Description: CompTIA Security+ SY0-701 Exam Cram by Martin Weiss, Robert Shimonski CompTIA Security+ SY0-701 Exam Cram is an all-inclusive study guide designed to help you pass the updated version of the CompTIA Security+ exam. Prepare for test day success with complete coverage of exam objectives and topics, plus hundreds of realistic practice questions. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time assessment and feedback with two complete exams. Covers the critical information needed to score higher on your Security+ SY0-701 exam! General security conceptsThreats, vulnerabilities, and mitigationsSecurity architectureSecurity operationsSecurity program management and oversight Prepare for your exam with Pearson Test Prep Realistic practice questions and answersComprehensive reporting and feedbackCustomized testing in study, practice exam, or flash card modesComplete coverage of CompTIA Security+ SY0-701 exam objectives FORMAT Paperback CONDITION Brand New Author Biography Robert Shimonski, CASP+, CySA+, PenTest+, Security+, is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his current role, Rob is responsible for bringing operational support and incident response into the future with the help of new technologies such as cloud and artificial intelligence. His current focus is on deploying securely to the cloud (Azure, AWS, and Google), DevOps, DevSecOps, and AIOps. Rob spent many years in the technology "trenches," handling networking and security architecture, design, engineering, testing, and development efforts for global projects. A go-to person for all things security related, Rob has been a major force in deploying security-related systems for 25+ years. Rob also worked for various companies reviewing and developing security curriculum as well as other security-related books, technical articles, and publications based on technology deployment, testing, hacking, pen testing, and many other aspects of security. Rob holds dozens of technology certifications, including 20+ CompTIA certifications, SANS.org GIAC, GSEC, and GCIH, as well as many vendor-based cloud-specialized certifications from Google, Microsoft Azure, and Amazon AWS. Rob is considered a leading expert in prepping others to achieve certification success. Marty M. Weiss has spent his career serving in the U.S. Navy and as a civilian helping large organizations with their information security. He has a Bachelor of Science degree in computer studies from the University of Maryland Global Campus and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He also holds several certifications, including CISSP, CISA, and Security+. Having authored numerous acclaimed books on information technology and security, he is now diving into his next endeavor—a seductive romance novel where love and cybersecurity collide in a high-stakes adventure. Table of Contents Introduction. . . . . . . . . . . . . . . . . . . . . . . xxvi Part 1: General Security Concepts 1 CHAPTER 1: Security Controls.. . . . . . . . . . . . . . . . . . . . . . 3 Nature of Controls.. . . . . . . . . . . . . . . . . . . 3 Functional Use of Controls.. . . . . . . . . . . . . . . . 4 What Next?.. . . . . . . . . . . . . . . . . . . . . . 9 CHAPTER 2: Fundamental Security Concepts.. . . . . . . . . . . . . . . . 11 Confidentiality, Integrity, and Availability (CIA).. . . . . . . . . 12 Non-Repudiation.. . . . . . . . . . . . . . . . . . . 13 Authentication, Authorization, and Accounting (AAA).. . . . . . . 13 Gap Analysis. . . . . . . . . . . . . . . . . . . . . 14 Zero Trust.. . . . . . . . . . . . . . . . . . . . . . 15 Physical Security. . . . . . . . . . . . . . . . . . . . 18 Video Surveillance. . . . . . . . . . . . . . . . . . . 20 Deception and Disruption Technology. . . . . . . . . . . . 23 What Next?.. . . . . . . . . . . . . . . . . . . . . 26 CHAPTER 3: Change Management Processes and the Impact to Security.. . . . . 27 Change Management. . . . . . . . . . . . . . . . . . 28 Business Processes Impacting Security Operations. . . . . . . . 28 Technical Implications.. . . . . . . . . . . . . . . . . . 31 Documentation. . . . . . . . . . . . . . . . . . . . 35 Version Control.. . . . . . . . . . . . . . . . . . . . 36 What Next?.. . . . . . . . . . . . . . . . . . . . . 38 CHAPTER 4: Cryptographic Solutions. . . . . . . . . . . . . . . . . . . 39 Public Key Infrastructure (PKI).. . . . . . . . . . . . . . 40 Encryption. . . . . . . . . . . . . . . . . . . . . . 43 Tools.. . . . . . . . . . . . . . . . . . . . . . . . 55 What Next?.. . . . . . . . . . . . . . . . . . . . . 80 Part 2: Threats, Vulnerabilities, and Mitigations 81 CHAPTER 5: Threat Actors and Motivations.. . . . . . . . . . . . . . . . 83 Threat Actors.. . . . . . . . . . . . . . . . . . . . . 84 Motivations.. . . . . . . . . . . . . . . . . . . . . 90 What Next?.. . . . . . . . . . . . . . . . . . . . . 96 CHAPTER 6: Threat Vectors and Attack Surfaces.. . . . . . . . . . . . 97 Types of Threat Vectors and Attack Surfaces. . . . . . . . . . 98 What Next?.. . . . . . . . . . . . . . . . . . . . . 114 CHAPTER 7: Vulnerability Types.. . . . . . . . . . . . . . . . . . .. 115 Application. . . . . . . . . . . . . . . . . . . . . . 116 Operating System-Based.. . . . . . . . . . . . . . . . . 118 Web-Based. . . . . . . . . . . . . . . . . . . . . . 119 Hardware. . . . . . . . . . . . . . . . . . . . . . 120 Virtualization.. . . . . . . . . . . . . . . . . . . . . 121 Cloud-Specific.. . . . . . . . . . . . . . . . . . . . 122 Supply Chain.. . . . . . . . . . . . . . . . . . . . . 123 Cryptographic.. . . . . . . . . . . . . . . . . . . . 125 Misconfiguration. . . . . . . . . . . . . . . . . . . . 126 Mobile Device.. . . . . . . . . . . . . . . . . . . . 127 Zero-Day. . . . . . . . . . . . . . . . . . . . . . 127 What Next?.. . . . . . . . . . . . . . . . . . . . . 130 CHAPTER 8: Malicious Attacks and Indicators.. . . . . . . . .. . . . . 131 Malware Attacks.. . . . . . . . . . . . . . . . . . . . 132 Physical Attacks.. . . . . . . . . . . . . . . . . . . . 138 Network Attacks.. . . . . . . . . . . . . . . . . . . . 139 Application Attacks.. . . . . . . . . . . . . . . . . . . 148 Cryptographic Attacks.. . . . . . . . . . . . . . . . . . 153 Password Attacks. . . . . . . . . . . . . . . . . . . . 154 Indicators of Malicious Activity. . . . . . . . . . . . . . . 156 What Next?.. . . . . . . . . . . . . . . . . . . . . 160 CHAPTER 9 Mitigation Techniques for Securing the Enterprise.. . . . . 161 Segmentation.. . . . . . . . . . . . . . . . . . . . . 162 Access Control.. . . . . . . . . . . . . . . . . . . . 162 Application Allow List.. . . . . . . . . . . . . . . . . . 164 Isolation. . . . . . . . . . . . . . . . . . . . . . . 165 Patching.. . . . . . . . . . . . . . . . . . . . . . 165 What Next?.. . . . . . . . . . . . . . . . . . . . . 176 Part 3: Security Architecture 177 CHAPTER 10: Security Implications of Architecture Models. . . . . . . . 179 Architecture and Infrastructure Concepts. . . . . . . . . . . 180 Considerations.. . . . . . . . . . . . . . . . . . . . 201 What Next?.. . . . . . . . . . . . . . . . . . . . . 209 CHAPTER 11: Enterprise Architecture Security Principles.. . . . . . . . . 211 Infrastructure Considerations.. . . . . . . . . . . . . . . 212 Secure Communication/Access.. . . . . . . . . . . . . . . 224 Selection of Effective Controls.. . . . . . . . . . . . . . . 228 What Next?.. . . . . . . . . . . . . . . . . . . . . 232 CHAPTER 12: Data Protection Strategies.. . . . . . . . . . . . . . . . . . 233 Data Types. . . . . . . . . . . . . . . . . . . . . . 234 Data Classifications.. . . . . . . . . . . . . . . . . . . 237 General Data Considerations.. . . . . . . . . . . . . . . 238 Methods to Secure Data. . . . . . . . . . . . . . . . . 240 What Next?.. . . . . . . . . . . . . . . . . . . . . 246 CHAPTER 13: Resilience and Recovery in Security Architecture.. . . .. . 247 High Availability.. . . . . . . . . . . . . . . . . . . . 248 Site Considerations.. . . . . . . . . . . . . . . . . . . 249 Platform Diversity. . . . . . . . . . . . . . . . . . . 251 Multicloud Systems.. . . . . . . . . . . . . . . . . . . 252 Continuity of Operations.. . . . . . . . . . . . . . . . . 252 Capacity Planning. . . . . . . . . . . . . . . . . . . 253 Testing.. . . . . . . . . . . . . . . . . . . . . . . 254 Backups.. . . . . . . . . . . . . . . . . . . . . . . 255 Power.. . . . . . . . . . . . . . . . . . . . . . . 261 What Next?.. . . . . . . . . . . . . . . . . . . . . 264 Part 4: Security Operations 265 CHAPTER 14: Securing Resources. . . . . . . . . . . . . . . . . . . . 267 Secure Baselines.. . . . . . . . . . . . . . . . . . . . 268 Hardening Targets.. . . . . . . . . . . . . . . . . . . 270 Wireless Devices. . . . . . . . . . . . . . . . . . . . 278 Mobile Solutions. . . . . . . . . . . . . . . . . . . . 281 Wireless Security Settings.. . . . . . . . . . . . . . . . 285 Application Security.. . . . . . . . . . . . . . . . . . 289 Sandboxing.. . . . . . . . . . . . . . . . . . . . . 290 Monitoring.. . . . . . . . . . . . . . . . . . . . . 291 What Next?.. . . . . . . . . . . . . . . . . . . . . 293 CHAPTER 15: Hardware, Software, and Data Asset Management.. . . . . . . . . 295 Acquisition/Procurement Process.. . . . . . . . . . . . . . 296 Assignment/Accounting.. . . . . . . . . . . . . . . . . 297 Monitoring and Asset Tracking.. . . . . . . . . . . . . . . 299 Disposal/Decommissioning.. . . . . . . . . . . . . . . . 300 What Next?.. . . . . . . . . . . . . . . . . . . . . 305 CHAPTER 16: Vulnerability Management.. . . . . . . . . . . . . . . . . . 307 Identification Methods. . . . . . . . . . . . . . . . . . 308 Analysis.. . . . . . . . . . . . . . . . . . . . . . . 316 Vulnerability Response and Remediation.. . . . . . . . . . . 322 Validation of Remediation.. . . . . . . . . . . . . . . . 325 Reporting. . . . . . . . . . . . . . . . . . . . . . 326 What Next?.. . . . . . . . . . . . . . . . . . . . . 328 CHAPTER 17: Security Alerting and Monitoring. . . . . . . . . . . . . . . . 329 Monitoring Computing Resources.. . . . . . . . . . . . . 330 Activities.. . . . . . . . . . . . . . . . . . . . . . 332 Tools.. . . . . . . . . . . . . . . . . . . . . . . . 336 What Next?.. . . . . . . . . . . . . . . . . . . . . 347 CHAPTER 18: Enterprise Security Capabilities.. . . . . . . . . . . . . . . . 349 Firewall.. . . . . . . . . . . . . . . . . . . . . . . 350 IDS/IPS. . . . . . . . . . . . . . . . . . . . . . . 354 Web Filter.. . . . . . . . . . . . . . . . . . . . . . 357 Operating System Security.. . . . . . . . . . . . . . . . 361 Implementation of Secure Protocols.. . . . . . . . . . . . . 363 DNS Filtering.. . . . . . . . . . . . . . . . . . . . 366 Email Security.. . . . . . . . . . . . . . . . . . . . 367 File Integrity Monitoring. . . . . . . . . . . . . . . . . 369 Data Loss Prevention (DLP).. . . . . . . . . . . . . . . 370 Network Access Control (NAC).. . . . . . . . . . . . . . 371 Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)..372 User Behavior Analytics.. . . . . . . . . . . . . . . . . 373 What Next?.. . . . . . . . . . . . . . . . . . . . . 375 CHAPTER 19: Identity and Access Management.. . . . . . . . . . . . . . . 377 Provisioning/De-provisioning User Accounts.. . . . . . . . . . 378 Permission Assignments and Implications. . . . . . . . . . . 379 Identity Proofing.. . . . . . . . . . . . . . . . . . . 381 Federation and Single Sign-On (SSO).. . . . . . . . . . . . 382 Interoperability. . . . . . . . . . . . . . . . . . . . 385 Attestation.. . . . . . . . . . . . . . . . . . . . . . 385 Access Controls.. . . . . . . . . . . . . . . . . . . . 386 Multifactor Authentication (MFA).. . . . . . . . . . . . . . 388 Password Concepts.. . . . . . . . . . . . . . . . . . . 395 Privileged Access Management Tools. . . . . . . . . . . . . 397 What Next?.. . . . . . . . . . . . . . . . . . . . . 400 CHAPTER 20: Security Automation and Orchestration. . . . . . . . . . . . . 401 Use Cases of Automation and Scripting.. . . . . . . . . . . . 402 Benefits.. . . . . . . . . . . . . . . . . . . . . . . 405 Other Considerations.. . . . . . . . . . . . . . . . . . 406 What Next?.. . . . . . . . . . . . . . . . . . . . . 408 CHAPTER 21: Incident Response Activities. . . . . . . . . . . . . . . . . 409 Incident Response Process.. . . . . . . . . . . . . . . . 410 Training and Testing.. . . . . . . . . . . . . . . . . . 411 Root Cause Analysis (RCA).. . . . . . . . . . . . . . . . 412 Threat Hunting.. . . . . . . . . . . . . . . . . . . . 413 Digital Forensics. . . . . . . . . . . . . . . . . . . . 414 What Next?.. . . . . . . . . . . . . . . . . . . . . 417 CHAPTER 22: Data Sources for Supporting Investigations. . . . . . . . . . . . 419 Log Data.. . . . . . . . . . . . . . . . . . . . . . 419 Data Sources.. . . . . . . . . . . . . . . . . . . . . 421 What Next?.. . . . . . . . . . . . . . . . . . . . . 423 Part 5: Security Program Management and Oversight 425 CHAPTER 23: Effective Security Governance.. . . . . . . . . . . . . . . . 427 Governing Framework. . . . . . . . . . . . . . . . . . 428 Policies.. . . . . . . . . . . . . . . . . . . . . . . 433 Standards.. . . . . . . . . . . . . . . . . . . . . . 445 Procedures.. . . . . . . . . . . . . . . . . . . . . . 447 Guidelines.. . . . . . . . . . . . . . . . . . . . . . 452 External Considerations. . . . . . . . . . . . . . . . . 453 Roles and Responsibilities for Systems and Data.. . . . . . . . . 460 What Next?.. . . . . . . . . . . . . . . . . . . . . 464 CHAPTER 24: Risk Management.. . . . . . . . . . . . . . . . . . . . . 465 Risk Identification. . . . . . . . . . . . . . . . . . . 466 Risk Assessment.. . . . . . . . . . . . . . . . . . . . 466 Risk Analysis. . . . . . . . . . . . . . . . . . . . . 468 Risk Register.. . . . . . . . . . . . . . . . . . . . . 472 Risk Appetite and Tolerance.. . . . . . . . . . . . . . . . 474 Risk Management Strategies. . . . . . . . . . . . . . . . 475 Risk Reporting.. . . . . . . . . . . . . . . . . . . . 477 Business Impact Analysis.. . . . . . . . . . . . . . . . . 478 What Next?.. . . . . . . . . . . . . . . . . . . . . 483 CHAPTER 25: Third-Party Risk Assessment and Management. . . . . . . . . . 485 Third-Party Risk Management.. . . . . . . . . . . . . . . 486 What Next?.. . . . . . . . . . . . . . . . . . . . . 494 CHAPTER 26: Security Compliance.. . . . . . . . . . . . . . . . . . . . 495 Compliance Reporting and Monitoring.. . . . . . . . . . . . 496 Privacy.. . . . . . . . . . . . . . . . . . . . . . . 501 What Next?.. . . . . . . . . . . . . . . . . . . . . 507 CHAPTER 27: Security Audits and Assessments.. . . . . . . . . . . . . . . 509 Audits and Assessments.. . . . . . . . . . . . . . . . . 510 Penetration Testing.. . . . . . . . . . . . . . . . . . . 513 What Next?.. . . . . . . . . . . . . . . . . . . . . 523 CHAPTER 28: Security Awareness Practices. . . . . . . . . . . . . . . . . 525 Security Awareness.. . . . . . . . . . . . . . . . . . . 526 What Next?.. . . . . . . . . . . . . . . . . . . . . 550 Glossary of Essential Terms.. . . . . . . . . . . . . . . . . 551 Cram Sheet.. . . . . . . . . . . . . . . . . . . . . . . 603 9780138225575, TOC, 7/3/2024 Details ISBN0138225575 Author Robert Shimonski Publisher Pearson Education (US) Edition 7th ISBN-13 9780138225575 Imprint Pearson IT Certification Place of Publication Upper Saddle River Country of Publication United States Year 2024 AU Release Date 2024-03-06 NZ Release Date 2024-03-06 UK Release Date 2024-03-06 Series Exam Cram Edition Description 7th edition Replaces 9780136798675 Audience Professional & Vocational ISBN-10 0138225575 Format Paperback Pages 688 Publication Date 2024-09-02 DEWEY 005.8076 US Release Date 2024-09-02 We've got this At The Nile, if you're looking for it, we've got it. With fast shipping, low prices, friendly service and well over a million items - you're bound to find what you want, at a price you'll love! TheNile_Item_ID:161548353;
Price: 97.04 AUD
Location: Melbourne
End Time: 2024-10-02T19:07:14.000Z
Shipping Cost: 0 AUD
Product Images
Item Specifics
Restocking fee: No
Return shipping will be paid by: Buyer
Returns Accepted: Returns Accepted
Item must be returned within: 30 Days
Format: Paperback
ISBN-13: 9780138225575
Author: Martin Weiss, Robert Shimonski
Type: Does not apply
Book Title: CompTIA Security+ SY0-701 Exam Cram
Language: Does not apply