CONTENTS

Acknowledgments

Introduction

 PART I       The CompTIA Security+ Exam

Module 1           Meet the Security+ Exam

Why Do We Need Certification Exams?

Demonstrating and Validating Skills and Knowledge

The World of IT Security Certification

The CompTIA Security+ Examination

CompTIA as an Organization

The Exam

Module 1 Questions and Answers

Module 2           Assessment Exam

Assessment Questions

Answers

PART II       Stepping Up to IT Security

Module 3           The Basics of Security

The Goals of Security

Confidentiality

Integrity

Availability

Other Elements of Security

Identification

Authentication

Authorization

Auditing and Accountability

Non-repudiation

Security Concepts

Controls

Defense-in-Depth

Data Sensitivity and Classification

Principle of Least Privilege

Separation of Duties

Multi-person Control

Mandatory Vacations

Job Rotation

Due Diligence and Due Care

Module 3 Questions and Answers

Module 4           Understanding Security Governance

Security Governance

Laws and Regulations

Organizational Governance

Security Policies

Module 4 Questions and Answers

Module 5           Risk Management

Risk Concepts

Elements of Risk

Putting It All Together: Risk

Managing Risk

Module 5 Questions and Answers

Module 6           IT Risk Assessment

Assessing Risk

Risk Factors

Risk Assessment Methods

Quantitative Assessment

Qualitative Assessment

Putting It All Together: Determining Risk

Risk Response

Module 6 Questions and Answers

PART III     Core Security Concepts

Module 7           Understanding Cryptography

Cryptography Concepts

What Is Cryptography?

Cryptography Components

Module 7 Questions and Answers

Module 8           Cryptographic Methods

Cryptographic Algorithms

Symmetric Algorithms

Asymmetric Algorithms

Hashing Algorithms

Module 8 Questions and Answers

Module 9           Application of Cryptographic Methods

Application of Cryptographic Methods

Cryptography Applications

Cryptographic Method Considerations

Module 9 Questions and Answers

Module 10         Public Key Infrastructure

PKI Concepts

Keys, Algorithms, and Standards

PKI Services

Digital Certificates and PKI Structure

PKI Considerations

Trust Models

Module 10 Questions and Answers

PART IV     Authentication and Authorization

Module 11         Understanding Identification and Authentication

Authentication Concepts

Authentication Factors

Identification Methods

Trusted Entity Authentication

Module 11 Questions and Answers

Module 12         Understanding Authorization

Authorization Concepts

Supporting Authorization

Access Control Models

Module 12 Questions and Answers

Module 13         Authentication Methods and Services

Authentication Concepts

Authentication Protocols and Methods

Remote Access Connection and Authentication Services

Module 13 Questions and Answers

Module 14         User Account Management

Managing User Accounts

Account Policy Enforcement

Managing Privileges with User Accounts

Account Management Considerations

Module 14 Questions and Answers

PART V        Host Security

Module 15         Host Threats

Host-based Threats and Vulnerabilities

Malware

Host Attacks

Module 15 Questions and Answers

Module 16         Host Hardening

Hardening Hosts

Secure Configuration

Operating System Hardening

Other Host Hardening Measures

Maintaining a Host Security Posture

Module 16 Questions and Answers

Module 17         Hardening Host Network Services

Host Network Services

Network Protocols and the OSI Model

Module 17 Questions and Answers

Module 18         Storage Security

Securing Data Storage

Storage Protocols

Data Storage Controls and Methods

Data Storage Best Practices

Module 18 Questions and Answers

Module 19         Static Hosts

Static Environments

Static Host Types

Methods

Module 19 Questions and Answers

PART VI     LAN Security

Module 20         LAN Review

Securing Networks

Securing Network Devices

Secure Network Design

Secure Architecture

Network Separation

Secure Network Administration Principles

Module 20 Questions and Answers

Module 21         Network Threats

Network Attacks

Types of Attacks

Module 21 Questions and Answers

Module 22         Network Hardening

Securing and Defending Networks

Network Defense Methods

Network Hardening Techniques

Module 22 Questions and Answers

Module 23         Network Monitoring

Monitoring Networks

Log Management

Log Analysis

Continuous Monitoring

Module 23 Questions and Answers

PART VII    Application Security

Module 24        Host Application Threats

Application Attacks

Injection Attacks

Other Web Application Attacks

Module 24 Questions and Answers

Module 25        Web Application Threats

Threats from Web Applications

Web Application Attacks

Module 25 Questions and Answers

Module 26        Application Hardening

Securing Applications

Application Security Controls and Techniques

Application-Specific Attack Prevention

Module 26 Questions and Answers

Module 27        Internet Service Hardening

Internet and Application Service Protocols

Using Secure Protocols and Services

Module 27 Questions and Answers

Module 28        Virtualization Security

Securing Virtual Environments

Virtualization Concepts

Using Virtualization for Security

Module 28 Questions and Answers

PART VIII Wireless Security

Module 29         Wireless Threats

Wireless Attacks

Rogue Access Points

Jamming and Interference

Wardriving and Warchalking

Packet Sniffing

Deauthentication Attack

Near Field Communication

Replay Attacks

WEP/WPA Attacks

WPS Attacks

Bluejacking

Bluesnarfing

Module 29 Questions and Answers

Module 30         Wireless Hardening

Wireless Security Protocols

WEP

RC4

WPA

TKIP

WPA2

AES

So What Do We Use?

Wireless Authentication

802.1X

EAP

PEAP

LEAP

Wireless Security Considerations

SSID Broadcasting

MAC Filtering

Antenna Types

Troubleshooting Wireless Security Issues

Wireless Protocol Issues

Authentication Issues

Encryption Issues

Module 30 Questions and Answers

PART IX     Physical Security

Module 31         Environmental Security and Controls

Environmental Controls

EMI and RFI Shielding

Fire Suppression

HVAC

Temperature and Humidity Controls

Hot and Cold Aisles

Environmental Monitoring

Module 31 Questions and Answers

Module 32         Perimeter and Physical Controls

Classifying Controls

Control Types

Control Functions

Physical Controls

Perimeter and Safety Controls

Module 32 Questions and Answers

PART X        Outside Security

Module 33         Third-Party Security

Third-Party Business Practices

Integrating Systems and Data with Third Parties

Third-Party Security Considerations

Third-Party Agreements

Module 33 Questions and Answers

Module 34         Cloud Security

Cloud Computing

Types of Cloud Services

Cloud Architecture Models

Cloud Computing Risks and Virtualization

Appropriate Controls to Ensure Data Security

Module 34 Questions and Answers

Module 35         Mobile Security

Mobile Devices in the Business World

Mobile Security Concepts and Technologies

Application Control and Security

Encryption and Authentication

Device Security

BYOD Concerns

Other Security Concerns

Module 35 Questions and Answers

PART XI     People Security

Module 36        Social Engineering

Social Engineering Attacks

Targets and Goals

Types of Attacks

Social Engineering Principles of Effectiveness

Module 36 Questions and Answers

Module 37        Security Training

Security Awareness and Training

Types of Training

Key Security Areas

User Habits

New Threats and New Security Trends/Alerts

Training Follow-up

Module 37 Questions and Answers

PART XII    Proactive Security

Module 38         Security Assessment

Security Assessment Tools and Techniques

Assessment Types

Risk Calculations

Assessment Techniques

Tools

Interpreting Security Assessment Tool Results

Module 38 Questions and Answers

Module 39         Incident Response

Incident Response Concepts

Risk Mitigation Strategies

Incident Management

Incident Response Procedures

Preparation

Executing an Incident Response

Post-Response

Module 39 Questions and Answers

Module 40         Forensics Procedures

Forensic Concepts

Impartiality and the Collection of Evidence

Handling Evidence

Legal and Ethical Considerations

Data Volatility

Order of Volatility

Critical Forensic Practices

First Response

Chain-of-Custody and Securely Handling Evidence

The Importance of Time

File and Evidence Integrity

Track Man Hours and Expense

Capturing Evidence

Capturing a System Image

Capturing Video

Network Traffic and Logs

Analyzing Evidence

Common Analysis Tasks

Big Data Analysis

Module 40 Questions and Answers

Module 41         Business Continuity

Risk Management Best Practices

Risk Assessment

Business Continuity Concepts

Business Impact Analysis

Identification of Critical Systems and Components

Removing Single Points of Failure

Business Continuity Planning

Continuity of Operations

Disaster Recovery

IT Contingency Planning

Succession Planning

High Availability

Redundancy

Exercises and Testing

Documentation Reviews

Tabletop Exercises

Walkthrough Tests

Full Tests and Disaster Recovery Exercises

Module 41 Questions and Answers

Module 42         Disaster Recovery

Disaster Recovery Concepts

Backup Plans and Policies

Backup Execution and Frequency

Alternate Sites

Recovery Time and Recovery Point Objectives

Module 42 Questions and Answers

PART XIII Appendixes and Glossary

Appendix A      Exam Objectives Map

Appendix B      About the Download

System Requirements

Downloading Total Tester Premium Practice Exam Software

Total Tester Premium Practice Exam Software

Installing and Running Total Tester

Accessing the Online Content

Video Training

TotalSims Simulations

Mike’s Cool Tools

Technical Support

Total Seminars Technical Support

McGraw-Hill Education Content Support

Glossary

Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.15.177.135