Atnaujinkite slapukų nuostatas

Mike Meyers' CompTIA Securityplus Certification Passport, Sixth Edition (Exam SY0-601) 6th edition [Minkštas viršelis]

4.00/5 (12 ratings by Goodreads)
  • Formatas: Paperback / softback, 496 pages, weight: 703 g, 90 Illustrations
  • Išleidimo metai: 28-Jan-2021
  • Leidėjas: McGraw-Hill Education
  • ISBN-10: 1260467953
  • ISBN-13: 9781260467956
Kitos knygos pagal šią temą:
Mike Meyers' CompTIA Securityplus Certification Passport, Sixth Edition (Exam SY0-601) 6th editionDidesnis paveikslėlis
  • Formatas: Paperback / softback, 496 pages, weight: 703 g, 90 Illustrations
  • Išleidimo metai: 28-Jan-2021
  • Leidėjas: McGraw-Hill Education
  • ISBN-10: 1260467953
  • ISBN-13: 9781260467956
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9781260467956.html
Raktažodžiai:

This quick review, cram-style study guide offers 100% coverage of every topic on the latest version of the CompTIA Security+ exam

Get on the fast track to becoming CompTIA Security+ certified with this affordable, portable study tool. Inside, cybersecurity experts guide you on your exam preparation path, providing insightful tips and sound advice along the way. With an intensive focus on only what you need to know to pass the CompTIA Security+ Exam SY0-601, this certification passport is your ticket to success on exam day.

TECHNICAL BULLETS:

Inside:

  • Practice questions and content review after each objective prepare you for exam mastery
  • Exam Tips identify critical content to prepare for
  • Updated information on real-world cyberattacks
  • Enhanced coverage of emerging topics, such as Internet of Things (IoT) and cloud security

Covers all exam topics, including how to:

  • Understand attacks, threats, and vulnerabilities
  • Assess the security posture of an enterprise environment
  • Recommend and implement appropriate security solutions
  • Monitor and secure hybrid environments, including cloud, mobile, and IoT
  • Operate with an awareness of applicable laws and policies, including the principles of governance, risk, and compliance
  • Identify, analyze, and respond to security events and incidents

Online content includes:

  • 200 practice exam questions



Acknowledgments xxiii
Introduction xxv
1.0 Threats, Attacks, and Vulnerabilities
1(82)
Objective 1.1 Compare and contrast different types of social engineering techniques
2(9)
Understanding Social Engineering
2(1)
Social Engineering Techniques
2(1)
Phishing
3(2)
Whaling
5(1)
Shoulder Surfing
5(1)
Tailgating
6(1)
Pharming
6(1)
Spam
7(1)
Spim
7(1)
Vishing
7(1)
Hoaxes
8(1)
Dumpster Diving
8(1)
Influence Campaigns
8(1)
Review
9(1)
1.1 Questions
10(1)
1.1 Answers
11(1)
Objective 1.2 Given a scenario, analyze potential indicators to determine the type of attack
11(15)
Analyze and Differentiate Among Types of Malware
11(1)
Viruses
12(3)
Keyloggers
15(1)
Trojans
15(1)
Backdoor
16(1)
Logic Bombs
16(1)
Worms
17(1)
Adware and Spyware
17(1)
Ransomware
18(1)
Rootkits
19(1)
Botnets
20(1)
Malicious Code or Script Execution
20(1)
Analyze and Differentiate Among Types of Password Attacks
21(2)
Analyze and Differentiate Among Nonstandard and Emerging Attacks
23(1)
Supply-Chain Attacks
23(1)
Physical Attacks
24(1)
Adversarial Artificial Intelligence
24(1)
Cloud-Based vs. On-Premises Attacks
24(1)
Review
25(1)
1.2 Questions
25(1)
1.2 Answers
26(1)
Objective 1.3 Given a scenario, analyze potential indicators associated with application attacks
26(10)
Application Attacks
26(1)
Buffer Overflows
27(1)
Resource Exhaustion
27(1)
Privilege Escalation
28(1)
Hijacking
28(1)
HTML Attachments
29(1)
Malicious Add-Ons
30(1)
Cross-Site Scripting
30(1)
Request Forgeries
30(1)
Application Programming Interface Attacks
31(1)
Driver Manipulation
31(1)
Header Manipulation
31(1)
Injections
31(1)
Directory Traversal
32(1)
Arbitrary Code Execution
33(1)
Zero-Day Attacks
33(1)
Race Conditions
34(1)
Replay
34(1)
Review
35(1)
1.2 Questions
35(1)
1.2 Answers
35(1)
Objective 1.4 Given a scenario, analyze potential indicators associated with network attacks
36(17)
Wireless Attacks
36(1)
Data Emanation
36(1)
Jamming
37(1)
Bluetooth Vulnerabilities
37(1)
Near-Field Communication
38(1)
War Driving
38(1)
Access Points (Evil Twin)
39(1)
Disassociation
40(1)
Packet Sniffing and Eavesdropping
40(1)
WPS Attacks
40(1)
WEP/WPA Attacks
40(1)
Network Attacks
41(1)
Denial-of-Service
42(1)
Layer 2 Attacks
43(2)
Smurf Attack
45(2)
TCP/IP Hijacking
47(1)
On-Path
47(1)
Xmas Attack
48(1)
DNS Poisoning
48(1)
Domain Kiting
48(1)
Domain Reputation
49(1)
Typosquatting
49(1)
Client-side Attacks
50(1)
Watering Hole Attack
50(1)
Review
51(1)
1.4 Questions
51(1)
1.4 Answers
52(1)
Objective 1.5 Explain different threat actors, vectors, and intelligence sources
53(7)
Understanding and Analyzing Threats
53(1)
Actors, Attributes, and Vectors
53(3)
Threat Intelligence Sources
56(2)
Research Sources
58(1)
Review
59(1)
1.2 Questions
59(1)
1.2 Answers
60(1)
Objective 1.6 Explain the security concerns associated with various types of vulnerabilities
60(6)
Vulnerabilities
60(1)
Vulnerability Types
61(4)
Review
65(1)
1.6 Questions
65(1)
1.6 Answers
65(1)
Objective 1.7 Summarize the techniques used in security assessments
66(9)
Implement Assessment Techniques to Discover Security Threats and Vulnerabilities
66(1)
Vulnerability Assessment Tools and Techniques
66(7)
Review
73(1)
1.7 Questions
73(1)
1.7 Answers
74(1)
Objective 1.8 Explain the techniques used in penetration testing
75(8)
Penetration Testing Techniques
75(2)
Known, Unknown, and Partially Known Environment Testing
77(2)
Exercise Types
79(1)
Review
80(1)
1.8 Questions
80(1)
1.8 Answers
81(2)
5.0 Governance, Risk, and Compliance
83(64)
Objective 5.1 Compare and contrast various types of controls
84(3)
Control Categories
84(1)
Managerial Controls
84(1)
Technical Controls
85(1)
Operational Controls
85(1)
Control Types
85(1)
Review
86(1)
5.1 Questions
86(1)
5.1 Answers
86(1)
Objective 5.2 Explain the importance of applicable egulations, standards, or frameworks that impact organizational security posture
87(6)
Understanding Guidance Documents
87(1)
Regulations, Legislation, and Standards
87(2)
Key Frameworks
89(2)
Benchmarks and Secure Configuration Guides
91(1)
Review
92(1)
5.2 Questions
92(1)
5.2 Answers
93(1)
Objective 5.3 Explain the importance of policies to organizational security
93(26)
Policies Supporting Organizational Security
93(1)
Using Organizational Policies to Reduce Risk
93(8)
Security Training and Awareness Policies
101(5)
Data and Documentation Policies
106(5)
User Behavior Policies
111(4)
Change Management Policies
115(1)
Incident Response Policy
115(1)
Third-Party Risk Management
116(1)
Review
117(1)
5.3 Questions
118(1)
5.3 Answers
119(1)
Objective 5.4 Summarize risk management processes and concepts
119(20)
Understanding and Managing Risk
120(1)
Risk Assessment
120(8)
Risk Register
128(1)
Types of Disasters
129(1)
Functional Recovery Plans
130(5)
High Availability and Redundancy Planning
135(3)
Review
138(1)
5.4 Questions
138(1)
5.4 Answers
139(1)
Objective 5.5 Explain privacy and sensitive data concepts in relation to security
139(8)
Privacy and Sensitive Data
140(1)
Organizational Consequences of Privacy and Data Breaches
140(2)
Notification of Breaches
142(1)
Data Types
142(2)
Privacy Enhancing Technologies
144(1)
Data Ownership Roles and Responsibilities
144(1)
Terms of Agreement and Privacy Notices
144(1)
Review
145(1)
5.5 Questions
146(1)
5.5 Answers
146(1)
2.0 Architecture and Design
147(96)
Objective 2.1 Explain the importance of security concepts in an enterprise environment
148(11)
Enterprise Security
148(1)
Change and Configuration Management
148(1)
Data Protection
149(1)
Data Encryption
150(3)
Cloud Storage
153(1)
Storage Area Networks
154(1)
Handling Big Data
154(1)
Data Sovereignty
155(1)
Response and Recovery
155(1)
Deception and Disruption
156(1)
Review
157(1)
2.1 Questions
157(1)
2.1 Answers
158(1)
Objective 2.2 Summarize virtualization and cloud computing concepts
159(7)
Cloud Computing
159(1)
Anything as a Service
160(1)
Cloud Deployment
161(1)
Virtualization
162(3)
Review
165(1)
2.2 Questions
165(1)
2.2 Answers
166(1)
Objective 2.3 Summarize secure application development, deployment, and automation concepts
166(9)
Secure Application Development, Deployment, and Automation
166(1)
Development Life-Cycle Models
167(1)
Secure Coding Concepts
167(7)
Review
174(1)
2.3 Questions
175(1)
2.3 Answers
175(1)
Objective 2.4 Summarize authentication and authorization design concepts
175(10)
Authentication Concepts
176(1)
Multifactor Authentication
177(1)
Authentication Methods
178(4)
Biometrics
182(1)
Cloud vs. On-Premises Requirements
182(1)
Review
183(1)
2.4 Questions
184(1)
2.4 Answers
185(1)
Objective 2.5 Given a scenario, implement cybersecurity resilience
185(16)
Resiliency Concepts
185(1)
Service Levels
186(1)
Redundancy
187(7)
Backups
194(5)
Nonpersistence
199(1)
Review
199(1)
2.5 Questions
200(1)
2.5 Answers
200(1)
Objective 2.6 Explain the security implications of embedded and specialized systems
201(6)
Embedded and Specialized Systems
201(1)
Embedded Systems
201(2)
Industrial Control Systems and Supervisory Control and Data Acquisition Systems
203(1)
Internet of Things
204(1)
Specialized Systems
204(1)
Voice over IP
205(1)
Heating, Ventilation, and Air Conditioning Systems
205(1)
Drones/UAVs
206(1)
Multifunction Printers
206(1)
Surveillance Systems
206(1)
Review
207(1)
2.6 Questions
207(1)
2.6 Answers
207(1)
Objective 2.7 Explain the importance of physical security controls
207(14)
Physical Security
208(1)
Physical Barriers
209(1)
Badges
209(1)
Lighting
209(1)
Alarms
210(1)
Signage
211(1)
Surveillance
211(1)
Locks
212(2)
Access Control Vestibule
214(1)
Personnel
215(1)
Faraday Cages
215(1)
Visitor Logs
215(1)
USB Data Blocker
216(1)
Secure Areas
216(1)
Fire Suppression
217(1)
Environmental Issues
218(3)
Objective 2.8 Summarize the basics of cryptographic concepts
221(22)
Cryptography
222(2)
Common Use Cases
224(1)
Algorithms
225(9)
Quantum Cryptography
234(1)
Homomorphic Encryption
234(1)
Steganography
234(1)
Blockchain
235(1)
Hashing
235(3)
Digital Signatures
238(1)
RIPEMD
238(1)
HMAC
238(1)
REVIEW
239(1)
2.8 Questions
239(1)
2.8 Answers
240(3)
3.0 Implementation
243(138)
Objective 3.1 Given a scenario, implement secure protocols
244(10)
Protocols and Use Cases
244(1)
TCP/IP
244(2)
DNSSEC
246(1)
SSH
246(1)
S/MIME
247(1)
SHIP
247(1)
LDAPS
247(1)
File Transfer Protocols
248(1)
SNMPv3
248(1)
HTTPS
249(1)
IPSec
249(1)
E-mail Protocols
250(1)
NTP
251(1)
DHCP
252(1)
Use Cases
252(1)
Review
253(1)
3.1 Questions
253(1)
3.1 Answers
254(1)
Objective 3.2 Given a scenario, implement host or application security solutions
254(28)
Host and Application Security
254(1)
Endpoint Protection
254(10)
Boot Integrity
264(1)
Databases
265(1)
Application Security
266(5)
Hardening
271(9)
Review
280(1)
3.2 Questions
280(1)
3.2 Answers
281(1)
Objective 3.3 Given a scenario, implement secure network designs
282(27)
Secure Network Design
282(1)
Load Balancing
283(1)
Network Segmentation
284(4)
Virtual Private Network
288(2)
DNS
290(1)
Network Access Control
291(1)
Out-of-Band Management
292(1)
Port Security
292(1)
Network Appliances
293(4)
Hardware Security Modules
297(1)
Sensors
297(1)
Collectors
297(1)
Aggregators
298(1)
Firewalls
298(4)
Access Control Lists
302(1)
Route Security
302(1)
Quality of Service
303(1)
Implications of IPv6
304(1)
Port Spanning/Monitoring
304(1)
Monitoring Services
304(3)
File Integrity Monitors
307(1)
Review
307(1)
3.3 Questions
308(1)
3.3 Answers
309(1)
Objective 3.4 Given a scenario, install and configure wireless security settings
309(11)
Wireless Security
310(1)
Cryptographic Protocols
310(2)
Authentication Protocols
312(4)
Methods
316(1)
Installation Considerations
317(2)
Review
319(1)
3.4 Questions
319(1)
3.4 Answers
320(1)
Objective 3.5 Given a scenario, implement secure mobile solutions
320(17)
Mobile Security Solutions
320(1)
Connection Methods and Receivers
320(3)
Mobile Device Management
323(4)
Mobile Devices
327(1)
Enforcement and Monitoring
328(5)
Deployment Models
333(3)
Review
336(1)
3.5 Questions
336(1)
3.5 Answers
337(1)
Objective 3.6 Given a scenario, apply cybersecurity solutions to the cloud
337(9)
Cloud Security
338(1)
Cloud Security Controls
338(5)
Solutions
343(2)
Cloud Native Controls vs. Third-Party Solutions
345(1)
Review
345(1)
3.6 Questions
346(1)
3.6 Answers
346(1)
Objective 3.7 Given a scenario, implement identity and account management controls
346(10)
Identity and Account Management
347(1)
Identity
347(2)
Account Types
349(1)
Account Policies
350(5)
Review
355(1)
3.7 Questions
355(1)
3.7 Answers
356(1)
Objective 3.8 Given a scenario, implement authentication and authorization solutions
356(12)
Authentication and Authorization
356(1)
Authentication Management
357(2)
Authentication
359(5)
Access Control Schemes
364(4)
Objective 3.9 Given a scenario, implement public key infrastructure
368(13)
Public Key Infrastructure
369(1)
PKI Fundamentals
370(4)
Types of Certificates
374(1)
Certificate Formats
375(1)
Other Important Concepts
376(3)
Review
379(1)
3.9 Questions
379(1)
3.9 Answers
380(1)
4.0 Operations and Incident Response
381(58)
Objective 4.1 Given a scenario, use the appropriate tool to assess organizational security
382(14)
Assessing Organizational Security
382(1)
Network Reconnaissance and Discovery
382(6)
File Manipulation
388(1)
Shell and Script Environments
389(1)
Packet Capture and Replay
389(2)
Forensics
391(2)
Exploitation Frameworks
393(1)
Password Crackers
393(1)
Data Sanitization
394(1)
Review
395(1)
4.1 Questions
395(1)
4.1 Answers
396(1)
Objective 4.2 Summarize the importance of policies, processes, and procedures for incident response
396(11)
Incident Response
396(1)
Incident Response Plans
397(1)
Incident Response Process
397(2)
Exercises
399(1)
Attack Frameworks
400(1)
Communication Plan
401(1)
Business Continuity Plan
402(1)
Disaster Recovery Plan
403(1)
Continuity of Operations Planning
404(1)
Incident Response Team
404(1)
Stakeholder Management
405(1)
Retention Policies
405(1)
Review
406(1)
4.2 Questions
406(1)
4.2 Answers
407(1)
Objective 4.3 Given an incident, utilize appropriate data sources to support an investigation
407(14)
Data Sources
407(1)
Vulnerability Scan Output
407(1)
SIEM Dashboards
407(3)
Log Files
410(6)
syslog/rsyslog/syslog-ng
416(1)
journalctl
417(1)
NXLog
417(1)
Bandwidth Monitors
417(1)
Metadata
418(1)
NetFlow/sFlow
419(1)
Protocol Analyzer Output
419(1)
Review
420(1)
4.3 Questions
420(1)
4.3 Answers
421(1)
Objective 4.4 Given an incident, apply mitigation techniques or controls to secure an environment
421(7)
Incident Mitigation
421(1)
Reconfigure Endpoint Security Solutions
421(2)
Configuration Changes
423(2)
Isolation
425(1)
Containment
425(1)
Segmentation
425(1)
Security Orchestration, Automation, and Response
426(1)
Review
427(1)
4.4 Questions
427(1)
4.4 Answers
427(1)
Objective 4.5 Explain the key aspects of digital forensics
428(11)
Digital Forensics
428(1)
Documentation and Evidence
428(3)
Acquisition and Preservation
431(3)
On-Premises vs. Cloud
434(1)
Integrity
435(1)
Data Recovery
435(1)
Review
436(1)
4.5 Questions
436(1)
4.5 Answers
437(2)
A About the Online Content
439(4)
System Requirements
439(1)
Your Total Seminars Training Hub Account
439(1)
Privacy Notice
439(1)
Single User License Terms and Conditions
439(2)
Total Tester Online
441(1)
Technical Support
441(2)
Index 443
Dawn Dunkerley (Meridianville, AL), CISSP, ISSAP, ISSEP, ISSMP, CSSLP, PMP, received a Ph.D. in Information Systems from Nova Southeastern University in 2011 with a doctoral focus of information security success within organizations. Her research interests include cyberwarfare, cybersecurity, and the success and measurement of organizational cybersecurity initiatives. She holds the 2011 ISC2 Government Information Security Leadership Award (Crystal).