Maintaining a Host Security Posture
214(2)
Questions and Answers
216(3)
Module 17 Hardening Host Network Services
219(10)
Host Network Services
219(7)
Network Protocols and the OSI Model
219(7)
Questions and Answers
226(3)
Module 18 Storage Security
229(12)
Securing Data Storage
229(9)
Storage Protocols
229(1)
Data Storage Controls and Methods
230(5)
Data Storage Best Practices
235(3)
Questions and Answers
238(3)
Module 19 Static Hosts
241(16)
Static Environments
241(10)
Static Host Types
241(6)
Methods
247(4)
Questions and Answers
251(6)
Part VI LAN Security
Module 20 LAN Review
257(16)
Securing Networks
257(3)
Securing Network Devices
257(3)
Secure Network Design
260(10)
Secure Architecture
260(1)
Network Separation
261(4)
Secure Network Administration Principles
265(5)
Questions and Answers
270(3)
Module 21 Network Threats
273(8)
Network Attacks
273(5)
Types of Attacks
273(5)
Questions and Answers
278(3)
Module 22 Network Hardening
281(12)
Securing and Defending Networks
281(8)
Network Defense Methods
281(5)
Network Hardening Techniques
286(3)
Questions and Answers
289(4)
Module 23 Network Monitoring
293(12)
Monitoring Networks
293(7)
Log Management
294(2)
Log Analysis
296(1)
Continuous Monitoring
297(3)
Questions and Answers
300(5)
Part VII Application Security
Module 24 Host Application Threats
305(8)
Application Attacks
305(5)
Injection Attacks
305(2)
Other Web Application Attacks
307(3)
Questions and Answers
310(3)
Module 25 Web Application Threats
313(6)
Threats from Web Applications
313(2)
Web Application Attacks
313(2)
Questions and Answers
315(4)
Module 26 Application Hardening
319(8)
Securing Applications
319(5)
Application Security Controls and Techniques
319(3)
Application-Specific Attack Prevention
322(2)
Questions and Answers
324(3)
Module 27 Internet Service Hardening
327(10)
Internet and Application Service Protocols
327(7)
Using Secure Protocols and Services
327(7)
Questions and Answers
334(3)
Module 28 Virtualization Security
337(12)
Securing Virtual Environments
337(6)
Virtualization Concepts
337(5)
Using Virtualization for Security
342(1)
Questions and Answers
343(6)
Part VIII Wireless Security
Module 29 Wireless Threats
349(10)
Wireless Attacks
349(7)
Rogue Access Points
349(1)
Jamming and Interference
350(1)
Wardriving and Warchalking
351(1)
Packet Sniffing
352(1)
Deauthentication Attack
352(1)
Near Field Communication
353(1)
Replay Attacks
353(1)
WEP/WPA Attacks
354(1)
WPS Attacks
355(1)
Bluejacking
355(1)
Bluesnarfing
355(1)
Questions and Answers
356(3)
Module 30 Wireless Hardening
359(20)
Wireless Security Protocols
359(4)
WEP
359(1)
RC4
360(1)
WPA
361(1)
TKIP
361(1)
WPA2
361(1)
AES
362(1)
So What Do We Use?
362(1)
Wireless Authentication
363(2)
802.1X
363(1)
EAP
363(1)
PEAP
364(1)
LEAP
364(1)
Wireless Security Considerations
365(6)
SSID Broadcasting
365(1)
MAC Filtering
365(1)
Antenna Types
366(5)
Troubleshooting Wireless Security Issues
371(2)
Wireless Protocol Issues
371(1)
Authentication Issues
372(1)
Encryption Issues
372(1)
Questions and Answers
373(6)
Part IX Physical Security
Module 31 Environmental Security and Controls
379(8)
Environmental Controls
379(4)
EMI and RFI Shielding
379(1)
Fire Suppression
380(2)
HVAC
382(1)
Temperature and Humidity Controls
382(1)
Hot and Cold Aisles
382(1)
Environmental Monitoring
383(1)
Questions and Answers
383(4)
Module 32 Perimeter and Physical Controls
387(20)
Classifying Controls
387(4)
Control Types
387(1)
Control Functions
388(3)
Physical Controls
391(10)
Perimeter and Safety Controls
391(10)
Questions and Answers
401(6)
Part X Outside Security
Module 33 Third-Party Security
407(12)
Third-Party Business Practices
407(8)
Integrating Systems and Data with Third Parties
409(2)
Third-Party Security Considerations
411(2)
Third-Party Agreements
413(2)
Questions and Answers
415(4)
Module 34 Cloud Security
419(12)
Cloud Computing
419(8)
Types of Cloud Services
420(2)
Cloud Architecture Models
422(1)
Cloud Computing Risks and Virtualization
423(2)
Appropriate Controls to Ensure Data Security
425(2)
Questions and Answers
427(4)
Module 35 Mobile Security
431(22)
Mobile Devices in the Business World
431(17)
Mobile Security Concepts and Technologies
432(5)
Application Control and Security
437(1)
Encryption and Authentication
438(2)
Device Security
440(3)
BYOD Concerns
443(2)
Other Security Concerns
445(3)
Questions and Answers
448(5)
Part XI People Security
Module 36 Social Engineering
453(12)
Social Engineering Attacks
453(9)
Targets and Goals
453(1)
Types of Attacks
454(5)
Social Engineering Principles of Effectiveness
459(3)
Questions and Answers
462(3)
Module 37 Security Training
465(14)
Security Awareness and Training
465(9)
Types of Training
465(2)
Key Security Areas
467(3)
User Habits
470(2)
New Threats and New Security Trends/Alerts
472(1)
Training Follow-up
473(1)
Questions and Answers
474(5)
Part XIII Proactive Security
Module 38 Security Assessment
479(16)
Security Assessment Tools and Techniques
479(12)
Assessment Types
480(1)
Risk Calculations
481(1)
Assessment Techniques
482(4)
Tools
486(3)
Interpreting Security Assessment Tool Results
489(2)
Questions and Answers
491(4)
Module 39 Incident Response
495(12)
Incident Response Concepts
495(2)
Risk Mitigation Strategies
495(1)
Incident Management
496(1)
Incident Response Procedures
497(7)
Preparation
497(1)
Executing an Incident Response
498(5)
Post-Response
503(1)
Questions and Answers
504(3)
Module 40 Forensics Procedures
507(12)
Forensic Concepts
507(2)
Impartiality and the Collection of Evidence
507(1)
Handling Evidence
508(1)
Legal and Ethical Considerations
508(1)
Data Volatility
509(1)
Order of Volatility
509(1)
Critical Forensic Practices
510(3)
First Response
510(1)
Chain-of-Custody and Securely Handling Evidence
511(1)
The Importance of Time
511(1)
File and Evidence Integrity
512(1)
Track Man Hours and Expense
512(1)
Capturing Evidence
513(2)
Capturing a System Image
513(1)
Capturing Video
514(1)
Network Traffic and Logs
514(1)
Analyzing Evidence
515(1)
Common Analysis Tasks
515(1)
Big Data Analysis
516(1)
Questions and Answers
516(3)
Module 41 Business Continuity
519(12)
Risk Management Best Practices
519(1)
Risk Assessment
519(1)
Business Continuity Concepts
520(2)
Business Impact Analysis
520(1)
Identification of Critical Systems and Components
520(1)
Removing Single Points of Failure
521(1)
Business Continuity Planning
522(4)
Continuity of Operations
522(1)
Disaster Recovery
523(1)
IT Contingency Planning
523(1)
Succession Planning
523(1)
High Availability
524(1)
Redundancy
525(1)
Exercises and Testing
526(1)
Documentation Reviews
526(1)
Tabletop Exercises
526(1)
Walkthrough Tests
526(1)
Full Tests and Disaster Recovery Exercises
527(1)
Questions and Answers
527(4)
Module 42 Disaster Recovery
531(12)
Disaster Recovery Concepts
531(7)
Backup Plans and Policies
532(1)
Backup Execution and Frequency
533(2)
Alternate Sites
535(2)
Recovery Time and Recovery Point Objectives
537(1)
Questions and Answers
538
Part XIII Appendixes and Glossary
Appendix A Exam Objectives Map
543(4)
Appendix B About the CD-ROM
547(4)
Glossary 551(48)
Index 599
Michael Meyers, MCP, CompTIA A+, CompTIA Network+, CompTIA Security+ (Houston, TX), is one of the industry's leading authorities on CompTIA certification. He is the president and founder and Total Seminars, LLC, a major provider of PC and network repair seminars for thousands of organizations including IBM, Lucent Technologies, GE, the FBI, the FAA and the United Nations. Mike is the best-selling author of the A+ Certification All-in-One Exam Guide.





Bobby E. Rogers is an Information Security Engineer working for a major hospital in the southeastern United States. His previous experience includes working as a contractor for Department of Defense agencies, helping to secure, certify, and accredit their information systems. His duties include information system security engineering, risk management, and certification and accreditation efforts. He retired after 21 years in the United States Air Force, serving as a network security engineer and instructor, and has secured networks all over the world. Bobby has a Masters degree in Information Assurance (IA), and is pursuing a doctoral degree in IA from Capitol College, Maryland. His many certifications include CompTIAs A+, CompTIA Network+, CompTIA Security+, and CompTIA Mobility+ certifications, as well as the CISSP-ISSEP, CEH, and MCSE: Security.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97800718361806e.html
Raktažodžiai: