CompTIA Security+ Study Guide with over 500 Practice Test Questions E-Book

Table of Contents

Cover

Table of Contents

Title Page

Copyright

Dedication

Acknowledgments

About the Authors

About the Technical Editor

About the Technical Proofreader

Introduction

The Security+ Exam

What Does This Book Cover?

Exam SY0-701 Exam Objectives

SY0-701 Certification Exam Objective Map

Assessment Test

Answers to Assessment Test

Chapter 1: Today's Security Professional

Cybersecurity Objectives

Data Breach Risks

Implementing Security Controls

Data Protection

Summary

Exam Essentials

Review Questions

Chapter 2: Cybersecurity Threat Landscape

Exploring Cybersecurity Threats

Threat Data and Intelligence

Summary

Exam Essentials

Review Questions

Chapter 3: Malicious Code

Malware

Summary

Exam Essentials

Review Questions

Chapter 4: Social Engineering and Password Attacks

Social Engineering and Human Vectors

Password Attacks

Summary

Exam Essentials

Review Questions

Chapter 5: Security Assessment and Testing

Vulnerability Management

Vulnerability Classification

Penetration Testing

Audits and Assessments

Vulnerability Life Cycle

Summary

Exam Essentials

Review Questions

Chapter 6: Application Security

Software Assurance Best Practices

Designing and Coding for Security

Software Security Testing

Injection Vulnerabilities

Exploiting Authentication Vulnerabilities

Exploiting Authorization Vulnerabilities

Exploiting Web Application Vulnerabilities

Application Security Controls

Secure Coding Practices

Automation and Orchestration

Summary

Exam Essentials

Review Questions

Chapter 7: Cryptography and the PKI

An Overview of Cryptography

Goals of Cryptography

Cryptographic Concepts

Modern Cryptography

Symmetric Cryptography

Asymmetric Cryptography

Hash Functions

Digital Signatures

Public Key Infrastructure

Asymmetric Key Management

Cryptographic Attacks

Emerging Issues in Cryptography

Summary

Exam Essentials

Review Questions

Chapter 8: Identity and Access Management

Identity

Authentication and Authorization

Authentication Methods

Accounts

Access Control Schemes

Summary

Exam Essentials

Review Questions

Chapter 9: Resilience and Physical Security

Resilience and Recovery in Security Architectures

Response and Recovery Controls

Physical Security Controls

Summary

Exam Essentials

Review Questions

Chapter 10: Cloud and Virtualization Security

Exploring the Cloud

Virtualization

Cloud Infrastructure Components

Cloud Security Issues

Hardening Cloud Infrastructure

Summary

Exam Essentials

Review Questions

Chapter 11: Endpoint Security

Operating System Vulnerabilities

Hardware Vulnerabilities

Protecting Endpoints

Hardening Techniques

Operating System Hardening

Securing Embedded and Specialized Systems

Asset Management

Summary

Exam Essentials

Review Questions

Chapter 12: Network Security

Designing Secure Networks

Secure Protocols

Network Attacks

Summary

Exam Essentials

Review Questions

Chapter 13: Wireless and Mobile Security

Building Secure Wireless Networks

Managing Secure Mobile Devices

Summary

Exam Essentials

Review Questions

Chapter 14: Monitoring and Incident Response

Incident Response

Incident Response Data and Tools

Mitigation and Recovery

Summary

Exam Essentials

Review Questions

Chapter 15: Digital Forensics

Digital Forensic Concepts

Conducting Digital Forensics

Reporting

Digital Forensics and Intelligence

Summary

Exam Essentials

Review Questions

Chapter 16: Security Governance and Compliance

Security Governance

Understanding Policy Documents

Change Management

Personnel Management

Third-Party Risk Management

Complying with Laws and Regulations

Adopting Standard Frameworks

Security Awareness and Training

Summary

Exam Essentials

Review Questions

Chapter 17: Risk Management and Privacy

Analyzing Risk

Managing Risk

Risk Tracking

Disaster Recovery Planning

Privacy

Summary

Exam Essentials

Review Questions

Appendix: Answers to Review Questions

Chapter 1: Today's Security Professional

Chapter 2: Cybersecurity Threat Landscape

Chapter 3: Malicious Code

Chapter 4: Social Engineering and Password Attacks

Chapter 5: Security Assessment and Testing

Chapter 6: Application Security

Chapter 7: Cryptography and the PKI

Chapter 8: Identity and Access Management

Chapter 9: Resilience and Physical Security

Chapter 10: Cloud and Virtualization Security

Chapter 11: Endpoint Security

Chapter 12: Network Security

Chapter 13: Wireless and Mobile Security

Chapter 14: Monitoring and Incident Response

Chapter 15: Digital Forensics

Chapter 16: Security Governance and Compliance

Chapter 17: Risk Management and Privacy

Index

End User License Agreement

List of Tables

Chapter 5

TABLE 5.1 CVSS attack vector metric

TABLE 5.2 CVSS attack complexity metric

TABLE 5.3 CVSS privileges required metric

TABLE 5.4 CVSS user interaction metric

TABLE 5.5 CVSS confidentiality metric

TABLE 5.6 CVSS integrity metric

TABLE 5.7 CVSS availability metric

TABLE 5.8 CVSS scope metric

TABLE 5.9 CVSS Qualitative Severity Rating Scale

Chapter 7

TABLE 7.1 Comparison of symmetric and asymmetric cryptography systems

TABLE 7.2 Digital certificate formats

Chapter 9

TABLE 9.1 RAID levels, advantages, and disadvantages

Chapter 11

TABLE 11.1 Common ports and services

Chapter 12

TABLE 12.1 Example network ACLs

TABLE 12.2 Secure and unsecure protocols

Chapter 13

TABLE 13.1 Wi-Fi standards, maximum theoretical speed, and frequencies

TABLE 13.2 Mobile device deployment and management options

Chapter 16

TABLE 16.1 NIST Cybersecurity Framework implementation tiers

List of Illustrations

Chapter 1

FIGURE 1.1 The three key objectives of cybersecurity programs are confidenti...

FIGURE 1.2 The three key threats to cybersecurity programs are disclosure, a...

Chapter 2

FIGURE 2.1 Logo of the hacktivist group Anonymous

FIGURE 2.2 Dark web market

FIGURE 2.3 Alert listing from the CISA website

FIGURE 2.4 Check Point Cyber Threat Map

Chapter 3

FIGURE 3.1 Trojan application download and infection process

FIGURE 3.2 Fileless virus attack chain

Chapter 4

FIGURE 4.1 Brand impersonation email

FIGURE 4.2 John the Ripper

Chapter 5

FIGURE 5.1 Qualys asset map

FIGURE 5.2 Configuring a Nessus scan

FIGURE 5.3 Sample Nessus scan report

FIGURE 5.4 Nessus scan templates

FIGURE 5.5 Disabling unused plug-ins

FIGURE 5.6 Configuring credentialed scanning

FIGURE 5.7 Choosing a scan appliance

FIGURE 5.8 Nessus vulnerability in the NIST National Vulnerability Database...

FIGURE 5.9 Nessus Automatic Updates

FIGURE 5.10 Nikto web application scanner

FIGURE 5.11 Arachni web application scanner

FIGURE 5.12 Nessus vulnerability scan report

FIGURE 5.13 Missing patch vulnerability

FIGURE 5.14 Unsupported operating system vulnerability

FIGURE 5.15 Debug mode vulnerability

FIGURE 5.16 FTP cleartext authentication vulnerability

FIGURE 5.17 Insecure SSL cipher vulnerability

FIGURE 5.18 Vulnerability life cycle

Chapter 6

FIGURE 6.1 High-level SDLC view

FIGURE 6.2 The CI/CD pipeline

FIGURE 6.3 Account number input page

FIGURE 6.4 Account information page

FIGURE 6.5 Account information page after blind SQL injection

FIGURE 6.6 Account creation page

FIGURE 6.7 Zyxel router default password

FIGURE 6.8 Session authentication with cookies

FIGURE 6.9 Session cookie from

Cable News Network

FIGURE 6.10 Session replay

FIGURE 6.11 Example web server directory structure

FIGURE 6.12 Message board post rendered in a browser

FIGURE 6.13 XSS attack rendered in a browser

FIGURE 6.14 Web application firewall

FIGURE 6.15 SQL error disclosure

Chapter 7

FIGURE 7.1 Vigenère cipher table

FIGURE 7.2 A simple transposition cipher in action

FIGURE 7.3 Enigma machine from the National Security Agency's National Crypt...

FIGURE 7.4 OpenStego steganography tool

FIGURE 7.5 Image with embedded message

FIGURE 7.6 Challenge-response authentication protocol

FIGURE 7.7 Symmetric key cryptography

FIGURE 7.8 Asymmetric key cryptography

Chapter 8

FIGURE 8.1 CHAP challenge and response sequence

FIGURE 8.2 802.1X authentication architecture with EAP, RADIUS, and LDAP

FIGURE 8.3 Kerberos authentication process

FIGURE 8.4 LDAP organizational hierarchy

FIGURE 8.5 Windows local password policy options

FIGURE 8.6 Windows Credential Manager

FIGURE 8.7 A Titan USB security key

FIGURE 8.8 Google authenticator showing TOTP code generation

FIGURE 8.9 An HOTP PayPal token

FIGURE 8.10 Linux/Unix file permissions

FIGURE 8.11 Windows file permissions

Chapter 9

FIGURE 9.1 A bollard

FIGURE 9.2 An access control vestibule

Chapter 10

FIGURE 10.1 (a) Vertical scaling vs. (b) Horizontal scaling

FIGURE 10.2 Thin clients, such as this Samsung Google Chromebook, are suffic...

FIGURE 10.3 AWS Lambda function-as-a-service environment

FIGURE 10.4 HathiTrust is an example of community cloud computing.

FIGURE 10.5 AWS Outposts offer hybrid cloud capability.

FIGURE 10.6 Shared responsibility model for cloud computing

FIGURE 10.7 Cloud Reference Architecture

FIGURE 10.8 Cloud Controls Matrix excerpt

FIGURE 10.9 Type I hypervisor

FIGURE 10.10 Type II hypervisor

FIGURE 10.11 Provisioning a virtualized server in AWS

FIGURE 10.12 Connecting to an AWS virtual server instance with SSH

FIGURE 10.13 Connecting to an AWS virtual server instance with RDP

FIGURE 10.14 AWS Elastic Block Storage (EBS) volumes

FIGURE 10.15 AWS Simple Storage Service (S3) bucket

FIGURE 10.16 Enabling full-disk encryption on an EBS volume

FIGURE 10.17 Security group restricting access to a cloud server

FIGURE 10.18 Creating a virtual private cloud

FIGURE 10.19 Creating an EC2 instance with CloudFormation JSON

FIGURE 10.20 Limiting the datacenter regions used for a Zoom meeting

Chapter 11

FIGURE 11.1 UEFI Secure boot high-level process

FIGURE 11.2 Host firewalls and IPS systems vs. network firewalls and IPS sys...

FIGURE 11.3

Services.msc

showing Remote Desktop Services set to manual

FIGURE 11.4 Windows Local Security Policy

FIGURE 11.5 Policy Analyzer using Microsoft's baseline against a default Win...

FIGURE 11.6 A SCADA system showing PLCs and RTUs with sensors and equipment...

Chapter 12

FIGURE 12.1 NIST Zero Trust core trust logical components

FIGURE 12.2 Inline IPS vs. passive IDS deployment using a tap or SPAN port

FIGURE 12.3 Screened subnet

FIGURE 12.4 Communications before and after an on-path attack

FIGURE 12.5 Reputation data for

gmail.com

FIGURE 12.6 A SYN flood shown in Wireshark

Chapter 13

FIGURE 13.1 Point-to-point and point-to-multipoint network designs

FIGURE 13.2 Evil twin pretending to be a legitimate access point

FIGURE 13.3 A wireless heatmap showing the wireless signal available from an...

FIGURE 13.4 Overlap map of the North American 2.4 GHz Wi-Fi channels

Chapter 14

FIGURE 14.1 The incident response cycle

FIGURE 14.2 MITRE's ATT&CK framework example of attacks against cloud instan...

FIGURE 14.3 The AlienVault SIEM default dashboard

FIGURE 14.4 Trend analysis via a SIEM dashboard

FIGURE 14.5 Alerts and alarms in the AlienVault SIEM

FIGURE 14.6 Rule configuration in AlienVault

FIGURE 14.7 The Windows Event Viewer showing a security log with an audit ev...

FIGURE 14.8 The Windows Event Viewer showing an application log event

Chapter 15

FIGURE 15.1 The order of volatility

FIGURE 15.2 A sample chain-of-custody form

FIGURE 15.3 Output from a completed FTK Imager image

FIGURE 15.4 FTK Imager's Memory Capture dialog box

FIGURE 15.5 FTK Imager's evidence item documentation

FIGURE 15.6 Selecting the type of image or data to import

FIGURE 15.7 Ingestion modules in Autopsy

FIGURE 15.8 Using the Autopsy file discovery tool to identify images in an i...

FIGURE 15.9 Timelining in Autopsy to identify events related to the investig...

Chapter 16

FIGURE 16.1 Typical corporate governance model

FIGURE 16.2 Excerpt from CMS roles and responsibilities chart

FIGURE 16.3 Excerpt from UC Berkeley Minimum Security Standards for Electron...

FIGURE 16.4 Web server and database server

FIGURE 16.5 NIST Cybersecurity Framework Core Structure

FIGURE 16.6 Asset Management Cybersecurity Framework

FIGURE 16.7 NIST Risk Management Framework

FIGURE 16.8 Windows Server 2022 Security Benchmark Excerpt

FIGURE 16.9 Security awareness poster

Chapter 17

FIGURE 17.1 Risk exists at the intersection of a threat and a corresponding ...

FIGURE 17.2 Qualitative risk analyses use subjective rating scales to evalua...

FIGURE 17.3 (a) STOP tag attached to a device. (b) Residue remaining on devi...

FIGURE 17.4 Risk register excerpt

FIGURE 17.5 Risk matrix

FIGURE 17.6 Cover sheets used to identify classified U.S. government informa...

Guide

Cover Page

Title Page

Copyright

Dedication

Acknowledgments

About the Authors

About the Technical Editor

About the Technical Proofreader

Introduction

Table of Contents

Begin Reading

Appendix: Answers to Review Questions

Index

End User License Agreement

Pages

v

vi

vii

ix

xi

xiii

xv

xxxi

xxxii

xxxiii

xxxiv

xxxv

xxxvi

xxxvii

xxxviii

xxxix

xl

xli

xlii

xliii

xliv

xlv

xlvi

xlvii

xlviii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

587

588

589

590

591

592

593

594

595

596

597

598

599

600

601

602

603

604

605

606

607

608

609

610

611

612

613

614

615

616

617

618

619

620

621

622

623

624

625

626

627

629

630

631

632

633

634

635

636

637

638

639

640

641

642

643

644

645

646

647

648

649

650

651

652

653

CompTIA®Security+®Study Guide

Exam SY0-701

Ninth Edition

Copyright © 2024 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.Published simultaneously in Canada and the United Kingdom.

ISBNs: 9781394211418 (paperback), 9781394211432 (ePDF), 9781394211425 (ePub)

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.

Trademarks: WILEY, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. CompTIA and Security+ are registered trademarks of CompTIA, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and authors have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Control Number: 2023945962

Cover image: © Jeremy Woodhouse/Getty Images, Inc.Cover design: Wiley

To my mother, Grace. Thank you for encouraging my love of writing since I first learned to pick up a pencil.

—Mike

To my niece, Selah, whose imagination and joy in discovery inspires me every time I hear a new Hop Cheep story, and to my sister Susan and brother-in-law Ben, who encourage her to bravely explore the world around them.

—David

Acknowledgments

Books like this involve work from many people, and as authors, we truly appreciate the hard work and dedication that the team at Wiley shows. We would especially like to thank Senior Acquisitions Editor Kenyon Brown. We have collaborated with Ken on multiple projects and consistently enjoy our work with him.

We owe a great debt of gratitude to Runzhi “Tom” Song, Mike's research assistant at Notre Dame. Tom's assistance with the instructional materials that accompany this book was invaluable.

We also greatly appreciate the editing and production team for this book, including Lily Miller, our project editor, who brought years of experience and great talent to the project; Chris Crayton, our technical editor, and Shahla Pirnia, our technical proofreader who both provided insightful advice and gave wonderful feedback throughout the book; and Saravanan Dakshinamurthy, our production editor, who guided us through layouts, formatting, and final cleanup to produce a great book. We would also like to thank the many behind-the-scenes contributors, including the graphics, production, and technical teams who make the book and companion materials into a finished product.

Our agent, Carole Jelen of Waterside Productions, continues to provide us with wonderful opportunities, advice, and assistance throughout our writing careers.

Finally, we would like to thank our families and significant others who support us through the late evenings, busy weekends, and long hours that a book like this requires to write, edit, and get to press.

About the Authors

Mike Chapple, Ph.D., Security+, CySA+, CISSP, is author of the best-selling CISSP (ISC)2Certified Information Systems Security Professional Official Study Guide (Sybex, 2021) and the CISSP (ISC)2Official Practice Tests (Sybex, 2021). He is an information security professional with two decades of experience in higher education, the private sector, and government.

Mike currently serves as Teaching Professor in the IT, Analytics, and Operations department at the University of Notre Dame's Mendoza College of Business, where he teaches undergraduate and graduate courses on cybersecurity, data management, and business analytics.

Before returning to Notre Dame, Mike served as executive vice president and chief information officer of the Brand Institute, a Miami-based marketing consultancy. Mike also spent four years in the information security research group at the National Security Agency and served as an active duty intelligence officer in the U.S. Air Force.

Mike is technical editor for Information Security Magazine and has written more than 25 books. He earned both his B.S. and Ph.D. degrees from Notre Dame in computer science and engineering. Mike also holds an M.S. in computer science from the University of Idaho and an MBA from Auburn University. Mike holds the Cybersecurity Analyst+ (CySA+), Security+, Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), and Certified Information Systems Security Professional (CISSP) certifications.

Learn more about Mike and his other IT certification materials at his website, CertMike.com.

David Seidl, CySA+, CISSP, Pentest+, is Vice President for Information Technology and CIO at Miami University, where he leads an award-winning team of IT professionals. During his IT career, he has served in a variety of technical and information security roles, including serving as the Senior Director for Campus Technology Services at the University of Notre Dame, where he co-led Notre Dame's move to the cloud and oversaw cloud operations, ERP, databases, identity management, and a broad range of other technologies and services. He also served as Notre Dame's Director of Information Security and led Notre Dame's information security program. He has taught information security and networking undergraduate courses as an instructor for Notre Dame's Mendoza College of Business. David is a best-selling author who specializes in cybersecurity certification and cyberwarfare and has written over 20 books on the topic.

David holds a bachelor's degree in communication technology and a master's degree in information security from Eastern Michigan University, as well as CISSP, CySA+, Pentest+, GPEN, and GCIH certifications.

About the Technical Editor

Chris Crayton, MCSE, CISSP, CASP+, CySA+, A+, N+, S+, is a technical consultant, trainer, author, and industry-leading technical editor. He has worked as a computer technology and networking instructor, information security director, network administrator, network engineer, and PC specialist. Chris has served as technical editor and content contributor on numerous technical titles for several of the leading publishing companies. He has also been recognized with many professional and teaching awards.

About the Technical Proofreader

Shahla Pirnia is a freelance technical editor and proofreader with a focus on cybersecurity and certification topics. She currently serves as a technical editor for CertMike.com where she works on projects including books, video courses, and practice tests.

Shahla earned BS degrees in Computer and Information Science and Psychology from the University of Maryland Global Campus, coupled with an AA degree in Information Systems from Montgomery College, Maryland. Shahla's IT certifications include the CompTIA Security+, Network+, A+ and the ISC2 CC.

Introduction

If you're preparing to take the Security+ exam, you'll undoubtedly want to find as much information as you can about computer and physical security. The more information you have at your disposal and the more hands-on experience you gain, the better off you'll be when attempting the exam. This study guide was written with that in mind. The goal was to provide enough information to prepare you for the test but not so much that you'll be overloaded with information that's outside the scope of the exam.

This book presents the material at an intermediate technical level. Experience with and knowledge of security concepts, operating systems, and application systems will help you get a full understanding of the challenges you'll face as a security professional.

We've included review questions at the end of each chapter to give you a taste of what it's like to take the exam. If you're already working in the security field, we recommend that you check out these questions first to gauge your level of expertise. You can then use the book mainly to fill in the gaps in your current knowledge. This study guide will help you round out your knowledge base before tackling the exam.

If you can answer 90 percent or more of the review questions correctly for a given chapter, you can feel safe moving on to the next chapter. If you're unable to answer that many correctly, reread the chapter and try the questions again. Your score should improve.

 Don't just study the questions and answers! The questions on the actual exam will be different from the practice questions included in this book. The exam is designed to test your knowledge of a concept or objective, so use this book to learn the objectives behind the questions.

The Security+ Exam

The Security+ exam is designed to be a vendor-neutral certification for cybersecurity professionals and those seeking to enter the field. CompTIA recommends this certification for those currently working, or aspiring to work, in roles such as the following:

Systems Administrator

Security Administrator

Tier II IT Support Technician

IT Support Manager

Cybersecurity Analyst

Business Analyst

The exam covers five major domains:

General Security Concepts

Threats, Vulnerabilities, and Mitigations

Security Architecture

Security Operations

Security Program Management and Oversight

These five areas include a range of topics, from firewall design to incident response and forensics, while focusing heavily on scenario-based learning. That's why CompTIA recommends that those attempting the exam have CompTIA Network+ and two years of experience working in a security/systems administrator job role, although many individuals pass the exam before moving into their first cybersecurity role.

CompTIA describes the Security+ exam as verifying that you have the knowledge and skills required to:

Assess the security posture of enterprise environments

Recommend and implement appropriate security solutions

Monitor and secure hybrid environments

Operate with the awareness of applicable regulations and policies

Identify, analyze, and respond to security events and incidents

The Security+ exam is conducted in a format that CompTIA calls “performance-based assessment.” This means that the exam combines standard multiple-choice questions with other, interactive question formats. Your exam may include several types of questions, such as multiple-choice, fill-in-the-blank, multiple-response, drag-and-drop, and image-based problems.

The exam costs $392 in the United States, with roughly equivalent prices in other locations around the globe. You can find more details about the Security+ exam and how to take it at

www.comptia.org/certifications/security

You'll have 90 minutes to take the exam and will be asked to answer up to 90 questions during that time period. Your exam will be scored on a scale ranging from 100 to 900, with a passing score of 750.

You should also know that CompTIA is notorious for including vague questions on all of its exams. You might see a question for which two of the possible four answers are correct—but you can choose only one. Use your knowledge, logic, and intuition to choose the best answer and then move on. Sometimes, the questions are worded in ways that would make English majors cringe—a typo here, an incorrect verb there. Don't let this frustrate you; answer the question and move on to the next one.

 CompTIA frequently does what is called item seeding, which is the practice of including unscored questions on exams. It does so to gather psychometric data, which is then used when developing new versions of the exam. Before you take the exam, you will be told that your exam may include these unscored questions. So, if you come across a question that does not appear to map to any of the exam objectives—or for that matter, does not appear to belong in the exam—it is likely a seeded question. You never really know whether or not a question is seeded, however, so always make your best effort to answer every question.

Taking the Exam

Once you are fully prepared to take the exam, you can visit the CompTIA website to purchase your exam voucher:

http://store.comptia.org

Currently, CompTIA offers two options for taking the exam: an in-person exam at a testing center and an at-home exam that you take on your own computer.

 This book includes a coupon that you may use to save 10 percent on your CompTIA exam registration.

In-Person Exams

CompTIA partners with Pearson VUE's testing centers, so your next step will be to locate a testing center near you. In the United States, you can do this based on your address or your ZIP code, while non-U.S. test takers may find it easier to enter their city and country. You can search for a test center near you at the Pearson VUE website, where you will need to navigate to “Find a test center.”

www.pearsonvue.com/comptia

Now that you know where you'd like to take the exam, you'll need to create a CompTIA account then schedule via Pearson VUE.

On the day of the test, take two forms of identification, and be sure to show up with plenty of time before the exam starts. Remember that you will not be able to take your notes, electronic devices (including smartphones and watches), or other materials in with you.

At-Home Exams

CompTIA began offering online exam proctoring in 2020 in response to the coronavirus pandemic. As of the time this book went to press, the at-home testing option was still available and appears likely to continue. Candidates using this approach will take the exam at their home or office and be proctored over a webcam by a remote proctor.

Due to the rapidly changing nature of the at-home testing experience, candidates wishing to pursue this option should check the CompTIA website for the latest details.

After the Security+ Exam

Once you have taken the exam, you will be notified of your score immediately, so you'll know if you passed the test right away. You should keep track of your score report with your exam registration records and the email address you used to register for the exam.

Maintaining Your Certification

Like many other CompTIA certifications, the Security+ credential must be renewed on a periodic basis. To renew your certification, you can either pass the most current version of the exam, earn a qualifying higher-level CompTIA or industry certification, complete a CompTIA Certmaster CE course, or complete sufficient continuing education activities to earn enough continuing education units (CEUs) to renew it.

CompTIA provides information on renewals via their website at

www.comptia.org/continuing-education

When you sign up to renew your certification, you will be asked to agree to the CE program's Code of Ethics, to pay a renewal fee, and to submit the materials required for your chosen renewal method.

A full list of the industry certifications you can use to acquire CEUs toward renewing the Security+ can be found at

www.comptia.org/continuing-education/choose/renew-with-a-single-activity/earn-non-comptia-it-industry-certifications

What Does This Book Cover?

This book covers everything you need to know to understand the job role and basic responsibilities of a security administrator and also to pass the Security+ exam.

Chapter 1

: Today's Security Professional

Chapter 1

provides an introduction to the field of cybersecurity. You'll learn about the crucial role that cybersecurity professionals play in protecting the confidentiality, integrity, and availability of their organization's data. You'll also learn about the type of risks facing organizations and the use of managerial, operational, and technical security controls to manage those risks.

Chapter 2

: Cybersecurity Threat Landscape

Chapter 2

dives deeply into the cybersecurity threat landscape, helping you understand the different types of threat actors present in today's environment and the threat vectors that they exploit to undermine security controls. You'll also learn about the use of threat intelligence sources to improve your organization's security program and the security issues that arise from different types of vulnerability.

Chapter 3

: Malicious Code

Chapter 3

explores the wide range of malicious code that you may encounter. Worms, viruses, Trojans, ransomware, and a host of other types of malware are all covered in this chapter. You'll learn about not only the many tools attackers use but also common indicators of compromise and real-world examples of how malware impacts organizations.

Chapter 4

: Social Engineering and Password Attacks

Chapter 4

dives into the human side of information security. You'll explore social engineering techniques ranging from phishing to impersonation as well as misinformation and disinformation techniques. Next, you'll dig into password attacks such as brute-force attacks and password spraying.

Chapter 5

: Security Assessment and Testing

Chapter 5

explores the different types of security assessments and testing procedures that you may use to evaluate the effectiveness of your security program. You'll learn about the different assessment techniques used by cybersecurity professionals and the proper conduct of penetration tests in a variety of settings. You'll also learn how to develop an assessment program that meets your organization's security requirements.

Chapter 6

: Application Security

Chapter 6

covers the security issues that may arise within application code and the indicators associated with application attacks. You'll learn about the use of secure application development, deployment, and automation concepts and discover how you can help your organization develop and deploy code that is resilient against common threats.

Chapter 7

: Cryptography and the PKI

Chapter 7

explains the critical role that cryptography plays in security programs by facilitating secure communication and secure storage of data. You'll learn basic cryptographic concepts and how you can use them to protect data in your own environment. You'll also learn about common cryptographic attacks that might be used to undermine your controls.

Chapter 8

: Identity and Access Management

Chapter 8

explains the use of identity as a security layer for modern organizations. You'll learn about the components of an identity, how authentication and authorization works and what technologies are often deployed to enable it, and how single sign-on, federation, and authentication models play into an authentication and authorization infrastructure. You'll also learn about multifactor authentication and biometrics as methods to help provide more secure authentication. Accounts, access control schemes, and permissions also have a role to play, and you'll explore each of those topics as well.

Chapter 9

: Resilience and Physical Security

Chapter 9

walks you through physical security concepts. Without physical security, an organization cannot have a truly secure environment. In this chapter, you'll learn about building resilient and disaster-resistant infrastructure using backups and redundancy. You'll explore the considerations organizations need to account for when designing security architecture, and you'll learn about a broad range of physical security controls to ensure that facilities and systems remain secure from in-person disasters, attacks, and other threats. Along the way, you'll dive into resilience and how it can be designed into your organization's architecture.

Chapter 10

: Cloud and Virtualization Security

Chapter 10

explores the world of cloud computing and virtualization security. Many organizations now deploy critical business applications in the cloud and use cloud environments to process sensitive data. You'll learn how organizations make use of cloud services available to them and how they build cloud architectures that meet their needs. You'll also learn how to manage the cybersecurity risk of cloud services by using a combination of traditional and cloud-specific controls.

Chapter 11

: Endpoint Security

Chapter 11

provides an overview of the many types of endpoints that you may need to secure. You'll explore workstation and mobile device security, as well as how to secure embedded systems, industrial control systems, and Internet of Things devices. Endpoints also need security solutions like encryption and secure boot processes, and you'll explore each of these as well. Next, you'll look at hardening, mitigation techniques, and security life cycles, including disposal of systems, storage, and other components of your technology infrastructure.

Chapter 12

: Network Security

Chapter 12

covers network security from architecture and design to network attacks and defenses. You'll explore common network attack techniques and threats, and you'll learn about protocols, technologies, design concepts, and implementation techniques for secure networks to counter or avoid those threats. In addition, you'll learn about zero trust's role in modern secure network design.

Chapter 13

: Wireless and Mobile Security

Chapter 13

explores the world of wireless and mobile security. You'll learn how an ever-increasing variety of wireless technologies work, ranging from GPS and Bluetooth to Wi-Fi. You'll learn about some common wireless attacks and how to design and build a secure wireless environment. You'll also learn about the technologies and design used to secure and protect wireless devices like mobile device management and device deployment methods.

Chapter 14

: Monitoring and Incident Response

Chapter 14

walks you through what to do when things go wrong. Incidents are a fact of life for security professionals, and you'll learn about incident response policies, procedures, and techniques. You'll also learn where and how to get information you need for response processes, what tools are commonly used, and what mitigation techniques are used to control attacks and remediate systems after they occur.

Chapter 15

: Digital Forensics

Chapter 15

explores digital forensic techniques and tools. You'll learn how to uncover evidence as part of investigations, key forensic tools, and processes, and how they can be used together to determine what went wrong. You'll also learn about the legal and evidentiary processes needed to conduct forensics when law enforcement or legal counsel is involved.

Chapter 16

: Security Governance and Compliance

Chapter 16

dives into the world of policies, standards, and compliance—crucial building blocks of any cybersecurity program's foundation. You'll learn how to write and enforce policies covering personnel, training, data, credentials, and other issues. You'll also learn the importance of understanding the regulations, laws, and standards governing an organization and managing compliance with those requirements.

Chapter 17

: Risk Management and Privacy

Chapter 17

describes the risk management and privacy concepts that are crucial to the work of cybersecurity professionals. You'll learn about the risk management process, including the identification, assessment, and management of risks. You'll also learn about the consequences of privacy breaches and the controls that you can put in place to protect the privacy of personally identifiable information.

Study Guide Elements

This study guide uses a number of common elements to help you prepare. These include the following:

Exam Notes

 Exam Notes are presented in each chapter to alert you of important exam objective–related information.

Summary

 The Summary section of each chapter briefly explains the chapter, allowing you to easily understand what it covers.

Exam Essentials

 The Exam Essentials focus on major exam topics and critical knowledge that you should take into the test. The Exam Essentials focus on the exam objectives provided by CompTIA.

Review Questions

 A set of questions at the end of each chapter will help you assess your knowledge and whether you are ready to take the exam based on your knowledge of that chapter's topics.

Interactive Online Learning Environment and Test Bank

We've put together some really great online tools to help you pass the CompTIA Security+ exam. The interactive online learning environment that accompanies CompTIA® Security+® Study Guide: Exam SY0-701, Ninth Edition provides a test bank and study tools to help you prepare for the exam. By using these tools, you can dramatically increase your chances of passing the exam on your first try. The online section includes the following.

 Go to www.wiley.com/go/sybextestprep to register and gain access to this interactive online learning environment and test bank with study tools.

Practice Exams

Sybex's test preparation software lets you prepare with hundreds of practice questions, including two practice exams that are included with this book. You can build and take tests on specific domains, by chapter, or cover the entire set of Security+ exam objectives using randomized tests.

Electronic Flashcards

Our electronic flashcards are designed to help you prepare for the exam. Over 100 flashcards will ensure that you know critical terms and concepts.

Glossary of Terms

Sybex provides a full glossary of terms in PDF format, allowing for quick searches and easy reference to materials in this book.

 Like all exams, the Security+ certification from CompTIA is updated periodically and may eventually be retired or replaced. At some point after CompTIA is no longer offering this exam, the old editions of our books and online tools will be retired. If you have purchased this book after the exam was retired, or are attempting to register in the Sybex online learning environment after the exam was retired, please know that we make no guarantees that this exam's online Sybex tools will be available once the exam is no longer available.

Exam SY0-701 Exam Objectives

CompTIA goes to great lengths to ensure that its certification programs accurately reflect the IT industry's best practices. They do this by establishing committees for each of its exam programs. Each committee comprises a small group of IT professionals, training providers, and publishers who are responsible for establishing the exam's baseline competency level and who determine the appropriate target-audience level.

Once these factors are determined, CompTIA shares this information with a group of hand-selected subject matter experts (SMEs). These folks are the true brainpower behind the certification program. The SMEs review the committee's findings, refine them, and shape them into the objectives that follow this section. CompTIA calls this process a job-task analysis (JTA).

Finally, CompTIA conducts a survey to ensure that the objectives and weightings truly reflect job requirements. Only then can the SMEs go to work writing the hundreds of questions needed for the exam. Even so, they have to go back to the drawing board for further refinements in many cases before the exam is ready to go live in its final state. Rest assured that the content you're about to learn will serve you long after you take the exam.

CompTIA also publishes relative weightings for each of the exam's objectives. The following table lists the five Security+ objective domains and the extent to which they are represented on the exam.

Domain

% of Exam

1.0 General Security Concepts

12%

2.0 Threats, Vulnerabilities, and Mitigations

22%

3.0 Security Architecture

18%

4.0 Security Operations

28%

5.0 Security Program Management and Oversight

20%

SY0-701 Certification Exam Objective Map

Objective

Chapter(s)

1.0 General Security Concepts

1.1 Compare and contrast various types of security controls

1

1.2 Summarize fundamental security concepts

1

,

8

,

9

,

12

1.3 Explain the importance of change management processes and the impact to security

16

1.4 Explain the importance of using appropriate cryptographic solutions

1

,

7

,

11

2.0 Threats, Vulnerabilities, and Mitigations

2.1 Compare and contrast common threat actors and motivations

2

2.2 Explain common threat vectors and attack surfaces

2

,

4

2.3 Explain various types of vulnerabilities

2

,

6

,

7

,

10

,

11

,

13

2.4 Given a scenario, analyze indicators of malicious activity

3

,

4

,

6

,

9

,

12

,

13

,

14

2.5 Explain the purpose of mitigation techniques used to secure the enterprise

8

,

11

,

12

,

14

,

16

3.0 Security Architecture

3.1 Compare and contrast security implications of different architecture models

9

,

10

,

11

,

12

3.2 Given a scenario, apply security principles to secure enterprise infrastructure

12

3.3 Compare and contrast concepts and strategies to protect data

1

,

10

,

13

,

17

3.4 Explain the importance of resilience and recovery in security architecture

9

,

17

4.0 Security Operations

4.1 Given a scenario, apply common security techniques to computing resources

6

,

10

,

11

,

12

,

13

4.2 Explain the security implications of proper hardware, software, and data asset management

11

4.3 Explain various activities associated with vulnerability management

2

,

5

,

6

4.4 Explain security alerting and monitoring concepts and tools

5

,

11

,

12

,

14

4.5 Given a scenario, modify enterprise capabilities to enhance security

11

,

12

4.6 Given a scenario, implement and maintain identity and access management

8

4.7 Explain the importance of automation and orchestration related to secure operations

6

4.8 Explain appropriate incident response activities

14

,

15

4.9 Given a scenario, use data sources to support an investigation

14

5.0 Security Program Management and Oversight

5.1 Summarize elements of effective security governance

16

,

17

5.2 Explain elements of the risk management process

17

5.3 Explain the processes associated with third-party risk assessment and management

16

5.4 Summarize elements of effective security compliance

16

5.5 Explain types and purposes of audits and assessments

5

5.6 Given a scenario, implement security awareness practices

16

 Exam objectives are subject to change at any time without prior notice and at CompTIA's discretion. Please visit CompTIA's website (www.comptia.org) for the most current listing of exam objectives.

How to Contact the Publisher

If you believe you have found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts an error may occur.

In order to submit your possible errata, please email it to our Customer Service Team at [email protected] with the subject line “Possible Book Errata Submission.”

Assessment Test

The organization that Chris works for has disabled automatic updates. What is the most common reason for disabling automatic updates for organizational systems?

To avoid disruption of the work process for office workers

To prevent security breaches due to malicious patches and updates

To avoid issues with problematic patches and updates

All of the above

Which of the following is the least volatile according to the forensic order of volatility?

The system's routing table

Logs

Temp files

CPU registers

Ed wants to trick a user into connecting to his evil twin access point (AP). What type of attack should he conduct to increase his chances of the user connecting to it?

A disassociation attack

An application denial-of-service attack

A known plain-text attack

A network denial-of-service attack

What term is used to describe wireless site surveys that show the relative power of access points on a diagram of the building or facility?

Signal surveys

db maps

AP topologies

Heatmaps

What hardware device is used to create the hardware root of trust for modern desktops and laptops?

System memory

A HSM

The CPU

The TPM

Angela wants to prevent users in her organization from changing their passwords repeatedly after they have been changed so that they cannot reuse their current password. What two password security settings does she need to implement to make this occur?

Set a password history and a minimum password age.

Set a password history and a complexity setting.

Set a password minimum and maximum age.

Set password complexity and maximum age.

Chris wants to establish a backup site that is fully ready to take over for full operations for his organization at any time. What type of site should he set up?

A cold site

A clone site

A hot site

A ready site

Which of the following is not a common constraint of embedded and specialized systems?

Computational power

Overly complex firewall settings

Lack of network connectivity

Inability to patch

Gary is reviewing his system's SSH logs and sees logins for the user named “Gary” with passwords like password1, password2 … PassworD. What type of attack has Gary discovered?

A dictionary attack

A rainbow table attack

A pass-the-hash attack

A password spraying attack

Kathleen wants to set up a system that allows access into a high-security zone from a low-security zone. What type of solution should she configure?

VDI

A container

A screened subnet

A jump server

Derek's organization is worried about a disgruntled employee publishing sensitive business information. What type of threat should Derek work to protect against?

Shoulder surfing

Social engineering

Insider threats

Phishing

Jeff is concerned about the effects that a ransomware attack might have on his organization and is designing a backup methodology that would allow the organization to quickly restore data after such an attack. What type of control is Jeff implementing?

Corrective

Preventive

Detective

Deterrent

Samantha is investigating a cybersecurity incident where an internal user used his computer to participate in a denial-of-service attack against a third party. What type of policy was most likely violated?

BPA

SLA

AUP

MOU

Jean recently completed the user acceptance testing process and is getting her code ready to deploy. What environment should house her code before it is released for use?

Test

Production

Development

Staging

Rob has created a document that describes how staff in his organization can use organizationally owned devices, including if and when personal use is allowed. What type of policy has Rob created?

A change management policy

An acceptable use policy

An access control policy

A playbook

Oren obtained a certificate for his domain covering

*.

acmewidgets.net

. Which one of the following domains would not be covered by this certificate?

www.acmewidgets.net

acmewidgets.net

test.mail.acmewidgets.net

mobile.acmewidgets.net

Richard is sending a message to Grace and would like to apply a digital signature to the message before sending it. What key should he use to create the digital signature?

Richard's private key

Richard's public key

Grace's private key

Grace's public key

Stephanie is reviewing a customer transaction database and comes across the data table shown here. What data minimization technique has most likely been used to obscure the credit card information in this table?

Destruction

Masking

Hashing

Tokenization

Andrew is working with his financial team to purchase a cybersecurity insurance policy to cover the financial impact of a data breach. What type of risk management strategy is he using?

Risk avoidance

Risk transference

Risk acceptance

Risk mitigation

Shelly is writing a document that describes the steps that incident response teams will follow upon first notice of a potential incident. What type of document is she creating?

Guideline

Standard

Procedure

Policy

Answers to Assessment Test

C. The most common reason to disable automatic patching is to avoid issues with problematic or flawed patches and updates. In most environments the need to patch regularly is accepted and handled for office workers without causing significant disruption. That concern would be different if the systems being patched were part of an industrial process or factory production environment. Malicious patches from legitimate sources such as an automatic update repository are exceptionally rare and are not a common concern or driver of this behavior. For more information, see

Chapter 11

.

B. Logs, along with any file that is stored on disk without the intention of being frequently overwritten, are the least volatile item listed. In order from most volatile to least from the answers here, you could list these as CPU registers, the system's routing table, temp files, and logs. For more information, see

Chapter 15

.

A. If Ed can cause his target to disassociate from the access point they are currently connected to, he can use a higher transmission power or closer access point to appear higher in the list of access points. If he is successful at fooling the user or system into connecting to his AP, he can then conduct on-path attacks or attempt other exploits. Denial-of-service attacks are unlikely to cause a system to associate with another AP, and a known plain-text attack is a type of cryptographic attack and is not useful for this type of attempt. For more information, see

Chapter 12

.

D. Site surveys that show relative power on a map or diagram are called heatmaps. They can help show where access points provide a strong signal, and where multiple APs may be competing with each other due to channel overlap or other issues. They can also help identify dead zones where signal does not reach. Signal surveys, db maps, and AP topologies were made up for this question. For more information, see

Chapter 13

.

D. A hardware root of trust provides a unique element that means that a board or device cannot be replicated. A Trusted Platform Module (TPM) is commonly used to provide the hardware root of trust. CPUs and system memory are not unique in this way for common desktops and laptops, and a hardware security module (HSM) is used to create, manage, and store cryptographic certificates as well as perform and offload cryptographic operations. For more information, see

Chapter 11

.

A. Angela needs to retain a password history and set a minimum password age so that users cannot simply reset their password until they have changed the password enough times to bypass the history. For more information, see

Chapter 8

.

C. Hot sites are ready to take over operations in real time. Cold sites are typically simply ready buildings with basic infrastructure in place to set up a site. Clone sites and ready sites are not typical terms used in the industry. For more information, see

Chapter 9

.

B. Embedded and specialized systems tend to have lower-power CPUs, less memory, less storage, and often may not be able to handle CPU-intensive tasks like cryptographic algorithms or built-in security tools. Thus, having a firewall is relatively unlikely, particularly if there isn't network connectivity built in or the device is expected to be deployed to a secure network. For more information, see

Chapter 11

.

A. A dictionary attack will use a set of likely passwords along with common variants of those passwords to try to break into an account. Repeated logins for a single user ID with iterations of various passwords is likely a dictionary account. A rainbow table is used to match a hashed password with the password that was hashed to that value. A pass-the-hash attack provides a captured authentication hash to try to act like an authorized user. A password spraying attack uses a known password (often from a breach) for many different sites to try to log in to them. For more information, see

Chapter 4

.

D. Jump servers are systems that are used to provide a presence and access path in a different security zone. VDI is a virtual desktop infrastructure and is used to provide controlled virtual systems for productivity and application presentation among other uses. A container is a way to provide a scalable, predictable application environment without having a full underlying virtual system, and a screened subnet is a secured zone exposed to a lower trust level area or population. For more information, see

Chapter 12

.

C. Derek's organization is worried about insider threats, or threats that are created by employees and others who are part of the organization or are otherwise trusted by the organization. Social engineering involves deceiving people to achieve an attacker's goals. Phishing attempts to acquire personal information through social engineering and other techniques, and shoulder surfing is a technique where malicious actors watch over someone's shoulder to acquire information like passwords or credit card numbers. For more information, see

Chapter 2

.

A. Corrective controls remediate security issues that have already occurred. Restoring backups after a ransomware attack is an example of a corrective control. Preventative controls attempt to stop future issues. Detective controls focus on detecting issues and events, and deterrent controls attempt to deter actions. For more information, see

Chapter 1

.

C. This activity is almost certainly a violation of the organization's acceptable use policy (AUP), which should contain provisions describing appropriate use of networks and computing resources belonging to the organization. BPA is not a common term in this context. Service level agreements (SLAs) determine an agreed upon level of service, and MOUs, or memorandums of understanding are used to document agreements between organizations. See

Chapter 16

for more information.