Book description
The Publisher regrets that the CD/DVD content for this title cannot be made available Online.
CompTIA® Security+ Exam Cram, Fourth Edition, is the perfect study guide to help you pass CompTIA’s newly updated version of the Security+ exam. It provides coverage and practice questions for every exam topic. The book contains a set of 200 questions in two full practice exams.
Covers the critical information you need to know to score higher on your Security+ exam!
--Categorize types of attacks, threats, and risks to your systems
--Secure devices, communications, and network infrastructure
-- Troubleshoot issues related to networking components
-- Effectively manage risks associated with a global business environment
-- Differentiate between control methods used to secure the physical domain
-- Identify solutions to secure hosts, data, and applications
-- Compare techniques to mitigate risks in static environments
-- Determine relevant access control, authorization, and authentication procedures
-- Select appropriate mitigation techniques in response to attacks and vulnerabilities
-- Apply principles of cryptography and effectively deploy related solutions
--Implement security practices from both a technical and an organizational standpoint
Table of contents
- About This eBook
- Title Page
- Copyright Page
- Contents at a Glance
- Contents
- About the Authors
- Dedication
- Acknowledgments
- We Want to Hear from You!
- Reader Services
- CompTIA®
- Introduction
-
Part I: Network Security
- Chapter 1. Secure Network Design
- Chapter 2. Network Implementation
-
Part II: Compliance and Operational Security
-
Chapter 3. Risk Management
-
Explain the Importance of Risk-Related Concepts
- Control Types
- False Positives
- False Negatives
- Importance of Policies in Reducing Risk
- Risk Calculation
- Qualitative Versus Quantitative Measures
- Vulnerabilities
- Threat Vectors
- Probability/Threat Likelihood
- Risk-Avoidance, Transference, Acceptance, Mitigation, Deterrence
- Risks Associated with Cloud Computing and Virtualization
- Recovery Time Objective and Recovery Point Objective
- Cram Quiz
- Cram Quiz Answers
-
Summarize the Security Implications of Integrating Systems and Data with Third Parties
- On-Boarding/Off-Boarding Business Partners
- Social Media Networks and/or Applications
- Interoperability Agreements
- Privacy Considerations
- Risk Awareness
- Unauthorized Data Sharing
- Data Ownership
- Data Backups
- Follow Security Policy and Procedures
- Review Agreement Requirements to Verify Compliance and Performance Standards
- Cram Quiz
- Cram Quiz Answers
- Given a Scenario, Implement Appropriate Risk Mitigation Strategies
- Given a Scenario, Implement Basic Forensic Procedures
- Summarize Common Incident Response Procedures
- What Next?
-
Explain the Importance of Risk-Related Concepts
-
Chapter 4. Response and Recovery
-
Explain the Importance of Security-Related Awareness and Training
- Security Policy Training and Procedures
- Role-Based Training
- Personally Identifiable Information
- Information Classification
- Public
- Data Labeling, Handling, and Disposal
- Compliance with Laws, Best Practices, and Standards
- User Habits
- New Threats and New Security Trends/Alerts
- Use of Social Networking and Peer-to-Peer Services
- Follow Up and Gather Training Metrics to Validate Compliance and Security Posture
- Cram Quiz
- Cram Quiz Answers
- Compare and Contrast Physical and Environmental Controls
- Summarize Risk Management Best Practices
- Given a Scenario, Select the Appropriate Control to Meet the Goals of Security
- What Next?
-
Explain the Importance of Security-Related Awareness and Training
-
Chapter 3. Risk Management
-
Part III: Threats and Vulnerabilities
-
Chapter 5. Attacks
- Explain Types of Malware
-
Summarize Various Types of Attacks
- Man-in-the-Middle
- Denial of Service
- Distributed DoS
- Replay
- DNS Poisoning
- ARP Poisoning
- Spoofing
- Spam
- Phishing and Related Attacks
- Privilege Escalation
- Malicious Insider Threat
- Transitive Access and Client-Side Attacks
- Password Attacks
- Typo Squatting/URL Hijacking
- Watering Hole Attack
- Cram Quiz
- Cram Quiz Answers
- Summarize Social Engineering Attacks and the Associated Effectiveness with Each Attack
- Explain Types of Wireless Attacks
- Explain Types of Application Attacks
- What Next?
- Chapter 6. Deterrents
-
Chapter 5. Attacks
-
Part IV: Application, Data, and Host Security
-
Chapter 7. Application Security
-
Explain the Importance of Application Security Controls and Techniques
- Fuzzing
- Secure Coding Concepts
- Cross-Site Scripting Prevention
- Cross-Site Request Forgery Prevention
- Application Configuration Baseline (Proper Settings)
- Application Hardening
- Application Patch Management
- NoSQL Databases Versus SQL Databases
- Server-Side Versus Client-Side Validation
- Cram Quiz
- Cram Quiz Answers
- What Next?
-
Explain the Importance of Application Security Controls and Techniques
- Chapter 8. Host Security
- Chapter 9. Data Security
-
Chapter 7. Application Security
-
Part V: Access Control and Identity Management
- Chapter 10. Authentication, Authorization, and Access Control
-
Chapter 11. Account Management
- Install and Configure Security Controls When Performing Account Management, Based on Best Practices
- Mitigate Issues Associated with Users with Multiple Account/Roles and/or Shared Accounts
- Account Policy Enforcement
- Group-Based Privileges
- User-Assigned Privileges
- User Access Reviews
- Continuous Monitoring
- Cram Quiz
- Cram Quiz Answers
- What Next?
- Part VI: Cryptography
- Practice Exam 1: CompTIA Security+ SY0-401
- Index
- Practice Exam 2: CompTIA Security+ SY0-401
- Glossary
- Exam CRAM: The CompTIA Security+ Cram Sheet
- Code Snippets
Product information
- Title: CompTIA® Security+™ SY0-401 Exam Cram, Fourth Edition
- Author(s):
- Release date: March 2015
- Publisher(s): Pearson IT Certification
- ISBN: 9780133836455
You might also like
book
CompTIA® Security+™ SY0-301 Exam Cram, Third Edition
Prepare for CompTIA Security+ SY0-301 exam success with this CompTIA Authorized Exam Cram from Pearson IT …
book
Security+ Training Guide
The Security+ certification is CompTIA's response to membership requests to develop a foundation-level certification for security …
book
CompTIA® Security+ SY0-401 Cert Guide, Deluxe Edition, Third Edition
This is the eBook version of the print title. Note that the eBook does not provide …
book
The Andreasson Affair
The Andreasson Affair is more than just a classic example of a close encounter. It is …