Mike Meyers' CompTIA Security+ SY0-601 Exam Certification Guide, 3rd Edition (2021)
Mike Meyers' CompTIA Security+ SY0-601 Exam Certification Guide, 3rd Edition (2021) is the ultimate study tool to help you pass your exam on the first try.
Sebastian Lopez
Contributor
4.1
55
7 months ago
Preview (31 of 1258)
Sign in to access the full document!
ABOUT THE AUTHORS
Mike Meyers, CompTIA A+, CompTIA Network+, CompTIA Security+, is
the industry’s leading authority on CompTIA certifications and the best-
selling author of ten editions of CompTIA A+ Certification All-in-One Exam
Guide (McGraw Hill). He is the president and founder of Total Seminars,
LLC, a major provider of PC and network repair seminars for thousands of
organizations throughout the world, and a member of CompTIA.
Scott Jernigan, CompTIA ITF+, CompTIA A+, CompTIA Network+,
CompTIA Security+, MCP, is the author or co-author (with Mike Meyers) of
over two dozen IT certification books, including CompTIA IT Fundamentals
(ITF+) Certification All-in-One Exam Guide (McGraw Hill). He has taught
seminars on building, fixing, and securing computers and networks all over
the United States, including stints at the FBI Academy in Quantico, Virginia,
and the UN Headquarters in New York City, New York.
About the Technical Editor
Matt Walker is currently a member of the Cyber Security Infrastructure
team at Kennedy Space Center with DB Consulting. An IT security and
education professional for more than 20 years, he has served in multiple
positions ranging from director of the Network Training Center and a
curriculum lead/senior instructor for Cisco Networking Academy on
Ramstein AB, Germany, to instructor supervisor and senior instructor at
Dynetics, Inc., in Huntsville, Alabama, providing onsite certification-
awarding classes for (ISC)2, Cisco, and CompTIA. Matt has written and
contributed to numerous technical training books for NASA, Air Education
and Training Command, and the US Air Force, as well as commercially
(CEH Certified Ethical Hacker All-in-One Exam Guide, now in its fourth
Mike Meyers, CompTIA A+, CompTIA Network+, CompTIA Security+, is
the industry’s leading authority on CompTIA certifications and the best-
selling author of ten editions of CompTIA A+ Certification All-in-One Exam
Guide (McGraw Hill). He is the president and founder of Total Seminars,
LLC, a major provider of PC and network repair seminars for thousands of
organizations throughout the world, and a member of CompTIA.
Scott Jernigan, CompTIA ITF+, CompTIA A+, CompTIA Network+,
CompTIA Security+, MCP, is the author or co-author (with Mike Meyers) of
over two dozen IT certification books, including CompTIA IT Fundamentals
(ITF+) Certification All-in-One Exam Guide (McGraw Hill). He has taught
seminars on building, fixing, and securing computers and networks all over
the United States, including stints at the FBI Academy in Quantico, Virginia,
and the UN Headquarters in New York City, New York.
About the Technical Editor
Matt Walker is currently a member of the Cyber Security Infrastructure
team at Kennedy Space Center with DB Consulting. An IT security and
education professional for more than 20 years, he has served in multiple
positions ranging from director of the Network Training Center and a
curriculum lead/senior instructor for Cisco Networking Academy on
Ramstein AB, Germany, to instructor supervisor and senior instructor at
Dynetics, Inc., in Huntsville, Alabama, providing onsite certification-
awarding classes for (ISC)2, Cisco, and CompTIA. Matt has written and
contributed to numerous technical training books for NASA, Air Education
and Training Command, and the US Air Force, as well as commercially
(CEH Certified Ethical Hacker All-in-One Exam Guide, now in its fourth
ABOUT THE AUTHORS
Mike Meyers, CompTIA A+, CompTIA Network+, CompTIA Security+, is
the industry’s leading authority on CompTIA certifications and the best-
selling author of ten editions of CompTIA A+ Certification All-in-One Exam
Guide (McGraw Hill). He is the president and founder of Total Seminars,
LLC, a major provider of PC and network repair seminars for thousands of
organizations throughout the world, and a member of CompTIA.
Scott Jernigan, CompTIA ITF+, CompTIA A+, CompTIA Network+,
CompTIA Security+, MCP, is the author or co-author (with Mike Meyers) of
over two dozen IT certification books, including CompTIA IT Fundamentals
(ITF+) Certification All-in-One Exam Guide (McGraw Hill). He has taught
seminars on building, fixing, and securing computers and networks all over
the United States, including stints at the FBI Academy in Quantico, Virginia,
and the UN Headquarters in New York City, New York.
About the Technical Editor
Matt Walker is currently a member of the Cyber Security Infrastructure
team at Kennedy Space Center with DB Consulting. An IT security and
education professional for more than 20 years, he has served in multiple
positions ranging from director of the Network Training Center and a
curriculum lead/senior instructor for Cisco Networking Academy on
Ramstein AB, Germany, to instructor supervisor and senior instructor at
Dynetics, Inc., in Huntsville, Alabama, providing onsite certification-
awarding classes for (ISC)2, Cisco, and CompTIA. Matt has written and
contributed to numerous technical training books for NASA, Air Education
and Training Command, and the US Air Force, as well as commercially
(CEH Certified Ethical Hacker All-in-One Exam Guide, now in its fourth
Mike Meyers, CompTIA A+, CompTIA Network+, CompTIA Security+, is
the industry’s leading authority on CompTIA certifications and the best-
selling author of ten editions of CompTIA A+ Certification All-in-One Exam
Guide (McGraw Hill). He is the president and founder of Total Seminars,
LLC, a major provider of PC and network repair seminars for thousands of
organizations throughout the world, and a member of CompTIA.
Scott Jernigan, CompTIA ITF+, CompTIA A+, CompTIA Network+,
CompTIA Security+, MCP, is the author or co-author (with Mike Meyers) of
over two dozen IT certification books, including CompTIA IT Fundamentals
(ITF+) Certification All-in-One Exam Guide (McGraw Hill). He has taught
seminars on building, fixing, and securing computers and networks all over
the United States, including stints at the FBI Academy in Quantico, Virginia,
and the UN Headquarters in New York City, New York.
About the Technical Editor
Matt Walker is currently a member of the Cyber Security Infrastructure
team at Kennedy Space Center with DB Consulting. An IT security and
education professional for more than 20 years, he has served in multiple
positions ranging from director of the Network Training Center and a
curriculum lead/senior instructor for Cisco Networking Academy on
Ramstein AB, Germany, to instructor supervisor and senior instructor at
Dynetics, Inc., in Huntsville, Alabama, providing onsite certification-
awarding classes for (ISC)2, Cisco, and CompTIA. Matt has written and
contributed to numerous technical training books for NASA, Air Education
and Training Command, and the US Air Force, as well as commercially
(CEH Certified Ethical Hacker All-in-One Exam Guide, now in its fourth
edition), and continues to train and write certification and college-level IT
and IA security courses.
and IA security courses.
Copyright © 2021 by McGraw Hill. All rights reserved. Except as permitted
under the United States Copyright Act of 1976, no part of this publication
may be reproduced or distributed in any form or by any means, or stored in a
database or retrieval system, without the prior written permission of the
publisher, with the exception that the program listings may be entered, stored,
and executed in a computer system, but they may not be reproduced for
publication.
ISBN: 978-1-26-047370-4
MHID: 1-26-047370-8
The material in this eBook also appears in the print version of this title:
ISBN: 978-1-26-047369-8, MHID: 1-26-047369-4.
eBook conversion by codeMantra
Version 1.0
All trademarks are trademarks of their respective owners. Rather than put a
trademark symbol after every occurrence of a trademarked name, we use
names in an editorial fashion only, and to the benefit of the trademark owner,
with no intention of infringement of the trademark. Where such designations
appear in this book, they have been printed with initial caps.
McGraw-Hill Education eBooks are available at special quantity discounts to
use as premiums and sales promotions or for use in corporate training
programs. To contact a representative, please visit the Contact Us page at
www.mhprofessional.com.
Information has been obtained by McGraw Hill from sources believed to be
reliable. However, because of the possibility of human or mechanical error by
our sources, McGraw Hill, or others, McGraw Hill does not guarantee the
accuracy, adequacy, or completeness of any information and is not
responsible for any errors or omissions or the results obtained from the use of
such information.
TERMS OF USE
under the United States Copyright Act of 1976, no part of this publication
may be reproduced or distributed in any form or by any means, or stored in a
database or retrieval system, without the prior written permission of the
publisher, with the exception that the program listings may be entered, stored,
and executed in a computer system, but they may not be reproduced for
publication.
ISBN: 978-1-26-047370-4
MHID: 1-26-047370-8
The material in this eBook also appears in the print version of this title:
ISBN: 978-1-26-047369-8, MHID: 1-26-047369-4.
eBook conversion by codeMantra
Version 1.0
All trademarks are trademarks of their respective owners. Rather than put a
trademark symbol after every occurrence of a trademarked name, we use
names in an editorial fashion only, and to the benefit of the trademark owner,
with no intention of infringement of the trademark. Where such designations
appear in this book, they have been printed with initial caps.
McGraw-Hill Education eBooks are available at special quantity discounts to
use as premiums and sales promotions or for use in corporate training
programs. To contact a representative, please visit the Contact Us page at
www.mhprofessional.com.
Information has been obtained by McGraw Hill from sources believed to be
reliable. However, because of the possibility of human or mechanical error by
our sources, McGraw Hill, or others, McGraw Hill does not guarantee the
accuracy, adequacy, or completeness of any information and is not
responsible for any errors or omissions or the results obtained from the use of
such information.
TERMS OF USE
Loading page 6...
This is a copyrighted work and McGraw-Hill Education and its licensors
reserve all rights in and to the work. Use of this work is subject to these
terms. Except as permitted under the Copyright Act of 1976 and the right to
store and retrieve one copy of the work, you may not decompile, disassemble,
reverse engineer, reproduce, modify, create derivative works based upon,
transmit, distribute, disseminate, sell, publish or sublicense the work or any
part of it without McGraw-Hill Education’s prior consent. You may use the
work for your own noncommercial and personal use; any other use of the
work is strictly prohibited. Your right to use the work may be terminated if
you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION
AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES
AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR
RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING
ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE
WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY
DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
McGraw-Hill Education and its licensors do not warrant or guarantee that the
functions contained in the work will meet your requirements or that its
operation will be uninterrupted or error free. Neither McGraw-Hill Education
nor its licensors shall be liable to you or anyone else for any inaccuracy, error
or omission, regardless of cause, in the work or for any damages resulting
therefrom. McGraw-Hill Education has no responsibility for the content of
any information accessed through the work. Under no circumstances shall
McGraw-Hill Education and/or its licensors be liable for any indirect,
incidental, special, punitive, consequential or similar damages that result
from the use of or inability to use the work, even if any of them has been
advised of the possibility of such damages. This limitation of liability shall
apply to any claim or cause whatsoever whether such claim or cause arises in
contract, tort or otherwise.
reserve all rights in and to the work. Use of this work is subject to these
terms. Except as permitted under the Copyright Act of 1976 and the right to
store and retrieve one copy of the work, you may not decompile, disassemble,
reverse engineer, reproduce, modify, create derivative works based upon,
transmit, distribute, disseminate, sell, publish or sublicense the work or any
part of it without McGraw-Hill Education’s prior consent. You may use the
work for your own noncommercial and personal use; any other use of the
work is strictly prohibited. Your right to use the work may be terminated if
you fail to comply with these terms.
THE WORK IS PROVIDED “AS IS.” McGRAW-HILL EDUCATION
AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES
AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR
RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING
ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE
WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY
DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
McGraw-Hill Education and its licensors do not warrant or guarantee that the
functions contained in the work will meet your requirements or that its
operation will be uninterrupted or error free. Neither McGraw-Hill Education
nor its licensors shall be liable to you or anyone else for any inaccuracy, error
or omission, regardless of cause, in the work or for any damages resulting
therefrom. McGraw-Hill Education has no responsibility for the content of
any information accessed through the work. Under no circumstances shall
McGraw-Hill Education and/or its licensors be liable for any indirect,
incidental, special, punitive, consequential or similar damages that result
from the use of or inability to use the work, even if any of them has been
advised of the possibility of such damages. This limitation of liability shall
apply to any claim or cause whatsoever whether such claim or cause arises in
contract, tort or otherwise.
Loading page 7...
For the great friends from around the world who shared
this crazy lockdown with us: Andre de Gooyert, Tullowit,
Alice Pozzi, Zak Morrill, Patricia Grace, Jose Braden,
and so many others. Cheers!
—Mike and Scott
this crazy lockdown with us: Andre de Gooyert, Tullowit,
Alice Pozzi, Zak Morrill, Patricia Grace, Jose Braden,
and so many others. Cheers!
—Mike and Scott
Loading page 8...
CONTENTS AT A GLANCE
Chapter 1 Risk Management
Chapter 2 Cryptography
Chapter 3 Identity and Account Management
Chapter 4 Tools of the Trade
Chapter 5 Securing Individual Systems
Chapter 6 The Basic LAN
Chapter 7 Securing Wireless LANs
Chapter 8 Securing Public Servers
Chapter 9 Securing Dedicated Systems
Chapter 10 Physical Security
Chapter 11 Protocols and Applications
Chapter 12 Testing Infrastructure
Chapter 13 Dealing with Incidents
Appendix A Exam Objective Map
Appendix B About the Online Content
Glossary
Index
Chapter 1 Risk Management
Chapter 2 Cryptography
Chapter 3 Identity and Account Management
Chapter 4 Tools of the Trade
Chapter 5 Securing Individual Systems
Chapter 6 The Basic LAN
Chapter 7 Securing Wireless LANs
Chapter 8 Securing Public Servers
Chapter 9 Securing Dedicated Systems
Chapter 10 Physical Security
Chapter 11 Protocols and Applications
Chapter 12 Testing Infrastructure
Chapter 13 Dealing with Incidents
Appendix A Exam Objective Map
Appendix B About the Online Content
Glossary
Index
Loading page 9...
CONTENTS
Acknowledgments
Introduction
Chapter 1 Risk Management
Module 1-1: Defining Risk
Asset
Likelihood
Threat Actor
Vulnerability and Threat
Circling Back to the Risk Definition
Vectors
Threat Intelligence
Module 1-2: Risk Management Concepts
Infrastructure
Security Controls
Risk Management Frameworks
Module 1-3: Security Controls
Control Categories
Control Types
Module 1-4: Risk Assessment
Risk Assessment Processes and Concepts
Quantitative Risk Assessment
Qualitative Risk Assessment
Putting It All Together: Risk Analysis
Risk Response
Module 1-5: Business Impact Analysis
BIA Basics
Types of Impact
Locating Critical Resources
Acknowledgments
Introduction
Chapter 1 Risk Management
Module 1-1: Defining Risk
Asset
Likelihood
Threat Actor
Vulnerability and Threat
Circling Back to the Risk Definition
Vectors
Threat Intelligence
Module 1-2: Risk Management Concepts
Infrastructure
Security Controls
Risk Management Frameworks
Module 1-3: Security Controls
Control Categories
Control Types
Module 1-4: Risk Assessment
Risk Assessment Processes and Concepts
Quantitative Risk Assessment
Qualitative Risk Assessment
Putting It All Together: Risk Analysis
Risk Response
Module 1-5: Business Impact Analysis
BIA Basics
Types of Impact
Locating Critical Resources
Loading page 10...
Calculating Impact
Calculating Downtime
Module 1-6: Data Security and Data Protection
Organizing Data
Legal and Compliance
Data Destruction
Privacy Breaches
Module 1-7: Personnel Risk and Policies
Hiring
Onboarding
Personnel Management Policies
Training
Policies
User Habits
Offboarding
Module 1-8: Third-Party Risk and Policies
Third-Party Risk Management
Agreement Types
Questions
Answers
Chapter 2 Cryptography
Module 2-1: Cryptography Basics
Essential Building Blocks
Early Cryptography
Cryptography Components
Module 2-2: Cryptographic Methods
Symmetric Cryptography
Asymmetric Cryptography
Hashing
Limitations in Symmetric vs. Asymmetric Cryptography
Hybrid Cryptography
The Perfect Cryptosystem
Module 2-3: Symmetric Cryptosystems
DES
Calculating Downtime
Module 1-6: Data Security and Data Protection
Organizing Data
Legal and Compliance
Data Destruction
Privacy Breaches
Module 1-7: Personnel Risk and Policies
Hiring
Onboarding
Personnel Management Policies
Training
Policies
User Habits
Offboarding
Module 1-8: Third-Party Risk and Policies
Third-Party Risk Management
Agreement Types
Questions
Answers
Chapter 2 Cryptography
Module 2-1: Cryptography Basics
Essential Building Blocks
Early Cryptography
Cryptography Components
Module 2-2: Cryptographic Methods
Symmetric Cryptography
Asymmetric Cryptography
Hashing
Limitations in Symmetric vs. Asymmetric Cryptography
Hybrid Cryptography
The Perfect Cryptosystem
Module 2-3: Symmetric Cryptosystems
DES
Loading page 11...
3DES
AES
Blowfish
Twofish
RC4
Summary of Symmetric Algorithm Characteristics
Module 2-4: Asymmetric Cryptosystems
RSA
Diffie-Hellman
PGP/GPG
ECC
ElGamal
Module 2-5: Hashing Algorithms
Hashing Process
MD5
SHA
RIPEMD
HMAC
Module 2-6: Digital Signatures and Certificates
Digital Signatures
Digital Certificates
Module 2-7: Public Key Infrastructure
Keys, Algorithms, and Standards
PKI Services
Digital Certificates and PKI Structure
Key Safety
Trust Models
Module 2-8: Cryptographic Attacks
Attack Strategies
Attackable Data
Attack Scenarios
Defending Password Storage
Other Attack Options
Module 2-9: Other Cryptosystems
Homomorphic Encryption
AES
Blowfish
Twofish
RC4
Summary of Symmetric Algorithm Characteristics
Module 2-4: Asymmetric Cryptosystems
RSA
Diffie-Hellman
PGP/GPG
ECC
ElGamal
Module 2-5: Hashing Algorithms
Hashing Process
MD5
SHA
RIPEMD
HMAC
Module 2-6: Digital Signatures and Certificates
Digital Signatures
Digital Certificates
Module 2-7: Public Key Infrastructure
Keys, Algorithms, and Standards
PKI Services
Digital Certificates and PKI Structure
Key Safety
Trust Models
Module 2-8: Cryptographic Attacks
Attack Strategies
Attackable Data
Attack Scenarios
Defending Password Storage
Other Attack Options
Module 2-9: Other Cryptosystems
Homomorphic Encryption
Loading page 12...
Blockchain
Quantum Cryptography
Questions
Answers
Chapter 3 Identity and Account Management
Module 3-1: Understanding Authentication
Identification and AAA
Identification and Authentication
Authorization
Accounting
Trust
Module 3-2: Authentication Methods and Access Controls
Authentication Methods
Biometrics
Authorization and Access Control Schemes/Models
Module 3-3: Account Management
User Accounts
Account Policies
Account Administration
Module 3-4: Point-to-Point Authentication
PAP
CHAP/MS-CHAP
Remote Access Connection and Authentication Services
Module 3-5: Network Authentication
The Challenge of LAN Access Management
Microsoft Networking
LDAP and Secure LDAP
Module 3-6: Identity Management Systems
Trust
Shared Authentication Schemes
Questions
Answers
Chapter 4 Tools of the Trade
Quantum Cryptography
Questions
Answers
Chapter 3 Identity and Account Management
Module 3-1: Understanding Authentication
Identification and AAA
Identification and Authentication
Authorization
Accounting
Trust
Module 3-2: Authentication Methods and Access Controls
Authentication Methods
Biometrics
Authorization and Access Control Schemes/Models
Module 3-3: Account Management
User Accounts
Account Policies
Account Administration
Module 3-4: Point-to-Point Authentication
PAP
CHAP/MS-CHAP
Remote Access Connection and Authentication Services
Module 3-5: Network Authentication
The Challenge of LAN Access Management
Microsoft Networking
LDAP and Secure LDAP
Module 3-6: Identity Management Systems
Trust
Shared Authentication Schemes
Questions
Answers
Chapter 4 Tools of the Trade
Loading page 13...
Module 4-1: Operating System Utilities
Network Reconnaissance and Discovery
File Manipulation
Shell and Script Environments
Module 4-2: Network Scanners
Scanning Methods
Scanning Targets
Scanner Types
Module 4-3: Protocol Analyzers
Why Protocol Analyze?
Wireshark
tcpdump
Module 4-4: Monitoring Networks
Exploring Log Files
Centralizing Log Files
Security Information and Event Management
Log File Management
Questions
Answers
Chapter 5 Securing Individual Systems
Module 5-1: Types of System Attacks
Attacking Applications
Driver Manipulation
Malicious Code or Script Execution
Module 5-2: Malware
Virus
Cryptomalware/Ransomware
Worm
Trojan Horse
Potentially Unwanted Programs
Bots/Botnets
Logic Bomb
Keylogger
RAT
Network Reconnaissance and Discovery
File Manipulation
Shell and Script Environments
Module 4-2: Network Scanners
Scanning Methods
Scanning Targets
Scanner Types
Module 4-3: Protocol Analyzers
Why Protocol Analyze?
Wireshark
tcpdump
Module 4-4: Monitoring Networks
Exploring Log Files
Centralizing Log Files
Security Information and Event Management
Log File Management
Questions
Answers
Chapter 5 Securing Individual Systems
Module 5-1: Types of System Attacks
Attacking Applications
Driver Manipulation
Malicious Code or Script Execution
Module 5-2: Malware
Virus
Cryptomalware/Ransomware
Worm
Trojan Horse
Potentially Unwanted Programs
Bots/Botnets
Logic Bomb
Keylogger
RAT
Loading page 14...
Rootkit
Backdoor
Module 5-3: Cybersecurity Resilience
Non-persistence
Redundancy
Diversity
Module 5-4: Securing Hardware
Physical Attacks
Securing the Systems
Securing Boot Integrity
Module 5-5: Securing Endpoints
Hardening Operating Systems
Anti-malware
Data Execution Prevention
File Integrity Monitors
Data Loss Prevention
Module 5-6: System Recycling
Clear
Purge
Destroy
Questions
Answers
Chapter 6 The Basic LAN
Module 6-1: Layer 2 LAN Attacks
ARP Poisoning
Man-in-the-Middle Attacks
MAC Flooding
MAC Cloning
Module 6-2: Organizing LANs
Configuration Management
Network Segmentation
Load Balancing
Module 6-3: Implementing Secure Network Designs
Securing the LAN
Backdoor
Module 5-3: Cybersecurity Resilience
Non-persistence
Redundancy
Diversity
Module 5-4: Securing Hardware
Physical Attacks
Securing the Systems
Securing Boot Integrity
Module 5-5: Securing Endpoints
Hardening Operating Systems
Anti-malware
Data Execution Prevention
File Integrity Monitors
Data Loss Prevention
Module 5-6: System Recycling
Clear
Purge
Destroy
Questions
Answers
Chapter 6 The Basic LAN
Module 6-1: Layer 2 LAN Attacks
ARP Poisoning
Man-in-the-Middle Attacks
MAC Flooding
MAC Cloning
Module 6-2: Organizing LANs
Configuration Management
Network Segmentation
Load Balancing
Module 6-3: Implementing Secure Network Designs
Securing the LAN
Loading page 15...
Internet Connection Firewalls
Securing Servers
Module 6-4: Virtual Private Networks
How VPNs Work
Early VPNs
IPsec VPNs
TLS VPNs
Module 6-5: Network-Based Intrusion Detection/Prevention
Detection vs. Prevention
Detecting Attacks
Configuring Network-Based IDS/IPS
Monitoring NIDS/NIPS
Endpoint Detection and Response
Questions
Answers
Chapter 7 Securing Wireless LANs
Module 7-1: Networking with 802.11
Wireless Cryptographic Protocols
Wireless Authentication Protocols
Module 7-2: Attacking 802.11
Wireless Survey/Stumbler
Packet Capture
Attack Tools
Rogue Access Point
Jamming
Packet Sniffing
Deauthentication Attack
Near-Field Communication
Replay Attacks
WEP/WPA Attacks
WPS Attacks
Wireless Peripherals
Module 7-3: Securing 802.11
Installation Considerations
Securing Servers
Module 6-4: Virtual Private Networks
How VPNs Work
Early VPNs
IPsec VPNs
TLS VPNs
Module 6-5: Network-Based Intrusion Detection/Prevention
Detection vs. Prevention
Detecting Attacks
Configuring Network-Based IDS/IPS
Monitoring NIDS/NIPS
Endpoint Detection and Response
Questions
Answers
Chapter 7 Securing Wireless LANs
Module 7-1: Networking with 802.11
Wireless Cryptographic Protocols
Wireless Authentication Protocols
Module 7-2: Attacking 802.11
Wireless Survey/Stumbler
Packet Capture
Attack Tools
Rogue Access Point
Jamming
Packet Sniffing
Deauthentication Attack
Near-Field Communication
Replay Attacks
WEP/WPA Attacks
WPS Attacks
Wireless Peripherals
Module 7-3: Securing 802.11
Installation Considerations
Loading page 16...
Wireless Configuration
Security Posture Assessment
Questions
Answers
Chapter 8 Securing Public Servers
Module 8-1: Attacking and Defending Public Servers
Distributed Denial-of-Service
Route Security
Quality of Service
Monitoring Services
Module 8-2: Virtualization Security
Virtualization Architecture
Containers
Virtualization Risks
Using Virtualization for Security
Module 8-3: Cloud Deployment
Let’s Talk Amazon
Cloud Deployment Models
Cloud Architecture Models
Cloud Growing Pains
Module 8-4: Securing the Cloud
Cloud Security Controls
Unique Cloud Security Solutions
Questions
Answers
Chapter 9 Securing Dedicated Systems
Module 9-1: Embedded, Specialized, and Mobile Systems
Embedded Systems
SCADA/ICS
Internet of Things
Specialized Systems
Mobile Systems
Module 9-2: Connecting to Dedicated Systems
Security Posture Assessment
Questions
Answers
Chapter 8 Securing Public Servers
Module 8-1: Attacking and Defending Public Servers
Distributed Denial-of-Service
Route Security
Quality of Service
Monitoring Services
Module 8-2: Virtualization Security
Virtualization Architecture
Containers
Virtualization Risks
Using Virtualization for Security
Module 8-3: Cloud Deployment
Let’s Talk Amazon
Cloud Deployment Models
Cloud Architecture Models
Cloud Growing Pains
Module 8-4: Securing the Cloud
Cloud Security Controls
Unique Cloud Security Solutions
Questions
Answers
Chapter 9 Securing Dedicated Systems
Module 9-1: Embedded, Specialized, and Mobile Systems
Embedded Systems
SCADA/ICS
Internet of Things
Specialized Systems
Mobile Systems
Module 9-2: Connecting to Dedicated Systems
Loading page 17...
Common Communication Technologies
IoT-Specific Communication Technologies
Module 9-3: Security Constraints for Dedicated Systems
Hardware
Programming
Connectivity
Module 9-4: Implementing Secure Mobile Solutions
Mobile Device Management
Deployment Models
Inventory Control and Asset Tracking
Application Management and Security
Encryption and Authentication
Enforcement and Monitoring for Device Security
Questions
Answers
Chapter 10 Physical Security
Module 10-1: Physical Security Controls
Passive Defensive Systems and Perimeter Controls
Active Alert Systems
Manned Defensive Systems
Module 10-2: Environmental Controls
EMI and RFI Shielding
Fire Suppression
HVAC
Temperature and Humidity Controls
Hot and Cold Aisles
Environmental Monitoring
Questions
Answers
Chapter 11 Secure Protocols and Applications
Module 11-1: Secure Internet Protocols
DNS Security
SNMP
IoT-Specific Communication Technologies
Module 9-3: Security Constraints for Dedicated Systems
Hardware
Programming
Connectivity
Module 9-4: Implementing Secure Mobile Solutions
Mobile Device Management
Deployment Models
Inventory Control and Asset Tracking
Application Management and Security
Encryption and Authentication
Enforcement and Monitoring for Device Security
Questions
Answers
Chapter 10 Physical Security
Module 10-1: Physical Security Controls
Passive Defensive Systems and Perimeter Controls
Active Alert Systems
Manned Defensive Systems
Module 10-2: Environmental Controls
EMI and RFI Shielding
Fire Suppression
HVAC
Temperature and Humidity Controls
Hot and Cold Aisles
Environmental Monitoring
Questions
Answers
Chapter 11 Secure Protocols and Applications
Module 11-1: Secure Internet Protocols
DNS Security
SNMP
Loading page 18...
SSH
FTP
SRTP
Module 11-2: Secure Web and E-mail
HTTP
HTTPS
E-mail
Module 11-3: Web Application Attacks
Injection Attacks
Hijacking and Related Attacks
Other Web Application Attacks
Module 11-4: Application Security
Development
Code Quality and Testing
Staging
Production
Quality Assurance
Getting Organized
Module 11-5: Certificates in Security
Certificate Concepts and Components
PKI Concepts
Online vs. Offline CA
PKI TLS Scenario
Types of Certificates
Certificate Formats
Key Escrow
Questions
Answers
Chapter 12 Testing Infrastructure
Module 12-1: Vulnerability Impact
Device/Hardware Vulnerabilities
Configuration Vulnerabilities
Management/Design Vulnerabilities
Module 12-2: Social Engineering
FTP
SRTP
Module 11-2: Secure Web and E-mail
HTTP
HTTPS
Module 11-3: Web Application Attacks
Injection Attacks
Hijacking and Related Attacks
Other Web Application Attacks
Module 11-4: Application Security
Development
Code Quality and Testing
Staging
Production
Quality Assurance
Getting Organized
Module 11-5: Certificates in Security
Certificate Concepts and Components
PKI Concepts
Online vs. Offline CA
PKI TLS Scenario
Types of Certificates
Certificate Formats
Key Escrow
Questions
Answers
Chapter 12 Testing Infrastructure
Module 12-1: Vulnerability Impact
Device/Hardware Vulnerabilities
Configuration Vulnerabilities
Management/Design Vulnerabilities
Module 12-2: Social Engineering
Loading page 19...
Social Engineering Goals
Principles
Types of Attacks
Module 12-3: Artificial Intelligence
Understanding Artificial Intelligence
Machine Learning Essentials
OSINT
Adversarial Artificial Intelligence
Module 12-4: Security Assessment
Threat Hunting
Vulnerability Scans
Penetration Testing
Module 12-5: Assessment Tools
Protocol Analyzer
Network Scanner
Vulnerability Scanner
Configuration Compliance Scanner
Penetration Testing with Metasploit
Specific Tools Mentioned by CompTIA
Interpreting Security Assessment Tool Results
Questions
Answers
Chapter 13 Dealing with Incidents
Module 13-1: Incident Response
Incident Response Concepts
Incident Response Procedures
Scenarios: Mitigation During and After an Incident
Module 13-2: Digital Forensics
Digital Forensics Concepts
Data Volatility
Critical Forensics Practices
Data Acquisition
Analyzing Evidence
Module 13-3: Continuity of Operations and Disaster Recovery
Principles
Types of Attacks
Module 12-3: Artificial Intelligence
Understanding Artificial Intelligence
Machine Learning Essentials
OSINT
Adversarial Artificial Intelligence
Module 12-4: Security Assessment
Threat Hunting
Vulnerability Scans
Penetration Testing
Module 12-5: Assessment Tools
Protocol Analyzer
Network Scanner
Vulnerability Scanner
Configuration Compliance Scanner
Penetration Testing with Metasploit
Specific Tools Mentioned by CompTIA
Interpreting Security Assessment Tool Results
Questions
Answers
Chapter 13 Dealing with Incidents
Module 13-1: Incident Response
Incident Response Concepts
Incident Response Procedures
Scenarios: Mitigation During and After an Incident
Module 13-2: Digital Forensics
Digital Forensics Concepts
Data Volatility
Critical Forensics Practices
Data Acquisition
Analyzing Evidence
Module 13-3: Continuity of Operations and Disaster Recovery
Loading page 20...
Risk Management Best Practices
Contingency Planning and Resilience
Functional Recovery Plans
Backup and Restore Plans and Policies
Questions
Answers
Appendix A Exam Objective Map
Exam SY0-601
Appendix B About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Other Book Resources
Video Training from Mike Meyers
TotalSim Simulations
Mike’s Cool Tools
Technical Support
Glossary
Index
Contingency Planning and Resilience
Functional Recovery Plans
Backup and Restore Plans and Policies
Questions
Answers
Appendix A Exam Objective Map
Exam SY0-601
Appendix B About the Online Content
System Requirements
Your Total Seminars Training Hub Account
Privacy Notice
Single User License Terms and Conditions
TotalTester Online
Other Book Resources
Video Training from Mike Meyers
TotalSim Simulations
Mike’s Cool Tools
Technical Support
Glossary
Index
Loading page 21...
ACKNOWLEDGMENTS
In general, we’d like to thank our amazing teams at McGraw Hill and
KnowledgeWorks Global Ltd. for such excellent support and brilliant work
editing, laying out, and publishing this edition. Special shout out to our co-
workers at Total Seminars—Michael Smyer, Dave Rush, and Travis Everett
—for listening to us rant and providing excellent feedback.
We’d like to acknowledge the many people who contributed their talents
to make this book possible:
To Tim Green, our acquisitions editor at McGraw Hill: Thank you for
the steady encouragement during this crazy year. You’re the best!
To Matt Walker, technical editor: Excellent working with you! Thanks
for laughing at our geeky jokes and sharing great stories.
To Bill McManus, copy editor: What an absolute delight to do this
project with you! Your efforts made this a much better book.
To Emily Walters, acquisitions coordinator at McGraw Hill: Thanks
for the Friday meetings and slightly menacing cat-on-lap petting. Way to
keep us on track!
To Neelu Sahu, project manager at KnowledgeWorks Global Ltd.:
Enjoyed working with you, Neelu. Hope the somewhat chaotic pacing wasn’t
too stressful!
To Lisa McCoy, proofreader: Fabulous job, thanks!
To Ted Laux, indexer extraordinaire: Well done!
To KnowledgeWorks Global Ltd. compositors: The layout was
excellent, thanks!
To Janet Walden, editorial supervisor at McGraw Hill: Great to work
with you on this project! Next time we’ll make a few extra changes in page
proofs just for you!
To Tom Somers, production supervisor at McGraw Hill: Thanks for
waving that magic wand of yours and making so much happen as smoothly as
possible.
In general, we’d like to thank our amazing teams at McGraw Hill and
KnowledgeWorks Global Ltd. for such excellent support and brilliant work
editing, laying out, and publishing this edition. Special shout out to our co-
workers at Total Seminars—Michael Smyer, Dave Rush, and Travis Everett
—for listening to us rant and providing excellent feedback.
We’d like to acknowledge the many people who contributed their talents
to make this book possible:
To Tim Green, our acquisitions editor at McGraw Hill: Thank you for
the steady encouragement during this crazy year. You’re the best!
To Matt Walker, technical editor: Excellent working with you! Thanks
for laughing at our geeky jokes and sharing great stories.
To Bill McManus, copy editor: What an absolute delight to do this
project with you! Your efforts made this a much better book.
To Emily Walters, acquisitions coordinator at McGraw Hill: Thanks
for the Friday meetings and slightly menacing cat-on-lap petting. Way to
keep us on track!
To Neelu Sahu, project manager at KnowledgeWorks Global Ltd.:
Enjoyed working with you, Neelu. Hope the somewhat chaotic pacing wasn’t
too stressful!
To Lisa McCoy, proofreader: Fabulous job, thanks!
To Ted Laux, indexer extraordinaire: Well done!
To KnowledgeWorks Global Ltd. compositors: The layout was
excellent, thanks!
To Janet Walden, editorial supervisor at McGraw Hill: Great to work
with you on this project! Next time we’ll make a few extra changes in page
proofs just for you!
To Tom Somers, production supervisor at McGraw Hill: Thanks for
waving that magic wand of yours and making so much happen as smoothly as
possible.
Loading page 22...
INTRODUCTION
Most societies teem with a host of networked devices, from servers to
smartphones, that provide the backbone for much of modern life. People and
companies use these devices to produce and sell products and services,
communicate around the globe, educate at every level, and manage the
mechanisms of governments everywhere. Networked devices and the
complex networks that interconnect them offer advances for humanity on par
with, or perhaps beyond, the Agricultural and Industrial Revolutions. That’s
the good news.
The bad news is the fact that reliance on these devices creates a security
risk to the resources placed on them. Networks can lose critical data and
connections, both of which equate to loss of energy, confidence, time, and
money. To paraphrase a few words from the American statesman, James
Madison, if humans were angels, there’d be no need for security
professionals. But humans are at best negligent and at worst petty, vindictive,
and astoundingly creative in pursuit of your money and secrets.
Networked devices and the networks that interconnect them need security
professionals to stand guard. The need for security professionals in
information technology (IT) far outstrips demand, and we assume that’s why
you picked up this book. You see the trend and want to take the first step to
becoming an IT security professional by attaining the acknowledged first
security certification to get CompTIA Security+.
This introduction starts with an overview of the goals of security, to put a
framework around everything you’re going to learn. Second, we’ll discuss
the CompTIA Security+ certification and look at exam details. Finally, this
introduction details the overall structure of the book, providing a roadmap for
studying for the exam.
Goals of Security
Traditional computer security theory balances among three critical elements:
Most societies teem with a host of networked devices, from servers to
smartphones, that provide the backbone for much of modern life. People and
companies use these devices to produce and sell products and services,
communicate around the globe, educate at every level, and manage the
mechanisms of governments everywhere. Networked devices and the
complex networks that interconnect them offer advances for humanity on par
with, or perhaps beyond, the Agricultural and Industrial Revolutions. That’s
the good news.
The bad news is the fact that reliance on these devices creates a security
risk to the resources placed on them. Networks can lose critical data and
connections, both of which equate to loss of energy, confidence, time, and
money. To paraphrase a few words from the American statesman, James
Madison, if humans were angels, there’d be no need for security
professionals. But humans are at best negligent and at worst petty, vindictive,
and astoundingly creative in pursuit of your money and secrets.
Networked devices and the networks that interconnect them need security
professionals to stand guard. The need for security professionals in
information technology (IT) far outstrips demand, and we assume that’s why
you picked up this book. You see the trend and want to take the first step to
becoming an IT security professional by attaining the acknowledged first
security certification to get CompTIA Security+.
This introduction starts with an overview of the goals of security, to put a
framework around everything you’re going to learn. Second, we’ll discuss
the CompTIA Security+ certification and look at exam details. Finally, this
introduction details the overall structure of the book, providing a roadmap for
studying for the exam.
Goals of Security
Traditional computer security theory balances among three critical elements:
Loading page 23...
functionality, security, and the resources available to ensure both. From a
functionality standpoint, systems must function as people need them to
function to process the data needed. Users and other systems need to interface
with systems and data seamlessly to get work done. Don’t confuse
functionality with free rein. Allowing users to do whatever they wish with
systems and data may result in loss, theft, or destruction of systems and data.
Therefore, functionality must balance with security.
From the security standpoint, however, increasing the levels of protection
for systems and data usually reduces functionality. Introducing security
mechanisms and procedures into the mix doesn’t always allow users to see or
interact with data and systems the way they would like. This usually means a
reduction in functionality to some degree.
To add another wrinkle, the resources expended toward functionality and
security, and the balance between them, are finite. No one has all the money
or resources they need or as much functionality or security as they want.
Keep in mind, therefore, that the relationship between functionality and
security is inversely proportional; that is to say, the more security in place,
the less functionality, and vice versa. Also, the fewer resources a person or
organization has, the less of either functionality or security they can afford.
Figure 1 illustrates this careful balancing act among the three elements of
functionality, security, and resources.
Figure 1
Balancing functionality, security, and resources
Security theory follows three goals, widely considered the foundations of
the IT security trade: confidentiality, integrity, and availability. Security
professionals work to achieve these goals in every security program and
technology. These three goals inform all the data and the systems that process
it. The three goals of security are called the CIA triad. Figure 2 illustrates the
three goals of confidentiality, integrity, and availability.
functionality standpoint, systems must function as people need them to
function to process the data needed. Users and other systems need to interface
with systems and data seamlessly to get work done. Don’t confuse
functionality with free rein. Allowing users to do whatever they wish with
systems and data may result in loss, theft, or destruction of systems and data.
Therefore, functionality must balance with security.
From the security standpoint, however, increasing the levels of protection
for systems and data usually reduces functionality. Introducing security
mechanisms and procedures into the mix doesn’t always allow users to see or
interact with data and systems the way they would like. This usually means a
reduction in functionality to some degree.
To add another wrinkle, the resources expended toward functionality and
security, and the balance between them, are finite. No one has all the money
or resources they need or as much functionality or security as they want.
Keep in mind, therefore, that the relationship between functionality and
security is inversely proportional; that is to say, the more security in place,
the less functionality, and vice versa. Also, the fewer resources a person or
organization has, the less of either functionality or security they can afford.
Figure 1 illustrates this careful balancing act among the three elements of
functionality, security, and resources.
Figure 1
Balancing functionality, security, and resources
Security theory follows three goals, widely considered the foundations of
the IT security trade: confidentiality, integrity, and availability. Security
professionals work to achieve these goals in every security program and
technology. These three goals inform all the data and the systems that process
it. The three goals of security are called the CIA triad. Figure 2 illustrates the
three goals of confidentiality, integrity, and availability.
Loading page 24...
Figure 2
The CIA triad
NOTE
The CIA triad is put into practice through various security mechanisms and
controls. Every security technique, practice, and mechanism put into place to
protect systems and data relates in some fashion to ensuring confidentiality,
integrity, and availability.
Confidentiality
Confidentiality tries to keep unauthorized people from accessing, seeing,
reading, or interacting with systems and data. Confidentiality is a
characteristic met by keeping data secret from people who aren’t allowed to
have it or interact with it in any way, while making sure that only those
people who do have the right to access it can do so. Systems achieve
confidentiality through various means, including the use of permissions to
data, encryption, and so on.
The CIA triad
NOTE
The CIA triad is put into practice through various security mechanisms and
controls. Every security technique, practice, and mechanism put into place to
protect systems and data relates in some fashion to ensuring confidentiality,
integrity, and availability.
Confidentiality
Confidentiality tries to keep unauthorized people from accessing, seeing,
reading, or interacting with systems and data. Confidentiality is a
characteristic met by keeping data secret from people who aren’t allowed to
have it or interact with it in any way, while making sure that only those
people who do have the right to access it can do so. Systems achieve
confidentiality through various means, including the use of permissions to
data, encryption, and so on.
Loading page 25...
Integrity
Meeting the goal of integrity requires maintaining data and systems in a
pristine, unaltered state when they are stored, transmitted, processed, and
received, unless the alteration is intended due to normal processing. In other
words, there should be no unauthorized modification, alteration, creation, or
deletion of data. Any changes to data must be done only as part of authorized
transformations in normal use and processing. Integrity can be maintained by
the use of a variety of checks and other mechanisms, including data
checksums and comparison with known or computed data values.
Availability
Maintaining availability means ensuring that systems and data are available
for authorized users to perform authorized tasks, whenever they need them.
Availability bridges security and functionality, because it ensures that users
have a secure, functional system at their immediate disposal. An extremely
secure system that’s not functional is not available in practice. Availability is
ensured in various ways, including system redundancy, data backups,
business continuity, and other means.
During the course of your study, keep in mind the overall goals in IT
security. First, balance three critical elements: functionality, security, and the
resources available to ensure both. Second, focus on the goals of the CIA
triad—confidentiality, integrity, and availability—when implementing,
reviewing, managing, or troubleshooting network and system security. The
book returns to these themes many times, tying new pieces of knowledge to
this framework.
CompTIA Security+ Certification
The CompTIA Security+ certification has earned the reputation as the first
step for anyone pursuing a career in the highly complex, highly convoluted,
and still very much evolving world of IT security. Let’s start with a
description of CompTIA, then look at the specifics of the certification.
Meeting the goal of integrity requires maintaining data and systems in a
pristine, unaltered state when they are stored, transmitted, processed, and
received, unless the alteration is intended due to normal processing. In other
words, there should be no unauthorized modification, alteration, creation, or
deletion of data. Any changes to data must be done only as part of authorized
transformations in normal use and processing. Integrity can be maintained by
the use of a variety of checks and other mechanisms, including data
checksums and comparison with known or computed data values.
Availability
Maintaining availability means ensuring that systems and data are available
for authorized users to perform authorized tasks, whenever they need them.
Availability bridges security and functionality, because it ensures that users
have a secure, functional system at their immediate disposal. An extremely
secure system that’s not functional is not available in practice. Availability is
ensured in various ways, including system redundancy, data backups,
business continuity, and other means.
During the course of your study, keep in mind the overall goals in IT
security. First, balance three critical elements: functionality, security, and the
resources available to ensure both. Second, focus on the goals of the CIA
triad—confidentiality, integrity, and availability—when implementing,
reviewing, managing, or troubleshooting network and system security. The
book returns to these themes many times, tying new pieces of knowledge to
this framework.
CompTIA Security+ Certification
The CompTIA Security+ certification has earned the reputation as the first
step for anyone pursuing a career in the highly complex, highly convoluted,
and still very much evolving world of IT security. Let’s start with a
description of CompTIA, then look at the specifics of the certification.
Loading page 26...
CompTIA
The Computing Technology Industry Association (CompTIA) is a nonprofit,
industry-wide organization of just about everyone in the IT industry. The
different aspects of CompTIA’s mission include certification, education, and
public policy.
As of this writing, CompTIA offers 13 vendor-neutral certifications
covering a wide range of information technology areas. Examples of some of
these areas and certifications include CompTIA Linux+ (focusing on the
Linux operating system), CompTIA A+ (which focuses on computer
technology support fundamentals), CompTIA Network+ (covering different
network technologies), and, of course, CompTIA Security+.
CompTIA certifications are considered the de facto standard in the
industry in some areas. Because they are vendor neutral, almost all CompTIA
certifications cover basic knowledge of fundamental concepts of a particular
aspect of IT. CompTIA works hard to develop exams that accurately validate
knowledge that professionals must have in that area. This enables employers
and others to be confident that the individual’s knowledge meets a minimum
level of skill, standardized across the industry.
The CompTIA Security+ Exam
Let’s state up front that CompTIA does not have any requirements for
individuals who want to take the CompTIA Security+ exam. There are no
prerequisites for certification or definitive requirements for years of
experience. CompTIA does have several recommendations, on the other
hand, including knowledge that might be validated by other CompTIA
certifications such as the CompTIA Network+ certification. In other words,
the level of networking knowledge you are expected to have before you take
the CompTIA Security+ exam is the level that you would have after
successfully completing the CompTIA Network+ certification. Here are
CompTIA’s recommendations:
• Network+ certification
• Two years of experience in IT systems administration, with a focus on
security
The Computing Technology Industry Association (CompTIA) is a nonprofit,
industry-wide organization of just about everyone in the IT industry. The
different aspects of CompTIA’s mission include certification, education, and
public policy.
As of this writing, CompTIA offers 13 vendor-neutral certifications
covering a wide range of information technology areas. Examples of some of
these areas and certifications include CompTIA Linux+ (focusing on the
Linux operating system), CompTIA A+ (which focuses on computer
technology support fundamentals), CompTIA Network+ (covering different
network technologies), and, of course, CompTIA Security+.
CompTIA certifications are considered the de facto standard in the
industry in some areas. Because they are vendor neutral, almost all CompTIA
certifications cover basic knowledge of fundamental concepts of a particular
aspect of IT. CompTIA works hard to develop exams that accurately validate
knowledge that professionals must have in that area. This enables employers
and others to be confident that the individual’s knowledge meets a minimum
level of skill, standardized across the industry.
The CompTIA Security+ Exam
Let’s state up front that CompTIA does not have any requirements for
individuals who want to take the CompTIA Security+ exam. There are no
prerequisites for certification or definitive requirements for years of
experience. CompTIA does have several recommendations, on the other
hand, including knowledge that might be validated by other CompTIA
certifications such as the CompTIA Network+ certification. In other words,
the level of networking knowledge you are expected to have before you take
the CompTIA Security+ exam is the level that you would have after
successfully completing the CompTIA Network+ certification. Here are
CompTIA’s recommendations:
• Network+ certification
• Two years of experience in IT systems administration, with a focus on
security
Loading page 27...
You should have experience in several areas, such as networking
knowledge, basic information security concepts, hardware, software (both
operating systems and applications), cryptography, physical security, and so
on. The next few sections cover specific exam objectives that you need to
know.
The following table shows the six domains in the CompTIA Security+
Certification Exam Objectives document for exam SY0-601. Each of these
domains has very detailed exam objectives.
Threats, Attacks, and Vulnerabilities
Domain 1.0 is all about the attacks, from malware to application attacks. It’s
critical you know your keyloggers from your RATs and your buffer
overflows from your cross-site scripting. In addition, you should recognize
the threat actors, from script kiddies to evil governments to incompetent
users. Along with the threats and attacks, you should understand different
types of vulnerabilities that enable these attacks to thrive and the two main
tools you use to minimize those vulnerabilities, security assessments, and
penetration testing.
Architecture and Design
Domain 2.0 explores a lot of topics under its benign-sounding title. You’re
expected to explain important security concepts, such as data protection,
hashing, and site resiliency. The domain covers cloud models, such as
infrastructure as a service (IaaS); you’ll need to summarize containers,
infrastructure as code, and virtualization. In addition, this domain covers the
design of secure applications and security for embedded systems.
Domain 2.0 requires you to know how to use security devices, protocols,
and tools. This domain covers the frameworks that enable secure IT, the
knowledge, basic information security concepts, hardware, software (both
operating systems and applications), cryptography, physical security, and so
on. The next few sections cover specific exam objectives that you need to
know.
The following table shows the six domains in the CompTIA Security+
Certification Exam Objectives document for exam SY0-601. Each of these
domains has very detailed exam objectives.
Threats, Attacks, and Vulnerabilities
Domain 1.0 is all about the attacks, from malware to application attacks. It’s
critical you know your keyloggers from your RATs and your buffer
overflows from your cross-site scripting. In addition, you should recognize
the threat actors, from script kiddies to evil governments to incompetent
users. Along with the threats and attacks, you should understand different
types of vulnerabilities that enable these attacks to thrive and the two main
tools you use to minimize those vulnerabilities, security assessments, and
penetration testing.
Architecture and Design
Domain 2.0 explores a lot of topics under its benign-sounding title. You’re
expected to explain important security concepts, such as data protection,
hashing, and site resiliency. The domain covers cloud models, such as
infrastructure as a service (IaaS); you’ll need to summarize containers,
infrastructure as code, and virtualization. In addition, this domain covers the
design of secure applications and security for embedded systems.
Domain 2.0 requires you to know how to use security devices, protocols,
and tools. This domain covers the frameworks that enable secure IT, the
Loading page 28...
design concepts such as defense-in-depth, and benchmarks used to measure
security. This domain covers technologies to defend networks, such as
VLANs, screened subnets, and wireless designs. In addition, this domain
covers the design of secure applications and security for embedded systems.
Domain 2.0 also covers physical security controls, such as fencing and fire
prevention.
Finally, domain 2.0 expects knowledge of cryptographic concepts. You’ll
get questions on symmetric versus asymmetric cryptography, for example.
The objectives explore public key encryption, keys, salting, hashing, and
more.
Implementation
The key with domain 3.0 is in the name, “Implementation.” Concepts
discussed in other domains get scenario-level in this domain. Domain 3.0
goes into great detail about authentication, authorization, and accounting. It
expects you to know and implement authentication and the many identity and
access services such as LDAP and Kerberos. The domain addresses
authorization via user groups and accounts and the tools and methods used to
control them. You’ll need to know how to implement secure wireless and
mobile solutions, plus apply cybersecurity solutions to cloud computing.
Finally, the domain expects you to understand how to implement public key
infrastructure.
Operations and Incident Response
Domain 4.0 explores organizational security, such as incident response
policies and procedures. You’ll need to know mitigation techniques and
controls, plus practical forensic practices, such as how to acquire and handle
evidence.
Governance, Risk, and Compliance
Domain 5.0 defines critical concepts in risk management, such as events,
exposures, incidents, and vulnerability. You’re expected to know risk-related
tools, such as business impact analysis, assessments, incident response, and
disaster recovery/business continuity. You’ll need to understand the
regulations, standards, and frameworks that impact operational security and
security. This domain covers technologies to defend networks, such as
VLANs, screened subnets, and wireless designs. In addition, this domain
covers the design of secure applications and security for embedded systems.
Domain 2.0 also covers physical security controls, such as fencing and fire
prevention.
Finally, domain 2.0 expects knowledge of cryptographic concepts. You’ll
get questions on symmetric versus asymmetric cryptography, for example.
The objectives explore public key encryption, keys, salting, hashing, and
more.
Implementation
The key with domain 3.0 is in the name, “Implementation.” Concepts
discussed in other domains get scenario-level in this domain. Domain 3.0
goes into great detail about authentication, authorization, and accounting. It
expects you to know and implement authentication and the many identity and
access services such as LDAP and Kerberos. The domain addresses
authorization via user groups and accounts and the tools and methods used to
control them. You’ll need to know how to implement secure wireless and
mobile solutions, plus apply cybersecurity solutions to cloud computing.
Finally, the domain expects you to understand how to implement public key
infrastructure.
Operations and Incident Response
Domain 4.0 explores organizational security, such as incident response
policies and procedures. You’ll need to know mitigation techniques and
controls, plus practical forensic practices, such as how to acquire and handle
evidence.
Governance, Risk, and Compliance
Domain 5.0 defines critical concepts in risk management, such as events,
exposures, incidents, and vulnerability. You’re expected to know risk-related
tools, such as business impact analysis, assessments, incident response, and
disaster recovery/business continuity. You’ll need to understand the
regulations, standards, and frameworks that impact operational security and
Loading page 29...
explain policies that organizations use to implement security. Finally, the
domain expects you to know how privacy and sensitive data use impacts
security.
Getting Certified
This book covers everything you’ll need to know for CompTIA’s Security+
certification exam. The book is written in a modular fashion, with short,
concise modules within each chapter devoted to specific topics and areas
you’ll need to master for the exam. Each module covers specific objectives
and details for the exam, as defined by CompTIA. We’ve arranged these
objectives in a manner that makes fairly logical sense from a learning
perspective, and we think you’ll find that arrangement will help you in
learning the material.
NOTE
Throughout the book, you’ll see helpful Notes and Exam Tips. These
elements offer insight on how the concepts you’ll study apply in the real
world. Often, they may give you a bit more information on a topic than what
is covered in the text or expected on the exam. And they may also be helpful
in pointing out an area you need to focus on or important topics that you may
see on the test.
End of Chapter Questions
At the end of each chapter you’ll find questions that will test your knowledge
and understanding of the concepts discussed in the modules. The questions
also include an answer key, with explanations of the correct answers.
Using the Exam Objective Map
The Exam Objective map included in Appendix A has been constructed to
domain expects you to know how privacy and sensitive data use impacts
security.
Getting Certified
This book covers everything you’ll need to know for CompTIA’s Security+
certification exam. The book is written in a modular fashion, with short,
concise modules within each chapter devoted to specific topics and areas
you’ll need to master for the exam. Each module covers specific objectives
and details for the exam, as defined by CompTIA. We’ve arranged these
objectives in a manner that makes fairly logical sense from a learning
perspective, and we think you’ll find that arrangement will help you in
learning the material.
NOTE
Throughout the book, you’ll see helpful Notes and Exam Tips. These
elements offer insight on how the concepts you’ll study apply in the real
world. Often, they may give you a bit more information on a topic than what
is covered in the text or expected on the exam. And they may also be helpful
in pointing out an area you need to focus on or important topics that you may
see on the test.
End of Chapter Questions
At the end of each chapter you’ll find questions that will test your knowledge
and understanding of the concepts discussed in the modules. The questions
also include an answer key, with explanations of the correct answers.
Using the Exam Objective Map
The Exam Objective map included in Appendix A has been constructed to
Loading page 30...
help you cross-reference the official exam objectives from CompTIA with the
relevant coverage in the book. References have been provided for the exam
objectives exactly as CompTIA has presented them—the module that covers
that objective, the chapter, and a page reference are included.
Online Resources
The online resources that accompany this book feature the TotalTester exam
software that enables you to generate a complete practice exam or quizzes by
chapter or by exam domain. See Appendix B for more information.
Study Well and Live Better
We enjoyed writing this book and hope you will enjoy reading it as well.
Good luck in your studies and good luck on the CompTIA Security+ exam. If
you have comments, questions, or suggestions, tag us:
Mike: desweds@protonmail.com
Scott: jernigan.scott@gmail.com
relevant coverage in the book. References have been provided for the exam
objectives exactly as CompTIA has presented them—the module that covers
that objective, the chapter, and a page reference are included.
Online Resources
The online resources that accompany this book feature the TotalTester exam
software that enables you to generate a complete practice exam or quizzes by
chapter or by exam domain. See Appendix B for more information.
Study Well and Live Better
We enjoyed writing this book and hope you will enjoy reading it as well.
Good luck in your studies and good luck on the CompTIA Security+ exam. If
you have comments, questions, or suggestions, tag us:
Mike: desweds@protonmail.com
Scott: jernigan.scott@gmail.com
Loading page 31...
28 more pages available. Scroll down to load them.
Preview Mode
Sign in to access the full document!
100%
Study Now!
XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat
Document Details
Subject
CompTIA Certifications