Nicht aus der Schweiz? Besuchen Sie lehmanns.de
CompTIA Security+ SY0-601 Exam Cram Premium Edition and Practice Test - Martin Weiss

CompTIA Security+ SY0-601 Exam Cram Premium Edition and Practice Test

Martin Weiss (Autor)

Druckwerk
752 Seiten
2021 | 6th edition
Pearson IT Certification
978-0-13-679875-0 (ISBN)
CHF 62,45 inkl. MwSt
  • Versand in 10-20 Tagen
  • Versandkostenfrei
  • Auch auf Rechnung
  • Artikel merken
CompTIA Security+ SY0-601 Exam Cram Premium Edition and Practice Test
The exciting new CompTIA Security+ SY0-601 Exam Cram Premium Edition and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:


The CompTIA Security+ SY0-601 Exam Cram Premium Edition Practice Test, including four full practice exams and enhanced practice test features
PDF, EPUB, and Mobi/Kindle formats of the CompTIA Security+ SY0-601 Exam Cram from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone


About the Premium Edition Practice Test
This Premium Edition contains an enhanced version of the Pearson Test Prep practice test software with four full practice exams. This integrated learning package


Allows you to focus on individual topic areas or take complete, timed exams
Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
Provides unique sets of exam-realistic practice questions
Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most


Pearson Test Prep online system requirements
Browsers: Chrome version 73 and above; Safari version 12 and above; Microsoft Edge 44 and above. Devices: Desktop and laptop computers, tablets running on Android v8.0 and iOS v13, smartphones with a minimum screen size of 4.7". Internet access required.
Pearson Test Prep offline system requirements
Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

About the Premium Edition eBook
CompTIA Security+ SY0-601 Exam Cram, Sixth Edition, is the perfect study guide to help you pass the newly updated version of the CompTIA Security+ exam. It provides coverage and practice questions for every exam topic. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time practice and feedback with two complete exams.
Covers the critical information you'll need to know to score higher on your Security+ SY0-601 exam!


Assess the different types of threats, attacks, and vulnerabilities organizations face
Understand security concepts across traditional, cloud, mobile, and IoT environments
Explain and implement security controls across multiple environments
Identify, analyze, and respond to operational needs and security incidents
Understand and explain the relevance of concepts related to governance, risk, and compliance

Marty M. Weiss has spent most of his career in information security and risk management, helping large organizations. Marty holds a bachelor of science degree in computer studies from the University of Maryland University College and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He holds several certifications, including CISSP, CISA, and Security+. Marty has authored and coauthored more than a half-dozen books on information technology, many that have been described as riveting and Dostoevsky-esque in reviews by his mother. A Florida native, he now lives in New England.

    Introduction . . . . . . . . . . . . . . . . . . . . . . xxvii Part I: Attacks, Threats, and Vulnerabilities 1 CHAPTER 1: Social Engineering Techniques.. . . . . . . . . . . . . . . . 3     The Social Engineer.. . . . . . . . . . . . . . . . . . 4     Phishing and Related Attacks.. . . . . . . . . . . . . . . 6     Principles of Influence (Reasons for Effectiveness). . . . . . . . 10     What Next?.. . . . . . . . . . . . . . . . . . . . . 14 CHAPTER 2: Attack Basics.. . . . . . . . . . . . . . . . . . . . . . 15     Malware. . . . . . . . . . . . . . . . . . . . . . . 16     Physical Attacks.. . . . . . . . . . . . . . . . . . . . 26     Adversarial Artificial Intelligence (AI).. . . . . . . . . . . . 27     Password Attacks. . . . . . . . . . . . . . . . . . . . 28     Downgrade Attacks.. . . . . . . . . . . . . . . . . . . 31     What Next?.. . . . . . . . . . . . . . . . . . . . . 34 CHAPTER 3: Application Attacks.. . . . . . . . . . . . . . . . . . . . 35     Race Conditions.. . . . . . . . . . . . . . . . . . . . 36     Improper Software Handling.. . . . . . . . . . . . . . . 37     Resource Exhaustion.. . . . . . . . . . . . . . . . . . 37     Overflows.. . . . . . . . . . . . . . . . . . . . . . 38     Code Injections. . . . . . . . . . . . . . . . . . . . 39     Driver Manipulation.. . . . . . . . . . . . . . . . . . 40     Request Forgeries.. . . . . . . . . . . . . . . . . . . 41     Directory Traversal.. . . . . . . . . . . . . . . . . . . 44     Replay Attack.. . . . . . . . . . . . . . . . . . . . . 45     Secure Sockets Layer (SSL) Stripping.. . . . . . . . . . . . 45     Application Programming Interface (API) Attacks.. . . . . . . . 47     Pass-the-Hash Attack. . . . . . . . . . . . . . . . . . 49     What Next?.. . . . . . . . . . . . . . . . . . . . . 52 CHAPTER 4: Network Attacks.. . . . . . . . . . . . . . . . . . . . . 53     Wireless. . . . . . . . . . . . . . . . . . . . . . . 54     On-Path Attack. . . . . . . . . . . . . . . . . . . . 58     Layer 2 Attacks. . . . . . . . . . . . . . . . . . . . 59     Domain Name System (DNS) Attacks.. . . . . . . . . . . . 62     Denial of Service. . . . . . . . . . . . . . . . . . . . 64     Malicious Code and Script Execution.. . . . . . . . . . . . 68     What Next?.. . . . . . . . . . . . . . . . . . . . . 71 CHAPTER 5: Threat Actors, Vectors, and Intelligence Sources. . . . . . . . . . 73     Threat Actor Attributes.. . . . . . . . . . . . . . . . . 74     Threat Actor Types.. . . . . . . . . . . . . . . . . . . 75     Vectors.. . . . . . . . . . . . . . . . . . . . . . . 80     Threat Intelligence and Research Sources.. . . . . . . . . . . 81     What Next?.. . . . . . . . . . . . . . . . . . . . . 87 CHAPTER 6: Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . 89     Cloud-Based vs. On-Premises. . . . . . . . . . . . . . . 90     Zero-Day. . . . . . . . . . . . . . . . . . . . . . 90     Weak Configurations. . . . . . . . . . . . . . . . . . 91     Third-Party Risks.. . . . . . . . . . . . . . . . . . . 95     Impacts.. . . . . . . . . . . . . . . . . . . . . . . 96     What Next?.. . . . . . . . . . . . . . . . . . . . . 98 CHAPTER 7: Security Assessment Techniques.. . . . . . . . . . . . . . . 99     Vulnerability Scans.. . . . . . . . . . . . . . . . . . . 100     Threat Assessment.. . . . . . . . . . . . . . . . . . . 103     What Next?.. . . . . . . . . . . . . . . . . . . . . 110 CHAPTER 8: Penetration Testing Techniques.. . . . . . . . . . . . . . . . 111     Testing Methodology. . . . . . . . . . . . . . . . . . 112     Team Exercises.. . . . . . . . . . . . . . . . . . . . 118     What Next?.. . . . . . . . . . . . . . . . . . . . . 120 Part II: Architecture and Design 121 CHAPTER 9: Enterprise Security Concepts.. . . . . . . . . . . . . . . . . 123     Configuration Management.. . . . . . . . . . . . . . . . 124     Data Confidentiality.. . . . . . . . . . . . . . . . . . 126     Deception and Disruption.. . . . . . . . . . . . . . . . 139     What Next?.. . . . . . . . . . . . . . . . . . . . . 143 CHAPTER 10: Virtualization and Cloud Computing.. . . . . . . . . . . . . . 145     Virtualization.. . . . . . . . . . . . . . . . . . . . . 145     On-Premises vs. Off-Premises. . . . . . . . . . . . . . . 154     Cloud Models. . . . . . . . . . . . . . . . . . . . . 155     What Next?.. . . . . . . . . . . . . . . . . . . . . 164 CHAPTER 11: Secure Application Development, Deployment, and Automation.. . . . 165     Application Environment.. . . . . . . . . . . . . . . . . 166     Integrity Measurement.. . . . . . . . . . . . . . . . . 168     Change Management and Version Control.. . . . . . . . . . . 169     Secure Coding Techniques.. . . . . . . . . . . . . . . . 170     Automation and Scripting.. . . . . . . . . . . . . . . . 180     Scalability and Elasticity. . . . . . . . . . . . . . . . . 184     What Next?.. . . . . . . . . . . . . . . . . . . . . 187 CHAPTER 12: Authentication and Authorization Design. . . . . . . . . . . . . 189     Identification and Authentication, Authorization, and     Accounting (AAA).. . . . . . . . . . . . . . . . . . . 189     Multifactor Authentication.. . . . . . . . . . . . . . . . 190     Single Sign-on.. . . . . . . . . . . . . . . . . . . . 192     Authentication Technologies. . . . . . . . . . . . . . . . 195     What Next?.. . . . . . . . . . . . . . . . . . . . . 204 CHAPTER 13: Cybersecurity Resilience.. . . . . . . . . . . . . . . . . . 205     Redundancy.. . . . . . . . . . . . . . . . . . . . . 205     Backups.. . . . . . . . . . . . . . . . . . . . . . . 214     Defense in Depth.. . . . . . . . . . . . . . . . . . . 221     What Next?.. . . . . . . . . . . . . . . . . . . . . 224 CHAPTER 14: Embedded and Specialized Systems. . . . . . . . . . . . . . 225     Embedded Systems.. . . . . . . . . . . . . . . . . . . 225     SCADA and ICS. . . . . . . . . . . . . . . . . . . . 227     Smart Devices and IoT.. . . . . . . . . . . . . . . . . 229     What Next?.. . . . . . . . . . . . . . . . . . . . . 238 CHAPTER 15: Physical Security Controls.. . . . . . . . . . . . . . . . . . 239     Perimeter Security.. . . . . . . . . . . . . . . . . . . 239     Internal Security.. . . . . . . . . . . . . . . . . . . . 243     Equipment Security. . . . . . . . . . . . . . . . . . . 246     Environmental Controls.. . . . . . . . . . . . . . . . . 249     Secure Data Destruction.. . . . . . . . . . . . . . . . . 255     What Next?.. . . . . . . . . . . . . . . . . . . . . 259 CHAPTER 16: Cryptographic Concepts. . . . . . . . . . . . . . . . . . . 261     Cryptosystems.. . . . . . . . . . . . . . . . . . . . 262     Use of Proven Technologies and Implementation.. . . . . . . . 272     Steganography.. . . . . . . . . . . . . . . . . . . . 273     Cryptography Use Cases.. . . . . . . . . . . . . . . . . 274     Cryptography Constraints.. . . . . . . . . . . . . . . . 276     What Next?.. . . . . . . . . . . . . . . . . . . . . 277 Part III: Implementation 279 CHAPTER 17: Secure Protocols.. . . . . . . . . . . . . . . . . . . . . 281     Secure Web Protocols.. . . . . . . . . . . . . . . . . . 282     Secure File Transfer Protocols.. . . . . . . . . . . . . . . 286     Secure Email Protocols.. . . . . . . . . . . . . . . . . 287     Secure Internet Protocols. . . . . . . . . . . . . . . . . 288     Secure Protocol Use Cases.. . . . . . . . . . . . . . . . 293     What Next?.. . . . . . . . . . . . . . . . . . . . . 305 CHAPTER 18: Host and Application Security Solutions.. . . . . . . . . . . . . 307     Endpoint Protection.. . . . . . . . . . . . . . . . . . 308     Firewalls and HIPS/HIDS Solutions.. . . . . . . . . . . 308     Anti-Malware and Other Host Protections. . . . . . . . . 310     Application Security.. . . . . . . . . . . . . . . . . . 318     Hardware and Firmware Security.. . . . . . . . . . . . . . 322     Operating System Security.. . . . . . . . . . . . . . . . 330     What Next?.. . . . . . . . . . . . . . . . . . . . . 338 CHAPTER 19: Secure Network Design.. . . . . . . . . . . . . . . . . . . 339     Network Devices and Segmentation.. . . . . . . . . . . . . 340     Security Devices and Boundaries. . . . . . . . . . . . . . 347     What Next?.. . . . . . . . . . . . . . . . . . . . . 369 CHAPTER 20: Wireless Security Settings.. . . . . . . . . . . . . . . . . . 371     Access Methods.. . . . . . . . . . . . . . . . . . . . 372     Wireless Cryptographic Protocols.. . . . . . . . . . . . . . 373     Authentication Protocols.. . . . . . . . . . . . . . . . . 377     Wireless Access Installations. . . . . . . . . . . . . . . . 379     What Next?.. . . . . . . . . . . . . . . . . . . . . 387 CHAPTER 21: Secure Mobile Solutions. . . . . . . . . . . . . . . . . . . 389     Communication Methods. . . . . . . . . . . . . . . . . 389     Mobile Device Management Concepts. . . . . . . . . . . . 393     Enforcement and Monitoring.. . . . . . . . . . . . . . . 405     Deployment Models.. . . . . . . . . . . . . . . . . . 412     What Next?.. . . . . . . . . . . . . . . . . . . . . 420 CHAPTER 22: Cloud Cybersecurity Solutions.. . . . . . . . . . . . . . . . 421     Cloud Workloads.. . . . . . . . . . . . . . . . . . . 422     Third-Party Cloud Security Solutions.. . . . . . . . . . . . 428     What Next?.. . . . . . . . . . . . . . . . . . . . . 431 CHAPTER 23: Identity and Account Management Controls.. . . . . . . . . . . 433     Account Types.. . . . . . . . . . . . . . . . . . . . 433     Account Management.. . . . . . . . . . . . . . . . . . 435     Account Policy Enforcement.. . . . . . . . . . . . . . . 441     What Next?.. . . . . . . . . . . . . . . . . . . . . 448 CHAPTER 24: Authentication and Authorization Solutions.. . . . . . . . . . . . 449     Authentication.. . . . . . . . . . . . . . . . . . . . 450     Access Control.. . . . . . . . . . . . . . . . . . . . 466     What Next?.. . . . . . . . . . . . . . . . . . . . . 472 CHAPTER 25: Public Key Infrastructure.. . . . . . . . . . . . . . . . . . 473     What Next?.. . . . . . . . . . . . . . . . . . . . . 489 Part IV: Operations and Incident Response 491 CHAPTER 26: Organizational Security.. . . . . . . . . . . . . . . . . . . 493     Shell and Script Environments.. . . . . . . . . . . . . . . 494     Network Reconnaissance and Discovery. . . . . . . . . . . . 496     Packet Capture and Replay. . . . . . . . . . . . . . . . 502     Password Crackers.. . . . . . . . . . . . . . . . . . . 504     Forensics and Data Sanitization.. . . . . . . . . . . . . . 505     What Next?.. . . . . . . . . . . . . . . . . . . . . 508 CHAPTER 27: Incident Response.. . . . . . . . . . . . . . . . . . . . . 509     Attack Frameworks.. . . . . . . . . . . . . . . . . . . 509     Incident Response Plan.. . . . . . . . . . . . . . . . . 512     Incident Response Process.. . . . . . . . . . . . . . . . 517     Continuity and Recovery Plans.. . . . . . . . . . . . . . . 522     What Next?.. . . . . . . . . . . . . . . . . . . . . 528 CHAPTER 28: Incident Investigation. . . . . . . . . . . . . . . . . . . . 529     SIEM Dashboards. . . . . . . . . . . . . . . . . . . 530     Logging. . . . . . . . . . . . . . . . . . . . . . . 531     Network Activity. . . . . . . . . . . . . . . . . . . . 536     What Next?.. . . . . . . . . . . . . . . . . . . . . 539 CHAPTER 29: Incident Mitigation.. . . . . . . . . . . . . . . . . . . . . 541     Containment and Eradication.. . . . . . . . . . . . . . . 541     What Next?.. . . . . . . . . . . . . . . . . . . . . 549 CHAPTER 30: Digital Forensics.. . . . . . . . . . . . . . . . . . . . . 551     Data Breach Notifications.. . . . . . . . . . . . . . . . 552     Strategic Intelligence/Counterintelligence Gathering. . . . . . . 554     Track Person-hours.. . . . . . . . . . . . . . . . . . . 555     Order of Volatility. . . . . . . . . . . . . . . . . . . 555     Chain of Custody.. . . . . . . . . . . . . . . . . . . 556     Data Acquisition.. . . . . . . . . . . . . . . . . . . . 559     Capture System Images.. . . . . . . . . . . . . . . 560     Capture Network Traffic and Logs.. . . . . . . . . . . 560     Capture Video and Photographs.. . . . . . . . . . . . 561     Record Time Offset.. . . . . . . . . . . . . . . . 562     Take Hashes. . . . . . . . . . . . . . . . . . . 562     Capture Screenshots.. . . . . . . . . . . . . . . . 563     Collect Witness Interviews. . . . . . . . . . . . . . 563     What Next?.. . . . . . . . . . . . . . . . . . . . . 565 Part V: Governance, Risk, and Compliance 567 CHAPTER 31: Control Types.. . . . . . . . . . . . . . . . . . . . . . 569     Nature of Controls.. . . . . . . . . . . . . . . . . . . 570     Functional Use of Controls.. . . . . . . . . . . . . . . . 570     Compensating Controls.. . . . . . . . . . . . . . . . . 572     What Next?.. . . . . . . . . . . . . . . . . . . . . 574 CHAPTER 32: Regulations, Standards, and Frameworks.. . . . . . . . . . . . 575     Industry-Standard Frameworks and Reference Architectures. . . . . 575     Benchmarks and Secure Configuration Guides.. . . . . . . . . 579     What Next?.. . . . . . . . . . . . . . . . . . . . . 581 CHAPTER 33: Organizational Security Policies.. . . . . . . . . . . . . . . . 583     Policy Framework.. . . . . . . . . . . . . . . . . . . 583     Human Resource Management Policies.. . . . . . . . . . . . 584     Third-Party Risk Management.. . . . . . . . . . . . . . . 592     What Next?.. . . . . . . . . . . . . . . . . . . . . 596 CHAPTER 34: Risk Management.. . . . . . . . . . . . . . . . . . . . . 597     Risk Analysis. . . . . . . . . . . . . . . . . . . . . 598     Risk Assessment.. . . . . . . . . . . . . . . . . . . . 602     Business Impact Analysis.. . . . . . . . . . . . . . . . . 606     What Next?.. . . . . . . . . . . . . . . . . . . . . 612 CHAPTER 35: Sensitive Data and Privacy.. . . . . . . . . . . . . . . . . . 613     Sensitive Data Protection. . . . . . . . . . . . . . . . . 613     Privacy Impact Assessment.. . . . . . . . . . . . . . . . 621     What Next?.. . . . . . . . . . . . . . . . . . . . . 623 Glossary of Essential Terms and Components.. . . . . . . . . . . . 625
9780136798675, TOC, 10/9/2020

Erscheint lt. Verlag 19.3.2021
Verlagsort Upper Saddle River
Sprache englisch
Themenwelt Informatik Weitere Themen Zertifizierung
ISBN-10 0-13-679875-6 / 0136798756
ISBN-13 978-0-13-679875-0 / 9780136798750
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich