CompTIA Security+ SY0-701 Cert Guide

By (author) Lewis Heuermann

ISBN13: 9780138293086

Imprint: Pearson IT Certification

Publisher: Pearson Education (US)

Format: Paperback / softback

Published: 08/09/2024

Availability: Available

Description
Learn, prepare, and practice for CompTIA Security+ SY0-701 exam success with this Cert Guide from Pearson IT Certification, a leader in IT Certification learning. CompTIA Security+ SY0-701 Cert Guide from Pearson IT Certification helps you prepare to succeed on the CompTIA Security+ SY0-701 exam by directly addressing the exam’s objectives as stated by CompTIA. Leading instructor and cybersecurity professional Lewis Heuermann shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. This complete study package includes Complete coverage of the exam objectives and a test-preparation routine designed to help you pass the exams Do I Know This Already? quizzes, which allow you to decide how much time you need to spend on each section Chapter-ending Key Topic tables, which help you drill on key concepts you must know thoroughly The powerful Pearson Test Prep Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports An online, interactive Flash Cards application to help you drill on Key Terms by chapter A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies Study plan suggestions and templates to help you organize and optimize your study time Well regarded for its level of detail, study plans, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that ensure your exam success. This study guide helps you master all the topics on the CompTIA Security+ SY0-701 exam, deepening your knowledge of General Security Concepts: Security controls, security concepts, change management process, cryptographic solutions Threats, Vulnerabilities, and Mitigations: Threat actors and motivations, attack surfaces, types of vulnerabilities, indicators of malicious activity, mitigation techniques Security Architecture: Security implications of architecture models, secure enterprise infrastructure, protect data, resilience and recovery in security architecture Security Operations: Security techniques to computing resources, security implications, vulnerability management, monitoring concepts, enterprise capabilities to enhance security, access management, automation related to secure operations, incident response activities Security Program Management and Oversight: Security governance, risk management, third-party risk assessment and management, security compliance, audits and assessments, security awareness practices
Introduction xxxix Part I: General Security Concepts Chapter 1 Comparing and Contrasting the Various Types of Controls 3 “Do I Know This Already?” Quiz 3 Foundation Topics 6 Control Categories 6 Technical Controls 6 Managerial Controls 6 Operational Controls 6 Physical Controls 7 Summary of Control Categories 7 Control Types 8 Preventive Controls 8 Deterrent Controls 8 Detective Controls 9 Corrective Controls 9 Compensating Controls 9 Directive Controls 10 Summary of Control Types 10 Chapter Review Activities 11 Chapter 2 Summarizing Fundamental Security Concepts 15 “Do I Know This Already?” Quiz 15 Foundation Topics 19 Confidentiality, Integrity, and Availability (CIA) 19 Non-repudiation 20 Authentication, Authorization, and Accounting (AAA) 21 Gap Analysis 22 Zero Trust 22 Physical Security 24 Bollards/Barricades 24 Access Control Vestibules 26 Fencing 27 Video Surveillance 28 Security Guards 28 Access Badges 29 Lighting 30 Sensors 30 Deception and Disruption Technology 31 Chapter Review Activities 32 Chapter 3 Understanding Change Management’s Security Impact 37 “Do I Know This Already?” Quiz 37 Foundation Topics 41 Business Processes Impacting Security Operations 41 Approval Process 41 Ownership 41 Stakeholders 42 Impact Analysis 42 Test Results 42 Backout Plan 42 Maintenance Window 43 Standard Operating Procedure 43 Technical Implications 43 Allow Lists 44 Block Lists/Deny Lists 44 Restricted Activities 44 Downtime 45 Service Restart 45 Application Restart 46 Legacy Applications 46 Dependencies 46 Documentation 47 Updating Diagrams 47 Updating Policies/Procedures 48 Version Control 48 Chapter Review Activities 49 Chapter 4 Understanding the Importance of Using Appropriate Cryptographic Solutions 53 “Do I Know This Already?” Quiz 53 Foundation Topics 58 Public Key Infrastructure (PKI) 58 Public Key 58 Private and Public Key 58 Encryption 59 Level 59 Full Disk 59 Partition 60 File 60 Volume 60 Database 60 Record 61 Transport/Communication 61 Encryption at Rest, in Transit/Motion, and in Processing 61 Symmetric Versus Asymmetric Encryption 62 Key Exchange 64 Algorithms 65 Key Length 66 Tools 67 Trusted Platform Module 67 Hardware Security Module 68 Key Management System 68 Secure Enclave 69 Obfuscation 70 Steganography 70 Audio Steganography 71 Video Steganography 71 Image Steganography 72 Tokenization 72 Data Masking 74 Hashing 75 Salting 76 Digital Signatures 76 Key Stretching 77 Blockchain 78 Open Public Ledger 78 Certificates 79 Certificate Authorities 79 Certificate Revocation Lists 81 Online Certificate Status Protocol (OCSP) 82 Self-Signed 83 Certificate-Signing Request 90 Wildcard 90 Chapter Review Activities 90 Part II: Threats, Vulnerabilities, and Mitigations Chapter 5 Comparing and Contrasting Common Threat Actors and Motivations 95 “Do I Know This Already?” Quiz 95 Foundation Topics 98 Threat Actors 98 Attributes of Actors 99 Motivations 100 War 101 Chapter Review Activities 102 Chapter 6 Understanding Common Threat Vectors and Attack Surfaces 105 “Do I Know This Already?” Quiz 105 Foundation Topics 109 Message-Based 109 Email 109 Short Message Service (SMS) 109 Instant Messaging (IM) 110 Spam and Spam over Internet Messaging (SPIM) 110 Image-Based 111 File-Based 111 Voice Call 111 Removable Device 111 Vulnerable Software 112 Unsupported Systems and Applications 112 Unsecure Networks 113 Open Service Ports 114 Default Credentials 115 Supply Chain 116 Human Vectors/Social Engineering 116 Phishing 117 Vishing 120 Smishing 121 Misinformation/Disinformation 121 Impersonation 121 Business Email Compromise (BEC) 122 Pretexting 122 Watering Hole Attack 122 Brand Impersonation 123 Typosquatting 123 Chapter Review Activities 123 Chapter 7 Understanding Various Types of Vulnerabilities 127 “Do I Know This Already?” Quiz 127 Foundation Topics 130 Application 130 Memory Injection 130 Buffer Overflow 131 Race Conditions 132 Malicious Update 132 Operating System (OS)–Based 133 Web-Based 133 Structured Query Language Injection (SQLi) Vulnerabilities 133 Cross-Site Scripting (XSS) Vulnerabilities 134 Hardware 134 Firmware 134 End-of-Life (EOL) 134 Legacy 135 Virtualization 135 Virtual Machine (VM) Escape 135 Resource Reuse 135 Cloud Specific 136 Other “Cloud”-Based Concerns 140 Supply Chain 141 Service Provider 141 Hardware Provider 141 Software Provider 142 Cryptographic 142 Misconfiguration 142 Mobile Device 142 Side Loading 143 Jailbreaking 143 Zero-Day Vulnerabilities 143 Chapter Review Activities 145 Chapter 8 Understanding Indicators of Malicious Activity 149 “Do I Know This Already?” Quiz 149 Foundation Topics 152 Malware Attacks 152 Ransomware 152 Trojans 153 Worms 154 Spyware 154 Bloatware 155 Virus 155 Keylogger 155 You Can’t Save Every Computer from Malware! 156 Logic Bomb 157 Rootkit 157 Physical Attacks 158 Brute-Force Attacks 159 Radio Frequency Identification (RFID) Cloning 159 Environmental 159 Network Attacks 160 Distributed Denial-of-Service (DDoS) Attacks 160 Domain Name System (DNS) Attacks 160 Wireless Attacks 160 On-Path Attacks 161 Credential Replay 161 Malicious Code 161 Application Attacks 162 Injection 162 Buffer Overflow 162 Replay 162 Privilege Escalation 162 Forgery 163 Directory Traversal 163 Cryptographic Attacks 163 Downgrade 163 Collision 163 Birthday 164 Password Attacks 164 Password Spraying 165 Brute-Force Attacks 165 Indicators 165 Account Lockout 166 Concurrent Session Usage 166 Blocked Content 166 Impossible Travel 166 Resource Consumption 166 Resource Inaccessibility 166 Out-of-Cycle Logging 167 Published/Documented Indicators 167 Missing Logs 167 Chapter Review Activities 167 Chapter 9 Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise 171 “Do I Know This Already?” Quiz 171 Foundation Topics 175 Segmentation 175 Access Control 175 Access Control Lists (ACLs) 175 Permissions 176 Application Allow List 178 Isolation 179 Patching 180 Encryption 181 Monitoring 182 Least Privilege 182 Configuration Enforcement 182 Decommissioning 183 Hardening Techniques 183 Encryption 183 Installation of Endpoint Protection 184 Host-Based Firewall 184 Host-Based Intrusion Prevention System (HIPS) 184 Disabling Ports/Protocols 184 Default Password Changes 185 Removal of Unnecessary Software 185 Chapter Review Activities 185 Part III: Security Architecture Chapter 10 Comparing and Contrasting Security Implications of Different Architecture Models 189 “Do I Know This Already?” Quiz 189 Foundation Topics 193 Architecture and Infrastructure Concepts 193 Cloud 193 Infrastructure as Code (IaC) 195 Serverless 196 Microservices 197 Network Infrastructure 197 On-premises 201 Centralized Versus Decentralized 201 Containerization 202 Virtualization 206 IoT 208 Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA) 210 Real-Time Operating System (RTOS) 213 Embedded Systems 214 High Availability 214 Considerations 215 Availability 215 Resilience 215 Cost 216 Responsiveness 216 Scalability 216 Ease of Deployment 216 Risk Transference 217 Ease of Recovery 217 Patch Availability 217 Inability to Patch 218 Power 218 Compute 218 Chapter Review Activities 219 Chapter 11 Applying Security Principles to Secure Enterprise Infrastructure 223 “Do I Know This Already?” Quiz 223 Foundation Topics 226 Infrastructure Considerations 226 Device Placement 226 Security Zones 226 Attack Surface 227 Connectivity 228 Failure Modes 228 Device Attribute 229 Network Appliances 230 Port Security 235 Firewall Types 239 Secure Communication/Access 249 Virtual Private Network (VPN) 249 Remote Access 251 Tunneling 254 Software-Defined Wide Area Network (SD-WAN) 265 Secure Access Service Edge (SASE) 265 Selection of Effective Controls 266 Chapter Review Activities 266 Chapter 12 Comparing and Contrasting Concepts and Strategies to Protect Data 271 “Do I Know This Already?” Quiz 271 Foundation Topics 274 Data Types 274 Data Classifications 275 General Data Considerations 276 Data States 276 Data Sovereignty 278 Geolocation 278 Methods to Secure Data 279 Geographic Restrictions 279 Encryption 279 Hashing 279 Masking 281 Tokenization 281 Obfuscation 281 Segmentation 281 Permission Restrictions 282 Chapter Review Activities 283 Chapter 13 Understanding the Importance of Resilience and Recovery in Security Architecture 287 “Do I Know This Already?” Quiz 287 Foundation Topics 291 High Availability 291 Key Components 291 Cloud Environments 291 Site Considerations 292 Platform Diversity 294 Multi-Cloud System 294 Continuity of Operations 294 Capacity Planning 295 Testing 296 Tabletop Exercises 296 Failover 297 Simulations 298 Parallel Processing 299 Backups 299 Power 301 Uninterruptible Power Supply (UPS) 301 Generators 301 Chapter Review Activities 302 Part IV: Security Operations Chapter 14 Applying Common Security Techniques to Computing Resources 305 “Do I Know This Already?” Quiz 305 Foundation Topics 309 Secure Baselines 309 Inventory Assessment 309 Vulnerability Scanning 309 Minimum Configuration Standards 310 Documentation 310 Deployment 310 Ongoing Maintenance 311 Hardening Targets 311 Wireless Devices 315 Mobile Solutions 318 Mobile Device Management 318 MDM Security Feature Concerns: Application and Content Management 320 MDM Security Feature Concerns: Remote Wipe, Geofencing, Geolocation, Screen Locks, Passwords and PINs, and Full Device Encryption 322 Deployment Models 325 Secure Implementation of BYOD, CYOD, and COPE 326 Connection Methods 328 Secure Implementation Best Practices 330 Wireless Security Settings 331 Wi-Fi Protected Access 3 (WPA3) 332 Remote Authentication Dial-In User Service (RADIUS) Federation 332 Cryptographic Protocols 334 Authentication Protocols 335 Application Security 336 Input Validations 337 Secure Cookies 337 Static Code Analysis 338 Code Signing 339 Sandboxing 340 Monitoring 340 Chapter Review Activities 341 Chapter 15 Understanding the Security Implications of Hardware, Software, and Data Asset Management 345 “Do I Know This Already?” Quiz 345 Foundation Topics 348 Acquisition/Procurement Process 348 Assignment/Accounting 350 Monitoring/Asset Tracking 350 Inventory 351 Enumeration 351 Disposal/Decommissioning 351 Sanitization 352 Destruction 352 Certification 353 Data Retention 353 Chapter Review Activities 354 Chapter 16 Understanding Various Activities Associated with Vulnerability Management 357 “Do I Know This Already?” Quiz 357 Foundation Topics 360 Identification Methods 360 Vulnerability Scan 360 Application Security 362 Threat Feed 364 Penetration Testing 366 Responsible Disclosure Program 366 System/Process Audit 367 Analysis 367 Confirmation 368 Prioritize 368 Common Vulnerability Scoring System (CVSS) 368 Common Vulnerability Enumeration (CVE) 370 Vulnerability Classification 370 Exposure Factor 371 Environmental Variables 372 Industry/Organizational Impact 372 Risk Tolerance 372 Vulnerability Response and Remediation 374 Patching 374 Insurance 374 Segmentation 374 Compensating Controls 375 Exceptions and Exemptions 375 Validation of Remediation 376 Rescanning 376 Audit 376 Verification 376 Reporting 377 Chapter Review Activities 378 Chapter 17 Understanding Security Alerting and Monitoring Concepts and Tools 381 “Do I Know This Already?” Quiz 381 Foundation Topics 383 Monitoring and Computing Resources 383 Activities 386 Log Aggregation 386 Alerting 388 Scanning 389 Reporting 390 Archiving 391 Alert Response and Remediation/Validation 392 Tools 392 Security Content Automation Protocol (SCAP) 393 Benchmarks 395 Agents/Agentless 397 Security Information and Event Management (SIEM) 397 NetFlow 399 Antivirus Software 400 Data Loss Prevention (DLP) 401 Simple Network Management Protocol (SNMP) Traps 401 Vulnerability Scanners 403 Chapter Review Activities 405 Chapter 18 Modifying Enterprise Capabilities to Enhance Security 409 “Do I Know This Already?” Quiz 409 Foundation Topics 413 Firewall 413 Rules 414 Access Lists 415 Ports/Protocols 416 Screened Subnet 417 IDS/IPS 418 Trends 419 Signatures 419 Web Filter 421 Operating System Security 423 Implementation of Secure Protocols 424 DNS Filtering 427 Email Security 427 File Integrity Monitoring 429 DLP 429 Network Access Control (NAC) 430 Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR) 430 User Behavior Analytics 431 Chapter Review Activities 432 Chapter 19 Implementing and Maintaining Identity and Access Management 435 “Do I Know This Already?” Quiz 435 Foundation Topics 439 Provisioning/De-provisioning User Accounts 439 Permission Assignments and Implications 439 Identity Proofing 441 Federation 441 Single Sign-On (SSO) 443 Lightweight Directory Access Protocol (LDAP) 443 OAuth 444 Security Assertion Markup Language 446 Interoperability 448 Attestation 449 Access Controls 450 Role-Based Access Control 450 Rule-Based Access Control 451 Mandatory Access Control 451 Discretionary Access Control 452 Attribute-Based Access Control (ABAC) 454 Time-of-Day Restrictions 455 Least Privilege 456 Multifactor Authentication (MFA) 456 Implementations 457 Factors 459 Password Concepts 461 Password Best Practices 461 Password Managers 464 Passwordless 465 Privileged Access Management Tools 465 Just-in-Time Permissions 466 Password Vaulting 466 Ephemeral Credentials 466 Chapter Review Activities 467 Chapter 20 Understanding the Importance of Automation and Orchestration Related to Secure Operations 471 “Do I Know This Already?” Quiz 471 Foundation Topics 474 Use Cases of Automation and Scripting 474 User Provisioning 474 Resource Provisioning 477 Guard Rails 477 Security Groups 477 Ticket Creation and Escalation 477 Continuous Integration and Testing 478 Integrations and Application Programming Interfaces (APIs) 479 Benefits 480 Efficiency/Time Saving 480 Enforcing Baselines 480 Standard Infrastructure Configurations 481 Scaling in a Secure Manner 481 Employee Retention 481 Reaction Time 482 Workforce Multiplier 482 Other Considerations 482 Complexity 482 Cost 483 Single Point of Failure 483 Technical Debt 483 Ongoing Supportability 484 Chapter Review Activities 485 Chapter 21 Understanding Appropriate Incident Response Activities 489 “Do I Know This Already?” Quiz 489 Foundation Topics 493 Process 493 Preparation 494 Detection 495 Analysis 496 Containment 496 Eradication 496 Recovery 497 Lessons Learned 497 Training 497 Testing 498 The Anatomy of a Tabletop Exercise 499 The Intricacies of Simulation Exercises 499 Mock Example of a Tabletop Exercise 500 Root Cause Analysis 501 Threat Hunting 502 Digital Forensics 502 Legal Hold 503 Chain of Custody 503 Acquisition 503 Reporting 505 Preservation 505 E-Discovery 506 Chapter Review Activities 506 Chapter 22 Using Data Sources to Support an Investigation 509 “Do I Know This Already?” Quiz 509 Foundation Topics 512 Log Data 512 Firewall Logs 513 Application Logs 513 Endpoint Logs 515 OS-Specific Security Logs 515 IPS/IDS Logs 517 Network Logs 518 Metadata 518 Data Sources 521 Vulnerability Scans 522 Automated Reports 522 Dashboards 523 Packet Captures 525 Chapter Review Activities 525 Part V: Security Program Management and Oversight Chapter 23 Summarizing Elements of Effective Security Governance 529 “Do I Know This Already?” Quiz 529 Foundation Topics 532 Guidelines 532 Policies 532 Acceptable Use 533 Information Security Policies 533 Business Continuity 535 Disaster Recovery 535 Incident Response 535 Software Development Lifecycle (SDLC) 536 Change Management 536 Standards 536 Password Standards 537 Access Control Standards 538 Physical Security Standards 539 Encryption Standards 539 Procedures 541 Change Management 541 Onboarding and Offboarding 542 Playbooks 542 External Considerations 543 Regulatory 543 Legal 544 Industry 544 Local/Regional 544 National 545 Global 545 Monitoring and Revision 545 Types of Governance Structures 546 Boards 546 Committees 547 Government Entities 547 Centralized/Decentralized 548 Roles and Responsibilities for Systems and Data 549 Owners 549 Controllers 550 Processors 551 Custodians/Stewards 552 Chapter Review Activities 553 Chapter 24 Understanding Elements of the Risk Management Process 557 “Do I Know This Already?” Quiz 557 Foundation Topics 561 Risk Identification 561 Risk Assessment 562 Ad Hoc 562 Recurring 562 One-time 562 Continuous 562 Risk Analysis 563 Qualitative Risk Assessment 565 Quantitative Risk Assessment 565 Probability 567 Likelihood 569 Exposure Factor 570 Impact 571 Risk Register 572 Key Risk Indicators (KRIs) 572 Risk Owners 572 Risk Threshold 572 Risk Tolerance 574 Risk Appetite 574 Expansionary 574 Conservative 575 Neutral 575 Risk Management Strategies 575 Risk Transfer 576 Risk Acceptance 576 Risk Avoidance 576 Risk Mitigation 576 Risk Reporting 577 Business Impact Analysis 578 Recovery Time Objective (RTO) 579 Recovery Point Objective (RPO) 579 Mean Time to Repair (MTTR) 579 Mean Time Between Failures (MTBF) 580 Chapter Review Activities 582 Chapter 25 Understanding the Processes Associated with Third-Party Risk Assessment and Management 585 “Do I Know This Already?” Quiz 585 Foundation Topics 588 Vendor Assessment 588 Penetration Testing 589 Right-to-Audit Clause 589 Evidence of Internal Audits 590 Independent Assessments 590 Supply Chain Analysis 591 Vendor Selection 591 Due Diligence 592 Conflict of Interest 592 Agreement Types 593 Vendor Monitoring 594 Questionnaires 594 Rules of Engagement 595 Chapter Review Activities 595 Chapter 26 Summarizing Elements of Effective Security Compliance 599 “Do I Know This Already?” Quiz 599 Foundation Topics 602 Compliance Reporting 602 Internal Reporting 603 External Reporting 603 Consequences of Non-compliance 603 Fines 603 Sanctions 604 Reputational Damage 604 Loss of License 604 Contractual Impacts 605 Compliance Monitoring 605 Due Diligence/Care 605 Attestation and Acknowledgment 607 Internal and External 608 Automation 608 Privacy 609 Legal Implications 609 Data Subject 611 Controller vs. Processor 611 Ownership 612 Data Inventory and Retention 612 Right to Be Forgotten 613 Chapter Review Activities 613 Chapter 27 Understanding Types and Purposes of Audits and Assessments 617 “Do I Know This Already?” Quiz 617 Foundation Topics 620 Attestation 620 Internal 621 External 622 Penetration Testing 623 Chapter Review Activities 628 Chapter 28 Implementing Security Awareness Practices 631 “Do I Know This Already?” Quiz 631 Foundation Topics 634 Phishing 634 Anomalous Behavior Recognition 635 User Guidance and Training 638 Reporting and Monitoring 641 Development 642 Execution 642 Chapter Review Activities 643 Part VI: Final Preparation Chapter 29 Final Preparation 647 Hands-on Activities 647 Suggested Plan for Final Review and Study 648 Summary 648 Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 649 Online Elements Appendix B Study Planner Glossary of Key Terms 9780138293086 TOC 3/4/2024
  • Computer certification: CompTia
  • Network security
  • Professional & Vocational
Height:230
Width:190
Spine:35
Weight:1299.00
List Price: £47.99