CISSP Exam Cram, 5th Edition (2021)

Name: CISSP Exam Cram, 5th Edition (2021)
Brand: Academic Documents Platform
Price: 16.99 USD
Availability: InStock
Author: Sebastian Lopez

CISSP Exam Cram, 5th Edition (2021) is the ultimate study tool to help you pass your exam on the first try.

Sebastian Lopez

Contributor

4.3

about 2 months ago

Preview (31 of 754)

Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

CompTIA® Security+ SY0-601
Exam Cram, Companion Website
Access interactive study tools on this book’s companion website,
including practice test software, Glossary, and Cram Sheet.
To access the companion website, simply follow these steps:
1. Go to www.pearsonitcertification.com/register.
2. Enter the print book ISBN: 9780136798675.
3. Answer the security question to validate your purchase.
4. Go to your account page.
5. Click on the Registered Products tab.
6. Under the book listing, click on the Access Bonus Content link.
If you have any issues accessing the companion website, you can
contact our support team by going to http://pearsonitp.echelp.org.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 4...

CompTIA® Security+ SY0-601 Exam Cram
Copyright © 2021 by Pearson Education, Inc.
All rights reserved. This publication is protected by copyright, and
permission must be obtained from the publisher prior to any prohibited
reproduction, storage in a retrieval system, or transmission in any form or
by any means, electronic, mechanical, photocopying, recording, or likewise.
For information regarding permissions, request forms, and the appropriate
contacts within the Pearson Education Global Rights & Permissions
Department, please visit www.pearson.com/permissions.
No patent liability is assumed with respect to the use of the information
contained herein. Although every precaution has been taken in the
preparation of this book, the publisher and author assume no responsibility
for errors or omissions. Nor is any liability assumed for damages resulting
from the use of the information contained herein.
ISBN-13: 978-0-13-679867-5
ISBN-10: 0-13-679867-5
Library of Congress Control Number: 2020914528
02 22
Trademarks
All terms mentioned in this book that are known to be trademarks or service
marks have been appropriately capitalized. Pearson IT Certification cannot
attest to the accuracy of this information. Use of a term in this book should
not be regarded as affecting the validity of any trademark or service mark.
Warning and Disclaimer
Every effort has been made to make this book as complete and as accurate
as possible, but no warranty or fitness is implied. The information provided
is on an “as is” basis. The author and the publisher shall have neither
liability nor responsibility to any person or entity with respect to any loss or
damages arising from the information contained in this book.
Special Sales
For information about buying this title in bulk quantities, or for special sales
opportunities (which may include electronic versions; custom cover designs;
and content particular to your business, training goals, marketing focus,
or branding interests), please contact our corporate sales department at
corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearson.com.
Editor-in-Chief
Mark Taub
Director,
ITP Product
Management
Brett Bartow
Executive Editor
Nancy Davis
Development
Editor
Ellie C. Bru
Managing Editor
Sandra Schroeder
Project Editor
Mandie Frank
Copy Editor
Kitty Wilson
Indexer
Ken Johnson
Proofreader
Donna Mulder
Technical Editor
Christopher
Crayton
Publishing
Coordinator
Cindy Teeters
Designer
Chuti Prasertsith
Compositor
codeMantraHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 5...

Credits
Figure Number Attribution/Credit
Figure 2-1 Screenshot of an example of what user’s see when
they were infected with ransomware © WannaCry
Figure 5-1 Screenshot of an example of an interactive threat map
© 2018 AO Kaspersky Lab
Figure 10-4 Screenshot of The AWS Management Console
© 2020, Amazon Web Services, Inc.
Figure 12-1 Courtesy of Apple, Inc.
Figure 23-1 Screenshot of Windows local security policy
settings for the account lockout policy © Microsoft
2020
Figure 23-2 Screenshot of Windows local security policy
settings for the password policy © Microsoft 2020
Figure 24-1 Screenshot of Standard Microsoft Windows file
permissions © Microsoft 2020
Figure 25-1 Screenshot of details of a digital certificate © 2020
Apple Inc.
Figure 26-1 Screenshot of using a command-line interface to
access a remote computer by using SSH © 2020
Apple, Inc.
Figure 26-2 Screenshot of using the cURL command to return
the source code of a web page © 2020 Apple, Inc.
Figure 26-3 Screenshot of using the ping command-line utility
© 2020 Apple, Inc.
Figure 28-1 Screenshot of an example of a SIEM system secu-
rity dashboard © security information and event
management
Figure 28-2 Screenshot of Microsoft Windows Event Viewer
Security log © Microsoft 2020
Figure 28-3 Screenshot of Activity Monitor for macOS © 2020
Apple, Inc.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 6...

Contents at a Glance
Introduction xxvii
Part I: Attacks, Threats, and Vulnerabilities 1
CHAPTER 1 Social Engineering Techniques 3
CHAPTER 2 Attack Basics 15
CHAPTER 3 Application Attacks 35
CHAPTER 4 Network Attacks 53
CHAPTER 5 Threat Actors, Vectors, and Intelligence Sources 73
CHAPTER 6 Vulnerabilities 89
CHAPTER 7 Security Assessment Techniques 99
CHAPTER 8 Penetration Testing Techniques 111
Part II: Architecture and Design 121
CHAPTER 9 Enterprise Security Concepts 123
CHAPTER 10 Virtualization and Cloud Computing 145
CHAPTER 11 Secure Application Development, Deployment, and
Automation 165
CHAPTER 12 Authentication and Authorization Design 189
CHAPTER 13 Cybersecurity Resilience 205
CHAPTER 14 Embedded and Specialized Systems 225
CHAPTER 15 Physical Security Controls 239
CHAPTER 16 Cryptographic Concepts 261
Part III: Implementation 279
CHAPTER 17 Secure Protocols 281
CHAPTER 18 Host and Application Security Solutions 307
CHAPTER 19 Secure Network Design 339
CHAPTER 20 Wireless Security Settings 371
CHAPTER 21 Secure Mobile Solutions 389
CHAPTER 22 Cloud Cybersecurity Solutions 421
CHAPTER 23 Identity and Account Management Controls 433Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 7...

v
Contents at a Glance
CHAPTER 24 Authentication and Authorization Solutions 449
CHAPTER 25 Public Key Infrastructure 473
Part IV: Operations and Incident Response 491
CHAPTER 26 Organizational Security 493
CHAPTER 27 Incident Response 509
CHAPTER 28 Incident Investigation 529
CHAPTER 29 Incident Mitigation 541
CHAPTER 30 Digital Forensics 551
Part V: Governance, Risk, and Compliance 567
CHAPTER 31 Control Types 569
CHAPTER 32 Regulations, Standards, and Frameworks 575
CHAPTER 33 Organizational Security Policies 583
CHAPTER 34 Risk Management 597
CHAPTER 35 Sensitive Data and Privacy 613
Glossary of Essential Terms and Components 625
Index 655Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 8...

Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii
Part I: Attacks, Threats, and Vulnerabilities 1
CHAPTER 1:
Social Engineering Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
The Social Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Tailgating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Dumpster Diving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Shoulder Surfing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Phishing and Related Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Watering Hole Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Typo Squatting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Hoaxes and Influence Campaigns . . . . . . . . . . . . . . . . . . . . . . . 10
Principles of Influence (Reasons for Effectiveness) . . . . . . . . . . . . . . . 10
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
CHAPTER 2:
Attack Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Malware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Viruses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Worms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Trojan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Rootkits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Logic Bombs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Bots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Crypto-Malware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Potentially Unwanted Programs (PUPs) . . . . . . . . . . . . . . . . . . 25
Spyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Adware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Cryptomining Software . . . . . . . . . . . . . . . . . . . . . . . . . 26
Physical Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Adversarial Artificial Intelligence (AI) . . . . . . . . . . . . . . . . . . . . . . . . 27
Password Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Birthday Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Downgrade Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 9...

Table of Contentsvii
CHAPTER 3:
Application Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Race Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Improper Software Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Resource Exhaustion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Overflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Code Injections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Driver Manipulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Request Forgeries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Directory Traversal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Replay Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Secure Sockets Layer (SSL) Stripping . . . . . . . . . . . . . . . . . . . . . . . . 45
Application Programming Interface (API) Attacks . . . . . . . . . . . . . . . . 47
Pass-the-Hash Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
CHAPTER 4:
Network Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Wireless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Short-Range Wireless Communications . . . . . . . . . . . . . . . . . . 56
Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Near-Field Communication. . . . . . . . . . . . . . . . . . . . . . . 57
RFID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
On-Path Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Layer 2 Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
MAC Spoofing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
ARP Poisoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
MAC Flooding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Port Stealing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Domain Name System (DNS) Attacks . . . . . . . . . . . . . . . . . . . . . . . . 62
Domain Hijacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Universal Resource Locator (URL) Redirection . . . . . . . . . . . . . 62
DNS Poisoning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Denial of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Distributed DoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Malicious Code and Script Execution . . . . . . . . . . . . . . . . . . . . . . . . 68
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 10...

viiiCompTIA® Security+ SY0-601 Exam Cram
CHAPTER 5:
Threat Actors, Vectors, and Intelligence Sources. . . . . . . . . . . . . . . . . . . 73
Threat Actor Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Threat Actor Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Script Kiddies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Insiders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Hacktivists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Criminal Syndicates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Competitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
State Actors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Vectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Threat Intelligence and Research Sources . . . . . . . . . . . . . . . . . . . . . 81
Sharing Centers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Open-Source Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
CHAPTER 6:
Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Cloud-Based vs. On-Premises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Zero-Day . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Weak Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Improper or Weak Patch Management . . . . . . . . . . . . . . . . . . . 94
Third-Party Risks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Impacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
CHAPTER 7:
Security Assessment Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Vulnerability Scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Intrusive vs. Non-Intrusive . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Credentialed vs. Non-Credentialed . . . . . . . . . . . . . . . . . . . . . . 103
Threat Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Security Information and Event Management (SIEM) . . . . . . . . . 104
Threat Hunting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Security Orchestration, Automation, and Response (SOAR) . . . . . 108
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 11...

Table of Contentsix
CHAPTER 8:
Penetration Testing Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Testing Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Attack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Team Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Part II: Architecture and Design 121
CHAPTER 9:
Enterprise Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Data Confidentiality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Data Loss Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Cloud Access Security Brokers . . . . . . . . . . . . . . . . . . . . . 128
Encryption and Data Obfuscation. . . . . . . . . . . . . . . . . . . . . . . 129
Rights Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Hardware Security Module (HSM). . . . . . . . . . . . . . . . . . 133
Encrypted Traffic Management . . . . . . . . . . . . . . . . . . . . 134
Data Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Data Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Site Resiliency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Geographic Considerations . . . . . . . . . . . . . . . . . . . . . . . 138
Deception and Disruption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
CHAPTER 10:
Virtualization and Cloud Computing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Hypervisors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Type I Hypervisors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Type II Hypervisors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Type I vs. Type II Hypervisors . . . . . . . . . . . . . . . . . . . . . 147
Containers and Microservices . . . . . . . . . . . . . . . . . . . . . . . . . 148
Virtual Desktop Infrastructure (VDI) . . . . . . . . . . . . . . . . . . . . 150
Virtual Machine (VM) Sprawl Avoidance . . . . . . . . . . . . . . . . . . 151
VM Escape Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 12...

xCompTIA® Security+ SY0-601 Exam Cram
Software-Defined Networking (SDN) . . . . . . . . . . . . . . . . . . . . 152
Infrastructure as Code (IaC) . . . . . . . . . . . . . . . . . . . . . . . . . . 153
On-Premises vs. Off-Premises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Cloud Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Service Models. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
IaaS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
PaaS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
SaaS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
Deployment Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Private . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Public . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Hybrid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
Community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
CHAPTER 11:
Secure Application Development, Deployment, and Automation. . . . . . . . 165
Application Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Development and Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
Staging and Production . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Provisioning and Deprovisioning . . . . . . . . . . . . . . . . . . . . . . . 168
Integrity Measurement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Change Management and Version Control. . . . . . . . . . . . . . . . . . . . . 169
Secure Coding Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Normalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Stored Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Encryption, Obfuscation, and Camouflage . . . . . . . . . . . . . . . . . 173
Code Reuse and Dead Code . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Use of Third-Party Libraries and SDKs . . . . . . . . . . . . . . . . . . 175
Server-Side vs. Client-Side Execution and Validation . . . . . . . . . 175
Data Exposure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Proper Error Handling . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Proper Input Validation . . . . . . . . . . . . . . . . . . . . . . . . . 177
Code Signing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Memory Management . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Automation and Scripting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Secure DevOps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
Scalability and Elasticity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 13...

Table of Contentsxi
CHAPTER 12:
Authentication and Authorization Design . . . . . . . . . . . . . . . . . . . . . . . . 189
Identification and Authentication, Authorization, and
Accounting (AAA). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Multifactor Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Single Sign-on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
Federation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Transitive Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Authentication Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Biometrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
Card Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
Certificate-Based Authentication . . . . . . . . . . . . . . . . . . . . . . . 201
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204
CHAPTER 13:
Cybersecurity Resilience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
High Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Load Balancers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
NIC Teaming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
RAID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
Full Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Differential Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
Incremental Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Copies and Snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Non-persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
Revert to Known State or Good Configuration . . . . . . . . . 220
Live Boot Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
Defense in Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
CHAPTER 14:
Embedded and Specialized Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Embedded Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
SoC and RTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
SCADA and ICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Smart Devices and IoT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Heating, Ventilation, Air Conditioning (HVAC) . . . . . . . . . . . . . 231Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 14...

xiiCompTIA® Security+ SY0-601 Exam Cram
Multifunction Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Surveillance Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Special-Purpose Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Medical Devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
Vehicles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Aircraft and UAV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Resource Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
CHAPTER 15:
Physical Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Perimeter Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
Signs, Fencing, and Gates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
Lighting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Barricades and Bollards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Cameras . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Security Guards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Internal Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
Motion and Infrared Detection . . . . . . . . . . . . . . . . . . . . . . . . 244
Access Control Vestibules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Locks and Lock Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
Equipment Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Cable Locks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Cages and Safes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Locking Cabinets and Enclosures . . . . . . . . . . . . . . . . . . . . . . . 247
Screen Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Air Gaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Environmental Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Protected Cabling, Protected Distribution, and Faraday Cages . . . 249
HVAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
Fire Suppression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
Hot and Cold Aisles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Secure Data Destruction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
CHAPTER 16:
Cryptographic Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
Cryptosystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 15...

Table of Contentsxiii
Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Key Exchange . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Symmetric Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Asymmetric Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Elliptic Curve and Emerging Cryptography . . . . . . . . . . . . . . . . 268
Session Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Nonrepudiation and Digital Signatures . . . . . . . . . . . . . . . . . . . 269
Hashing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Use of Proven Technologies and Implementation . . . . . . . . . . . . . . . . 272
Steganography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
Cryptography Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Cryptography Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Part III: Implementation 279
CHAPTER 17:
Secure Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Secure Web Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Internet Protocol Security (IPsec). . . . . . . . . . . . . . . . . . . . . . . 284
Secure File Transfer Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286
Secure Email Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Secure Internet Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Lightweight Directory Access Protocol (LDAP) . . . . . . . . . . . . . 289
Secure Real-Time Transport Protocol (SRTP) . . . . . . . . . . . . . . 290
Simple Network Management Protocol (SNMP) . . . . . . . . . . . . 290
Secure Protocol Use Cases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Secure Web Communication . . . . . . . . . . . . . . . . . . . . . . . . . . 293
Using HTTPS for Web Communications . . . . . . . . . . . . . 293
Using SSL/TLS for Remote Access . . . . . . . . . . . . . . . . . 294
Using DNSSEC for Domain Name Resolution . . . . . . . . . 294
Secure File Transfer Communication . . . . . . . . . . . . . . . . . . . . 295
Using FTPS and SFTP for File Transfer. . . . . . . . . . . . . . 295
Secure Email Communications . . . . . . . . . . . . . . . . . . . . . . . . 296
Using S/MIME, POP3S, and IMAPS for Email . . . . . . . . . 296
Securing Internal Communications. . . . . . . . . . . . . . . . . . . . . . 297
Using SRTP for Voice and Video . . . . . . . . . . . . . . . . . . . 297
Using LDAPS for Directory Services . . . . . . . . . . . . . . . . 298
Using SNMPv3 with Routing and Switching . . . . . . . . . . . 298Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 16...

xivCompTIA® Security+ SY0-601 Exam Cram
Using Network Address Allocation . . . . . . . . . . . . . . . . . . 299
Using Time Synchronization . . . . . . . . . . . . . . . . . . . . . . 302
Using Subscription Services . . . . . . . . . . . . . . . . . . . . . . 303
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
CHAPTER 18:
Host and Application Security Solutions . . . . . . . . . . . . . . . . . . . . . . . . . 307
Endpoint Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Firewalls and HIPS/HIDS Solutions. . . . . . . . . . . . . . . . . . . . . 308
Anti-Malware and Other Host Protections . . . . . . . . . . . . . . . . 310
Endpoint Detection and Response (EDR) . . . . . . . . . . . . . 314
Data Execution Prevention (DEP) . . . . . . . . . . . . . . . . . . 314
Data Loss Prevention (DLP) . . . . . . . . . . . . . . . . . . . . . . 315
Removable Media Control . . . . . . . . . . . . . . . . . . . . . . . 316
Application Allow/Block Lists . . . . . . . . . . . . . . . . . . . . . . . . . 317
Web Application Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317
Application Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
Code Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Static Code Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Dynamic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Stress Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Application Sandboxing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Hardware and Firmware Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
FDE and SED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
TPM and HSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
Boot Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
Boot Attestation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Hardware Root of Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
Operating System Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331
Disabling Unnecessary Ports and Services . . . . . . . . . . . . . . . . . 332
Least Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Secure Configurations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
Trusted Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338
CHAPTER 19:
Secure Network Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Network Devices and Segmentation . . . . . . . . . . . . . . . . . . . . . . . . . 340Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 17...

Table of Contentsxv
Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Network Address Translation (NAT) . . . . . . . . . . . . . . . . 341
Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
Port Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Virtual Local Area Network (VLAN) . . . . . . . . . . . . . . . . . . . . 344
Bridges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Security Devices and Boundaries . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Screened Subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
Web Application Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354
Unified Threat Management (UTM) . . . . . . . . . . . . . . . . . . . . 357
VPN Concentrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
NIDS and NIPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
Detection Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Network Access Control (NAC) . . . . . . . . . . . . . . . . . . . . . . . . 365
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369
CHAPTER 20:
Wireless Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Access Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
Wireless Cryptographic Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Wired Equivalent Privacy (WEP) . . . . . . . . . . . . . . . . . . . . . . . 374
Wi-Fi Protected Access (WPA) . . . . . . . . . . . . . . . . . . . . . . . . 375
Temporal Key Integrity Protocol . . . . . . . . . . . . . . . . . . . 376
Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol . . . . . . . . . . . . . . . . . . . . 376
Wi-Fi Protected Access Version 2 (WPA2). . . . . . . . . . . . . . . . . 376
Wi-Fi Protected Access Version 3 (WPA3). . . . . . . . . . . . . . . . . 377
Authentication Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Wireless Access Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379
Antenna Types, Placement, and Power . . . . . . . . . . . . . . . . . . . 380
MAC Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383
Disabling SSID Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387
CHAPTER 21:
Secure Mobile Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Communication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 18...

xviCompTIA® Security+ SY0-601 Exam Cram
Mobile Device Management Concepts . . . . . . . . . . . . . . . . . . . . . . . 393
Device, Application, and Content Management . . . . . . . . . . . . . 393
Mobile Device Management . . . . . . . . . . . . . . . . . . . . . . 394
Mobile Content Management . . . . . . . . . . . . . . . . . . . . . 394
Mobile Application Management . . . . . . . . . . . . . . . . . . . 395
Protections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
Screen Locks, Passwords, and PINs . . . . . . . . . . . . . . . . . 398
Biometrics and Context-Aware Authentication . . . . . . . . . . 398
Remote Wiping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Geolocation, Geofencing, and Push Notifications. . . . . . . . 400
Storage Segmentation and Containerization . . . . . . . . . . . 402
Full Device Encryption (FDE) . . . . . . . . . . . . . . . . . . . . . 403
Enforcement and Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Jailbreaking and Rooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Custom Firmware, Carrier Unlocking, and OTA Updates . . 406
Third-Party App Stores and Sideloading . . . . . . . . . . . . . . 407
Storage and USB OTG . . . . . . . . . . . . . . . . . . . . . . . . . 408
Enforcement for Normal Device Functions . . . . . . . . . . . . 409
Wi-Fi Methods, Tethering, and Payments . . . . . . . . . . . . . 410
Deployment Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
BYOD, CYOD, COPE, and Corporate-Owned Devices . . . . . . . 412
Virtual Desktop Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . 413
Deployment Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414
Architecture/Infrastructure Considerations . . . . . . . . . . . . 414
Adherence to Corporate Policies and Acceptable Use . . . . . 415
Legal Concerns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
Data Ownership and Support . . . . . . . . . . . . . . . . . . . . . 417
Patch and Antivirus Management . . . . . . . . . . . . . . . . . . . 417
Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
CHAPTER 22:
Cloud Cybersecurity Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421
Cloud Workloads . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
Regions and Availability Zones . . . . . . . . . . . . . . . . . . . . . . . . . 423
Virtual Private Cloud (VPC) . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 19...

Table of Contentsxvii
Managing Secrets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Central Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Third-Party Cloud Security Solutions . . . . . . . . . . . . . . . . . . . . . . . . 428
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
CHAPTER 23:
Identity and Account Management Controls . . . . . . . . . . . . . . . . . . . . . . 433
Account Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433
Account Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Onboarding and Offboarding . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Least Privilege . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Access Auditing and Reviews . . . . . . . . . . . . . . . . . . . . . . . . . . 436
Time of Day and Location Restrictions . . . . . . . . . . . . . . . . . . . 438
Logical Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Account Policy Enforcement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Password Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Account Expiration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
Forgotten Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Account Lockout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Password Age and History . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
Password Length and Rotation. . . . . . . . . . . . . . . . . . . . . . . . . 445
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448
CHAPTER 24:
Authentication and Authorization Solutions . . . . . . . . . . . . . . . . . . . . . . . 449
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Unencrypted Plaintext Credentials . . . . . . . . . . . . . . . . . . . . . . 451
Filesystem Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Access Violations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
Authentication Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
Authentication Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
802.1X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
AAA Protocols and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Federated Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461
Kerberos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Privileged Access Management . . . . . . . . . . . . . . . . . . . . . . . . . 469
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 20...

xviiiCompTIA® Security+ SY0-601 Exam Cram
CHAPTER 25:
Public Key Infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473
PKI Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474
Certificate Authority (CA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
Certification Practice Statement. . . . . . . . . . . . . . . . . . . . 476
Trust Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476
Key Escrow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Digital Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478
Public and Private Key Usage . . . . . . . . . . . . . . . . . . . . . 480
Certificate Signing Request . . . . . . . . . . . . . . . . . . . . . . . 481
Certificate Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Certificate Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482
Certificate Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484
Certificate Revocation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486
OCSP Stapling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487
Pinning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Part IV: Operations and Incident Response 491
CHAPTER 26:
Organizational Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493
Shell and Script Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Network Reconnaissance and Discovery . . . . . . . . . . . . . . . . . . . . . . 496
Exploitation Frameworks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Packet Capture and Replay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Password Crackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
Forensics and Data Sanitization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
CHAPTER 27:
Incident Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Attack Frameworks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Cyber Kill Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
MITRE ATT&CK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Diamond Model of Intrusion Analysis . . . . . . . . . . . . . . . . . . . . 511
Incident Response Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Documented Incident Type/Category Definitions. . . . . . . . . . . . 513
Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513
Reporting Requirements and Escalation . . . . . . . . . . . . . . . . . . 514Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 21...

Table of Contentsxix
Cyber-Incident Response Teams . . . . . . . . . . . . . . . . . . . . . . . . 515
Training, Tests, and Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Incident Response Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Incident Identification and Analysis . . . . . . . . . . . . . . . . . . . . . 518
Containment, Eradication, and Recovery . . . . . . . . . . . . . . . . . . 519
Post-Incident Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521
Continuity and Recovery Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Disaster Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Continuity of Operations Planning . . . . . . . . . . . . . . . . . . . . . . 524
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
CHAPTER 28:
Incident Investigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
SIEM Dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531
Network Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
Protocol Analyzers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Network Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539
CHAPTER 29:
Incident Mitigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Containment and Eradication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Quarantining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
Configuration Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 543
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 544
Application Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Secure Orchestration, Automation, and Response (SOAR) . . . . . . 546
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549
CHAPTER 30:
Digital Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 551
Data Breach Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
Strategic Intelligence/Counterintelligence Gathering . . . . . . . . . . . . . 554
Track Person-hours. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Order of Volatility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Chain of Custody . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 556
Data Acquisition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 22...

xxCompTIA® Security+ SY0-601 Exam Cram
Capture System Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
Capture Network Traffic and Logs . . . . . . . . . . . . . . . . . . . . . . 560
Capture Video and Photographs . . . . . . . . . . . . . . . . . . . . . . . . 561
Record Time Offset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
Take Hashes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
Capture Screenshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
Collect Witness Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . 563
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565
Part V: Governance, Risk, and Compliance 567
CHAPTER 31:
Control Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569
Nature of Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Functional Use of Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Deterrent Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Preventive Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Detective Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571
Corrective Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
Compensating Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 574
CHAPTER 32:
Regulations, Standards, and Frameworks . . . . . . . . . . . . . . . . . . . . . . . . 575
Industry-Standard Frameworks and Reference Architectures . . . . . . . . 575
Regulatory and Non-regulatory Requirements . . . . . . . . . . . . . . 576
Industry-Specific Frameworks . . . . . . . . . . . . . . . . . . . . . . . . . 577
Benchmarks and Secure Configuration Guides . . . . . . . . . . . . . . . . . . 579
Platform- and Vendor-Specific Guides . . . . . . . . . . . . . . . . . . . 579
General-Purpose Guides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581
CHAPTER 33:
Organizational Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
Policy Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
Human Resource Management Policies . . . . . . . . . . . . . . . . . . . . . . . 584
Background Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584
Onboarding and Offboarding . . . . . . . . . . . . . . . . . . . . . . . . . . 584
Mandatory Vacations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
Separation of Duties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 23...

Table of Contentsxxi
Job Rotation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Clean Desk Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Role-Based Awareness and Training . . . . . . . . . . . . . . . . . . . . . 586
Continuing Education. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588
Acceptable Use Policy/Rules of Behavior . . . . . . . . . . . . . . . . . . 589
Internet Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
Nondisclosure Agreements . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
Disciplinary and Adverse Actions . . . . . . . . . . . . . . . . . . . . . . . 591
Exit Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592
Third-Party Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592
Interoperability Agreements. . . . . . . . . . . . . . . . . . . . . . . . . . . 593
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596
CHAPTER 34:
Risk Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
Risk Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
Risk Register . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
Risk Response Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
Threat Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Qualitative vs. Quantitative Measures . . . . . . . . . . . . . . . . . . . . 604
Single Loss Expectancy . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Annual Rate of Occurrence . . . . . . . . . . . . . . . . . . . . . . . 606
Annual Loss Expectancy . . . . . . . . . . . . . . . . . . . . . . . . . 606
Business Impact Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606
Critical Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
Identification of Critical Systems . . . . . . . . . . . . . . . . . . . 607
Single Points of Failure. . . . . . . . . . . . . . . . . . . . . . . . . . 607
Recovery Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
MTTF, MTBF, and MTTR . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
Impact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
CHAPTER 35:
Sensitive Data and Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
Sensitive Data Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613
Data Sensitivity Labeling and Handling . . . . . . . . . . . . . . . . . . 614
Privacy Laws and Regulatory Compliance . . . . . . . . . . . . . 616
Data Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . 618Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 24...

xxiiCompTIA® Security+ SY0-601 Exam Cram
Data Retention and Disposal . . . . . . . . . . . . . . . . . . . . . . . . . . 620
Privacy Impact Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621
What Next? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
Glossary of Essential Terms and Components . . . . . . . . . . . . . . . . . . . . . . . 625
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 25...

About the Author
Marty M. Weiss has spent most of his career in information security and risk
management, helping large organizations. Marty holds a bachelor of science
degree in computer studies from the University of Maryland University
College and an MBA from the Isenberg School of Management at the
University of Massachusetts Amherst. He holds several certifications, including
CISSP, CISA, and Security+. Marty has authored and coauthored more than a
half-dozen books on information technology, many that have been described as
riveting and Dostoevsky-esque in reviews by his mother. A Florida native, he
now lives in New England.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 26...

Dedication
This book is dedicated to my parents.
Acknowledgments
Thank you, the reader of this book. It’s a pleasure to help others achieve a
goal, and I’m thankful for that opportunity. Thank you to the entire team
that helped to bring this book together. I’d like to acknowledge, in particular,
Carole Jelen, Nancy Davis, Ellie Bru, Chris Crayton, Mandie Frank, and Kitty
Wilson. Also, thank you, Diane Barrett. While you weren’t directly involved
in this edition, many of your words and ideas exist from previous editions.
Finally, thank you to my friends and family for their support and understand-
ing through the entire process.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 27...

About the Technical Reviewer
Chris Crayton is a technical consultant, trainer, author, and industry-leading
technical editor. He has worked as a computer technology and networking
instructor, information security director, network administrator, network engi-
neer, and PC specialist. Chris has authored several print and online books on
PC repair, CompTIA A+, CompTIA Security+, and Microsoft Windows. He
has also served as technical editor and content contributor on numerous tech-
nical titles for several of the leading publishing companies. He holds numerous
industry certifications, has been recognized with many professional and teach-
ing awards, and has served as a state-level SkillsUSA final competition judge.
We Want to Hear from You!
As the reader of this book, you are our most important critic and commenta-
tor. We value your opinion and want to know what we’re doing right, what we
could do better, what areas you’d like to see us publish in, and any other words
of wisdom you’re willing to send our way.
We welcome your comments. You can email or write to let us know what you
did or didn’t like about this book—as well as what we can do to make our
books better.
Please note that we cannot help you with technical problems related to the topic of
this book.
When you write, please be sure to include this book’s title and author as well
as your name and email address. We will carefully review your comments and
share them with the author and editors who worked on the book.
Email: community@informit.comHumble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 28...

Reader Services
Register your copy of CompTIA® Security+ SY0-601 Exam Cram at
www.pearsonitcertification.com for convenient access to downloads, updates,
and corrections as they become available. To start the registration process, go
to www.pearsonitcertification.com/register and log in or create an account.*
Enter the product ISBN 9780136798675 and click Submit. When the pro-
cess is complete, you will find any available bonus content under Registered
Products.
*Be sure to check the box to indicate that you would like to hear from us to
receive exclusive discounts on future editions of this product.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 29...

Introduction
Welcome to CompTIA® Security+ SY0-601 Exam Cram, sixth edition. This book
helps you get ready to take and pass the CompTIA Security+ SY0-601 exam.
This book is designed to remind you of everything you need to know to pass
the SY0-601 certification exam. Each chapter includes a number of practice
questions that should give you a reasonably accurate assessment of your knowl-
edge, and, yes, we’ve provided the answers and their explanations for these
questions. Read this book, understand the material, and you’ll stand a very good
chance of passing the real test.
Exam Cram books help you understand and appreciate the subjects and materials
you need to know to pass CompTIA certification exams. Exam Cram books are
aimed strictly at test preparation and review. They do not teach you everything
you need to know about a subject. Instead, the authors streamline and highlight
the pertinent information by presenting and dissecting the questions and problems
they’ve discovered that you’re likely to encounter on a CompTIA test.
We strongly recommend that you spend some time installing and working with
security tools such as Wireshark and Metasploit and experimenting with the
many network and security-related resources provided with many operating
systems. The Security+ exam focuses on such activities and the knowledge and
skills they can provide you. Nothing beats hands-on experience and familiar-
ity when it comes to understanding the questions you’re likely to encounter on
a certification test. Book learning is essential, but without a doubt, hands-on
experience is the best teacher of all!
Let’s begin by looking at preparation for the exam.
How to Prepare for the Exam
This text follows the official exam objectives closely to help ensure your suc-
cess. The CompTIA exam covers 5 domains and 35 objectives. This book is
divided into 5 parts and 35 chapters, aligning with those domains and objec-
tives. These official objectives from CompTIA can be found here:
https://www.comptia.org/training/resources/exam-objectives.
As you examine the numerous exam topics now covered in Security+, resist the
urge to panic! This book you are holding will provide you with the knowledge
(and confidence) that you need to succeed. You just need to make sure you read
it and follow the guidance it provides throughout your Security+ journey.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 30...

xxviiiCompTIA® Security+ SY0-601 Exam Cram
Practice Tests
This book is filled with practice exam questions to get you ready! Cram quiz-
zes end each chapter, and each question also includes complete explanations.
In addition, the book includes two additional full practice tests in the Pearson
Test Prep software, available to you either online or as an offline Windows
application. To access the practice exams, please see the instructions in the
card inserted in the sleeve in the back of the book. This card includes a
unique access code that enables you to activate your exams in the Pearson Test
Prep software.
In case you are interested in more practice exams than are provided with this
book, Pearson IT Certification publishes a Premium Edition eBook and Prac-
tice Test product. In addition to providing you with three eBook files (EPUB,
PDF, and Kindle) this product provides you with two additional exams’ worth
of questions. The Premium Edition version also offers you a link to the specific
section in the book that presents an overview of the topic covered in the ques-
tion, allowing you to easily refresh your knowledge. The insert card in the back
of the book includes a special offer for an 80% discount off of this Premium
Edition eBook and Practice Test product, which is an incredible deal.
Taking a Certification Exam
After you prepare for your exam, you need to register with a testing center.
At the time of this writing, the cost to take the Security+ exam is US $349 for
individuals. Students in the United States are eligible for a significant discount.
In addition, check with your employer as many workplaces provide reimburse-
ment programs for certification exams. For more information about these
discounts, you can contact a local CompTIA sales representative, who can
answer any questions you might have. If you don’t pass, you can take the exam
again for the same cost as the first attempt until you pass. The test is adminis-
tered by Pearson VUE testing centers, with locations globally. In addition, the
CompTIA Security+ certification is a requirement for many within the U.S.
military, and testing centers are available on some military bases.
You will have 90 minutes to complete the exam. The exam consists of a maxi-
mum of 90 questions. If you have prepared, you should find that this is plenty
of time to properly pace yourself and review the exam before submission.Humble Bundle Pearson Networking and Security Certification Bundle – © Pearson. Do Not Distribute.

Loading page 31...

28 more pages available. Scroll down to load them.

Preview Mode

100%

Study Now!

XY-Copilot AI

Unlimited Access

Secure Payment

Instant Access

24/7 Support

AI Assistant

Document Details

Subject

Certified Information Systems Security Professional

CISSP Exam Cram, 5th Edition (2021)

Study Now!

Document Details

Related Documents

CISSP All-in-One Exam Guide (2021)

The Official ISC2 CISSP CBK Reference (2021)

All in One CISSP Exam Guide (2022)

Official ISC2 Guide to the CISSP CBK (2019)

CISSP Official Study Guide (2021)

CISSP Official Practice Tests (2021)

ISC2 Cissp Certified Information Systems Security Professional Official Practice Tests (2021)

CISSP® Study Guide (2023)

CISSP Cert Guide (2022)