CompTIA Security+ Certification Study Guide Exam SY0-601 (2022)

Preview (31 of 1024 Pages)

100%

Purchase to unlock

Loading page image...

Certification Study Guide, Fourth Edition(Exam SY0-601)Security™

Loading page image...

This page intentionally left blank

Loading page image...

Glen E. ClarkeNew YorkChicagoSan FranciscoAthensLondonMadridMexico CityMilanNew DelhiSingaporeSydneyTorontoMcGraw Hill is an independent entity from CompTIA® and is not affiliated withCompTIA in any manner. This publication and accompanying media may be usedin assisting students to prepare for the CompTIA Security+ exam. Neither CompTIAnor McGraw Hill warrants that use of this publication and accompanying mediawill ensure passing any exam. CompTIA and CompTIA Security+ are trademarks orregistered trademarks of CompTIA in the United States and/or other countries. Allother trademarks are trademarks of their respective owners. The CompTIA Marks arethe proprietary trademarks and/or service marks of CompTIA and its affiliates usedunder license from CompTIA.Certification Study Guide, Fourth Edition(Exam SY0-601)Security™

Loading page image...

Copyright © 2022 by McGraw Hill. All rights reserved. Except as permitted under the United States Copyright Act of 1976, nopart of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system,without the prior written permission of the publisher.ISBN: 978-1-26-046794-9MHID:1-26-046794-5The material in this eBook also appears in the print version of this title: ISBN: 978-1-26-046793-2,MHID: 1-26-046793-7.eBook conversion by codeMantraVersion 1.0All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occurrence of a trade-marked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringe-ment of the trademark. Where such designations appear in this book, they have been printed with initial caps.McGraw-Hill Education eBooks are available at special quantity discounts to use as premiums and sales promotions or for use incorporate training programs. To contact a representative, please visit the Contact Us page at www.mhprofessional.com.Information has been obtained by McGraw Hill from sources believed to be reliable. However, because of the possibility of hu-man or mechanical error by our sources, McGraw Hill, or others, McGraw Hill does not guarantee the accuracy, adequacy, orcompleteness of any information and is not responsible for any errors or omissions or the results obtained from the use of suchinformation.TERMS OF USEThis is a copyrighted work and McGraw-Hill Education and its licensors reserve all rights in and to the work. Use of this workis subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of thework, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit,distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill Education’s prior consent. Youmay use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right touse the work may be terminated if you fail to comply with these terms.THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION AND ITS LICENSORS MAKE NO GUARANTEESOR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINEDFROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIAHYPERLINK OR OTHERWISE, ANDEXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUD-ING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULARPURPOSE. McGraw-Hill Education and its licensors do not warrant or guarantee that the functions contained in the work willmeet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill Education nor its licensorsshall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damagesresulting therefrom. McGraw-Hill Education has no responsibility for the content of any information accessed through the work.Under no circumstances shall McGraw-Hill Education and/or its licensors be liable for any indirect, incidental, special, punitive,consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised ofthe possibility of such damages. This limitation of liability shall apply to any claim or cause whatsoever whether such claim orcause arises in contract, tort or otherwise.

Loading page image...

To my beautiful wife, Tanya, whose strength and support encourage me each and every day.

Loading page image...

This page intentionally left blank

Loading page image...

ABOUT THE AUTHORGlen E. Clarke, CCT, CCNA, MCITP, MCSE, MCSD, MCDBA, MCT, CEH, CHFI,CISSO, and CompTIA certifications Security+, PenTest+, Network+, A+, is the owner ofDC Advanced Technology Training (DCATT), an IT training company located in Halifax,Nova Scotia that focuses on providing IT certification training and consulting serviceson technologies in the fields of networking, security, and programming. Glen spendsmost of his time delivering certified courses on Windows Server, Microsoft 365, Hyper-V,SQL Server, Exchange Server, SharePoint, Visual Basic .NET, and ASP.NET. Glen alsoteaches a number of security-related courses covering topics such as ethical hacking andcountermeasures, computer forensics and investigation, information systems securityofficers, vulnerability testing, firewall design, and packet analysis.Glen is an experienced author and technical editor whose published work has beennominated for Referenceware Excellence Awards. Glen has authored numerous certificationpreparation guides, includingCompTIA Network+ Certification Study Guide,CCT/CCNARouting and Switching All-In-One Exam Guide,CompTIA PenTest+ Certification forDummies, and the best-sellingCompTIA A+ Certification All-In-One for Dummies.When he’s not working, Glen loves to spend quality time with his wife, Tanya, andtheir four children, Sara, Brendon, Ashlyn, and Rebecca. You can visit Glen online atwww.dcatt.ca or contact him at glenclarke@dcatt.ca.About the Technical EditorEdward Tetzgraduated in 1990 from Saint Lawrence College in Cornwall, Ontario, witha degree in business administration. Since that time, he has spent his career deliveringcertified technical training for a Microsoft Training Center and working as a servicedelivery professional in both Halifax, Nova Scotia and Ottawa, Ontario. Over his career,Ed has supported Apple Macintosh, IBM OS/2, Linux, Novell NetWare, and all Microsoftoperating systems from MS-DOS to Windows Server 2016, as well as hardware from mostof the major manufacturers. Ed currently works for Microsoft in Enterprise Service Deliveryin Ottawa, Ontario, supporting enterprise and government customers.When not working with technology, Ed spends time with his wife, Sharon, and his twodaughters, Emily and Mackenzie.

Loading page image...

This page intentionally left blank

Loading page image...

ixCONTENTS AT A GLANCE1Networking Basics and Terminology............................................12Introduction to Security Terminology..........................................553Security Policies and Standards..................................................934Types of Attacks.....................................................................1395Vulnerabilities and Threats........................................................1816Mitigating Security Threats.......................................................2317Implementing Host-Based Security..............................................2718Securing the Network Infrastructure............................................3279Wireless Networking and Security...............................................38910Authentication.......................................................................43711Authorization and Access Control...............................................46912Introduction to Cryptography....................................................51113Managing a Public Key Infrastructure..........................................55314Physical Security.....................................................................58515Application Attacks and Security................................................61516Virtualization and Cloud Security...............................................64517Risk Analysis.........................................................................66918Disaster Recovery and Business Continuity....................................697

Loading page image...

xCompTIA Security+ Certification Study Guide19Understanding Monitoring and Auditing......................................73920Security Assessments and Audits................................................77521Incident Response and Computer Forensics...................................825AAbout the Online Content.........................................................877Index...................................................................................883

Loading page image...

xiCONTENTSPreface....................................................................................xxviiAcknowledgments......................................................................xxxiIntroduction.............................................................................xxxiii1Networking Basics and Terminology...........................1Understanding Network Devices and Cabling.................................2Looking at Network Devices...........................................2Understanding Network Cabling......................................10Exercise 1-1:Reviewing Networking Components.............15Understanding TCP/IP.............................................................15Reviewing IP Addressing................................................15Exercise 1-2:Understanding Valid Addresses...................20Understanding TCP/IP Protocols.....................................21Exercise 1-3:Viewing Protocol Informationwith Wireshark........................................................31Understanding Application Layer Protocols........................33Understanding IPv6......................................................39Exercise 1-4:Identifying Protocols in TCP/IP...................42Network Security Best Practices.................................................42Device Usage..............................................................42Cable and Protocol Usage...............................................44Certification Summary.............................................................45✓Two-Minute Drill.........................................................46Q&ASelf Test.....................................................................48Self Test Answers.........................................................512Introduction to Security Terminology.........................55Goals of Information Security....................................................56Confidentiality............................................................56Integrity....................................................................58Availability.................................................................60Accountability.............................................................61Exercise 2-1:CIA Scenarios.........................................62

Loading page image...

xiiCompTIA Security+ Certification Study GuideUnderstanding Authentication and Authorization...........................62Identification and Authentication.....................................63Authorization.............................................................64Understanding Security Principles and Terminology........................65Types of Security....................................................................................65Least Privilege, Separation of Duties, and Rotation of Duties....66Concept of Need to Know..............................................68Layered Security and Diversity of Defense..........................68Due Care and Due Diligence...........................................69Vulnerability and Exploit................................................69Threat Actors.............................................................71Threat Vectors............................................................73Threat Intelligence Sources............................................74Research Sources.........................................................76Looking at Security Roles and Responsibilities................................76System Owner and Data Owner.......................................77Data Controller and Data Processor..................................77System Administrator...................................................77User.........................................................................77Privileged User............................................................77Executive User............................................................78Data Roles and Responsibilities........................................78Security Officer...........................................................78Exercise 2-2:Security Terminology................................79Certification Summary.............................................................79✓Two-Minute Drill.........................................................80Q&ASelf Test.....................................................................82Self Test Answers.........................................................873Security Policies and Standards................................93Introduction to Security Policies.................................................94Structure of a Policy.....................................................94Identifying Types of Policies...........................................95General Security Policies..........................................................97Policies Affecting Users.................................................97Policies Affecting Personnel Management..........................99Policies Affecting Administrators.....................................100Exercise 3-1:Reviewing a Security Policy........................101Policies Affecting Management........................................101Other Popular Policies...................................................104

Loading page image...

ContentsxiiiHuman Resources Policies.........................................................105Hiring Policy..............................................................106Termination Policy.......................................................106Mandatory Vacations....................................................107Security-Related HR Policies...........................................107Exercise 3-2:Creating a Security Policy...........................108User Education and Awareness...................................................109General Training and Role-Based Training.........................109User Habits................................................................112New Threats and Security Trends....................................114Use of Social Networks and P2P Programs..........................114Training Metrics and Follow-Up......................................115Exercise 3-3:Designing a Training Program.....................115Importance of Policies to Organization Security...................116Privacy and Sensitive Data Concepts.................................118Regulations and Standards........................................................121Regulations, Standards, and Legislation.............................122Frameworks and Security Guides.....................................124Benchmark/Secure Configuration Guides..........................125Certification Summary.............................................................127✓Two-Minute Drill.........................................................128Q&ASelf Test.....................................................................129Self Test Answers.........................................................1344Types of Attacks...................................................139Understanding Social Engineering...............................................140Social Engineering Overview..........................................140Popular Social Engineering Attacks..................................140Physical Attacks...........................................................146Adversarial Artificial Intelligence.....................................146Supply-Chain Attacks...................................................146Cloud-Based vs. On-Premises Attacks...............................147Reasons for Effectiveness...............................................147Preventing Social Engineering Attacks...............................147Identifying Network Attacks......................................................148Popular Network Attacks...............................................148Exercise 4-1:DNS Poisoning After ExploitUsing Kali Linux......................................................156Exercise 4-2:Performing a Port Scan..............................162Other Network Attacks.................................................163Malicious Code or Script Execution..................................164Preventing Network Attacks...........................................165

Loading page image...

xivCompTIA Security+ Certification Study GuideLooking at Password Attacks.....................................................166Types of Password Attacks.............................................166Cryptographic Attacks and Concepts................................169Online vs. Offline Attacks..............................................169Other Password Attack Terms.........................................170Preventing Password Attacks..........................................170Certification Summary.............................................................172✓Two-Minute Drill.........................................................173Q&ASelf Test.....................................................................174Self Test Answers.........................................................1775Vulnerabilities and Threats......................................181Security Concerns with Vulnerabilities.........................................182Reasons for Vulnerable Systems.......................................182Understanding the Impact of Vulnerabilities.......................184Common Security Issues and Device Output.......................185Exercise 5-1:Removable Media Control..........................190Cloud-Based vs. On-Premises Vulnerabilities......................191Identifying Physical Threats.......................................................192Snooping...................................................................192Theft and Loss of Assets................................................192Human Error..............................................................194Sabotage....................................................................195Looking at Malicious Software...................................................195Privilege Escalation......................................................195Viruses......................................................................196Other Malicious Software..............................................200Protecting Against Malicious Software..............................206Threats Against Hardware.........................................................207BIOS Settings.............................................................207USB Devices...............................................................208Smart Phones and Tablets..............................................209Exercise 5-2:Exploiting a Bluetooth Device.....................210Removable Storage.......................................................212Network Attached Storage.............................................213PBX..........................................................................214Security Risks with Embedded and Specialized Systems.........215Certification Summary.............................................................219✓Two-Minute Drill.........................................................220Q&ASelf Test.....................................................................222Self Test Answers.........................................................226

Loading page image...

Contentsxv6Mitigating Security Threats.....................................231Understanding Operating System Hardening.................................232Uninstall Unnecessary Software.......................................233Disable Unnecessary Services..........................................234Exercise 6-1:Disabling the Remote DesktopServices Service.......................................................236Protect Management Interfaces and Applications.................237Disable Unnecessary Accounts........................................237Patch Management.......................................................238Password Protection.....................................................239Registry Hardening......................................................240Disk Encryption..........................................................241System Hardening Procedures....................................................241Network Security Hardening...........................................241Exercise 6-2:Hardening a Network Switch.......................245Tools for System Hardening............................................246Exercise 6-3:Creating a Security Template.......................250Security Posture and Reporting.......................................254Server Hardening Best Practices.................................................256All Servers.................................................................256HTTP Servers.............................................................257DNS Servers...............................................................258Exercise 6-4:Limiting DNS Zone Transfers......................259DHCP Servers.............................................................259SMTP Servers and FTP Servers.......................................260Common Mitigation Strategies........................................260Certification Summary.............................................................261✓Two-Minute Drill.........................................................262Q&ASelf Test.....................................................................264Self Test Answers.........................................................2677Implementing Host-Based Security............................271Host and Application Security Solutions.......................................272Endpoint Protection.....................................................272Boot Integrity.............................................................273Database....................................................................274Implementing Host-Based Firewalls and HIDS...............................276Host-Based Firewalls....................................................276Exercise 7-1:Configuring TCP Wrappers in Linux.............283Host-Based IDS and Host-Based IPS.................................283

Loading page image...

xviCompTIA Security+ Certification Study GuideProtecting Against Malware.......................................................285Patch Management.......................................................285Using Antivirus and Anti-Spam Software...........................290Spyware and Adware....................................................292Phish Filters and Pop-Up Blockers....................................292Exercise 7-2:Manually Testing a Web Site for Phishing.......293Practicing Good Habits.................................................293Device Security and Data Security...............................................294Hardware Security.......................................................294Mobile Device Security..................................................294Data Security..............................................................302Exercise 7-3:Configuring Permissions in Windows 10........304Application Security and BYOD Concerns..........................310Secure System Design...................................................313Secure Staging Deployment............................................317Certification Summary.............................................................318✓Two-Minute Drill.........................................................318Q&ASelf Test.....................................................................320Self Test Answers.........................................................3248Securing the Network Infrastructure..........................327Understanding Firewalls...........................................................328Firewalls....................................................................328Using IPTables as a Firewall............................................333Exercise 8-1:Configuring IPTables in Linux.....................334Using Firewall Features on a Home Router..........................336NAT and Ad Hoc Networking.........................................341Proxy Servers..............................................................342Routers and ACLs........................................................344Other Security Devices and Technologies...........................344Using Intrusion Detection Systems..............................................346IDS Overview.............................................................346Exercise 8-2:Using Snort: A Network-Based IDS..............351Deception and Disruption..............................................355Protocol Analyzers.......................................................356Network Design and Administration Principles..............................358Network Segmentation..................................................358Network Switches........................................................361Network Address Translation..........................................362

Loading page image...

ContentsxviiNetwork Access Control................................................363Data Protection...........................................................365Data Sovereignty..........................................................367Mail Gateway..............................................................367Network Communication Encryption...............................368API Considerations......................................................371Network Administration Principles..................................371Business Connectivity Considerations...............................374Placement of Security Devices and Network Appliances.........374Configuration Management............................................375Securing Devices....................................................................376Certification Summary.............................................................377✓Two-Minute Drill.........................................................377Q&ASelf Test.....................................................................379Self Test Answers.........................................................3849Wireless Networking and Security.............................389Understanding Wireless Networking............................................390Standards...................................................................391Channels...................................................................393Antenna Types............................................................394Authentication and Encryption........................................395Securing a Wireless Network.....................................................398Security Best Practices..................................................399Vulnerabilities with Wireless Networks..............................405Exercise 9-1:Cracking WEP with Kali Linux....................409Installation Considerations.............................................415Configuring a Wireless Network.................................................416Configuring the Access Point..........................................417Configuring the Client..................................................423Other Wireless Technologies.....................................................424Infrared.....................................................................424Bluetooth...................................................................425Near Field Communication............................................425RFID........................................................................426Certification Summary.............................................................426✓Two-Minute Drill.........................................................426Q&ASelf Test.....................................................................428Self Test Answers.........................................................433

Loading page image...

xviiiCompTIA Security+ Certification Study Guide10Authentication....................................................437Identifying Authentication Models..............................................438Authentication Terminology...........................................438Authentication Methods and Technologies.........................438Multifactor Authentication Factors and Attributes................440Exercise 10-1:Configuring MFA in Outlook Web Mail.......443Authentication Management...........................................444Single Sign-On............................................................444Cloud vs. On-Premises Requirements...............................446Authentication Protocols..........................................................446Windows Authentication Protocols..................................447Common Authentication Protocols..................................448Authentication Services.................................................449Implementing Authentication....................................................452User Accounts.............................................................453Tokens......................................................................453Looking at Biometrics...................................................454Certificate-Based Authentication.....................................455Claims-Based Authentication/Federation Services................458Certification Summary.............................................................460✓Two-Minute Drill.........................................................461Q&ASelf Test.....................................................................462Self Test Answers.........................................................46511Authorization and Access Control..............................469Introducing Access Control.......................................................470Types of Security Controls.............................................470Implicit Deny..............................................................473Review of Security Principles/General Concepts..................473Access Control Schemes...........................................................475Discretionary Access Control..........................................475Mandatory Access Control.............................................477Role-Based Access Control.............................................480Exercise 11-1:Assigning a User the sysadmin Role.............480Rule-Based Access Control.............................................481Group-Based Access Control..........................................482Attribute-Based Access Control.......................................482Other Access Control Tools............................................482Implementing Access Control....................................................483Identities...................................................................483Account Types............................................................484

Loading page image...

ContentsxixUsing Security Groups..................................................485Exercise 11-2:Configuring Security Groupsand Assigning Permissions..........................................485Rights and Privileges.....................................................486Exercise 11-3:Modifying User Rights ona Windows System....................................................487File System Security and Printer Security...........................488Access Control Lists.....................................................489Group Policies.............................................................492Exercise 11-4:Configuring Password Policies viaGroup Policies.........................................................493Database Security........................................................494Exercise 11-5:Encrypting Sensitive Informationin the Database........................................................494Account Restrictions.....................................................497Account Policy Enforcement...........................................500Monitoring Account Access............................................502Certification Summary.............................................................503✓Two-Minute Drill.........................................................503Q&ASelf Test.....................................................................505Self Test Answers.........................................................50812Introduction to Cryptography..................................511Introduction to Cryptography Services.........................................512Understanding Cryptography..........................................512Algorithms and Keys.....................................................514Exercise 12-1:Encrypting Data with the Caesar Cipher.......515Other Cryptography Terms............................................518Symmetric Encryption.............................................................523Symmetric Encryption Concepts......................................523Symmetric Encryption Algorithms...................................525Exercise 12-2:Encrypting Data with the AES Algorithm.....526Asymmetric Encryption...........................................................527Asymmetric Encryption Concepts....................................527Asymmetric Encryption Algorithms.................................530Quantum Cryptography................................................530In-Band vs. Out-of-Band Key Exchange.............................531Understanding Hashing............................................................531Hashing Concepts........................................................531Hashing Algorithms.....................................................532Exercise 12-3:Generating Hashes to Verify Integrity..........533

Loading page image...

xxCompTIA Security+ Certification Study GuideIdentifying Encryption Uses.......................................................535Common Use Cases......................................................535Understanding Limitations.............................................536Encrypting Data..........................................................537Encrypting Communication............................................538Understanding Steganography.........................................543Certification Summary.............................................................544✓Two-Minute Drill.........................................................545Q&ASelf Test.....................................................................546Self Test Answers.........................................................54913Managing a Public Key Infrastructure.........................553Introduction to Public Key Infrastructure......................................554Understanding PKI Terminology......................................554Certificate Authority and Registration Authority..................559Repository.................................................................561Managing a Public Key Infrastructure..........................................561Certificate Life Cycle.....................................................561Certificate Revocation Lists and OCSP..............................562Other PKI Terms.........................................................563Implementing a Public Key Infrastructure.....................................565How SSL/TLS Works....................................................566How Digital Signatures Work..........................................566Creating a PKI.............................................................566Exercise 13-1:Installing a Certificate Authority................568Exercise 13-2:SSL-Enabling a Web Site..........................571Managing a PKI...........................................................575Certification Summary.............................................................578✓Two-Minute Drill.........................................................578Q&ASelf Test.....................................................................579Self Test Answers.........................................................58214Physical Security..................................................585Choosing a Business Location....................................................586Facility Concerns.........................................................586Lighting and Windows..................................................587Doors, Windows, and Walls............................................588Safety Concerns...........................................................589

Loading page image...

ContentsxxiPhysical Access Controls...........................................................589Exercise 14-1:Gaining Access to a Systemwith No Physical Security...........................................590Fencing and Personnel...................................................592Hardware Locks/Lock Types...........................................593Access Systems............................................................594Other Physical Security Controls.....................................596Physical Access Lists and Logs.........................................599Video Surveillance........................................................600Types of Sensors..........................................................602Implementing Environmental Controls.........................................603Understanding HVAC...................................................603Shielding...................................................................604Fire Suppression..........................................................604Certification Summary.............................................................606✓Two-Minute Drill.........................................................606Q&ASelf Test.....................................................................607Self Test Answers.........................................................61215Application Attacks and Security...............................615Understanding Application Attacks.............................................616Directory Traversal.......................................................616Exercise 15-1:Exploiting an IIS Web ServerwithDirectory Traversal............................................617Injection Attacks.........................................................618Exercise 15-2:SQL Injection Attacks.............................620Buffer Overflow Attacks................................................621Cross-Site Scripting......................................................622Cross-Site Request Forgery.............................................623Pass the Hash..............................................................623Privilege Escalation......................................................623SSL Stripping..............................................................624Driver Manipulation and Refactoring................................624Other Application Attacks..............................................624Why Application Vulnerabilities Exist...............................626Secure Application Development Concepts...................................627Secure Coding Concepts................................................627Application Environments..............................................628Secure Coding Techniques.............................................630Application Frameworks and Scripting..............................633

Loading page image...

xxiiCompTIA Security+ Certification Study GuideImplement Host and Application Security.....................................635Host Security..............................................................635Application Security.....................................................636Code Quality and Testing...............................................636Certification Summary.............................................................637✓Two-Minute Drill.........................................................638Q&ASelf Test.....................................................................639Self Test Answers.........................................................64116Virtualization and Cloud Security..............................645Virtualization and Virtualization Security......................................646Introducing Virtualization..............................................646Benefits to Virtualization...............................................647Hypervisor.................................................................647Security Issues with Virtualization....................................649Cloud Computing Concepts......................................................650Cloud Computing Overview...........................................650Cloud Computing Considerations....................................653Resiliency and Automation.............................................654Cloud Features............................................................655Cybersecurity Solutions for the Cloud..........................................657Cloud Security Controls................................................657Cloud Security Solutions................................................660Certification Summary.............................................................661✓Two-Minute Drill.........................................................661Q&ASelf Test.....................................................................663Self Test Answers.........................................................66517Risk Analysis.......................................................669Introduction to Risk Analysis.....................................................670Risk Analysis Overview.................................................670Risk Analysis Process....................................................671Tools to Help Analyze Risk.............................................677Risk with Cloud Computing and Third Parties.....................679Risk Assessment Types.............................................................681Qualitative.................................................................681Exercise 17-1:Performing a Qualitative Risk Analysis.........683Quantitative...............................................................684Exercise 17-2:Performing a Quantitative Risk Analysis.......686

Loading page image...

ContentsxxiiiRisk Mitigation Strategies.........................................................686Exercise 17-3:Identifying Mitigation Techniques..............688Certification Summary.............................................................689✓Two-Minute Drill.........................................................689Q&ASelf Test.....................................................................690Self Test Answers.........................................................69318Disaster Recovery and Business Continuity..................697Introduction to Business Continuity and Disaster Recovery...............698Introduction to Business Continuity.................................698Understanding Disaster Recovery.....................................703Backing Up and Restoring Data: Backup Concepts...........................707Backup Destination Media.............................................707Security Considerations with Tapes..................................708Types of Backups.........................................................709Scheduling Backups......................................................712Exercise 18-1:Backing Up and Restoring Data ona Windows Server....................................................713Geographic Considerations............................................715Implementing Fault Tolerance....................................................715Introducing Redundancy...............................................716Nonpersistence and Diversity..........................................718Understanding RAID....................................................719Exercise 18-2:Configuring RAID 0 ona Windows System....................................................721Exercise 18-3:Creating a Mirrored Volume ona Windows Server....................................................723Exercise 18-4:Creating a RAID 5 Volume ona Windows Server....................................................725Understanding High Availability.................................................726Failover Clustering.......................................................727Network Load Balancing................................................728Redundant Hardware....................................................729Certification Summary.............................................................729✓Two-Minute Drill.........................................................730Q&ASelf Test.....................................................................732Self Test Answers.........................................................735

Loading page image...

xxivCompTIA Security+ Certification Study Guide19Understanding Monitoring and Auditing.....................739Introduction to Monitoring.......................................................740Monitoring Tools....................................................................742Useful System Commands..............................................742SNMP.......................................................................746Performance Monitor...................................................747Protocol Analyzer and Sniffer..........................................748Exercise 19-1:Monitoring Network Trafficwith Wireshark........................................................749Understanding Syslog....................................................750Security Information and Event Management......................752Working with SOAR.....................................................754Implementing Logging and Auditing............................................754Understanding Auditing................................................755Exercise 19-2:Implementing Auditing in Windows............761Understanding Logging.................................................761Exercise 19-3:Configuring Logging in IIS........................763Exercise 19-4:Configuring Windows Firewall...................764Popular Areas to Audit..................................................766Certification Summary.............................................................768✓Two-Minute Drill.........................................................768Q&ASelf Test.....................................................................769Self Test Answers.........................................................77320Security Assessments and Audits..............................775Understanding Types of Assessments...........................................776Assessment Types........................................................776Assessment Techniques.................................................784Performing a Security Assessment...............................................786Threat Hunting...........................................................787Vulnerability Scans.......................................................788Exercise 20-1:Manually Searching CVEfor Windows 10 Vulnerabilities....................................789Performing a Penetration Test....................................................790Considerations and Techniques Used in a Penetration Test.....790Understanding the Hacking Process..................................793Exercise 20-2:Profiling an Organization.........................796Exercise 20-3:Using a Port Scanner...............................801Steps to Perform a Penetration Test..................................804Performing a Vulnerability Assessment..............................805Exercise 20-4:Performing a Vulnerability Scan with Nessus....806

Loading page image...

ContentsxxvTools Used to Assess Security....................................................808Fundamental Tools.......................................................809Network Reconnaissance and Discovery............................810File Manipulation.........................................................812Shell and Script Environments.........................................813Packet Capture and Replay.............................................813Other Common Tools...................................................815Certification Summary.............................................................815✓Two-Minute Drill.........................................................816Q&ASelf Test.....................................................................817Self Test Answers.........................................................82121Incident Response and Computer Forensics..................825Working with Evidence.............................................................826Admissibility..............................................................826Types of Evidence........................................................826Collecting Evidence......................................................827Collecting Digital Evidence........................................................831Understanding the Process.............................................832Where to Find Evidence.................................................836Tools Used.................................................................838Exercise 21-1:Using FTK Imager to Capture an Image ofa Suspect’s Drive......................................................841Exercise 21-2:Using FTK Imager to Create an Image ofthe Contents of Memory............................................842Exercise 21-3:Using FTK Imager to Locate Deleted Files.....842Exercise 21-4:Using Autopsy to Investigate the Local Disk....845Exercise 21-5:Using FTK Imager to View File Headers.......849Exercise 21-6:Performing Cell Phone Forensics................852Exercise 21-7:Looking at Exif Metadata..........................856On-Premises vs. Cloud..................................................857Looking at Incident Response.....................................................858Incident Response Team................................................858Incident Response Plan..................................................859Incident Response Process.............................................860First Responders..........................................................861Damage and Loss Control..............................................861Exercises...................................................................861Policies and Procedures for Incident Response.....................862Data Sources to Support an Investigation...........................864Mitigation Techniques as a Response to an Incident..............866

Loading page image...

xxviCompTIA Security+ Certification Study GuideCertification Summary.............................................................868✓Two-Minute Drill.........................................................869Q&ASelf Test.....................................................................870Self Test Answers.........................................................873AAbout the Online Content.....................................877System Requirements...............................................................878Your Total Seminars Training Hub Account...................................878Privacy Notice.............................................................878Single User License Terms and Conditions....................................878TotalTester Online..................................................................880Pre-Assessment Test.....................................................880Other Book Resources..............................................................880Performance-Based Questions.........................................881Video Training from the Author.......................................881Downloadable Content..................................................881Technical Support...................................................................881Index..............................................................883

Loading page image...

xxviiPREFACESecurity is a critical part of information systems, and the demand for IT professionals who areproficient in assessing security and configuring systems in a secure manner is on the rise.CompTIA Security+ Certification Study Guide, Fourth Editionis a comprehensive book that isdesigned not only to help you prepare for the CompTIA Security+ exam (SY0-601) but also to serveas a practical reference you can use after obtaining your certification.The objective of this study guide is to prepare you for the Security+ exam by familiarizingyou with the technologies, tasks, processes, and principles that CompTIA has identified inits exam objectives as subject to being tested on for the exam. Because the primary focusof the book is to help you pass the test, it doesn’t always cover every aspect of the relatedtechnology. Some aspects of the technology are only covered to the extent necessary to helpyou understand what you need to know to pass the exam. However, this book will also serveyou as a valuable professional resource after your exam.In This BookThis book is organized in such a way as to serve as an in-depth review for the CompTIASecurity+ exam (SY0-601) for both experienced security professionals and newcomers tothe field of information system security. Each chapter covers a major aspect of the exam,with an emphasis on the “why” as well as the “how to” with regard to helping organizationsunderstand critical security technologies that should be implemented in their environment.This book also helps you understand how to assess and recommend ways of improvingsecurity within an organization.About the Online ContentFor more information about the online materials provided with this book, please see theappendix, “About the Online Content.”

Loading page image...

xxviiiCompTIA Security+ Certification Study GuideExam Readiness ChecklistTo help you prepare for the exam, we’ve created an Exam Readiness Checklist. This tablelists the exact CompTIA exam domains and objectives, and each objective has a cross-reference to the chapter or chapters in which it is covered in this book. See the Appendix,“About the Online Content,” for information on how to access this file.In Every ChapterEach chapter includes a set of components that call your attention to important items,reinforce important points, and provide helpful exam-taking hints. The following is a listingof components that may appear in each chapter:■■Every chapter begins withCertification Objectives—what you need to know inorder to answer questions on the exam dealing with the chapter topic. The Objectiveheadings identify the objectives within the chapter, so you’ll always know anobjective when you see it!■■Exam Watchnotes call attention to information about, and potential pitfalls in,the exam. These helpful hints are written by an author who has taken the exam andreceived his certification—who better to tell you what to worry about? He knowswhat you’re about to go through!■■Step-by-Step Exercisesare interspersed throughout the chapters. These aretypically designed as hands-on exercises that allow you to get a feel for the real-worldexperience you need in order to pass the exam. They help you master skills that arelikely to be an area of focus on the exam. Don’t just read through the exercises; theyare hands-on practice that you should be comfortable completing. Learning by doingis an effective way to increase your competency with a product, tool, or technology.■■On the Jobnotesdescribe the issues that come up most often in real-world settings.They provide a valuable perspective on certification- and product-related topics.They point out common mistakes and address questions that have arisen from on-the-job discussions and experience.■■Inside the Examsidebars highlight some of the most common and confusingproblems that students encounter when taking a live exam. Designed to anticipatewhat the exam will emphasize, Inside the Exam sidebars will help ensure you knowwhat you need to know to pass the exam. You can get a leg up on how to respond tothose difficult-to-understand questions by focusing extra attention on these sidebars.■■TheCertification Summaryis a succinct review of the chapter and a restatement ofsalient points regarding the exam.■■TheTwo-Minute Drillat the end of every chapter is a checklist of the main pointsof the chapter. You can use it for last-minute review.✓

Loading page image...

Prefacexxix■■TheSelf Testoffers questions similar to those found on the certification exam. Youcan find the answers to these questions, as well as explanations of the answers, atthe end of each chapter. By taking the Self Test after completing each chapter, you’llreinforce what you’ve learned from that chapter while becoming familiar with thestructure of the exam questions.Some PointersOnce you’ve finished reading this book, set aside some time to do a thorough review. Youmight want to return to the book several times and make use of all the methods it offers forreviewing the material:1.Re-read all the Two-Minute Drills, or have someone quiz you. You also can use thedrills as a way to do a quick cram before the exam. You might want to make someflash cards out of 3×5 index cards that have the Two-Minute Drill material on them.2.Re-read all the Exam Watch notes and Inside the Exam elements.Remember thatthese notes are written by the author, who has taken the exam and passed. He knowswhat you should expect—and what you should be on the lookout for.3.Re-take the Self Tests.Taking the tests right after you’ve read the chapter is a goodidea, because the questions help reinforce what you’ve just learned. However, it’s aneven better idea to go back later and do all the questions in the book in one sitting.Pretend that you’re taking the live exam. When you go through the questions the firsttime, you should mark your answers on a separate piece of paper. That way, you canrun through the questions as many times as you need to until you feel comfortablewith the material.4.Complete the exercises.Did you do the exercises when you read through eachchapter? If not, do them! These exercises are designed to cover exam topics, andthere’s no better way to get to know this material than by practicing. Be sure youunderstand why you are performing each step in each exercise. If there is somethingyou are not clear on, re-read that section in the chapter.Q&A

Preview Mode

This document has 1024 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

CompTIA CySA+ Study Guide, 3rd Edition (2023)

CompTIA CySA+ Cybersecurity Analyst Certification All-in-One Exam Guide (Exam CS0-003) (2024)

CompTIA DataX Study Guide: Exam DY0-001 (2024)

CompTIA CySA+ Practice Tests: Exam CS0-003 (2023)

CompTIA Tech+ CertMike Exam FC0-U71 (2024)

CompTIA Security+ Practice Tests: Exam SY0-701 (2024)

CompTIA Network+ Study Guide: Exam N10-009 (2024)

CompTIA Network+ Practice Tests: Exam N10-009 (2024)

CompTIA DataSys+ Study Guide : Exam DS0-001 (2023)

CompTIA Security+ Study Guide with over 500 Practice Test Questions : Exam SY0-701 (2023)

Company

Explore

Study Tools