CompTIA Security+ SY0-301 Exam Cram
Pearson IT Certification
978-0-7897-4829-4 (ISBN)
- Titel erscheint in neuer Auflage
- Artikel merken
CompTIA® Security+ Exam Cram, Third Edition, is the perfect study guide to help you pass CompTIA’s newly updated version of the Security+ exam. It provides coverage and practice questions for every exam topic. The book contains a set of 200 questions in two full practice exams.
Limited Time Offer: Buy CompTIA Security+ SY0-301 Authorized Exam Cram and receive a 10% off discount code for the CompTIA Security+ SYO-301 exam. To receive your 10% off discount code:
Register your product at pearsonITcertification.com/register
Follow the instructions
Go to your Account page and click on “Access Bonus Content”
The CD-ROM contains the powerful Pearson IT Certification Practice Test engine that provides real-time practice and feedback with all the questions so you can simulate the exam.
Covers the critical information you need to know to score higher on your Security+ exam!
Master and implement general security best practices
Systematically identify threats and risks to your systems
Harden systems by eliminating nonessential services
Secure your communications, networks, and infrastructure
Systematically identify and protect against online vulnerabilities
Implement effective access control and authentication
Create security baselines and audit your security infrastructure
Understand cryptographic principles, and effectively deploy cryptographic solutions
Organize security from both a technical and organizational standpoint
Manage every facet of security, including education and documentation
Understand the laws related to IT security, and the basics of forensic investigations
Kirk Hausman (CISSP, CISA, CRISC, Security+) has worked as an ISO, consultant, trainer, and IT director. He is Assistant Commandant for IT at TAMU and teaches InfoSec topics as an Adjunct Professor at UMUC and UAT.
Martin Weiss (CISSP, CISA, Security+, MCSE) leads a team of information security experts at Symantec supporting solutions to provide confidence in a connected world.
Diane Barrett (CISSP, MCSE, A+, Security+) is the director of training for Paraben Corporation and an adjunct professor for American Military University.
Companion CD
The CD-ROM contains two, complete practice exam.
Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test
Pearson IT Certification Practice Test minimum system requirements:
Windows XP (SP3), Windows Vista (SP2), or Windows 7; Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam
Diane Barrett is the director of training for Paraben Corporation and an adjunct professor for American Military University. She has done contract forensic and security assessment work for several years and has authored other security and forensic books. She is a regular committee member for ADFSL’s Conference on Digital Forensics, Security, and Law as well as an academy director for Edvancement Solutions. She holds many industry certifications, including CISSP, ISSMP, DFCP, PCME, and Security+. Diane’s education includes an MS in information technology with a specialization in information security. She expects to complete a PhD in business administration with a specialization in information security. Kalani Kirk Hausman is an author, enterprise and security architect, ISO, and consultant with experience including medium- to large-scale globally deployed networks in governmental, higher-education, health-care, and corporate settings. Kalani’s professional certifications include the CISSP, CGEIT, CRISC, CISA, CISM, GIAC-GHSC, PMP, and CCP. He is active within the FBI InfraGard, Information Systems Audit and Control Association (ISACA), and ISSA. Kalani is currently employed as the assistant commandant for Strategic Communications, Information Technology, and Public Relations at TAMU and as an adjunct professor of InfoSec at UMUC. Kalani can be reached at kkhausman@hotmail.com or followed on Twitter at @kkhausman. Martin Weiss lives within a triangle of sales, engineering, and marketing, providing information security solutions for organizations of all sizes. He is currently most interested in governance, risk, compliance, and how to secure elastic cloud environments. He is also an adjunct professor with the University of Maryland University College focusing on security classes. Marty is the author of several other books. His work has been compared to literary greats. His mother, upon reviewing a recent book, described it as riveting as anything by Dostoevsky. Marty holds several certifications, including Security+, CISSP, CISA, and CCSK. He received his M.B.A. from the Isenberg School of Management at the University of Massachusetts and currently lives in Connecticut with his wife, three sons, and iPhone. Marty can be reached at martyweiss@gmail.com or stalked on Twitter @martyweiss.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Part I: Network Security
CHAPTER 1: Network Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Explain the Security Function and Purpose of Network Devices and Technologies.. 2
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Switches. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Load Balancers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Web Security Gateways. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
VPN Concentrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
NIDS and NIPS (Behavior Based, Signature Based,
Anomaly Based, Heuristic). . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Protocol Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Sniffers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Spam Filter, All-in-one Security Appliances . . . . . . . . . . . . . . . . 11
Web Application Firewall versus Network Firewall . . . . . . . . . . . 11
URL Filtering, Content Inspection, Malware Inspection . . . . . . . 13
Apply and Implement Secure Network Administration Principles . . . . . 16
Rule-based Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Firewall Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
VLAN Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Secure Router Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 19
Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Port Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
802.1X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Flood Guards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Loop Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Implicit Deny . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Prevent Network Bridging by Network Separation . . . . . . . . . . . 22
Log Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Distinguish and Differentiate Network Design Elements and Compounds.. 25
DMZ. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Intranet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Extranet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Remote Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Telephony. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
NAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
CHAPTER 2: Network Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Implement and Use Common Protocols . . . . . . . . . . . . . . . . . . . . . . 42
Internet Protocol Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Secure Shell Connections. . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Domain Name Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Transport Layer Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Secure Sockets Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
FTPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Hypertext Transport Protocol over Secure Sockets Layer . . . . . . . 50
Secure FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Secure Copy Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Internet Control Message Protocol . . . . . . . . . . . . . . . . . . . . . 52
IPv4 versus IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Identify Commonly Used Default Network Ports . . . . . . . . . . . . . . . . 56
Implement Wireless Networks in a Secure Manner. . . . . . . . . . . . . . . 60
Wi-Fi Protected Access (WPA) . . . . . . . . . . . . . . . . . . . . . . . . 61
WPA2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Wired Equivalent Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Extensible Authentication Protocol . . . . . . . . . . . . . . . . . . . . . 62
Protected EAP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
LEAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Media Access Control Filter . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Service Set Identifier Broadcast. . . . . . . . . . . . . . . . . . . . . . . . 64
Temporal Key Integrity Protocol. . . . . . . . . . . . . . . . . . . . . . . 65
CCMP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Antenna Placement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Power Level Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Part II: Compliance and Operational Security
CHAPTER 3: Risk Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Exemplify the Concepts of Confidentiality, Integrity, and Availability . . . 70
Confidentiality. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Integrity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Explain Risk-Related Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Risk Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Types of Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Identifying Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Identifying Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Measuring Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Qualitative versus Quantitative Measures . . . . . . . . . . . . . . . . . 80
Risk Reduction Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Carry Out Appropriate Risk-Mitigation Strategies . . . . . . . . . . . . . . . 90
Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Incident Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Regular Audits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Explain the Importance of Security-Related Awareness and Training . . . 97
User Education . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
User Habits and Expectations . . . . . . . . . . . . . . . . . . . . . . . . . 99
CHAPTER 4: Response and Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Execute Appropriate Incident Response Procedures. . . . . . . . . . . . . . 104
First Responders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Damage and Loss Control . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Chain of Custody and Rules of Evidence . . . . . . . . . . . . . . . . . 105
Basic Forensic Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Explain the Impact and Proper Use of Environmental Controls . . . . . . 111
The Importance of Environmental Controls . . . . . . . . . . . . . . 111
HVAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Fire Suppression. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
EMI Shielding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Temperature and Humidity Controls . . . . . . . . . . . . . . . . . . . 116
Hot-Aisle/Cold-Aisle Separation . . . . . . . . . . . . . . . . . . . . . . 117
Environmental Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . 117
Video Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Compare and Contrast Aspects of Business Continuity. . . . . . . . . . . . 120
Contrasting Business Continuity and Disaster Recovery . . . . . . . 120
Business Continuity Planning . . . . . . . . . . . . . . . . . . . . . . . . 121
Execute Disaster Recovery Plans and Procedures . . . . . . . . . . . . . . . 126
Disaster Recovery Planning . . . . . . . . . . . . . . . . . . . . . . . . . 126
Alternative Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Redundant Equipment and Connections . . . . . . . . . . . . . . . . . 132
Backup Techniques and Practices . . . . . . . . . . . . . . . . . . . . . . 136
Part III: Threats and Vulnerabilities
CHAPTER 5: Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Analyze and Differentiate Among Types of Malware . . . . . . . . . . . . . 144
Adware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Trojans. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Botnets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Logic Bombs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Backdoors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
Analyze and Differentiate Among Types of Attacks . . . . . . . . . . . . . . 153
Man-in-the-Middle. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Replay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Distributed DoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
DNS Poisoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
ARP Poisoning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Spoofing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Spam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Privilege Escalation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Malicious Insider Threat . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
Analyze and Differentiate Among Types of Social Engineering Attacks. . . 165
Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Dumpster Diving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Tailgating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Analyze and Differentiate Among Types of Wireless Attacks . . . . . . . . 171
Rogue Access Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
War Driving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Bluejacking/Bluesnarfing . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Packetsniffing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
IV Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Analyze and Differentiate Among Types of Application Attacks . . . . . . 175
Browser Threats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Code Injections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Directory Traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Header Manipulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Zero-day. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Buffer Overflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
CHAPTER 6: Deterrents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Analyze and Differentiate Among Types of Mitigation and Deterrent Techniques . . 184
Manual Bypassing of Electronic Controls . . . . . . . . . . . . . . . . 185
Monitoring System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Hardening. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Security Posture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Detection Controls versus Prevention Controls . . . . . . . . . . . . 196
Implement Assessment Tools and Techniques to Discover Security Threats and Vulnerabilities. .. 199
Vulnerability Scanning and Interpreting Results . . . . . . . . . . . . 199
Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Risk Calculation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Assessment Technique . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
Within the Realm of Vulnerability Assessments, Explain the Proper Use of Penetration Testing versus Vulnerability Scanning . . . . 207
Penetration Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Vulnerability Scanning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
Part IV: Application, Data, and Host Security
CHAPTER 7: Application Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Explain the Importance of Application Security . . . . . . . . . . . . . . . . 214
Fuzzing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Secure Coding Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
Cross-site Scripting Prevention . . . . . . . . . . . . . . . . . . . . . . . 220
Cross-site Request Forgery Prevention . . . . . . . . . . . . . . . . . . 221
Application Configuration Baseline . . . . . . . . . . . . . . . . . . . . 222
Application Hardening . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Application Patch Management . . . . . . . . . . . . . . . . . . . . . . . 226
CHAPTER 8: Host Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
Carry Out Appropriate Procedures to Establish Host Security. . . . . . . 232
Operating System Security and Settings . . . . . . . . . . . . . . . . . 234
Anti-malware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Hardware Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Host Software Baselining . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Virtualization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
CHAPTER 9: Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Explain the Importance of Data Security . . . . . . . . . . . . . . . . . . . . . 256
Data Loss Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Data Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Hardware-based Encryption Devices . . . . . . . . . . . . . . . . . . . 265
Cloud Computing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Part V: Access Control and Identity Management
CHAPTER 10: Authentication and Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Authentication Strength. . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Single versus Multifactor Authentication . . . . . . . . . . . . . . . . . 280
Common Authentication Forms . . . . . . . . . . . . . . . . . . . . . . 281
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Anonymous Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . 289
Authorization Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
CHAPTER 11: Access Control and Account Management. . . . . . . . . . . . . . . . . . . . . . 295
Explain the Fundamental Concepts and Best Practices Related to Access Control. . .. . 296
Access Control Forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Access Control Best Practices . . . . . . . . . . . . . . . . . . . . . . . . 301
Implement Appropriate Security Controls when Performing Account Management . .. 304
Account Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Security Groups and Roles with Appropriate
Rights and Privileges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Default Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Password Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Time-of-Day Restrictions and Account Expiration . . . . . . . . . . 309
Part VI: Cryptography
CHAPTER 12: Cryptography Tools and Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Summarize General Cryptography Concepts . . . . . . . . . . . . . . . . . . 314
Symmetric versus Asymmetric. . . . . . . . . . . . . . . . . . . . . . . . 314
Transport Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Nonrepudiation and Digital Signatures . . . . . . . . . . . . . . . . . . 318
Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Key Escrow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Use of Proven Technologies . . . . . . . . . . . . . . . . . . . . . . . . . 321
Elliptic Curve and Quantum Cryptography . . . . . . . . . . . . . . . 322
Use and Apply Appropriate Cryptographic Tools and Products . . . . . . 324
Wireless Encryption Functions . . . . . . . . . . . . . . . . . . . . . . . 325
Cryptographic Hash Functions . . . . . . . . . . . . . . . . . . . . . . . 325
HMAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Symmetric Encryption Algorithms . . . . . . . . . . . . . . . . . . . . . 328
Asymmetric Encryption Algorithms . . . . . . . . . . . . . . . . . . . . 330
One-time-pads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
PGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Whole Disk Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Use of Algorithms with Transport Encryption . . . . . . . . . . . . . 334
CHAPTER 13: Public Key Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Explain the Core Concepts of Public Key Infrastructure. . . . . . . . . . . 340
Certificate Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Registration Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Certificate Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Certificate Practice Statement . . . . . . . . . . . . . . . . . . . . . . . . 346
Revocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Trust Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Implement PKI, Certificate Management, and Associated Components . 350
Centralized versus Decentralized . . . . . . . . . . . . . . . . . . . . . . 351
Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352
Key Escrow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Expiration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Revocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Status Checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Suspension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
M of N Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Renewal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Destruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Key Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Multiple Key Pairs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
Part VII: Practice Exams and Answers
Practice Exam 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Answers to Practice Exam 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Practice Exam 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Answers to Practice Exam 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
TOC, 9780789748294, 11/18/2011
| Erscheint lt. Verlag | 28.12.2011 |
|---|---|
| Verlagsort | Upper Saddle River |
| Sprache | englisch |
| Maße | 156 x 224 mm |
| Gewicht | 720 g |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Informatik ► Office Programme ► Outlook | |
| Informatik ► Weitere Themen ► Zertifizierung | |
| ISBN-10 | 0-7897-4829-0 / 0789748290 |
| ISBN-13 | 978-0-7897-4829-4 / 9780789748294 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
