You are previewing Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401).
O'Reilly logo
Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401)

Book Description

An all-new CompTIA Security+ exam guide from top CompTIA training and exam prep expert Mike Meyers

In Mike Meyers’ CompTIA Security+ Certification Guide (Exam SY0-401), the bestselling author and leading authority on CompTIA A+ certification brings his highly effective methodology to IT security for the first time. Like the exam, this book goes beyond knowledge application and is designed to ensure that security personnel anticipate security risks and guard against them. Meyers’ “in the trenches” voice and the clarity of his explanations make his books the bestselling self-study resources available for professional certification.

  • Digital content includes: 20+ lab simulations, 1+ hour of video training from Meyers, and hundreds of practice exam questions
  • McGraw-Hill Professional is a Platinum-Level CompTIA Authorized Partner
  • CAQC Authorized (CompTIA Approved Quality Curriculum)
  • Includes Mike's toolbox of favorite network security related freeware/shareware

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About The Authors
  6. Contents at a Glance
  7. Contents
  8. Acknowledgments
  9. Introduction
  10. PART I The CompTIA Security+ Exam
    1. Module 1 Meet the Security+ Exam
      1. Why Do We Need Certification Exams?
        1. Demonstrating and Validating Skills and Knowledge
        2. The World of IT Security Certification
      2. The CompTIA Security+ Examination
        1. CompTIA as an Organization
        2. The Exam
      3. Module 1 Questions and Answers
    2. Module 2 Assessment Exam
      1. Assessment Questions
      2. Answers
  11. PART II Stepping Up to IT Security
    1. Module 3 The Basics of Security
      1. The Goals of Security
        1. Confidentiality
        2. Integrity
        3. Availability
      2. Other Elements of Security
        1. Identification
        2. Authentication
        3. Authorization
        4. Auditing and Accountability
        5. Non-repudiation
      3. Security Concepts
        1. Controls
        2. Defense-in-Depth
        3. Data Sensitivity and Classification
        4. Principle of Least Privilege
        5. Separation of Duties
        6. Multi-person Control
        7. Mandatory Vacations
        8. Job Rotation
        9. Due Diligence and Due Care
      4. Module 3 Questions and Answers
    2. Module 4 Understanding Security Governance
      1. Security Governance
        1. Laws and Regulations
        2. Organizational Governance
        3. Security Policies
      2. Module 4 Questions and Answers
    3. Module 5 Risk Management
      1. Risk Concepts
        1. Elements of Risk
        2. Putting It All Together: Risk
        3. Managing Risk
      2. Module 5 Questions and Answers
    4. Module 6 IT Risk Assessment
      1. Assessing Risk
        1. Risk Factors
      2. Risk Assessment Methods
        1. Quantitative Assessment
        2. Qualitative Assessment
        3. Putting It All Together: Determining Risk
        4. Risk Response
      3. Module 6 Questions and Answers
  12. PART III Core Security Concepts
    1. Module 7 Understanding Cryptography
      1. Cryptography Concepts
        1. What Is Cryptography?
        2. Cryptography Components
      2. Module 7 Questions and Answers
    2. Module 8 Cryptographic Methods
      1. Cryptographic Algorithms
        1. Symmetric Algorithms
        2. Asymmetric Algorithms
        3. Hashing Algorithms
      2. Module 8 Questions and Answers
    3. Module 9 Application of Cryptographic Methods
      1. Application of Cryptographic Methods
        1. Cryptography Applications
        2. Cryptographic Method Considerations
      2. Module 9 Questions and Answers
    4. Module 10 Public Key Infrastructure
      1. PKI Concepts
        1. Keys, Algorithms, and Standards
        2. PKI Services
        3. Digital Certificates and PKI Structure
        4. PKI Considerations
        5. Trust Models
      2. Module 10 Questions and Answers
  13. PART IV Authentication and Authorization
    1. Module 11 Understanding Identification and Authentication
      1. Authentication Concepts
        1. Authentication Factors
        2. Identification Methods
        3. Trusted Entity Authentication
      2. Module 11 Questions and Answers
    2. Module 12 Understanding Authorization
      1. Authorization Concepts
        1. Supporting Authorization
        2. Access Control Models
      2. Module 12 Questions and Answers
    3. Module 13 Authentication Methods and Services
      1. Authentication Concepts
        1. Authentication Protocols and Methods
        2. Remote Access Connection and Authentication Services
      2. Module 13 Questions and Answers
    4. Module 14 User Account Management
      1. Managing User Accounts
        1. Account Policy Enforcement
        2. Managing Privileges with User Accounts
        3. Account Management Considerations
      2. Module 14 Questions and Answers
  14. PART V Host Security
    1. Module 15 Host Threats
      1. Host-based Threats and Vulnerabilities
        1. Malware
        2. Host Attacks
      2. Module 15 Questions and Answers
    2. Module 16 Host Hardening
      1. Hardening Hosts
        1. Secure Configuration
        2. Operating System Hardening
        3. Other Host Hardening Measures
        4. Maintaining a Host Security Posture
      2. Module 16 Questions and Answers
    3. Module 17 Hardening Host Network Services
      1. Host Network Services
        1. Network Protocols and the OSI Model
      2. Module 17 Questions and Answers
    4. Module 18 Storage Security
      1. Securing Data Storage
        1. Storage Protocols
        2. Data Storage Controls and Methods
        3. Data Storage Best Practices
      2. Module 18 Questions and Answers
    5. Module 19 Static Hosts
      1. Static Environments
        1. Static Host Types
        2. Methods
      2. Module 19 Questions and Answers
  15. PART VI LAN Security
    1. Module 20 LAN Review
      1. Securing Networks
        1. Securing Network Devices
      2. Secure Network Design
        1. Secure Architecture
        2. Network Separation
        3. Secure Network Administration Principles
      3. Module 20 Questions and Answers
    2. Module 21 Network Threats
      1. Network Attacks
        1. Types of Attacks
      2. Module 21 Questions and Answers
    3. Module 22 Network Hardening
      1. Securing and Defending Networks
        1. Network Defense Methods
        2. Network Hardening Techniques
      2. Module 22 Questions and Answers
    4. Module 23 Network Monitoring
      1. Monitoring Networks
        1. Log Management
        2. Log Analysis
        3. Continuous Monitoring
      2. Module 23 Questions and Answers
  16. PART VII Application Security
    1. Module 24 Host Application Threats
      1. Application Attacks
        1. Injection Attacks
        2. Other Web Application Attacks
      2. Module 24 Questions and Answers
    2. Module 25 Web Application Threats
      1. Threats from Web Applications
        1. Web Application Attacks
      2. Module 25 Questions and Answers
    3. Module 26 Application Hardening
      1. Securing Applications
        1. Application Security Controls and Techniques
        2. Application-Specific Attack Prevention
      2. Module 26 Questions and Answers
    4. Module 27 Internet Service Hardening
      1. Internet and Application Service Protocols
        1. Using Secure Protocols and Services
      2. Module 27 Questions and Answers
    5. Module 28 Virtualization Security
      1. Securing Virtual Environments
        1. Virtualization Concepts
        2. Using Virtualization for Security
      2. Module 28 Questions and Answers
  17. PART VIII Wireless Security
    1. Module 29 Wireless Threats
      1. Wireless Attacks
        1. Rogue Access Points
        2. Jamming and Interference
        3. Wardriving and Warchalking
        4. Packet Sniffing
        5. Deauthentication Attack
        6. Near Field Communication
        7. Replay Attacks
        8. WEP/WPA Attacks
        9. WPS Attacks
        10. Bluejacking
        11. Bluesnarfing
      2. Module 29 Questions and Answers
    2. Module 30 Wireless Hardening
      1. Wireless Security Protocols
        1. WEP
        2. RC4
        3. WPA
        4. TKIP
        5. WPA2
        6. AES
        7. So What Do We Use?
      2. Wireless Authentication
        1. 802.1X
        2. EAP
        3. PEAP
        4. LEAP
      3. Wireless Security Considerations
        1. SSID Broadcasting
        2. MAC Filtering
        3. Antenna Types
      4. Troubleshooting Wireless Security Issues
        1. Wireless Protocol Issues
        2. Authentication Issues
        3. Encryption Issues
      5. Module 30 Questions and Answers
  18. PART IX Physical Security
    1. Module 31 Environmental Security and Controls
      1. Environmental Controls
        1. EMI and RFI Shielding
        2. Fire Suppression
        3. HVAC
        4. Temperature and Humidity Controls
        5. Hot and Cold Aisles
        6. Environmental Monitoring
      2. Module 31 Questions and Answers
    2. Module 32 Perimeter and Physical Controls
      1. Classifying Controls
        1. Control Types
        2. Control Functions
      2. Physical Controls
        1. Perimeter and Safety Controls
      3. Module 32 Questions and Answers
  19. PART X Outside Security
    1. Module 33 Third-Party Security
      1. Third-Party Business Practices
        1. Integrating Systems and Data with Third Parties
        2. Third-Party Security Considerations
        3. Third-Party Agreements
      2. Module 33 Questions and Answers
    2. Module 34 Cloud Security
      1. Cloud Computing
        1. Types of Cloud Services
        2. Cloud Architecture Models
        3. Cloud Computing Risks and Virtualization
        4. Appropriate Controls to Ensure Data Security
      2. Module 34 Questions and Answers
    3. Module 35 Mobile Security
      1. Mobile Devices in the Business World
        1. Mobile Security Concepts and Technologies
        2. Application Control and Security
        3. Encryption and Authentication
        4. Device Security
        5. BYOD Concerns
        6. Other Security Concerns
      2. Module 35 Questions and Answers
  20. PART XI People Security
    1. Module 36 Social Engineering
      1. Social Engineering Attacks
        1. Targets and Goals
        2. Types of Attacks
        3. Social Engineering Principles of Effectiveness
      2. Module 36 Questions and Answers
    2. Module 37 Security Training
      1. Security Awareness and Training
        1. Types of Training
        2. Key Security Areas
        3. User Habits
        4. New Threats and New Security Trends/Alerts
        5. Training Follow-up
      2. Module 37 Questions and Answers
  21. PART XII Proactive Security
    1. Module 38 Security Assessment
      1. Security Assessment Tools and Techniques
        1. Assessment Types
        2. Risk Calculations
        3. Assessment Techniques
        4. Tools
        5. Interpreting Security Assessment Tool Results
      2. Module 38 Questions and Answers
    2. Module 39 Incident Response
      1. Incident Response Concepts
        1. Risk Mitigation Strategies
        2. Incident Management
      2. Incident Response Procedures
        1. Preparation
        2. Executing an Incident Response
        3. Post-Response
      3. Module 39 Questions and Answers
    3. Module 40 Forensics Procedures
      1. Forensic Concepts
        1. Impartiality and the Collection of Evidence
        2. Handling Evidence
        3. Legal and Ethical Considerations
      2. Data Volatility
        1. Order of Volatility
      3. Critical Forensic Practices
        1. First Response
        2. Chain-of-Custody and Securely Handling Evidence
        3. The Importance of Time
        4. File and Evidence Integrity
        5. Track Man Hours and Expense
      4. Capturing Evidence
        1. Capturing a System Image
        2. Capturing Video
        3. Network Traffic and Logs
      5. Analyzing Evidence
        1. Common Analysis Tasks
        2. Big Data Analysis
      6. Module 40 Questions and Answers
    4. Module 41 Business Continuity
      1. Risk Management Best Practices
        1. Risk Assessment
      2. Business Continuity Concepts
        1. Business Impact Analysis
        2. Identification of Critical Systems and Components
        3. Removing Single Points of Failure
      3. Business Continuity Planning
        1. Continuity of Operations
        2. Disaster Recovery
        3. IT Contingency Planning
        4. Succession Planning
        5. High Availability
        6. Redundancy
      4. Exercises and Testing
        1. Documentation Reviews
        2. Tabletop Exercises
        3. Walkthrough Tests
        4. Full Tests and Disaster Recovery Exercises
      5. Module 41 Questions and Answers
    5. Module 42 Disaster Recovery
      1. Disaster Recovery Concepts
        1. Backup Plans and Policies
        2. Backup Execution and Frequency
        3. Alternate Sites
        4. Recovery Time and Recovery Point Objectives
      2. Module 42 Questions and Answers
  22. PART XIII Appendixes and Glossary
    1. Appendix A Exam Objectives Map
    2. Appendix B About the Download
      1. System Requirements
      2. Downloading Total Tester Premium Practice Exam Software
        1. Total Tester Premium Practice Exam Software
        2. Installing and Running Total Tester
      3. Accessing the Online Content
        1. Video Training
        2. TotalSims Simulations
        3. Mike’s Cool Tools
      4. Technical Support
        1. Total Seminars Technical Support
        2. McGraw-Hill Education Content Support
  23. Glossary
  24. Index