Buch, Englisch, 528 Seiten, Format (B × H): 190 mm x 232 mm, Gewicht: 842 g
ISBN: 978-1-119-78426-5
Verlag: John Wiley & Sons Inc
The seventh edition of CompTIA Security+ Study Guide offers invaluable preparation for Exam SY0-501. Written by a team of expert authors, the book covers 100% of the exam objectives with clear and concise explanations. Discover how to handle threats, attacks, and vulnerabilities using industry-standard tools and technologies, while gaining and understanding the role of architecture and design. Spanning topics from everyday tasks like identity and access management to complex subjects such as risk management and cryptography, this study guide helps you consolidate your knowledge base in preparation for the Security+ exam. Illustrative examples show how these processes play out in real-world scenarios, allowing you to immediately translate essential concepts to on-the-job application.
Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for:
* Managing Risk
* Designing and Diagnosing Networks
* Understanding Devices and Infrastructure
* Identify and Access Management
* Protecting Wireless Networks
* Securing the Cloud
* Data, Privacy, and Security Practices
* Cryptography and PKI
Wiley has partnered up with Practice Labs, the IT Competency Hub, to give IT learners discounted access to their live, virtual Practice Labs. Connect to real devices using actual hardware and software straight from a web browser. Practice Labs allow you to cement your theoretical studies with practical, hands-on experience. Master your IT skills and gain virtual work experience to increase your employability. Each purchase provides 6 months' unlimited access. Ready to practice your IT skills?
Interactive learning environment
Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, type in your unique PIN, and instantly gain one year of FREE access to:
* Interactive test bank with 2 bonus exams and 12 chapter tests. Practice questions help you identify areas where further review is needed. 325 questions total!
* 100 Electronic Flashcards to reinforce learning and last-minute prep before the exam.
* Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared.
ABOUT THE PRACTICE LABS SECURITY+ LABS
So you can practice with hands-on learning in a real environment, Sybex has bundled Practice Labs virtual labs that run from your browser. The registration code is included with the book and gives you 6 months unlimited access to Practice Labs CompTIA Security+ Exam SY0-501 Labs with 25 unique lab modules to practice your skills.
Autoren/Hrsg.
Weitere Infos & Material
Introduction xxivAssessment Test xliChapter 1 Managing Risk 1Risk Terminology 3Threat Assessment 6Risk Assessment 6Computing Risk Assessment 7Assessing Privacy 12Acting on Your Risk Assessment 12Risks Associated with Cloud Computing 15Risks Associated with Virtualization 16Developing Policies, Standards, and Guidelines 17Implementing Policies 17Understanding Control Types and False Positives/Negatives 26Risk Management Best Practices 28Change Management 38Summary 38Exam Essentials 38Review Questions 40Chapter 2 Monitoring and Diagnosing Networks 45Monitoring and Diagnosing Networks Terminology 47Frameworks, Best Practices, and Configuration Guides 48Industry-Standard Frameworks and Reference Architectures 48National Institute of Standards and Technology (NIST) 51Benchmarks/Secure Configuration Guides 54Secure Network Architecture Concepts 57Zones 57Tunneling/VPN 63Placing Security Devices 64SDN 67IDS vs. IPS 67Secure Systems Design 68Hardware and Firmware Security 68Operating Systems 69Peripherals 73Secure Staging Deployment Concepts 73Summary 74Exam Essentials 74Review Questions 76Chapter 3 Understanding Devices and Infrastructure 79Infrastructure Terminology 81Designing with Security in Mind 84Firewalls 84VPNs and VPN Concentrators 89Intrusion Detection Systems 91Router 104Switch 106Proxy 107Load Balancer 108Access Point 108SIEM 111DLP 111Network Access Control (NAC) 112Mail Gateway 112Bridge 113SSL/TLS Accelerators 113SSL Decryptors 113Media Gateway 114Hardware Security Module 114Summary 115Exam Essentials 115Review Questions 116Chapter 4 Identity and Access Management 121Using Tools to Assess Your Network 125Protocol Analyzer 125Network Scanners 127Password Cracker 130Vulnerability Scanners 131Command-Line Tools 135Additional Tools 142Troubleshooting Common Security Issues 143Access Issues 144Configuration Issues 145Security Technologies 147Intrusion Detection Systems 147Antimalware 148Firewalls and Related Devices 149Other Systems 150Identity and Access Management Concepts 151Identification vs. Authentication 151Authentication (Single Factor) and Authorization 152Multifactor Authentication 153Biometrics 153Federations 154Potential Authentication and Access Problems 154LDAP 155PAP, SPAP, and CHAP 155Kerberos 156Working with RADIUS 157TACACS, TACACS+, XTACACS 158OATH 158One-Time Passwords 158SAML 159Install and Configure Identity and Access Services 159Mandatory Access Control 159Discretionary Access Control 160Role-Based Access Control 160Rule-Based Access Control 160ABAC 161Smartcards 161Tokens 162File and Database Security 163Summary 163Exam Essentials 164Review Questions 165Chapter 5 Wireless Network Threats 169Wireless Threat Terminology 170Wireless Vulnerabilities to Know 171Replay 172Rogue APs and Evil Twins 174Jamming 174WPS 175Bluejacking 175Bluesnarfing 175NFC and RFID 176Disassociation 176Wireless Commonsense 176Wireless Attack Analogy 176Summary 177Exam Essentials 178Review Questions 179Chapter 6 Securing the Cloud 183Cloud-Related Terminology 184Working with Cloud Computing 186Software as a Service (SaaS) 186Platform as a Service (PaaS) 186Infrastructure as a Service (IaaS) 188Private Cloud 189Public Cloud 189Community Cloud 189Hybrid Cloud 190Working with Virtualization 190Understanding Hypervisors 190Understanding Containers and Application Cells 192VDI/VDE 192On-Premise vs. Hosted vs. Cloud 192VM Escape Protection 193VM Sprawl Avoidance 193Security and the Cloud 194Cloud Access Security Brokers 195Cloud Storage 195Security as a Service 195Summary 196Exam Essentials 196Review Questions 197Chapter 7 Host, Data, and Application Security 201Threat Actors and Attributes 204Script Kiddies 205Hacktivist 206Organized Crime 207Nation-States/APT 207Insiders 207Competitors 207Use of Open Source Intelligence 208Types of Vulnerabilities 211Configuration Issues 211User Issues 212Zero-Day Exploits 212Other Issues 214Embedded Systems Security 214Application Vulnerabilities 216Input Vulnerabilities 216Memory Vulnerabilities 217Secure Programming 217Programming Models 218Software Testing 218Specific Types of Testing 219Secure Coding Standards 220Application Configuration Baselining 221Operating System Patch Management 221Application Patch Management 222Other Application Security Issues 222Databases and Technologies 222Database Security 225Secure Configurations 225Code Issues 225Summary 226Exam Essentials 226Review Questions 227Chapter 8 Cryptography 231An Overview of Cryptography 234Historical Cryptography 234Modern Cryptography 238Working with Symmetric Algorithms 239Working with Asymmetric Algorithms 243Cryptography Concepts 246Hashing Algorithms 247Rainbow Tables and Salt 249Key Stretching 249Cryptanalysis Methods 250Wi-Fi Encryption 252Using Cryptographic Systems 254Confidentiality and Strength 254Integrity 254When to Encrypt 255Digital Signatures 256Authentication 257Nonrepudiation 257Key Features 258Understanding Cryptography Standards and Protocols 258The Origins of Encryption Standards 259Public Key Infrastructure X.509/Public Key Cryptography Standards 261X.509 262Public Key Infrastructure 264Pretty Good Privacy 264SSL and TLS 266Using Public Key Infrastructure 269Hardware-Based Encryption Devices 269Data Encryption 269Authentication 270Summary 271Exam Essentials 271Review Questions 273Chapter 9 Threats, Attacks, and Vulnerabilities 277Threat and Attack Terminology 278Living in a World of Viruses 282Symptoms of a Virus Infection 282How Viruses Work 283Types of Viruses 284Managing Spam to Avoid Viruses 286Antivirus Software 287Malware and Crypto-Malware 288Understanding Various Types of Application/Service Attacks 296Identifying Denial-of-Service and Distributed Denial-of-Service Attacks 296Man-in-the-Middle Attacks 298Buffer Overflow 299Injection 299Cross-Site Scripting and Request Forgery 302Privilege Escalation 303ARP Poisoning 304Amplification 304DNS Poisoning 304Domain Hijacking 304Man-in-the-Browser 305Zero-Day Exploits 305Replay Attacks 305Pass the Hash 306Hijacking and Related Attacks 306Driver Manipulation 307MAC and IP Spoofing Attacks 308Summary 309Exam Essentials 309Review Questions 311Chapter 10 Social Engineering and Other Foes 315Social Engineering and Physical Security Terminology 316Understanding Social Engineering 318Types of Social Engineering Attacks 319What Motivates an Attack? 325The Principles Behind Social Engineering 326Social Engineering Attack Examples 327Understanding Physical Security 330Lighting 331Signs 331Fencing, Gates, and Cages 332Security Guards 333Alarms 333Safe 334Secure Cabinets and Enclosures 334Protected Distribution 335Protected Cabling 336Airgap 336Mantrap 336Faraday Cage 337Lock Types 337Biometrics 338Barricades/Bollards 339Tokens/Cards 339Environmental Controls 339Cable Locks 345Screen Filters 346Cameras 346Motion Detection 347Logs 347Infrared Detection 348Key Management 348Various Control Types 348An Analogy of Control Types 349Data Security and Privacy Practices 350Data Destruction and Media Sanitation 350Data Sensitivity Labeling and Handling 352Data Roles 355Data Retention 355Legal and Compliance 356Summary 356Exam Essentials 356Review Questions 358Chapter 11 Security Administration 363Connection Types 365Cellular 365Bluetooth 365Wi-Fi 366Infrared 368SATCOM 369Mobile Devices 369BYOD Issues 371Enforcement 373Account Management Concepts 374Account Types 375General Concepts 376Summary 378Exam Essentials 378Review Questions 379Chapter 12 Disaster Recovery and Incident Response 383Disaster and Incident Related Terminology 385Penetration Testing 387What Should You Test? 387Vulnerability Scanning 388Issues Associated with Business Continuity 389Types of Storage Mechanisms 390Crafting a Disaster-Recovery Plan 392Incident Response Procedures 403Understanding Incident Response 404Tabletop Exercises 412Summary 412Exam Essentials 413Review Questions 414Appendix Answers to Review Questions 419Chapter 1: Managing Risk 420Chapter 2: Monitoring and Diagnosing Networks 421Chapter 3: Understanding Devices and Infrastructure 422Chapter 4: Identity and Access Management 423Chapter 5: Wireless Network Threats 425Chapter 6: Securing the Cloud 426Chapter 7: Host, Data, and Application Security 427Chapter 8: Cryptography 428Chapter 9: Threats, Attacks, and Vulnerabilities 429Chapter 10: Social Engineering and Other Foes 430Chapter 11: Security Administration 431Chapter 12: Disaster Recovery and Incident Response 432Index 435
