Consolidate your knowledge base with critical Security+ review
CompTIA Security+ Review Guide, Fourth Edition, is the smart candidate's secret weapon for passing Exam SY0-501 with flying colors. You've worked through your study guide, but are you sure you're prepared? This book provides tight, concise reviews of all essential topics throughout each of the exam's six domains to help you reinforce what you know. Take the pre-assessment test to identify your weak areas while there is still time to review, and use your remaining prep time to turn weaknesses into strengths. The Sybex online learning environment gives you access to portable study aids, including electronic flashcards and a glossary of key terms, so you can review on the go. Hundreds of practice questions allow you to gauge your readiness, and give you a preview of the big day.
Avoid exam-day surprises by reviewing with the makers of the test--this review guide is fully approved and endorsed by CompTIA, so you can be sure that it accurately reflects the latest version of the exam. The perfect companion to the CompTIA Security+ Study Guide, Seventh Edition, this review guide can be used with any study guide to help you:
* Review the critical points of each exam topic area
* Ensure your understanding of how concepts translate into tasks
* Brush up on essential terminology, processes, and skills
* Test your readiness with hundreds of practice questions
You've put in the time, gained hands-on experience, and now it's time to prove what you know. The CompTIA Security+ certification tells employers that you're the person they need to keep their data secure; with threats becoming more and more sophisticated, the demand for your skills will only continue to grow. Don't leave anything to chance on exam day--be absolutely sure you're prepared with the CompTIA Security+ Review Guide, Fourth Edition.
Autorentext
James Michael Stewart, Security+, CISSP, CEH, CHFI, is a security expert, writer, trainer, and researcher for Impact Online (www.impactonline.com), an independent courseware development company. He provides IT instruction across the globe for various public and private organizations.
Zusammenfassung
Consolidate your knowledge base with critical Security+ review
CompTIA Security+ Review Guide, Fourth Edition, is the smart candidate's secret weapon for passing Exam SY0-501 with flying colors. You've worked through your study guide, but are you sure you're prepared? This book provides tight, concise reviews of all essential topics throughout each of the exam's six domains to help you reinforce what you know. Take the pre-assessment test to identify your weak areas while there is still time to review, and use your remaining prep time to turn weaknesses into strengths. The Sybex online learning environment gives you access to portable study aids, including electronic flashcards and a glossary of key terms, so you can review on the go. Hundreds of practice questions allow you to gauge your readiness, and give you a preview of the big day.
Avoid exam-day surprises by reviewing with the makers of the testthis review guide is fully approved and endorsed by CompTIA, so you can be sure that it accurately reflects the latest version of the exam. The perfect companion to the CompTIA Security+ Study Guide, Seventh Edition, this review guide can be used with any study guide to help you:
- Review the critical points of each exam topic area
- Ensure your understanding of how concepts translate into tasks
- Brush up on essential terminology, processes, and skills
- Test your readiness with hundreds of practice questions
You've put in the time, gained hands-on experience, and now it's time to prove what you know. The CompTIA Security+ certification tells employers that you're the person they need to keep their data secure; with threats becoming more and more sophisticated, the demand for your skills will only continue to grow. Don't leave anything to chance on exam daybe absolutely sure you're prepared with the CompTIA Security+ Review Guide, Fourth Edition.
Inhalt
Introduction xxvii
Chapter 1 Threats, Attacks, and Vulnerabilities 1
1.1 Given a scenario, analyze indicators of compromise and determine the type of malware. 6
Viruses 6
Crypto-malware 7
Ransomware 8
Worm 8
Trojan 8
Rootkit 9
Keylogger 10
Adware 10
Spyware 10
Bots 11
RAT 12
Logic bomb 12
Backdoor 13
Exam Essentials 14
1.2 Compare and contrast types of attacks. 15
Social engineering 15
Application/service attacks 21
Wireless attacks 45
Cryptographic attacks 54
Exam Essentials 63
1.3 Explain threat actor types and attributes. 69
Types of actors 69
Attributes of actors 72
Use of open-source intelligence 73
Exam Essentials 73
1.4 Explain penetration testing concepts. 74
Active reconnaissance 75
Passive reconnaissance 75
Pivot 76
Initial exploitation 76
Persistence 77
Escalation of privilege 77
Black box 77
White box 77
Gray box 78
Pen testing vs. vulnerability scanning 78
Exam Essentials 81
1.5 Explain vulnerability scanning concepts. 82
Passively test security controls 84
Identify vulnerability 84
Identify lack of security controls 84
Identify common misconfigurations 85
Intrusive vs. non-intrusive 85
Credentialed vs. non-credentialed 85
False positive 85
Exam Essentials 86
1.6 Explain the impact associated with types of vulnerabilities. 87
Race conditions 87
Vulnerabilities due to: 88
Improper input handling 89
Improper error handling 89
Misconfiguration/weak configuration 90
Default configuration 90
Resource exhaustion 91
Untrained users 91
Improperly configured accounts 91
Vulnerable business processes 91
Weak cipher suites and implementations 91
Memory/buffer vulnerability 92
System sprawl/undocumented assets 93
Architecture/design weaknesses 94
New threats/zero day 94
Improper certificate and key management 95
Exam Essentials 95
Review Questions 98
Chapter 2 Technologies and Tools 103
2.1 Install and configure network components, both hardware- and software-based, to support organizational security. 110
Firewall 110
VPN concentrator 114
NIPS/NIDS 118
Router 125
Switch 127
Proxy 130
Load balancer 131
Access point 133
SIEM 139
DLP 142
NAC 143
Mail gateway 144
Bridge 147
SSL/TLS accelerators 147
SSL decryptors 147
Media gateway 147
Hardware security module 148
Exam Essentials 148
2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization. 152
Protocol analyzer 152
Network scanners 154
Wireless scanners/cracker 155
Password cracker 155
Vulnerability scanner 156
Configuration compliance scanner 157
Exploitation frameworks 157
Data sanitization tools 158
Steganography tools 158
Honeypot 158
Backup utilities 159
Banner grabbing 159
Passive vs. active 160
Command line tools 161
Exam Essentials 169
2.3 Given a scenario, troubleshoot common security issues. 170
Unencrypted credentials/clear text 170
Logs and events anomalies 171
Permission issues 172
Access violations 172
Certificate issues ...