O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CompTIA Security+ SY0-501 Exam Cram, Fifth Edition

Book Description

CompTIA's Security+ is the #1 international vendor-neutral baseline security certification. In 2017, CompTIA is releasing a thoroughly revised certification exam. CompTIA Security+ Exam Cram, Fifth Edition has been thoroughly updated to prepare candidates for the new exam, using the proven Exam Cram method of study.

 

As with all Exam Cram books, it includes:

  • Chapters that map directly to the exam objectives
  • Comprehensive foundational learning on all topics covered on the exam
  • An extensive collection of practice questions
  • Access to the Pearson Test Prep practice test software that provides real-time practice and feedback, online or offline
  • The Cram Sheet tear-out card including tips, acronyms, and memory joggers not available anywhere else - perfect for last-minute study

Topics covered in this book range from identifying threats, attacks, and vulnerabilities to implementing the correct tools and technologies to defend against these vectors; cryptography concepts and deployment techniques to identity and access management; security architecture and design principles to risk management. This book brings together all the knowledge professionals need to walk into the exam room with confidence - and pass their Security+ exams with flying colors.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Dedication Page
  5. Contents at a Glance
  6. Table of Contents
  7. About the Authors
  8. Acknowledgments
  9. About the Technical Reviewer
  10. We Want to Hear from You!
  11. Reader Services
  12. Introduction
  13. Part I: Threats, Attacks, and Vulnerabilities
    1. Chapter 1: Indicators of Compromise and Malware Types
      1. Viruses
      2. Worms
      3. Ransomware
      4. Trojan Horses
      5. Rootkits
      6. Logic Bombs
      7. Bots
      8. Spyware
      9. What Next?
    2. Chapter 2: Attack Types
      1. Social Engineering
      2. Application/Service Attacks
      3. Cryptographic Attacks
      4. Wireless
      5. What Next?
    3. Chapter 3: Threat Actor Types and Attributes
      1. Threat Actor Attributes
      2. Threat Actor Types
      3. Open Source Intelligence
      4. What Next?
    4. Chapter 4: Penetration Testing
      1. Testing Methodology
      2. What Next?
    5. Chapter 5: Vulnerability Scanning
      1. Types of Vulnerability Scans
      2. What Next?
    6. Chapter 6: Impacts Associated with Vulnerability Types
      1. People and Process
      2. Race Conditions
      3. Resource Exhaustion
      4. Architecture and Design
      5. Configuration
      6. Cryptographic Management
      7. Embedded Systems
      8. Lack of Vendor Support
      9. Improper Software Handling
      10. Leaks, Overflows, and Code Injection
      11. What Next?
  14. Part I Cram Quiz
  15. Part II: Technology and Tools
    1. Chapter 7: Network Components
      1. Perimeter Security
      2. Internal Security
      3. Boundary Devices
      4. Enforcement Tools
      5. Cryptographic Devices
      6. What Next?
    2. Chapter 8: Software Tools
      1. Vulnerability Assessment Tools
      2. Detection and Protection Tools
      3. What Next?
    3. Chapter 9: Security Issues
      1. Authentication, Authorization, and Access
      2. Misconfigurations and Deviations
      3. Personnel
      4. Logs and Event Anomalies
      5. Assets and Licensing
      6. What Next?
    4. Chapter 10: Security Technologies
      1. Security Technologies
      2. What Next?
    5. Chapter 11: Mobile Devices
      1. Communication Methods
      2. Mobile Device Management Concepts
      3. Enforcement and Monitoring
      4. Deployment Models
      5. What Next?
    6. Chapter 12: Secure Protocols
      1. Secure Protocols
      2. Use Cases
  16. Part II Cram Quiz
  17. Part III: Architecture and Design
    1. Chapter 13: Use Cases, Frameworks, and Best Practices
      1. Industry-standard Frameworks and Reference Architectures
      2. Benchmarks and Secure Configuration Guides
      3. Defense in Depth and Layered Security
      4. What Next?
    2. Chapter 14: Network Architecture
      1. Zones and Topologies
      2. Segregation, Segmentation, and Isolation
      3. VPN Tunneling
      4. Security Device and Technology Placement
      5. SDN
      6. What Next?
    3. Chapter 15: Secure Systems Design
      1. Hardware and Firmware Security
      2. Operating Systems
      3. Peripherals
      4. What Next?
    4. Chapter 16: Secure Staging Deployment
      1. Sandboxing
      2. Environment
      3. Secure Baseline
      4. Integrity Measurement
      5. What Next?
    5. Chapter 17: Embedded Systems
      1. SCADA and ICS
      2. Smart Devices and IoT
      3. SoC and RTOS
      4. HVAC
      5. Printers, MFDs, and Camera Systems
      6. Special-Purpose Devices
      7. What Next?
    6. Chapter 18: Secure Application Development and Deployment
      1. Development Life-cycle Models
      2. Secure DevOps
      3. Change Management and Version Control
      4. Provisioning and Deprovisioning
      5. Secure Coding Techniques
      6. Compiled vs. Runtime Code
      7. Code Quality and Testing
      8. What Next?
    7. Chapter 19: Cloud and Virtualization
      1. Virtualization Concepts
      2. Cloud Concepts
      3. What Next?
    8. Chapter 20: Reducing Risk
      1. Automation and Scripting
      2. Templates and Master Images
      3. Non-persistence
      4. Scalability and Elasticity
      5. Distributive Allocation
      6. Fault Tolerance and Redundancy
      7. High Availability
      8. RAID
      9. What Next?
    9. Chapter 21: Physical Security Controls
      1. Perimeter Security
      2. Internal Security
      3. Equipment Security
      4. Environmental Controls
      5. What Next?
  18. Part III Cram Quiz
  19. Part IV: Identity and Access Management
    1. Chapter 22: Identity and Access Management Concepts
      1. Identification, Authentication, Authorization, and Accounting (AAA)
      2. Multifactor Authentication
      3. Federation, Single Sign-On, and Transitive Trust
      4. What Next?
    2. Chapter 23: Identity and Access Services
      1. Authentication Protocols
      2. Directory Services Protocols
      3. AAA Protocols and Services
      4. Federated Services
      5. What Next?
    3. Chapter 24: Identity and Access Controls
      1. Access Control Models
      2. Physical Access Controls
      3. Tokens
      4. Certificate-based Authentication
      5. File System Security
      6. Database Security
      7. What Next?
    4. Chapter 25: Account Management Practices
      1. Account Types
      2. General Concepts
      3. Account Policy Enforcement
      4. What Next?
  20. Part IV Cram Quiz
  21. Part V: Risk Management
    1. Chapter 26: Policies, Plans, and Procedures Related to Organizational Security
      1. Human Resource Management Policies
      2. Interoperability Agreements
      3. What Next?
    2. Chapter 27: Business Impact Analysis
      1. Critical Functions
      2. Recovery Objectives
      3. MTTR
      4. MTTF and MTBF
      5. Impact
      6. Privacy
      7. What Next?
    3. Chapter 28: Risk Management Processes and Concepts
      1. Threat Assessment
      2. Risk Assessment
      3. Risk Register
      4. Risk Response Techniques
      5. What Next?
    4. Chapter 29: Incident Response Procedures
      1. Incident Response Plan
      2. Incident Response Process
      3. What Next?
    5. Chapter 30: Forensics
      1. Strategic Intelligence/Counterintelligence Gathering
      2. Track Man-hours
      3. Order of Volatility
      4. Chain of Custody
      5. Legal Hold
      6. Data Acquisition
      7. What Next?
    6. Chapter 31: Disaster Recovery and Continuity of Operations
      1. Disaster Recovery
      2. Geographic Considerations
      3. Continuity of Operation Planning
      4. What Next?
    7. Chapter 32: Controls
      1. Nature of Controls
      2. Functional Use of Controls
      3. Compensating Controls
      4. What Next?
    8. Chapter 33: Data Security and Privacy Practices
      1. Data Sensitivity Labeling and Handling
      2. Data Roles
      3. Data Retention and Disposal
      4. What Next?
  22. Part V Cram Quiz
  23. Part VI: Cryptography and PKI
    1. Chapter 34: Cryptography
      1. Keys
      2. Symmetric Algorithms
      3. Asymmetric Algorithms
      4. Elliptic Curve and Quantum Cryptography
      5. Session Keys
      6. Nonrepudiation and Digital Signatures
      7. Hashing
      8. Use of Proven Technologies and Implementation
      9. Use Cases
      10. What Next?
    2. Chapter 35: Cryptography Algorithms
      1. Obfuscation Techniques
      2. Symmetric Algorithms
      3. Asymmetric Algorithms
      4. Hashing Algorithms
      5. Key Derivation Function
      6. What Next?
    3. Chapter 36: Wireless Security Settings
      1. Access Methods
      2. Wireless Cryptographic Protocols
      3. Authentication Protocols
      4. What Next?
    4. Chapter 37: Public Key Infrastructure
      1. Certificate Authority (CA)
      2. Digital Certificate
      3. Certificate Revocation
      4. OCSP Stapling
      5. Pinning
      6. What Next?
  24. Part VI Cram Quiz
  25. Index
  26. Glossary of Essential Terms and Components
  27. Cram Quizzes
    1. Part I
    2. Part II
    3. Part III
    4. Part IV
    5. Part V
    6. Part VI
  28. Cram Quiz Answers
    1. Part I
    2. Part II
    3. Part III
    4. Part IV
    5. Part V
    6. Part VI