CompTIA Security+ Review Guide E-Book

Table of Contents

Cover

Title Page

Copyright

Publisher's Note

Dedication

Acknowledgments

About the Author

Introduction

Security+ Acronyms

Chapter 1: Network Security

1.1 Implement security configuration parameters on network devices and other technologies

1.2 Given a scenario, use secure network administration principles

1.3 Explain network design elements and components

1.4 Given a scenario, implement common protocols and services

1.5 Given a scenario, troubleshoot security issues related to wireless networking

Review Questions

Chapter 2: Compliance and Operational Security

2.1 Explain the importance of risk-related concepts

2.2 Summarize the security implications of integrating systems and data with third parties

2.3 Given a scenario, implement appropriate risk-mitigation strategies

2.4 Given a scenario, implement basic forensic procedures

2.5 Summarize common incident response procedures

2.6 Explain the importance of security-related awareness and training

2.7 Compare and contrast physical security and environmental controls

Control types

2.8 Summarize risk-management best practices

2.9 Given a scenario, select the appropriate control to meet the goals of security

Review Questions

Chapter 3: Threats and Vulnerabilities

3.1 Explain types of malware

3.2 Summarize various types of attacks

3.3 Summarize social engineering attacks and the associated effectiveness with each attack

3.4 Explain types of wireless attacks

3.5 Explain types of application attacks

3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent techniques

3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities

3.8 Explain the proper use of penetration testing versus vulnerability scanning

Review Questions

Chapter 4: Application, Data, and Host Security

4.1 Explain the importance of application security controls and techniques

4.2 Summarize mobile security concepts and technologies

4.3 Given a scenario, select the appropriate solution to establish host security

4.4 Implement the appropriate controls to ensure data security

4.5 Compare and contrast alternative methods to mitigate security risks in static environments

Review Questions

Chapter 5: Access Control and Identity Management

5.1 Compare and contrast the function and purpose of authentication services.

5.2 Given a scenario, select the appropriate authentication, authorization, or access control.

5.3 Install and configure security controls when performing account management, based on best practices.

Review Questions

Chapter 6: Cryptography

6.1 Given a scenario, utilize general cryptography concepts

6.2 Given a scenario, use appropriate cryptographic methods

6.3 Given a scenario, use appropriate PKI, certificate management, and associated components

Review Questions

Appendix A: Answers to Review Questions

Chapter 1: Network Security

Chapter 2: Compliance and Operational Security

Chapter 3: Threats and Vulnerabilities

Chapter 4: Application, Data, and Host Security

Chapter 5: Access Control and Identity Management

Chapter 6: Cryptography

Appendix B: About the Additional Study Tools

Additional Study Tools

System Requirements

Using the Study Tools

Troubleshooting

Free Online Study Tools

End User License Agreement

Pages

xxv

xxvi

xxvii

xxviii

xxix

xxx

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

xxxvii

xxxviii

xxxix

xl

xli

xlii

xliii

xliv

xlv

xlvi

xlvii

xlviii

xlix

l

li

lii

liii

liv

lv

lvi

lvii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

359

360

361

362

363

364

365

367

368

369

370

Guide

Cover

Table of Contents

Introduction

Chapter 1: Network Security

List of Illustrations

Figure 1.1

Figure 1.2

Figure 1.3

Figure 1.4

Figure 1.5

Figure 1.6

Figure 1.7

Figure 1.8

Figure 1.9

Figure 1.10

Figure 1.11

Figure 1.12

Figure 1.13

Figure 1.14

Figure 1.15

Figure 1.16

Figure 1.17

Figure 1.18

Figure 1.19

Figure 1.20

Figure 1.21

Figure 1.22

Figure 1.23

Figure 1.24

Figure 2.1

Figure 2.2

Figure 2.3

Figure 2.4

Figure 2.5

Figure 2.6

Figure 3.1

Figure 3.2

Figure 3.3

Figure 3.4

Figure 3.5

Figure 3.6

Figure 3.7

Figure 3.8

Figure 3.9

Figure 3.10

Figure 5.1

Figure 5.2

Figure 5.3

Figure 5.4

Figure 5.5

Figure 5.6

Figure 5.7

Figure 6.1

Figure 6.2

Figure 6.3

Figure 6.4

Figure 6.5

Figure 6.6

Figure 6.7

Figure 6.8

Figure 6.9

Figure 6.10

Figure 6.11

Figure 6.12

Figure 6.13

Figure 6.14

Figure 6.15

Figure 6.16

Figure 6.17

List of Tables

Table 1.1

Table 1.2

Table 1.3

Table 1.4

Table 5.1

Table 6.1

Table 6.2

CompTIA® Security+™

Senior Acquisitions Editor: Jeff Kellum

Development Editor: Amy Breguet

Technical Editors: Josh More and Buzz Murphy

Production Editor: Christine O'Connor

Copy Editor: Tiffany Taylor

Editorial Manager: Pete Gaughan

Vice President and Executive Group Publisher: Richard Swadley

Associate Publisher: Chris Webb

Media Project Manager 1: Laura Moss-Hollister

Media Associate Producer: Josh Frank

Media Quality Assurance: Doug Kuhn

Book Designers: Judy Fung and Bill Gibson

Proofreader: Louise Watson and Jenn Bennett, Word One New York

Indexer: Nancy Guenther

Project Coordinator, Cover: Todd Klemme

Cover Designer: Wiley

Copyright © 2014 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-118-90137-3

ISBN: 978-1-118-90142-7 (ebk.)

ISBN: 978-1-118-92290-3 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2014930404

TRADEMARKS: Wiley and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission is a registered trademark of. CompTIA and Security+ are trademarks or registered trademarks of Computing Technology Industry Association, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Dear Reader,

Thank you for choosing CompTIA Security+ Review Guide. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.

Sybex was founded in 1976. More than 30 years later, we're still committed to producing consistently exceptional books. With each of our titles, we're working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available.

I hope you see all that reflected in these pages. I'd be very interested to hear your comments and get your feedback on how we're doing. Feel free to let me know what you think about this or any other Sybex book by sending me an email at [email protected]. If you think you've found a technical error in this book, please visit http://sybex.custhelp.com. Customer feedback is critical to our efforts at Sybex.

To Catharine Renee Stewart: Aw, it's a helluva ride … Yeah, it's a helluva life.

Acknowledgments

Thanks to all those at Sybex who continue to allow me to do what I enjoy most—impart knowledge to others. Thanks to Jeff Kellum, acquisitions editor, and the whole Sybex crew for professional juggling services adequately rendered. Thanks to my editors: developmental editor, Amy Breguet, and technical editor, Josh More. To my parents: Dave—Dad, I miss you; and Johnnie—Mom, thanks for your love and consistent support. To Mark: I have been and always shall be your friend. And finally, as always, to Elvis: you were pioneering in recognizing that everything is better with bacon!

About the Author

James Michael Stewart has been working with computers and technology since 1983 (although officially as a career since 1994). His work focuses on Windows, certification, and security. Recently, Michael has been teaching job skill and certification courses, such as CISSP, CEH, CHFI, and Security+. Michael has contributed to many Security+ focused materials, including exam preparation guides, practice exams, DVD video instruction, and courseware. In addition, Michael has co-authored numerous books on other security and IT certification and administration topics. He has developed certification courseware and training materials as well as presented these materials in the classroom. Michael holds numerous certifications, including Sec+, CISSP, and CEH. Michael graduated in 1992 from the University of Texas at Austin with a bachelor's degree in philosophy. Despite his degree, his computer knowledge is self-acquired, based on seat-of-the-pants, hands-on “street smarts” experience. You can reach Michael by email at [email protected].

Introduction

The Security+ certification program was developed by the Computer Technology Industry Association (CompTIA) to provide an industry-wide means of certifying the competency of computer service technicians in the basics of computer security. The Security+ certification is granted to those who have attained the level of knowledge and security skills that show a basic competency with security needs of both personal and corporate computing environments. CompTIA's exam objectives are periodically updated to keep their exams applicable to the most recent developments. The most recent update, labeled as SY0–401, occurred in spring 2014. This book focuses on these newly revised certification objectives.

What Is Security+ Certification?

The Security+ certification was created to offer an introductory step into the complex world of IT security. You only need to pass a single exam to become Security+ certified. However, obtaining this certification doesn't mean you can provide realistic security services to a company. In fact, this is just the first step toward true security knowledge and experience. By obtaining Security+ certification, you should be able to acquire more security experience in order to pursue more complex and in-depth security knowledge and certification.

For the latest pricing on the exam and updates to the registration procedures, please visit www.vue.com. If you have further questions about the scope of the exams or related CompTIA programs, refer to the CompTIA website at www.comptia.org.

Is This Book for You?

CompTIA Security+ Review Guide: SY0-401 is designed to be a succinct, portable exam review guide. It can be used in conjunction with a more complete Security+ 2014 study guide, such as Sybex's CompTIA Security+ Study Guide: SY0-401 (ISBN: 9781118875070), computer-based training (CBT) courseware, and a classroom/lab environment; or as an exam review for those who don't feel the need for more extensive test preparation. It isn't our goal to give away the answers, but rather to identify those topics on which you can expect to be tested and to provide sufficient coverage of these topics.

Perhaps you've been working with information technologies for years. The thought of paying lots of money for a specialized IT exam-preparation course probably doesn't sound appealing. What can they teach you that you don't already know, right? Be careful, though—many experienced network administrators have walked confidently into the test center only to walk sheepishly out of it after failing an IT exam. After you've finished reading this book, you should have a clear idea of how your understanding of the technologies involved matches up with the expectations of the Security+ test makers.

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!