CompTIA Security+ Study Guide with over 500 Practice Test Questions

ABOUT THE AUTHORS MIKE CHAPPLE, PhD, SECURITY+, CYSA+, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University’s Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, CertMike.com. DAVID SEIDL, CYSA+, CISSP, PENTEST+, is Vice President for Information Technology and CIO at Miami University where he leads an award winning, nationally recognized IT organization. David is a bestselling author who has written over 20 books with a focus on cybersecurity certification and cyberwarfare.

Introduction xxxi

Chapter 1 Today’s Security Professional 1

Cybersecurity Objectives 2

Data Breach Risks 3

The DAD Triad 4

Breach Impact 5

Implementing Security Controls 7

Gap Analysis 7

Security Control Categories 8

Security Control Types 9

Data Protection 10

Data Encryption 11

Data Loss Prevention 11

Data Minimization 12

Access Restrictions 13

Segmentation and Isolation 13

Summary 13

Exam Essentials 14

Review Questions 16

Chapter 2 Cybersecurity Threat Landscape 21

Exploring Cybersecurity Threats 23

Classifying Cybersecurity Threats 23

Threat Actors 25

Attacker Motivations 31

Threat Vectors and Attack Surfaces 32

Threat Data and Intelligence 35

Open Source Intelligence 35

Proprietary and Closed- Source Intelligence 38

Assessing Threat Intelligence 39

Threat Indicator Management and Exchange 40

Information Sharing Organizations 41

Conducting Your Own Research 42

Summary 42

Exam Essentials 43

Review Questions 45

Chapter 3 Malicious Code 49

Malware 50

Ransomware 51

Trojans 52

Worms 54

Spyware 55

Bloatware 56

Viruses 57

Keyloggers 59

Logic Bombs 60

Rootkits 60

Summary 62

Exam Essentials 62

Review Questions 64

Chapter 4 Social Engineering and Password Attacks 69

Social Engineering and Human Vectors 70

Social Engineering Techniques 71

Password Attacks 76

Summary 78

Exam Essentials 78

Review Questions 80

Chapter 5 Security Assessment and Testing 85

Vulnerability Management 87

Identifying Scan Targets 87

Determining Scan Frequency 89

Configuring Vulnerability Scans 91

Scanner Maintenance 95

Vulnerability Scanning Tools 98

Reviewing and Interpreting Scan Reports 101

Confirmation of Scan Results 111

Vulnerability Classification 112

Patch Management 112

Legacy Platforms 113

Weak Configurations 115

Error Messages 115

Insecure Protocols 116

Weak Encryption 117

Penetration Testing 118

Adopting the Hacker Mindset 119

Reasons for Penetration Testing 120

Benefits of Penetration Testing 120

Penetration Test Types 121

Rules of Engagement 123

Reconnaissance 125

Running the Test 125

Cleaning Up 126

Audits and Assessments 126

Security Tests 127

Security Assessments 128

Security Audits 129

Vulnerability Life Cycle 131

Vulnerability Identification 131

Vulnerability Analysis 132

Vulnerability Response and Remediation 132

Validation of Remediation 132

Reporting 133

Summary 133

Exam Essentials 134

Review Questions 136

Chapter 6 Application Security 141

Software Assurance Best Practices 143

The Software Development Life Cycle 143

Software Development Phases 144

DevSecOps and DevOps 146

Designing and Coding for Security 147

Secure Coding Practices 148

API Security 149

Software Security Testing 149

Analyzing and Testing Code 150

Injection Vulnerabilities 151

SQL Injection Attacks 151

Code Injection Attacks 155

Command Injection Attacks 155

Exploiting Authentication Vulnerabilities 156

Password Authentication 156

Session Attacks 157

Exploiting Authorization Vulnerabilities 160

Insecure Direct Object References 161

Directory Traversal 161

File Inclusion 163

Privilege Escalation 163

Exploiting Web Application Vulnerabilities 164

Cross- Site Scripting (XSS) 164

Request Forgery 167

Application Security Controls 168

Input Validation 168

Web Application Firewalls 170

Parameterized Queries 170

Sandboxing 171

Code Security 171

Secure Coding Practices 173

Source Code Comments 174

Error Handling 174

Hard- Coded Credentials 175

Package Monitoring 175

Memory Management 176

Race Conditions 177

Unprotected APIs 178

Automation and Orchestration 178

Use Cases of Automation and Scripting 179

Benefits of Automation and Scripting 179

Other Considerations 180

Summary 181

Exam Essentials 181

Review Questions 183

Chapter 7 Cryptography and the PKI 189

An Overview of Cryptography 190

Historical Cryptography 191

Goals of Cryptography 196

Confidentiality 197

Integrity 199

Authentication 200

Non-repudiation 200

Cryptographic Concepts 200

Cryptographic Keys 201

Ciphers 202

Modern Cryptography 202

Cryptographic Secrecy 202

Symmetric Key Algorithms 204

Asymmetric Key Algorithms 205

Hashing Algorithms 208

Symmetric Cryptography 208

Data Encryption Standard 208

Advanced Encryption Standard 209

Symmetric Key Management 209

Asymmetric Cryptography 211

RSA 212

Elliptic Curve 213

Hash Functions 214

Sha 215

md 5 216

Digital Signatures 216

HMAC 217

Public Key Infrastructure 218

Certificates 218

Certificate Authorities 219

Certificate Generation and Destruction 220

Certificate Formats 223

Asymmetric Key Management 224

Cryptographic Attacks 225

Brute Force 225

Frequency Analysis 225

Known Plain Text 226

Chosen Plain Text 226

Related Key Attack 226

Birthday Attack 226

Downgrade Attack 227

Hashing, Salting, and Key Stretching 227

Exploiting Weak Keys 228

Exploiting Human Error 228

Emerging Issues in Cryptography 229

Tor and the Dark Web 229

Blockchain 229

Lightweight Cryptography 230

Homomorphic Encryption 230

Quantum Computing 230

Summary 231

Exam Essentials 231

Review Questions 233

Chapter 8 Identity and Access Management 237

Identity 239

Authentication and Authorization 240

Authentication and Authorization Technologies 241

Authentication Methods 246

Passwords 247

Multifactor Authentication 251

One- Time Passwords 252

Biometrics 254

Accounts 256

Account Types 256

Provisioning and Deprovisioning Accounts 257

Access Control Schemes 259

Filesystem Permissions 260

Summary 262

Exam Essentials 262

Review Questions 264

Chapter 9 Resilience and Physical Security 269

Resilience and Recovery in Security Architectures 271

Architectural Considerations and Security 273

Storage Resiliency 274

Response and Recovery Controls 280

Capacity Planning for Resilience and Recovery 283

Testing Resilience and Recovery Controls and Designs 284

Physical Security Controls 285

Site Security 285

Detecting Physical Attacks 291

Summary 291

Exam Essentials 292

Review Questions 294

Chapter 10 Cloud and Virtualization Security 299

Exploring the Cloud 300

Benefits of the Cloud 301

Cloud Roles 303

Cloud Service Models 303

Cloud Deployment Models 307

Private Cloud 307

Shared Responsibility Model 309

Cloud Standards and Guidelines 312

Virtualization 314

Hypervisors 314

Cloud Infrastructure Components 316

Cloud Compute Resources 316

Cloud Storage Resources 319

Cloud Networking 322

Cloud Security Issues 325

Availability 325

Data Sovereignty 326

Virtualization Security 327

Application Security 327

Governance and Auditing of Third- Party Vendors 328

Hardening Cloud Infrastructure 328

Cloud Access Security Brokers 328

Resource Policies 329

Secrets Management 330

Summary 331

Exam Essentials 331

Review Questions 333

Chapter 11 Endpoint Security 337

Operating System Vulnerabilities 339

Hardware Vulnerabilities 340

Protecting Endpoints 341

Preserving Boot Integrity 342

Endpoint Security Tools 344

Hardening Techniques 350

Hardening 350

Service Hardening 350

Network Hardening 352

Default Passwords 352

Removing Unnecessary Software 353

Operating System Hardening 353

Configuration, Standards, and Schemas 356

Encryption 357

Securing Embedded and Specialized Systems 358

Embedded Systems 358

SCADA and ICS 361

Securing the Internet of Things 362

Communication Considerations 363

Security Constraints of Embedded Systems 364

Asset Management 365

Summary 368

Exam Essentials 369

Review Questions 371

Chapter 12 Network Security 375

Designing Secure Networks 377

Infrastructure Considerations 380

Network Design Concepts 380

Network Segmentation 383

Zero Trust 385

Network Access Control 387

Port Security and Port- Level Protections 388

Virtual Private Networks and Remote Access 390

Network Appliances and Security Tools 392

Deception and Disruption Technology 399

Network Security, Services, and Management 400

Secure Protocols 406

Using Secure Protocols 406

Secure Protocols 407

Network Attacks 410

On- Path Attacks 411

Domain Name System Attacks 412

Credential Replay Attacks 414

Malicious Code 415

Distributed Denial- of- Service Attacks 415

Summary 418

Exam Essentials 419

Review Questions 421

Chapter 13 Wireless and Mobile Security 425

Building Secure Wireless Networks 426

Connection Methods 427

Wireless Network Models 431

Attacks Against Wireless Networks and Devices 432

Designing a Network 435

Controller and Access Point Security 438

Wi- Fi Security Standards 438

Wireless Authentication 440

Managing Secure Mobile Devices 442

Mobile Device Deployment Methods 442

Hardening Mobile Devices 444

Mobile Device Management 444

Summary 448

Exam Essentials 449

Review Questions 450

Chapter 14 Monitoring and Incident Response 455

Incident Response 457

The Incident Response Process 458

Training 462

Threat Hunting 463

Understanding Attacks and Incidents 464

Incident Response Data and Tools 466

Monitoring Computing Resources 466

Security Information and Event Management Systems 466

Alerts and Alarms 469

Log Aggregation, Correlation, and Analysis 470

Rules 471

Benchmarks and Logging 478

Reporting and Archiving 478

Mitigation and Recovery 479

Secure Orchestration, Automation, and Response (SOAR) 479

Containment, Mitigation, and Recovery Techniques 479

Root Cause Analysis 482

Summary 483

Exam Essentials 484

Review Questions 485

Chapter 15 Digital Forensics 489

Digital Forensic Concepts 490

Legal Holds and e- Discovery 491

Conducting Digital Forensics 493

Acquiring Forensic Data 493

Acquisition Tools 497

Validating Forensic Data Integrity 500

Data Recovery 502

Forensic Suites and a Forensic Case Example 503

Reporting 507

Digital Forensics and Intelligence 508

Summary 508

Exam Essentials 509

Review Questions 511

Chapter 16 Security Governance and Compliance 515

Security Governance 518

Corporate Governance 518

Governance, Risk, and Compliance Programs 520

Information Security Governance 520

Types of Governance Structures 521

Understanding Policy Documents 521

Policies 522

Standards 524

Procedures 526

Guidelines 528

Exceptions and Compensating Controls 529

Monitoring and Revision 530

Change Management 531

Change Management Processes and Controls 532

Version Control 534

Documentation 535

Personnel Management 535

Least Privilege 535

Separation of Duties 535

Job Rotation and Mandatory Vacations 536

Clean Desk Space 536

Onboarding and Offboarding 536

Nondisclosure Agreements 537

Social Media 537

Third- Party Risk Management 537

Vendor Selection 537

Vendor Assessment 538

Vendor Agreements 538

Vendor Monitoring 539

Winding Down Vendor Relationships 540

Complying with Laws and Regulations 540

Common Compliance Requirements 541

Compliance Reporting 541

Consequences of Noncompliance 542

Compliance Monitoring 543

Adopting Standard Frameworks 543

NIST Cybersecurity Framework 544

NIST Risk Management Framework 546

ISO Standards 547

Benchmarks and Secure Configuration Guides 549

Security Awareness and Training 550

User Training 551

Ongoing Awareness Efforts 553

Summary 554

Exam Essentials 555

Review Questions 557

Chapter 17 Risk Management and Privacy 561

Analyzing Risk 563

Risk Identification 564

Risk Assessment 565

Risk Analysis 567

Managing Risk 570

Risk Mitigation 571

Risk Avoidance 572

Risk Transference 572

Risk Acceptance 573

Risk Tracking 574

Risk Register 575

Risk Reporting 576

Disaster Recovery Planning 577

Disaster Types 577

Business Impact Analysis 578

Privacy 578

Data Inventory 579

Information Classification 580

Data Roles and Responsibilities 581

Information Life Cycle 583

Privacy Enhancing Technologies 584

Privacy and Data Breach Notification 585

Summary 585

Exam Essentials 585

Review Questions 587

Appendix Answers to Review Questions 591

Chapter 1: Today’s Security Professional 592

Chapter 2: Cybersecurity Threat Landscape 593

Chapter 3: Malicious Code 595

Chapter 4: Social Engineering and Password Attacks 597

Chapter 5: Security Assessment and Testing 600

Chapter 6: Application Security 602

Chapter 7: Cryptography and the PKI 604

Chapter 8: Identity and Access Management 605

Chapter 9: Resilience and Physical Security 607

Chapter 10: Cloud and Virtualization Security 609

Chapter 11: Endpoint Security 611

Chapter 12: Network Security 614

Chapter 13: Wireless and Mobile Security 616

Chapter 14: Monitoring and Incident Response 619

Chapter 15: Digital Forensics 621

Chapter 16: Security Governance and Compliance 623

Chapter 17: Risk Management and Privacy 626

Index 629