You are previewing CompTIA Security+ Study Guide: SY0-401, 6th Edition.
O'Reilly logo
CompTIA Security+ Study Guide: SY0-401, 6th Edition

Book Description

Join over 250,000 IT professionals who've earned Security+ certification

If you're an IT professional hoping to progress in your career, then you know that the CompTIA Security+ exam is one of the most valuable certifications available. Since its introduction in 2002, over a quarter million professionals have achieved Security+ certification, itself a springboard to prestigious certifications like the CASP, CISSP, and CISA. The CompTIA Security+ Study Guide: SY0-401 covers 100% of the Security+ exam objectives, with clear and concise information on crucial security topics.

You'll find everything you need to prepare for the 2014 version of the Security+ certification exam, including insight from industry experts on a wide range of IT security topics. Readers also get access to a robust set of learning tools, featuring electronic flashcards, assessment tests, robust practice test environment, with hundreds of practice questions, and electronic flashcards.

  • CompTIA authorized and endorsed

  • Includes updates covering the latest changes to the exam, including better preparation for real-world applications

  • Covers key topics like network security, compliance and operational security, threats and vulnerabilities, access control and identity management, and cryptography

  • Employs practical examples and insights to provide real-world context from two leading certification experts

  • Provides the necessary tools to take that first important step toward advanced security certs like CASP, CISSP, and CISA, in addition to satisfying the DoD's 8570 directive

  • If you're serious about jump-starting your security career, you need the kind of thorough preparation included in the CompTIA Security+ Study Guide: SY0-401.

    Table of Contents

    1. Cover Page
    2. Title Page
    3. Copyright
    4. Front Matter
    5. Dedication
    6. About the Authors
    7. Acknowledgments
    8. Contents at a Glance
    9. Contents
    10. Table of Exercises
    11. Foreword
    12. Introduction
      1. Exam SY0-401 Exam Objectives
      2. Assessment Test
      3. Answers to Assessment Test
    13. Chapter 1: Measuring and Weighing Risk
      1. Risk Assessment
      2. Developing Policies, Standards, and Guidelines
      3. Summary
      4. Exam Essentials
      5. Review Questions
    14. Chapter 2: Monitoring and Diagnosing Networks
      1. Monitoring Networks
      2. Understanding Hardening
      3. Securing the Network
      4. Security Posture
      5. Reporting Security Issues
      6. Differentiating between Detection Controls and Prevention Controls
      7. Summary
      8. Exam Essentials
      9. Review Questions
    15. Chapter 3: Understanding Devices and Infrastructure
      1. Mastering TCP/IP
      2. Designing a Secure Network
      3. Understanding the Various Network Infrastructure Devices
      4. Summary
      5. Exam Essentials
      6. Review Questions
    16. Chapter 4: Access Control, Authentication, and Authorization
      1. Understanding Access Control Basics
      2. Understanding Remote Access Connectivity
      3. Understanding Authentication Services
      4. Understanding Access Control
      5. Implementing Access Controlling Best Practices
      6. Summary
      7. Exam Essentials
      8. Review Questions
    17. Chapter 5: Protecting Wireless Networks
      1. Working with Wireless Systems
      2. Understanding Wireless Devices
      3. Wireless Vulnerabilities to Know
      4. Summary
      5. Exam Essentials
      6. Review Questions
    18. Chatper 6: Securing the Cloud
      1. Working with Cloud Computing
      2. Working with Virtualization
      3. Security and the Cloud
      4. Summary
      5. Exam Essentials
      6. Review Questions
    19. Chapter 7: Host, Data, and Application Security
      1. Application Hardening
      2. Application Configuration Baselining
      3. Host Security
      4. Host Software Baselining
      5. Hardening Web Servers
      6. Protecting Data Through Fault Tolerance
      7. Application Security
      8. Best Practices for Security
      9. Summary
      10. Exam Essentials
      11. Review Questions
    20. Chapter 8: Cryptography
      1. An Overview of Cryptography
      2. Modern Cryptography
      3. What Cryptography Should You Use?
      4. Understanding Quantum Cryptography
      5. Using Cryptographic Systems
      6. Understanding Cryptography Standards and Protocols
      7. Using Public-Key Infrastructure
      8. Summary
      9. Exam Essentials
      10. Review Questions
    21. Chapter 9: Malware, Vulnerabilities, and Threats
      1. Understanding Malware
      2. Surviving Viruses
      3. Understanding Various Types of Attacks
      4. Identifying Types of Application Attacks
      5. Tools for Finding Threats
      6. Summary
      7. Exam Essentials
      8. Review Questions
    22. Chapter 10: Social Engineering and Other Foes
      1. Understanding Social Engineering
      2. Understanding Physical Security
      3. Environmental Controls
      4. Control Types
      5. Data Policies
      6. Summary
      7. Exam Essentials
      8. Review Questions
    23. Chatper 11: Security Administration
      1. Third-Party Integration
      2. Understanding Security Awareness and Training
      3. Classifying Information
      4. Information Access Controls
      5. Complying with Privacy and Security Regulations
      6. Mobile Devices
      7. Alternative Methods to Mitigate Security Risks
      8. Summary
      9. Exam Essentials
      10. Review Questions
    24. Chapter 12: Disaster Recovery and Incident Response
      1. Issues Associated with Business Continuity
      2. Reinforcing Vendor Support
      3. Penetration Testing
      4. Summary
      5. Exam Essentials
      6. Review Questions
    25. Appendix A: Answers to Review Questions
      1. Chapter 1 : Measuring and Weighing Risk
      2. Chapter 2 : Monitoring and Diagnosing Networks
      3. Chapter 3 : Understanding Devices and Infrastructure
      4. Chapter 4 : Access Control, Authentication, and Authorization
      5. Chapter 5 : Protecting Wireless Networks
      6. Chapter 6 : Securing the Cloud
      7. Chapter 7 : Host, Data, and Application Security
      8. Chapter 8 : Cryptography
      9. Chapter 9 : Malware, Vulnerabilities, and Threats
      10. Chapter 10 : Social Engineering and Other Foes
      11. Chapter 11 : Security Administration
      12. Chapter 12 : Disaster Recovery and Incident Response
    26. Appendix B: About the Additional Study Tools
      1. Additional Study Tools
      2. System Requirements
      3. Using the Study Tools
      4. Troubleshooting
    27. Index