Home Page Icon
Home Page
Table of Contents for
PART XI People Security
Close
PART XI People Security
by Mike Meyers
Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401)
Cover
Title Page
Copyright Page
Dedication
About The Authors
Contents at a Glance
Contents
Acknowledgments
Introduction
PART I The CompTIA Security+ Exam
Module 1 Meet the Security+ Exam
Why Do We Need Certification Exams?
Demonstrating and Validating Skills and Knowledge
The World of IT Security Certification
The CompTIA Security+ Examination
CompTIA as an Organization
The Exam
Module 1 Questions and Answers
Module 2 Assessment Exam
Assessment Questions
Answers
PART II Stepping Up to IT Security
Module 3 The Basics of Security
The Goals of Security
Confidentiality
Integrity
Availability
Other Elements of Security
Identification
Authentication
Authorization
Auditing and Accountability
Non-repudiation
Security Concepts
Controls
Defense-in-Depth
Data Sensitivity and Classification
Principle of Least Privilege
Separation of Duties
Multi-person Control
Mandatory Vacations
Job Rotation
Due Diligence and Due Care
Module 3 Questions and Answers
Module 4 Understanding Security Governance
Security Governance
Laws and Regulations
Organizational Governance
Security Policies
Module 4 Questions and Answers
Module 5 Risk Management
Risk Concepts
Elements of Risk
Putting It All Together: Risk
Managing Risk
Module 5 Questions and Answers
Module 6 IT Risk Assessment
Assessing Risk
Risk Factors
Risk Assessment Methods
Quantitative Assessment
Qualitative Assessment
Putting It All Together: Determining Risk
Risk Response
Module 6 Questions and Answers
PART III Core Security Concepts
Module 7 Understanding Cryptography
Cryptography Concepts
What Is Cryptography?
Cryptography Components
Module 7 Questions and Answers
Module 8 Cryptographic Methods
Cryptographic Algorithms
Symmetric Algorithms
Asymmetric Algorithms
Hashing Algorithms
Module 8 Questions and Answers
Module 9 Application of Cryptographic Methods
Application of Cryptographic Methods
Cryptography Applications
Cryptographic Method Considerations
Module 9 Questions and Answers
Module 10 Public Key Infrastructure
PKI Concepts
Keys, Algorithms, and Standards
PKI Services
Digital Certificates and PKI Structure
PKI Considerations
Trust Models
Module 10 Questions and Answers
PART IV Authentication and Authorization
Module 11 Understanding Identification and Authentication
Authentication Concepts
Authentication Factors
Identification Methods
Trusted Entity Authentication
Module 11 Questions and Answers
Module 12 Understanding Authorization
Authorization Concepts
Supporting Authorization
Access Control Models
Module 12 Questions and Answers
Module 13 Authentication Methods and Services
Authentication Concepts
Authentication Protocols and Methods
Remote Access Connection and Authentication Services
Module 13 Questions and Answers
Module 14 User Account Management
Managing User Accounts
Account Policy Enforcement
Managing Privileges with User Accounts
Account Management Considerations
Module 14 Questions and Answers
PART V Host Security
Module 15 Host Threats
Host-based Threats and Vulnerabilities
Malware
Host Attacks
Module 15 Questions and Answers
Module 16 Host Hardening
Hardening Hosts
Secure Configuration
Operating System Hardening
Other Host Hardening Measures
Maintaining a Host Security Posture
Module 16 Questions and Answers
Module 17 Hardening Host Network Services
Host Network Services
Network Protocols and the OSI Model
Module 17 Questions and Answers
Module 18 Storage Security
Securing Data Storage
Storage Protocols
Data Storage Controls and Methods
Data Storage Best Practices
Module 18 Questions and Answers
Module 19 Static Hosts
Static Environments
Static Host Types
Methods
Module 19 Questions and Answers
PART VI LAN Security
Module 20 LAN Review
Securing Networks
Securing Network Devices
Secure Network Design
Secure Architecture
Network Separation
Secure Network Administration Principles
Module 20 Questions and Answers
Module 21 Network Threats
Network Attacks
Types of Attacks
Module 21 Questions and Answers
Module 22 Network Hardening
Securing and Defending Networks
Network Defense Methods
Network Hardening Techniques
Module 22 Questions and Answers
Module 23 Network Monitoring
Monitoring Networks
Log Management
Log Analysis
Continuous Monitoring
Module 23 Questions and Answers
PART VII Application Security
Module 24 Host Application Threats
Application Attacks
Injection Attacks
Other Web Application Attacks
Module 24 Questions and Answers
Module 25 Web Application Threats
Threats from Web Applications
Web Application Attacks
Module 25 Questions and Answers
Module 26 Application Hardening
Securing Applications
Application Security Controls and Techniques
Application-Specific Attack Prevention
Module 26 Questions and Answers
Module 27 Internet Service Hardening
Internet and Application Service Protocols
Using Secure Protocols and Services
Module 27 Questions and Answers
Module 28 Virtualization Security
Securing Virtual Environments
Virtualization Concepts
Using Virtualization for Security
Module 28 Questions and Answers
PART VIII Wireless Security
Module 29 Wireless Threats
Wireless Attacks
Rogue Access Points
Jamming and Interference
Wardriving and Warchalking
Packet Sniffing
Deauthentication Attack
Near Field Communication
Replay Attacks
WEP/WPA Attacks
WPS Attacks
Bluejacking
Bluesnarfing
Module 29 Questions and Answers
Module 30 Wireless Hardening
Wireless Security Protocols
WEP
RC4
WPA
TKIP
WPA2
AES
So What Do We Use?
Wireless Authentication
802.1X
EAP
PEAP
LEAP
Wireless Security Considerations
SSID Broadcasting
MAC Filtering
Antenna Types
Troubleshooting Wireless Security Issues
Wireless Protocol Issues
Authentication Issues
Encryption Issues
Module 30 Questions and Answers
PART IX Physical Security
Module 31 Environmental Security and Controls
Environmental Controls
EMI and RFI Shielding
Fire Suppression
HVAC
Temperature and Humidity Controls
Hot and Cold Aisles
Environmental Monitoring
Module 31 Questions and Answers
Module 32 Perimeter and Physical Controls
Classifying Controls
Control Types
Control Functions
Physical Controls
Perimeter and Safety Controls
Module 32 Questions and Answers
PART X Outside Security
Module 33 Third-Party Security
Third-Party Business Practices
Integrating Systems and Data with Third Parties
Third-Party Security Considerations
Third-Party Agreements
Module 33 Questions and Answers
Module 34 Cloud Security
Cloud Computing
Types of Cloud Services
Cloud Architecture Models
Cloud Computing Risks and Virtualization
Appropriate Controls to Ensure Data Security
Module 34 Questions and Answers
Module 35 Mobile Security
Mobile Devices in the Business World
Mobile Security Concepts and Technologies
Application Control and Security
Encryption and Authentication
Device Security
BYOD Concerns
Other Security Concerns
Module 35 Questions and Answers
PART XI People Security
Module 36 Social Engineering
Social Engineering Attacks
Targets and Goals
Types of Attacks
Social Engineering Principles of Effectiveness
Module 36 Questions and Answers
Module 37 Security Training
Security Awareness and Training
Types of Training
Key Security Areas
User Habits
New Threats and New Security Trends/Alerts
Training Follow-up
Module 37 Questions and Answers
PART XII Proactive Security
Module 38 Security Assessment
Security Assessment Tools and Techniques
Assessment Types
Risk Calculations
Assessment Techniques
Tools
Interpreting Security Assessment Tool Results
Module 38 Questions and Answers
Module 39 Incident Response
Incident Response Concepts
Risk Mitigation Strategies
Incident Management
Incident Response Procedures
Preparation
Executing an Incident Response
Post-Response
Module 39 Questions and Answers
Module 40 Forensics Procedures
Forensic Concepts
Impartiality and the Collection of Evidence
Handling Evidence
Legal and Ethical Considerations
Data Volatility
Order of Volatility
Critical Forensic Practices
First Response
Chain-of-Custody and Securely Handling Evidence
The Importance of Time
File and Evidence Integrity
Track Man Hours and Expense
Capturing Evidence
Capturing a System Image
Capturing Video
Network Traffic and Logs
Analyzing Evidence
Common Analysis Tasks
Big Data Analysis
Module 40 Questions and Answers
Module 41 Business Continuity
Risk Management Best Practices
Risk Assessment
Business Continuity Concepts
Business Impact Analysis
Identification of Critical Systems and Components
Removing Single Points of Failure
Business Continuity Planning
Continuity of Operations
Disaster Recovery
IT Contingency Planning
Succession Planning
High Availability
Redundancy
Exercises and Testing
Documentation Reviews
Tabletop Exercises
Walkthrough Tests
Full Tests and Disaster Recovery Exercises
Module 41 Questions and Answers
Module 42 Disaster Recovery
Disaster Recovery Concepts
Backup Plans and Policies
Backup Execution and Frequency
Alternate Sites
Recovery Time and Recovery Point Objectives
Module 42 Questions and Answers
PART XIII Appendixes and Glossary
Appendix A Exam Objectives Map
Appendix B About the Download
System Requirements
Downloading Total Tester Premium Practice Exam Software
Total Tester Premium Practice Exam Software
Installing and Running Total Tester
Accessing the Online Content
Video Training
TotalSims Simulations
Mike’s Cool Tools
Technical Support
Total Seminars Technical Support
McGraw-Hill Education Content Support
Glossary
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Module 35 Mobile Security
Next
Next Chapter
Module 36 Social Engineering
PART XI
People Security
Module 36
Social Engineering
Module 37
Security Training
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset