Robert Shimonski,
Martin Weiss,
Martin M. Weiss
CompTIA Security+ SY0-701 Exam Cram
Paperback Engels 2024 9780138225575
Verwachte levertijd ongeveer 9 werkdagen
Samenvatting
CompTIA Security+ SY0-701 Exam Cram is an all-inclusive study guide designed to help you pass the updated version of the CompTIA Security+ exam. Prepare for test day success with complete coverage of exam objectives and topics, plus hundreds of realistic practice questions. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time assessment and feedback with two complete exams.
This edition comes with a Pearson Test Prep Practice Test access code that is delivered upon product registration. Follow the instructions in the book's introduction to register your product.
Covers the critical information needed to score higher on your Security+ SY0-701 exam!
General security concepts Threats, vulnerabilities, and mitigations Security architecture Security operations Security program management and oversight
Prepare for your exam with Pearson Test Prep
Realistic practice questions and answers Comprehensive reporting and feedback Customized testing in study, practice exam, or flash card modes Complete coverage of CompTIA Security+ SY0-701 exam objectives
Specificaties
Lezersrecensies
Wees de eerste die een lezersrecensie schrijft!
Inhoudsopgave
<p><strong>Introduction</strong><strong>. . . . . . . . . . . . . . . . . . . . . . . </strong><strong>xxvi</strong></p> <p><strong>Part 1: General Security Concepts 1</strong></p> <p><strong>CHAPTER 1: </strong><strong>Security Controls</strong><strong>.. . . . . . . . . . . . . . . . . . . . . . </strong><strong>3</strong></p> <p> Nature of Controls.. . . . . . . . . . . . . . . . . . . 3</p> <p> Functional Use of Controls.. . . . . . . . . . . . . . . . 4</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . . 9</p> <p><strong>CHAPTER 2: </strong><strong>Fundamental Security Concepts</strong><strong>.. . . . . . . . . . . . . . . . </strong><strong>11</strong></p> <p> Confidentiality, Integrity, and Availability (CIA).. . . . . . . . . 12</p> <p> Non-Repudiation.. . . . . . . . . . . . . . . . . . . 13</p> <p> Authentication, Authorization, and Accounting (AAA).. . . . . . . 13</p> <p> Gap Analysis. . . . . . . . . . . . . . . . . . . . . 14</p> <p> Zero Trust.. . . . . . . . . . . . . . . . . . . . . . 15</p> <p> Physical Security. . . . . . . . . . . . . . . . . . . . 18</p> <p> Video Surveillance. . . . . . . . . . . . . . . . . . . 20</p> <p> Deception and Disruption Technology. . . . . . . . . . . . 23</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 26</p> <p><strong>CHAPTER 3: </strong><strong>Change Management Processes and the Impact to Security</strong><strong>.. . . . . </strong><strong>27</strong></p> <p> Change Management. . . . . . . . . . . . . . . . . . 28</p> <p> Business Processes Impacting Security Operations. . . . . . . . 28</p> <p> Technical Implications.. . . . . . . . . . . . . . . . . . 31</p> <p> Documentation. . . . . . . . . . . . . . . . . . . . 35</p> <p> Version Control.. . . . . . . . . . . . . . . . . . . . 36</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 38</p> <p><strong>CHAPTER 4: </strong><strong>Cryptographic Solutions</strong><strong>. . . . . . . . . . . . . . . . . . . </strong><strong>39</strong></p> <p> Public Key Infrastructure (PKI).. . . . . . . . . . . . . . 40</p> <p> Encryption. . . . . . . . . . . . . . . . . . . . . . 43</p> <p> Tools.. . . . . . . . . . . . . . . . . . . . . . . . 55</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 80</p> <p><strong>Part 2: Threats, Vulnerabilities, and Mitigations 81</strong></p> <p><strong>CHAPTER 5: </strong><strong>Threat Actors and Motivations</strong><strong>.. . . . . . . . . . . . . . . . </strong><strong>83</strong></p> <p> Threat Actors.. . . . . . . . . . . . . . . . . . . . . 84</p> <p> Motivations.. . . . . . . . . . . . . . . . . . . . . 90</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 96</p> <p><strong>CHAPTER 6: </strong><strong>Threat Vectors and Attack Surfaces</strong><strong>.. . . . . . . . . . . . </strong><strong>97</strong></p> <p> Types of Threat Vectors and Attack Surfaces. . . . . . . . . . 98</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 114</p> <p><strong>CHAPTER 7: </strong><strong>Vulnerability Types</strong><strong>.. . . . . . . . . . . . . . . . . . .. </strong><strong>115</strong></p> <p> Application. . . . . . . . . . . . . . . . . . . . . . 116</p> <p> Operating System-Based.. . . . . . . . . . . . . . . . . 118</p> <p> Web-Based. . . . . . . . . . . . . . . . . . . . . . 119</p> <p> Hardware. . . . . . . . . . . . . . . . . . . . . . 120</p> <p> Virtualization.. . . . . . . . . . . . . . . . . . . . . 121</p> <p> Cloud-Specific.. . . . . . . . . . . . . . . . . . . . 122</p> <p> Supply Chain.. . . . . . . . . . . . . . . . . . . . . 123</p> <p> Cryptographic.. . . . . . . . . . . . . . . . . . . . 125</p> <p> Misconfiguration. . . . . . . . . . . . . . . . . . . . 126</p> <p> Mobile Device.. . . . . . . . . . . . . . . . . . . . 127</p> <p> Zero-Day. . . . . . . . . . . . . . . . . . . . . . 127</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 130</p> <p><strong>CHAPTER 8: </strong><strong>Malicious Attacks and Indicators</strong><strong>.. . . . . . . . .. . . . . </strong><strong>131</strong></p> <p> Malware Attacks.. . . . . . . . . . . . . . . . . . . . 132</p> <p> Physical Attacks.. . . . . . . . . . . . . . . . . . . . 138</p> <p> Network Attacks.. . . . . . . . . . . . . . . . . . . . 139</p> <p> Application Attacks.. . . . . . . . . . . . . . . . . . . 148</p> <p> Cryptographic Attacks.. . . . . . . . . . . . . . . . . . 153</p> <p> Password Attacks. . . . . . . . . . . . . . . . . . . . 154</p> <p> Indicators of Malicious Activity. . . . . . . . . . . . . . . 156</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 160</p> <p><strong>CHAPTER 9 </strong><strong>Mitigation Techniques for Securing the Enterprise</strong><strong>.. . . . . </strong><strong>161</strong></p> <p> Segmentation.. . . . . . . . . . . . . . . . . . . . . 162</p> <p> Access Control.. . . . . . . . . . . . . . . . . . . . 162</p> <p> Application Allow List.. . . . . . . . . . . . . . . . . . 164</p> <p> Isolation. . . . . . . . . . . . . . . . . . . . . . . 165</p> <p> Patching.. . . . . . . . . . . . . . . . . . . . . . 165</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 176</p> <p><strong>Part 3: Security Architecture 177</strong></p> <p><strong>CHAPTER 10: </strong><strong>Security Implications of Architecture Models</strong><strong>. . . . . . . . </strong><strong>179</strong></p> <p> Architecture and Infrastructure Concepts. . . . . . . . . . . 180</p> <p> Considerations.. . . . . . . . . . . . . . . . . . . . 201</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 209</p> <p><strong>CHAPTER 11: </strong><strong>Enterprise Architecture Security Principles</strong><strong>.. . . . . . . . . </strong><strong>211</strong></p> <p> Infrastructure Considerations.. . . . . . . . . . . . . . . 212</p> <p> Secure Communication/Access.. . . . . . . . . . . . . . . 224</p> <p> Selection of Effective Controls.. . . . . . . . . . . . . . . 228</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 232</p> <p><strong>CHAPTER 12: </strong><strong>Data Protection Strategies</strong><strong>.. . . . . . . . . . . . . . . . . . </strong><strong>233</strong></p> <p> Data Types. . . . . . . . . . . . . . . . . . . . . . 234</p> <p> Data Classifications.. . . . . . . . . . . . . . . . . . . 237</p> <p> General Data Considerations.. . . . . . . . . . . . . . . 238</p> <p> Methods to Secure Data. . . . . . . . . . . . . . . . . 240</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 246</p> <p><strong>CHAPTER 13: </strong><strong>Resilience and Recovery in Security Architecture</strong><strong>.. . . .. . </strong><strong>247</strong></p> <p> High Availability.. . . . . . . . . . . . . . . . . . . . 248</p> <p> Site Considerations.. . . . . . . . . . . . . . . . . . . 249</p> <p> Platform Diversity. . . . . . . . . . . . . . . . . . . 251</p> <p> Multicloud Systems.. . . . . . . . . . . . . . . . . . . 252</p> <p> Continuity of Operations.. . . . . . . . . . . . . . . . . 252</p> <p> Capacity Planning. . . . . . . . . . . . . . . . . . . 253</p> <p> Testing.. . . . . . . . . . . . . . . . . . . . . . . 254</p> <p> Backups.. . . . . . . . . . . . . . . . . . . . . . . 255</p> <p> Power.. . . . . . . . . . . . . . . . . . . . . . . 261</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 264</p> <p><strong>Part 4: Security Operations 265</strong></p> <p><strong>CHAPTER 14: </strong><strong>Securing Resources</strong><strong>. . . . . . . . . . . . . . . . . . . . </strong><strong>267</strong></p> <p> Secure Baselines.. . . . . . . . . . . . . . . . . . . . 268</p> <p> Hardening Targets.. . . . . . . . . . . . . . . . . . . 270</p> <p> Wireless Devices. . . . . . . . . . . . . . . . . . . . 278</p> <p> Mobile Solutions. . . . . . . . . . . . . . . . . . . . 281</p> <p> Wireless Security Settings.. . . . . . . . . . . . . . . . 285</p> <p> Application Security.. . . . . . . . . . . . . . . . . . 289</p> <p> Sandboxing.. . . . . . . . . . . . . . . . . . . . . 290</p> <p> Monitoring.. . . . . . . . . . . . . . . . . . . . . 291</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 293</p> <p><strong>CHAPTER 15: </strong><strong>Hardware, Software, and Data Asset Management</strong><strong>.. . . . . . . . . </strong><strong>295</strong></p> <p> Acquisition/Procurement Process.. . . . . . . . . . . . . . 296</p> <p> Assignment/Accounting.. . . . . . . . . . . . . . . . . 297</p> <p> Monitoring and Asset Tracking.. . . . . . . . . . . . . . . 299</p> <p> Disposal/Decommissioning.. . . . . . . . . . . . . . . . 300</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 305</p> <p><strong>CHAPTER 16: </strong><strong>Vulnerability Management</strong><strong>.. . . . . . . . . . . . . . . . . . </strong><strong>307</strong></p> <p> Identification Methods. . . . . . . . . . . . . . . . . . 308</p> <p> Analysis.. . . . . . . . . . . . . . . . . . . . . . . 316</p> <p> Vulnerability Response and Remediation.. . . . . . . . . . . 322</p> <p> Validation of Remediation.. . . . . . . . . . . . . . . . 325</p> <p> Reporting. . . . . . . . . . . . . . . . . . . . . . 326</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 328</p> <p><strong>CHAPTER 17: </strong><strong>Security Alerting and Monitoring</strong><strong>. . . . . . . . . . . . . . . . </strong><strong>329</strong></p> <p> Monitoring Computing Resources.. . . . . . . . . . . . . 330</p> <p> Activities.. . . . . . . . . . . . . . . . . . . . . . 332</p> <p> Tools.. . . . . . . . . . . . . . . . . . . . . . . . 336</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 347</p> <p><strong>CHAPTER 18: </strong><strong>Enterprise Security Capabilities</strong><strong>.. . . . . . . . . . . . . . . . </strong><strong>349</strong></p> <p> Firewall.. . . . . . . . . . . . . . . . . . . . . . . 350</p> <p> IDS/IPS. . . . . . . . . . . . . . . . . . . . . . . 354</p> <p> Web Filter.. . . . . . . . . . . . . . . . . . . . . . 357</p> <p> Operating System Security.. . . . . . . . . . . . . . . . 361</p> <p> Implementation of Secure Protocols.. . . . . . . . . . . . . 363</p> <p> DNS Filtering.. . . . . . . . . . . . . . . . . . . . 366</p> <p> Email Security.. . . . . . . . . . . . . . . . . . . . 367</p> <p> File Integrity Monitoring. . . . . . . . . . . . . . . . . 369</p> <p> Data Loss Prevention (DLP).. . . . . . . . . . . . . . . 370</p> <p> Network Access Control (NAC).. . . . . . . . . . . . . . 371</p> <p> Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)..372</p> <p> User Behavior Analytics.. . . . . . . . . . . . . . . . . 373</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 375</p> <p><strong>CHAPTER 19: </strong><strong>Identity and Access Management</strong><strong>.. . . . . . . . . . . . . . . </strong><strong>377</strong></p> <p> Provisioning/De-provisioning User Accounts.. . . . . . . . . . 378</p> <p> Permission Assignments and Implications. . . . . . . . . . . 379</p> <p> Identity Proofing.. . . . . . . . . . . . . . . . . . . 381</p> <p> Federation and Single Sign-On (SSO).. . . . . . . . . . . . 382</p> <p> Interoperability. . . . . . . . . . . . . . . . . . . . 385</p> <p> Attestation.. . . . . . . . . . . . . . . . . . . . . . 385</p> <p> Access Controls.. . . . . . . . . . . . . . . . . . . . 386</p> <p> Multifactor Authentication (MFA).. . . . . . . . . . . . . . 388</p> <p> Password Concepts.. . . . . . . . . . . . . . . . . . . 395</p> <p> Privileged Access Management Tools. . . . . . . . . . . . . 397</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 400</p> <p><strong>CHAPTER 20: </strong><strong>Security Automation and Orchestration</strong><strong>. . . . . . . . . . . . . </strong><strong>401</strong></p> <p> Use Cases of Automation and Scripting.. . . . . . . . . . . . 402</p> <p> Benefits.. . . . . . . . . . . . . . . . . . . . . . . 405</p> <p> Other Considerations.. . . . . . . . . . . . . . . . . . 406</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 408</p> <p><strong>CHAPTER 21: </strong><strong>Incident Response Activities</strong><strong>. . . . . . . . . . . . . . . . . </strong><strong>409</strong></p> <p> Incident Response Process.. . . . . . . . . . . . . . . . 410</p> <p> Training and Testing.. . . . . . . . . . . . . . . . . . 411</p> <p> Root Cause Analysis (RCA).. . . . . . . . . . . . . . . . 412</p> <p> Threat Hunting.. . . . . . . . . . . . . . . . . . . . 413</p> <p> Digital Forensics. . . . . . . . . . . . . . . . . . . . 414</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 417</p> <p><strong>CHAPTER 22: </strong><strong>Data Sources for Supporting Investigations</strong><strong>. . . . . . . . . . . . </strong><strong>419</strong></p> <p> Log Data.. . . . . . . . . . . . . . . . . . . . . . 419</p> <p> Data Sources.. . . . . . . . . . . . . . . . . . . . . 421</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 423</p> <p><strong>Part 5: Security Program Management and Oversight 425</strong></p> <p><strong>CHAPTER 23: </strong><strong>Effective Security Governance</strong><strong>.. . . . . . . . . . . . . . . . </strong><strong>427</strong></p> <p> Governing Framework. . . . . . . . . . . . . . . . . . 428</p> <p> Policies.. . . . . . . . . . . . . . . . . . . . . . . 433</p> <p> Standards.. . . . . . . . . . . . . . . . . . . . . . 445</p> <p> Procedures.. . . . . . . . . . . . . . . . . . . . . . 447</p> <p> Guidelines.. . . . . . . . . . . . . . . . . . . . . . 452</p> <p> External Considerations. . . . . . . . . . . . . . . . . 453</p> <p> Roles and Responsibilities for Systems and Data.. . . . . . . . . 460</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 464</p> <p><strong>CHAPTER 24: </strong><strong>Risk Management</strong><strong>.. . . . . . . . . . . . . . . . . . . . . </strong><strong>465</strong></p> <p> Risk Identification. . . . . . . . . . . . . . . . . . . 466</p> <p> Risk Assessment.. . . . . . . . . . . . . . . . . . . . 466</p> <p> Risk Analysis. . . . . . . . . . . . . . . . . . . . . 468</p> <p> Risk Register.. . . . . . . . . . . . . . . . . . . . . 472</p> <p> Risk Appetite and Tolerance.. . . . . . . . . . . . . . . . 474</p> <p> Risk Management Strategies. . . . . . . . . . . . . . . . 475</p> <p> Risk Reporting.. . . . . . . . . . . . . . . . . . . . 477</p> <p> Business Impact Analysis.. . . . . . . . . . . . . . . . . 478</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 483</p> <p><strong>CHAPTER 25: </strong><strong>Third-Party Risk Assessment and Management</strong><strong>. . . . . . . . . . </strong><strong>485</strong></p> <p> Third-Party Risk Management.. . . . . . . . . . . . . . . 486</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 494</p> <p><strong>CHAPTER 26: </strong><strong>Security Compliance</strong><strong>.. . . . . . . . . . . . . . . . . . . . </strong><strong>495</strong></p> <p> Compliance Reporting and Monitoring.. . . . . . . . . . . . 496</p> <p> Privacy.. . . . . . . . . . . . . . . . . . . . . . . 501</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 507</p> <p><strong>CHAPTER 27: </strong><strong>Security Audits and Assessments</strong><strong>.. . . . . . . . . . . . . . . </strong><strong>509</strong></p> <p> Audits and Assessments.. . . . . . . . . . . . . . . . . 510</p> <p> Penetration Testing.. . . . . . . . . . . . . . . . . . . 513</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 523</p> <p><strong>CHAPTER 28: </strong><strong>Security Awareness Practices</strong><strong>. . . . . . . . . . . . . . . . . </strong><strong>525</strong></p> <p> Security Awareness.. . . . . . . . . . . . . . . . . . . 526</p> <p> What Next?.. . . . . . . . . . . . . . . . . . . . . 550</p> <p><strong>Glossary of Essential Terms</strong><strong>.. . . . . . . . . . . . . . . . . </strong><strong>551</strong></p> <p><strong>Cram Sheet</strong><strong>.. . . . . . . . . . . . . . . . . . . . . . . </strong><strong>603</strong></p> <p> </p> <p>9780138225575, TOC, 7/3/2024</p>
Rubrieken
- advisering
- algemeen management
- coaching en trainen
- communicatie en media
- economie
- financieel management
- inkoop en logistiek
- internet en social media
- it-management / ict
- juridisch
- leiderschap
- marketing
- mens en maatschappij
- non-profit
- ondernemen
- organisatiekunde
- personal finance
- personeelsmanagement
- persoonlijke effectiviteit
- projectmanagement
- psychologie
- reclame en verkoop
- strategisch management
- verandermanagement
- werk en loopbaan