Cover image for Mike Meyers CompTIA Security+ Certification Passport (Exam SY0-601), 6th Edition

Mike Meyers CompTIA Security+ Certification Passport (Exam SY0-601), 6th Edition

Release Date: 2021/01/01
ISBN: 9781260467963
Topic:
0%
19
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.

This quick review, cram-style study guide offers 100% coverage of every topic on the latest version of the CompTIA Security+ exam

This powerful exam preparation resource presents an accelerated review of the pertinent technology and covers all objectives for the CompTIA Security+ exam (exam SY0-601). Written in an all new Passport format developed by training expert Mike Meyers, the book enables you to focus on specific topics, determine areas of need, and tailor an effective course for study.

Mike Meyers’ CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) features accurate practice exam questions and in-depth answer explanations as well as end-of-chapter bulleted summaries that reinforce salient points. Throughout, “Exam Tips” highlight important topics, “Note” icons define need-to-know terms, “Caution” notes alert you to potential pitfalls, and “Resource” icons specify resources for further information.

    • Provides complete coverage of every objective on exam SY0-601
    • Online content includes 200 practice questions and additional performance-based questions
    • Written by a cybersecurity expert and edited by certification guru Mike Meyers

Table of Contents

  1. Cover
  2. About the Author
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. 1.0 Threats, Attacks, and Vulnerabilities
    1. Objective 1.1 Compare and bcontrast different types of social engineering techniques
    2. Understanding Social Engineering
    3. Social Engineering Techniques
    4. Phishing
    5. Whaling
    6. Shoulder Surfing
    7. Tailgating
    8. Pharming
    9. Spam
    10. SPIM
    11. Vishing
    12. Hoaxes
    13. Dumpster Diving
    14. Influence Campaigns
    15. REVIEW
    16. 1.1 QUESTIONS
    17. 1.1 ANSWERS
    18. Objective 1.2 Given a scenario, analyze potential indicators to determine the type of attack
    19. Analyze and Differentiate Among Types of Malware
    20. Viruses
    21. Keyloggers
    22. Trojans
    23. Backdoor
    24. Logic Bombs
    25. Worms
    26. Adware and Spyware
    27. Ransomware
    28. Rootkits
    29. Botnets
    30. Malicious Code or Script Execution
    31. Analyze and Differentiate Among Types of Password Attacks
    32. Analyze and Differentiate Among Nonstandard and Emerging Attacks
    33. Supply-Chain Attacks
    34. Physical Attacks
    35. Adversarial Artificial Intelligence
    36. Cloud-Based vs. On-Premises Attacks
    37. REVIEW
    38. 1.2 QUESTIONS
    39. 1.2 ANSWERS
    40. Objective 1.3 Given a scenario, analyze potential indicators associated with application attacks
    41. Application Attacks
    42. Buffer Overflows
    43. Resource Exhaustion
    44. Privilege Escalation
    45. Hijacking
    46. HTML Attachments
    47. Malicious Add-Ons
    48. Cross-Site Scripting
    49. Request Forgeries
    50. Application Programming Interface Attacks
    51. Driver Manipulation
    52. Header Manipulation
    53. Injections
    54. Directory Traversal
    55. Arbitrary Code Execution
    56. Zero-Day Attacks
    57. Race Conditions
    58. Replay
    59. REVIEW
    60. 1.3 QUESTIONS
    61. 1.3 ANSWERS
    62. Objective 1.4 Given a scenario, analyze potential indicators associated with network attacks
    63. Wireless Attacks
    64. Data Emanation
    65. Jamming
    66. Bluetooth Vulnerabilities
    67. Near-Field Communication
    68. War Driving
    69. Access Points (Evil Twin)
    70. Disassociation
    71. Packet Sniffing and Eavesdropping
    72. WPS Attacks
    73. WEP/WPA Attacks
    74. Network Attacks
    75. Denial-of-Service
    76. Layer 2 Attacks
    77. Smurf Attack
    78. TCP/IP Hijacking
    79. On-Path
    80. Xmas Attack
    81. DNS Poisoning
    82. Domain Kiting
    83. Domain Reputation
    84. Typosquatting
    85. Client-side Attacks
    86. Watering Hole Attack
    87. REVIEW
    88. 1.4 QUESTIONS
    89. 1.4 ANSWERS
    90. Objective 1.5 Explain different threat actors, vectors, and intelligence sources
    91. Understanding and Analyzing Threats
    92. Actors, Attributes, and Vectors
    93. Threat Intelligence Sources
    94. Research Sources
    95. REVIEW
    96. 1.5 QUESTIONS
    97. 1.5 ANSWERS
    98. Objective 1.6 Explain the security concerns associated with various types of vulnerabilities
    99. Vulnerabilities
    100. Vulnerability Types
    101. REVIEW
    102. 1.6 QUESTIONS
    103. 1.6 ANSWERS
    104. Objective 1.7 Summarize the techniques used in security assessments
    105. Implement Assessment Techniques to Discover Security Threats and Vulnerabilities
    106. Vulnerability Assessment Tools and Techniques
    107. REVIEW
    108. 1.7 QUESTIONS
    109. 1.7 ANSWERS
    110. Objective 1.8 Explain the techniques used in penetration testing
    111. Penetration Testing Techniques
    112. Known, Unknown, and Partially Known Environment Testing
    113. Exercise Types
    114. REVIEW
    115. 1.8 QUESTIONS
    116. 1.8 ANSWERS
  11. 5.0 Governance, Risk, and Compliance
    1. Objective 5.1 Compare and contrast various types of controls
    2. Control Categories
    3. Managerial Controls
    4. Technical Controls
    5. Operational Controls
    6. Control Types
    7. REVIEW
    8. 5.1 QUESTIONS
    9. 5.1 ANSWERS
    10. Objective 5.2 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture
    11. Understanding Guidance Documents
    12. Regulations, Legislation, and Standards
    13. Key Frameworks
    14. Benchmarks and Secure Configuration Guides
    15. REVIEW
    16. 5.2 QUESTIONS
    17. 5.2 ANSWERS
    18. Objective 5.3 Explain the importance of policies to organizational security
    19. Policies Supporting Organizational Security
    20. Using Organizational Policies to Reduce Risk
    21. Security Training and Awareness Policies
    22. Data and Documentation Policies
    23. User Behavior Policies
    24. Change Management Policies
    25. Incident Response Policy
    26. Third-Party Risk Management
    27. REVIEW
    28. 5.3 QUESTIONS
    29. 5.3 ANSWERS
    30. Objective 5.4 Summarize risk management processes and concepts
    31. Understanding and Managing Risk
    32. Risk Assessment
    33. Risk Register
    34. Types of Disasters
    35. Functional Recovery Plans
    36. High Availability and Redundancy Planning
    37. REVIEW
    38. 5.4 QUESTIONS
    39. 5.4 ANSWERS
    40. Objective 5.5 Explain privacy and sensitive data concepts in relation to security
    41. Privacy and Sensitive Data
    42. Organizational Consequences of Privacy and Data Breaches
    43. Notification of Breaches
    44. Data Types
    45. Privacy Enhancing Technologies
    46. Data Ownership Roles and Responsibilities
    47. Terms of Agreement and Privacy Notices
    48. REVIEW
    49. 5.5 QUESTIONS
    50. 5.5 ANSWERS
  12. 2.0 Architecture and Design
    1. Objective 2.1 Explain the importance of security concepts in an enterprise environment
    2. Enterprise Security
    3. Change and Configuration Management
    4. Data Protection
    5. Data Encryption
    6. Cloud Storage
    7. Storage Area Networks
    8. Handling Big Data
    9. Data Sovereignty
    10. Response and Recovery
    11. Deception and Disruption
    12. REVIEW
    13. 2.1 QUESTIONS
    14. 2.1 ANSWERS
    15. Objective 2.2 Summarize virtualization and cloud computing concepts
    16. Cloud Computing
    17. Anything as a Service
    18. Cloud Deployment
    19. Virtualization
    20. REVIEW
    21. 2.2 QUESTIONS
    22. 2.2 ANSWERS
    23. Objective 2.3 Summarize secure application development, deployment, and automation concepts
    24. Secure Application Development, Deployment, and Automation
    25. Development Life-Cycle Models
    26. Secure Coding Concepts
    27. REVIEW
    28. 2.3 QUESTIONS
    29. 2.3 ANSWERS
    30. Objective 2.4 Summarize authentication and authorization design concepts
    31. Authentication Concepts
    32. Multifactor Authentication
    33. Authentication Methods
    34. Biometrics
    35. Cloud vs. On-Premises Requirements
    36. REVIEW
    37. 2.4 QUESTIONS
    38. 2.4 ANSWERS
    39. Objective 2.5 Given a scenario, implement cybersecurity resilience
    40. Resiliency Concepts
    41. Service Levels
    42. Redundancy
    43. Backups
    44. Nonpersistence
    45. REVIEW
    46. 2.5 QUESTIONS
    47. 2.5 ANSWERS
    48. Objective 2.6 Explain the security implications of embedded and specialized systems
    49. Embedded and Specialized Systems
    50. Embedded Systems
    51. Industrial Control Systems and Supervisory Control and Data Acquisition Systems
    52. Internet of Things
    53. Specialized Systems
    54. Voice over IP
    55. Heating, Ventilation, and Air Conditioning Systems
    56. Drones/UAVs
    57. Multifunction Printers
    58. Surveillance Systems
    59. REVIEW
    60. 2.6 QUESTIONS
    61. 2.6 ANSWERS
    62. Objective 2.7 Explain the importance of physical security controls
    63. Physical Security
    64. Physical Barriers
    65. Badges
    66. Lighting
    67. Alarms
    68. Signage
    69. Surveillance
    70. Locks
    71. Access Control Vestibule
    72. Personnel
    73. Faraday Cages
    74. Visitor Logs
    75. USB Data Blocker
    76. Secure Areas
    77. Fire Suppression
    78. Environmental Issues
    79. REVIEW
    80. 2.7 QUESTIONS
    81. 2.7 ANSWERS
    82. Objective 2.8 Summarize the basics of cryptographic concepts
    83. Cryptography
    84. Common Use Cases
    85. Algorithms
    86. Quantum Cryptography
    87. Homomorphic Encryption
    88. Steganography
    89. Blockchain
    90. Hashing
    91. Digital Signatures
    92. RIPEMD
    93. HMAC
    94. REVIEW
    95. 2.8 QUESTIONS
    96. 2.8 ANSWERS
  13. 3.0 Implementation
    1. Objective 3.1 Given a scenario, implement secure protocols
    2. Protocols and Use Cases
    3. TCP/IP
    4. DNSSEC
    5. SSH
    6. S/MIME
    7. SRTP
    8. LDAPS
    9. File Transfer Protocols
    10. SNMPv3
    11. HTTPS
    12. IPSec
    13. E-mail Protocols
    14. NTP
    15. DHCP
    16. Use Cases
    17. REVIEW
    18. 3.1 QUESTIONS
    19. 3.1 ANSWERS
    20. Objective 3.2 Given a scenario, implement host or application security solutions
    21. Host and Application Security
    22. Endpoint Protection
    23. Boot Integrity
    24. Databases
    25. Application Security
    26. Hardening
    27. REVIEW
    28. 3.2 QUESTIONS
    29. 3.2 ANSWERS
    30. Objective 3.3 Given a scenario, implement secure network designs
    31. Secure Network Design
    32. Load Balancing
    33. Network Segmentation
    34. Virtual Private Network
    35. DNS
    36. Network Access Control
    37. Out-of-Band Management
    38. Port Security
    39. Network Appliances
    40. Hardware Security Modules
    41. Sensors
    42. Collectors
    43. Aggregators
    44. Firewalls
    45. Access Control Lists
    46. Route Security
    47. Quality of Service
    48. Implications of IPv6
    49. Port Spanning/Monitoring
    50. Monitoring Services
    51. File Integrity Monitors
    52. REVIEW
    53. 3.3 QUESTIONS
    54. 3.3 ANSWERS
    55. Objective 3.4 Given a scenario, install and configure wireless security settings
    56. Wireless Security
    57. Cryptographic Protocols
    58. Authentication Protocols
    59. Methods
    60. Installation Considerations
    61. REVIEW
    62. 3.4 QUESTIONS
    63. 3.4 ANSWERS
    64. Objective 3.5 Given a scenario, implement secure mobile solutions
    65. Mobile Security Solutions
    66. Connection Methods and Receivers
    67. Mobile Device Management
    68. Mobile Devices
    69. Enforcement and Monitoring
    70. Deployment Models
    71. REVIEW
    72. 3.5 QUESTIONS
    73. 3.5 ANSWERS
    74. Objective 3.6 Given a scenario, apply cybersecurity solutions to the cloud
    75. Cloud Security
    76. Cloud Security Controls
    77. Solutions
    78. Cloud Native Controls vs. Third-Party Solutions
    79. REVIEW
    80. 3.6 QUESTIONS
    81. 3.6 ANSWERS
    82. Objective 3.7 Given a scenario, implement identity and account management controls
    83. Identity and Account Management
    84. Identity
    85. Account Types
    86. Account Policies
    87. REVIEW
    88. 3.7 QUESTIONS
    89. 3.7 ANSWERS
    90. Objective 3.8 Given a scenario, implement authentication and authorization solutions
    91. Authentication and Authorization
    92. Authentication Management
    93. Authentication
    94. Access Control Schemes
    95. REVIEW
    96. 3.8 QUESTIONS
    97. 3.8 ANSWERS
    98. Objective 3.9 Given a scenario, implement public key infrastructure
    99. Public Key Infrastructure
    100. PKI Fundamentals
    101. Types of Certificates
    102. Certificate Formats
    103. Other Important Concepts
    104. REVIEW
    105. 3.9 QUESTIONS
    106. 3.9 ANSWERS
  14. 4.0 Operations and Incident Response
    1. Objective 4.1 Given a scenario, use the appropriate tool to assess organizational security
    2. Assessing Organizational Security
    3. Network Reconnaissance and Discovery
    4. File Manipulation
    5. Shell and Script Environments
    6. Packet Capture and Replay
    7. Forensics
    8. Exploitation Frameworks
    9. Password Crackers
    10. Data Sanitization
    11. REVIEW
    12. 4.1 QUESTIONS
    13. 4.1 ANSWERS
    14. Objective 4.2 Summarize the importance of policies, processes, and procedures for incident response
    15. Incident Response
    16. Incident Response Plans
    17. Incident Response Process
    18. Exercises
    19. Attack Frameworks
    20. Communication Plan
    21. Business Continuity Plan
    22. Disaster Recovery Plan
    23. Continuity of Operations Planning
    24. Incident Response Team
    25. Stakeholder Management
    26. Retention Policies
    27. REVIEW
    28. 4.2 QUESTIONS
    29. 4.2 ANSWERS
    30. Objective 4.3 Given an incident, utilize appropriate data sources to support an investigation
    31. Data Sources
    32. Vulnerability Scan Output
    33. SIEM Dashboards
    34. Log Files
    35. syslog/rsyslog/syslog-ng
    36. journalctl
    37. NXLog
    38. Bandwidth Monitors
    39. Metadata
    40. NetFlow/sFlow
    41. Protocol Analyzer Output
    42. REVIEW
    43. 4.3 QUESTIONS
    44. 4.3 ANSWERS
    45. Objective 4.4 Given an incident, apply mitigation techniques or controls to secure an environment
    46. Incident Mitigation
    47. Reconfigure Endpoint Security Solutions
    48. Configuration Changes
    49. Isolation
    50. Containment
    51. Segmentation
    52. Security Orchestration, Automation, and Response
    53. REVIEW
    54. 4.4 QUESTIONS
    55. 4.4 ANSWERS
    56. Objective 4.5 Explain the key aspects of digital forensics
    57. Digital Forensics
    58. Documentation and Evidence
    59. Acquisition and Preservation
    60. On-Premises vs. Cloud
    61. Integrity
    62. Data Recovery
    63. REVIEW
    64. 4.5 QUESTIONS
    65. 4.5 ANSWERS
  15. A About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
    3. Privacy Notice
    4. Single User License Terms and Conditions
    5. TotalTester Online
    6. Technical Support
  16. Index
18.191.135.224