Cover image for Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601), 3rd Edition

Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601), 3rd Edition

Release Date: 2021/05/01
ISBN: 9781260473704
Topic:
0%
28
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

An up-to-date CompTIA Security+ exam guide from training and exam preparation guru Mike Meyers

Take the latest version of the CompTIA Security+ exam (exam SY0-601) with confidence using the comprehensive information contained in this highly effective self-study resource. Like the test, the guide goes beyond knowledge application and is designed to ensure that security personnel anticipate security risks and guard against them.

In Mike Meyers’ CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601), the bestselling author and leading authority on CompTIA A+ certification brings his proven methodology to IT security. Mike covers all exam objectives in small, digestible modules that allow you to focus on individual skills as you move through a broad and complex set of skills and concepts. The book features hundreds of accurate practice questions as well as a toolbox of the author’s favorite network security related freeware/shareware.

  • Provides complete coverage of every objective for exam SY0-601
  • Online content includes 20+ lab simulations, video training, a PDF glossary, and 180 practice questions
  • Written by computer security and certification experts Mike Meyers and Scott Jernigan

Table of Contents

  1. Cover
  2. About the Authors
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. Chapter 1 Risk Management
    1. Module 1-1: Defining Risk
    2. Asset
    3. Likelihood
    4. Threat Actor
    5. Vulnerability and Threat
    6. Circling Back to the Risk Definition
    7. Vectors
    8. Threat Intelligence
    9. Module 1-2: Risk Management Concepts
    10. Infrastructure
    11. Security Controls
    12. Risk Management Frameworks
    13. Module 1-3: Security Controls
    14. Control Categories
    15. Control Types
    16. Module 1-4: Risk Assessment
    17. Risk Assessment Processes and Concepts
    18. Quantitative Risk Assessment
    19. Qualitative Risk Assessment
    20. Putting It All Together: Risk Analysis
    21. Risk Response
    22. Module 1-5: Business Impact Analysis
    23. BIA Basics
    24. Types of Impact
    25. Locating Critical Resources
    26. Calculating Impact
    27. Calculating Downtime
    28. Module 1-6: Data Security and Data Protection
    29. Organizing Data
    30. Legal and Compliance
    31. Data Destruction
    32. Privacy Breaches
    33. Module 1-7: Personnel Risk and Policies
    34. Hiring
    35. Onboarding
    36. Personnel Management Policies
    37. Training
    38. Policies
    39. User Habits
    40. Offboarding
    41. Module 1-8: Third-Party Risk and Policies
    42. Third-Party Risk Management
    43. Agreement Types
    44. Questions
    45. Answers
  11. Chapter 2 Cryptography
    1. Module 2-1: Cryptography Basics
    2. Essential Building Blocks
    3. Early Cryptography
    4. Cryptography Components
    5. Module 2-2: Cryptographic Methods
    6. Symmetric Cryptography
    7. Asymmetric Cryptography
    8. Hashing
    9. Limitations in Symmetric vs. Asymmetric Cryptography
    10. Hybrid Cryptography
    11. The Perfect Cryptosystem
    12. Module 2-3: Symmetric Cryptosystems
    13. DES
    14. 3DES
    15. AES
    16. Blowfish
    17. Twofish
    18. RC4
    19. Summary of Symmetric Algorithm Characteristics
    20. Module 2-4: Asymmetric Cryptosystems
    21. RSA
    22. Diffie-Hellman
    23. PGP/GPG
    24. ECC
    25. ElGamal
    26. Module 2-5: Hashing Algorithms
    27. Hashing Process
    28. MD5
    29. SHA
    30. RIPEMD
    31. HMAC
    32. Module 2-6: Digital Signatures and Certificates
    33. Digital Signatures
    34. Digital Certificates
    35. Module 2-7: Public Key Infrastructure
    36. Keys, Algorithms, and Standards
    37. PKI Services
    38. Digital Certificates and PKI Structure
    39. Key Safety
    40. Trust Models
    41. Module 2-8: Cryptographic Attacks
    42. Attack Strategies
    43. Attackable Data
    44. Attack Scenarios
    45. Defending Password Storage
    46. Other Attack Options
    47. Module 2-9: Other Cryptosystems
    48. Homomorphic Encryption
    49. Blockchain
    50. Quantum Cryptography
    51. Questions
    52. Answers
  12. Chapter 3 Identity and Account Management
    1. Module 3-1: Understanding Authentication
    2. Identification and AAA
    3. Identification and Authentication
    4. Authorization
    5. Accounting
    6. Trust
    7. Module 3-2: Authentication Methods and Access Controls
    8. Authentication Methods
    9. Biometrics
    10. Authorization and Access Control Schemes/Models
    11. Module 3-3: Account Management
    12. User Accounts
    13. Account Policies
    14. Account Administration
    15. Module 3-4: Point-to-Point Authentication
    16. PAP
    17. CHAP/MS-CHAP
    18. Remote Access Connection and Authentication Services
    19. Module 3-5: Network Authentication
    20. The Challenge of LAN Access Management
    21. Microsoft Networking
    22. LDAP and Secure LDAP
    23. Module 3-6: Identity Management Systems
    24. Trust
    25. Shared Authentication Schemes
    26. Questions
    27. Answers
  13. Chapter 4 Tools of the Trade
    1. Module 4-1: Operating System Utilities
    2. Network Reconnaissance and Discovery
    3. File Manipulation
    4. Shell and Script Environments
    5. Module 4-2: Network Scanners
    6. Scanning Methods
    7. Scanning Targets
    8. Scanner Types
    9. Module 4-3: Protocol Analyzers
    10. Why Protocol Analyze?
    11. Wireshark
    12. tcpdump
    13. Module 4-4: Monitoring Networks
    14. Exploring Log Files
    15. Centralizing Log Files
    16. Security Information and Event Management
    17. Log File Management
    18. Questions
    19. Answers
  14. Chapter 5 Securing Individual Systems
    1. Module 5-1: Types of System Attacks
    2. Attacking Applications
    3. Driver Manipulation
    4. Malicious Code or Script Execution
    5. Module 5-2: Malware
    6. Virus
    7. Cryptomalware/Ransomware
    8. Worm
    9. Trojan Horse
    10. Potentially Unwanted Programs
    11. Bots/Botnets
    12. Logic Bomb
    13. Keylogger
    14. RAT
    15. Rootkit
    16. Backdoor
    17. Module 5-3: Cybersecurity Resilience
    18. Non-persistence
    19. Redundancy
    20. Diversity
    21. Module 5-4: Securing Hardware
    22. Physical Attacks
    23. Securing the Systems
    24. Securing Boot Integrity
    25. Module 5-5: Securing Endpoints
    26. Hardening Operating Systems
    27. Anti-malware
    28. Data Execution Prevention
    29. File Integrity Monitors
    30. Data Loss Prevention
    31. Module 5-6: System Recycling
    32. Clear
    33. Purge
    34. Destroy
    35. Questions
    36. Answers
  15. Chapter 6 The Basic LAN
    1. Module 6-1: Layer 2 LAN Attacks
    2. ARP Poisoning
    3. Man-in-the-Middle Attacks
    4. MAC Flooding
    5. MAC Cloning
    6. Module 6-2: Organizing LANs
    7. Configuration Management
    8. Network Segmentation
    9. Load Balancing
    10. Module 6-3: Implementing Secure Network Designs
    11. Securing the LAN
    12. Internet Connection Firewalls
    13. Securing Servers
    14. Module 6-4: Virtual Private Networks
    15. How VPNs Work
    16. Early VPNs
    17. IPsec VPNs
    18. TLS VPNs
    19. Module 6-5: Network-Based Intrusion Detection/Prevention
    20. Detection vs. Prevention
    21. Detecting Attacks
    22. Configuring Network-Based IDS/IPS
    23. Monitoring NIDS/NIPS
    24. Endpoint Detection and Response
    25. Questions
    26. Answers
  16. Chapter 7 Securing Wireless LANs
    1. Module 7-1: Networking with 802.11
    2. Wireless Cryptographic Protocols
    3. Wireless Authentication Protocols
    4. Module 7-2: Attacking 802.11
    5. Wireless Survey/Stumbler
    6. Packet Capture
    7. Attack Tools
    8. Rogue Access Point
    9. Jamming
    10. Packet Sniffing
    11. Deauthentication Attack
    12. Near-Field Communication
    13. Replay Attacks
    14. WEP/WPA Attacks
    15. WPS Attacks
    16. Wireless Peripherals
    17. Module 7-3: Securing 802.11
    18. Installation Considerations
    19. Wireless Configuration
    20. Security Posture Assessment
    21. Questions
    22. Answers
  17. Chapter 8 Securing Public Servers
    1. Module 8-1: Attacking and Defending Public Servers
    2. Distributed Denial-of-Service
    3. Route Security
    4. Quality of Service
    5. Monitoring Services
    6. Module 8-2: Virtualization Security
    7. Virtualization Architecture
    8. Containers
    9. Virtualization Risks
    10. Using Virtualization for Security
    11. Module 8-3: Cloud Deployment
    12. Let’s Talk Amazon
    13. Cloud Deployment Models
    14. Cloud Architecture Models
    15. Cloud Growing Pains
    16. Module 8-4: Securing the Cloud
    17. Cloud Security Controls
    18. Unique Cloud Security Solutions
    19. Questions
    20. Answers
  18. Chapter 9 Securing Dedicated Systems
    1. Module 9-1: Embedded, Specialized, and Mobile Systems
    2. Embedded Systems
    3. SCADA/ICS
    4. Internet of Things
    5. Specialized Systems
    6. Mobile Systems
    7. Module 9-2: Connecting to Dedicated Systems
    8. Common Communication Technologies
    9. IoT-Specific Communication Technologies
    10. Module 9-3: Security Constraints for Dedicated Systems
    11. Hardware
    12. Programming
    13. Connectivity
    14. Module 9-4: Implementing Secure Mobile Solutions
    15. Mobile Device Management
    16. Deployment Models
    17. Inventory Control and Asset Tracking
    18. Application Management and Security
    19. Encryption and Authentication
    20. Enforcement and Monitoring for Device Security
    21. Questions
    22. Answers
  19. Chapter 10 Physical Security
    1. Module 10-1: Physical Security Controls
    2. Passive Defensive Systems and Perimeter Controls
    3. Active Alert Systems
    4. Manned Defensive Systems
    5. Module 10-2: Environmental Controls
    6. EMI and RFI Shielding
    7. Fire Suppression
    8. HVAC
    9. Temperature and Humidity Controls
    10. Hot and Cold Aisles
    11. Environmental Monitoring
    12. Questions
    13. Answers
  20. Chapter 11 Secure Protocols and Applications
    1. Module 11-1: Secure Internet Protocols
    2. DNS Security
    3. SNMP
    4. SSH
    5. FTP
    6. SRTP
    7. Module 11-2: Secure Web and E-mail
    8. HTTP
    9. HTTPS
    10. E-mail
    11. Module 11-3: Web Application Attacks
    12. Injection Attacks
    13. Hijacking and Related Attacks
    14. Other Web Application Attacks
    15. Module 11-4: Application Security
    16. Development
    17. Code Quality and Testing
    18. Staging
    19. Production
    20. Quality Assurance
    21. Getting Organized
    22. Module 11-5: Certificates in Security
    23. Certificate Concepts and Components
    24. PKI Concepts
    25. Online vs. Offline CA
    26. PKI TLS Scenario
    27. Types of Certificates
    28. Certificate Formats
    29. Key Escrow
    30. Questions
    31. Answers
  21. Chapter 12 Testing Infrastructure
    1. Module 12-1: Vulnerability Impact
    2. Device/Hardware Vulnerabilities
    3. Configuration Vulnerabilities
    4. Management/Design Vulnerabilities
    5. Module 12-2: Social Engineering
    6. Social Engineering Goals
    7. Principles
    8. Types of Attacks
    9. Module 12-3: Artificial Intelligence
    10. Understanding Artificial Intelligence
    11. Machine Learning Essentials
    12. OSINT
    13. Adversarial Artificial Intelligence
    14. Module 12-4: Security Assessment
    15. Threat Hunting
    16. Vulnerability Scans
    17. Penetration Testing
    18. Module 12-5: Assessment Tools
    19. Protocol Analyzer
    20. Network Scanner
    21. Vulnerability Scanner
    22. Configuration Compliance Scanner
    23. Penetration Testing with Metasploit
    24. Specific Tools Mentioned by CompTIA
    25. Interpreting Security Assessment Tool Results
    26. Questions
    27. Answers
  22. Chapter 13 Dealing with Incidents
    1. Module 13-1: Incident Response
    2. Incident Response Concepts
    3. Incident Response Procedures
    4. Scenarios: Mitigation During and After an Incident
    5. Module 13-2: Digital Forensics
    6. Digital Forensics Concepts
    7. Data Volatility
    8. Critical Forensics Practices
    9. Data Acquisition
    10. Analyzing Evidence
    11. Module 13-3: Continuity of Operations and Disaster Recovery
    12. Risk Management Best Practices
    13. Contingency Planning and Resilience
    14. Functional Recovery Plans
    15. Backup and Restore Plans and Policies
    16. Questions
    17. Answers
  23. Appendix A Exam Objective Map
    1. Exam SY0-601
  24. Appendix B About the Online Content
    1. System Requirements
    2. Your Total Seminars Training Hub Account
    3. Privacy Notice
    4. Single User License Terms and Conditions
    5. TotalTester Online
    6. Other Book Resources
    7. Video Training from Mike Meyers
    8. TotalSim Simulations
    9. Mike’s Cool Tools
    10. Technical Support
  25. Glossary
  26. Index
3.136.18.141