Muutke küpsiste eelistusi

CompTIA Securityplus SY0-501 Cert Guide, Academic Edition 2nd edition [Multiple-component retail product]

  • Formaat: Multiple-component retail product, 600 pages, kõrgus x laius x paksus: 256x210x24 mm, kaal: 1100 g, Contains 1 Digital product license key and 1 Hardback
  • Sari: Certification Guide
  • Ilmumisaeg: 21-Dec-2017
  • Kirjastus: Pearson IT Certification
  • ISBN-10: 0789759128
  • ISBN-13: 9780789759122
Teised raamatud teemal:
CompTIA Securityplus SY0-501 Cert Guide, Academic Edition 2nd editionSuurem pilt
  • Formaat: Multiple-component retail product, 600 pages, kõrgus x laius x paksus: 256x210x24 mm, kaal: 1100 g, Contains 1 Digital product license key and 1 Hardback
  • Sari: Certification Guide
  • Ilmumisaeg: 21-Dec-2017
  • Kirjastus: Pearson IT Certification
  • ISBN-10: 0789759128
  • ISBN-13: 9780789759122
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780789759122.html
Märksõnad:
Learn, prepare, and practice for CompTIA Security+ SY0-501 exam success with this CompTIA Security+ SY0-501 Cert Guide, Academic Edition from Pearson IT Certification, a leader in IT Certification learning. The companion website features three complete practice exams, complete video solutions to hands-on labs, plus interactive flash-based simulations that include drag-and-drop and matching to reinforce the learning.

· Master the CompTIA Security+ SY0-501 exam topics

· Assess your knowledge with chapter-ending quizzes

· Reinforce your knowledge of key concepts with chapter review activities

· Practice with realistic exam questions online

· Includes complete video solutions to hands-on labs, plus interactive simulations on key exam topics

· Work through Flash Cards in Q&A and glossary term format

· Includes free access to the Premium Edition eBook

CompTIA Security+ SY0-501 Cert Guide, Academic Edition includes video solutions to the hands-on labs, practice tests, and interactive simulations that let the reader learn by doing. Best-selling author and expert instructor David L. Prowse shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter review activities help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your approach to passing the exam.

The companion Academic Edition website contains the powerful Pearson Test Prep practice test engine, with three complete practice exams and hundreds of exam-realistic questions and free access to the Premium Edition eBook. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. Work through Flash Cards in Q&A and glossary term format to help reinforce your knowledge of key concepts and facts. The Academic Edition companion site also includes complete video solutions to hands-on labs in the book and interactive simulations on key exam topics to reinforce the learning by doing. Learn activities such as testing password strength, matching the type of malware with its definition, finding security issues in the network map, and disallowing a user to access the network on Saturday and Sunday.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

The CompTIA study guide helps you master all the topics on the Security+ exam, including

· Core computer system security

· OS hardening and virtualization

· Application security

· Network design elements and threats

· Perimeter security

· Network media and devices security

· Physical security and authentication models

· Access control

· Vulnerability and risk assessment

· Monitoring and auditing

· Cryptography, including PKI

· Redundancy and disaster recovery

· Policies and procedures
Introduction xxii
Chapter 1 Introduction to Security 2(10)
Foundation Topics
3(1)
Security 101
3(3)
The CIA of Computer Security
3(1)
The Basics of Information Security
4(2)
Think Like a Hacker
6(1)
Threat Actor Types and Attributes
7(5)
Chapter Review Activities
9(1)
Review Key Topics
9(1)
Define Key Terms
9(1)
Review Questions
9(3)
Chapter 2 Computer Systems Security Part I 12(22)
Foundation Topics
13(1)
Malicious Software Types
13(4)
Viruses
13(1)
Worms
14(1)
Trojan Horses
14(1)
Ransomware
15(1)
Spyware
15(1)
Rootkits
16(1)
Spam
16(1)
Summary of Malware Threats
17(1)
Delivery of Malware
17(3)
Via Software, Messaging, and Media
18(1)
Botnets and Zombies
19(1)
Active Interception
19(1)
Privilege Escalation
19(1)
Backdoors
19(1)
Logic Bombs
20(1)
Preventing and Troubleshooting Malware
20(9)
Preventing and Troubleshooting Viruses
20(3)
Preventing and Troubleshooting Worms and Trojans
23(1)
Preventing and Troubleshooting Spyware
24(1)
Preventing and Troubleshooting Rootkits
25(1)
Preventing and Troubleshooting Spam
26(1)
You Can't Save Every Computer from Malware!
27(1)
Summary of Malware Prevention Techniques
27(2)
Chapter Review Activities
29(5)
Chapter Summary
29(1)
Review Key Topics
29(1)
Define Key Terms
29(1)
Complete the Real-World Scenarios
29(1)
Review Questions
30(4)
Chapter 3 Computer Systems Security Part II 34(24)
Foundation Topics
35(1)
Implementing Security Applications
35(4)
Personal Software Firewalls
35(1)
Host-Based Intrusion Detection Systems
36(2)
Pop-Up Blockers
38(1)
Data Loss Prevention Systems
38(1)
Securing Computer Hardware and Peripherals
39(5)
Securing the BIOS
39(2)
Securing Storage Devices
41(1)
Removable Storage
41(1)
Network Attached Storage
41(1)
Whole Disk Encryption
42(1)
Hardware Security Modules
43(1)
Securing Wireless Peripherals
43(1)
Securing Mobile Devices
44(9)
Malware
44(1)
Botnet Activity
45(1)
SIM Cloning and Carrier Unlocking
45(1)
Wireless Attacks
46(1)
Theft
46(1)
Application Security
47(2)
BYOD Concerns
49(4)
Chapter Review Activities
53(5)
Chapter Summary
53(1)
Review Key Topics
53(1)
Define Key Terms
54(1)
Complete the Real-World Scenarios
54(1)
Review Questions
54(4)
Chapter 4 OS Hardening and Virtualization 58(28)
Foundation Topics
59(1)
Hardening Operating Systems
59(15)
Removing Unnecessary Applications and Services
59(6)
Windows Update, Patches, and Hotfixes
65(1)
Patches and Hotfixes
66(2)
Patch Management
68(1)
Group Policies, Security Templates, and Configuration Baselines
69(2)
Hardening File Systems and Hard Drives
71(3)
Virtualization Technology
74(5)
Types of Virtualization and Their Purposes
74(1)
Hypervisor
75(1)
Securing Virtual Machines
76(3)
Chapter Review Activities
79(7)
Chapter Summary
79(1)
Review Key Topics
80(1)
Define Key Terms
80(1)
Complete the Real-World Scenarios
80(1)
Review Questions
81(5)
Chapter 5 Application Security 86(32)
Foundation Topics
87(1)
Securing the Browser
87(8)
General Browser Security Procedures
88(1)
Implement Policies
88(2)
Train Your Users
90(1)
Use a Proxy and Content Filter
91(1)
Secure Against Malicious Code
92(1)
Web Browser Concerns and Security Methods
92(1)
Basic Browser Security
92(1)
Cookies
92(1)
LSOs
93(1)
Add-ons
94(1)
Advanced Browser Security
94(1)
Securing Other Applications
95(4)
Secure Programming
99(12)
Software Development Life Cycle
99(1)
Core SDLC and DevOps Principles
100(2)
Programming Testing Methods
102(1)
White-box and Black-box Testing
102(1)
Compile-Time Errors Versus Runtime Errors
102(1)
Input Validation
103(1)
Static and Dynamic Code Analysis
104(1)
Fuzz Testing
104(1)
Programming Vulnerabilities and Attacks
104(1)
Backdoors
105(1)
Memory/Buffer Vulnerabilities
105(1)
Arbitrary Code Execution/Remote Code Execution
106(1)
XSS and XSRF
107(1)
More Code Injection Examples
107(2)
Directory Traversal
109(1)
Zero Day Attack
109(2)
Chapter Review Activities
111(7)
Chapter Summary
111(1)
Review Key Topics
112(1)
Define Key Terms
112(1)
Complete the Real-World Scenarios
112(1)
Review Questions
112(6)
Chapter 6 Network Design Elements 118(30)
Foundation Topics
119(1)
Network Design
119(14)
The OSI Model
119(1)
Network Devices
120(1)
Switch
120(2)
Bridge
122(1)
Router
122(1)
Network Address Translation, and Private Versus Public IP
123(2)
Network Zones and Interconnections
125(1)
LAN Versus WAN
125(1)
Internet
126(1)
Demilitarized Zone (DMZ)
126(1)
Intranets and Extranets
127(1)
Network Access Control (NAC)
128(1)
Subnetting
128(2)
Virtual Local Area Network (VLAN)
130(1)
Telephony
131(1)
Modems
131(1)
PBX Equipment
132(1)
VoIP
132(1)
Cloud Security and Server Defense
133(9)
Cloud Computing
133(2)
Cloud Security
135(2)
Server Defense
137(1)
File Servers
137(1)
Network Controllers
137(1)
E-mail Servers
138(1)
Web Servers
139(1)
FTP Server
140(2)
Chapter Review Activities
142(6)
Chapter Summary
142(1)
Review Key Topics
143(1)
Define Key Terms
143(1)
Complete the Real-World Scenarios
143(1)
Review Questions
143(5)
Chapter 7 Networking Protocols and Threats 148(26)
Foundation Topics
149(1)
Ports and Protocols
149(6)
Port Ranges, Inbound Versus Outbound, and Common Ports
149(6)
Protocols That Can Cause Anxiety on the Exam
155(1)
Malicious Attacks
155(12)
DoS
155(3)
DDoS
158(1)
Sinkholes and Blackholes
158(1)
Spoofing
159(1)
Session Hijacking
159(2)
Replay
161(1)
Null Sessions
161(1)
Transitive Access and Client-Side Attacks
162(1)
DNS Poisoning and Other DNS Attacks
162(2)
ARP Poisoning
164(1)
Summary of Network Attacks
164(3)
Chapter Review Activities
167(7)
Chapter Summary
167(1)
Review Key Topics
168(1)
Define Key Terms
168(1)
Complete the Real-World Scenarios
168(1)
Review Questions
168(6)
Chapter 8 Network Perimeter Security 174(20)
Foundation Topics
175(1)
Firewalls and Network Security
175(8)
Firewalls
175(4)
Proxy Servers
179(2)
Honeypots and Honeynets
181(1)
Data Loss Prevention (DLP)
182(1)
NIDS Versus NIPS
183(4)
NIDS
183(1)
NIPS
184(1)
Summary of NIDS Versus NIPS
185(1)
The Protocol Analyzer's Role in NIDS and NIPS
185(1)
Unified Threat Management
186(1)
Chapter Review Activities
187(7)
Chapter Summary
187(1)
Review Key Topics
188(1)
Define Key Terms
188(1)
Complete the Real-World Scenarios
188(1)
Review Questions
188(6)
Chapter 9 Securing Network Media and Devices 194(24)
Foundation Topics
195(1)
Securing Wired Networks and Devices
195(6)
Network Device Vulnerabilities
195(1)
Default Accounts
195(1)
Weak Passwords
195(1)
Privilege Escalation
196(1)
Back Doors
197(1)
Network Attacks
197(1)
Other Network Device Considerations
197(1)
Cable Media Vulnerabilities
198(1)
Interference
198(1)
Crosstalk
199(1)
Data Emanation
199(1)
Tapping into Data and Conversations
200(1)
Securing Wireless Networks
201(11)
Wireless Access Point Vulnerabilities
202(1)
The Administration Interface
202(1)
SSID Broadcast
202(1)
Rogue Access Points
202(1)
Evil Twin
203(1)
Weak Encryption
203(2)
Wi-Fi Protected Setup
205(1)
Ad Hoc Networks
205(1)
VPN over Open Wireless
205(1)
Wireless Access Point Security Strategies
205(3)
Wireless Transmission Vulnerabilities
208(1)
Bluetooth and Other Wireless Technology Vulnerabilities
209(1)
Bluejacking
209(1)
Bluesnarfing
210(1)
RFID and NFC
210(1)
More Wireless Technologies
210(2)
Chapter Review Activities
212(6)
Chapter Summary
212(2)
Review Key Topics
214(1)
Define Key Terms
214(1)
Complete the Real-World Scenarios
214(1)
Review Questions
214(4)
Chapter 10 Physical Security and Authentication Models 218(26)
Foundation Topics
219(1)
Physical Security
219(3)
General Building and Server Room Security
219(1)
Door Access
220(1)
Biometric Readers
221(1)
Authentication Models and Components
222(1)
Authentication Models
222(14)
Localized Authentication Technologies
224(1)
802.1X and EAP
224(2)
LDAP
226(1)
Kerberos and Mutual Authentication
227(2)
Remote Desktop Services
229(1)
Remote Authentication Technologies
230(1)
Remote Access Service
230(1)
Virtual Private Networks
231(3)
RADIUS Versus TACACS
234(2)
Chapter Review Activities
236(8)
Chapter Summary
236(1)
Review Key Topics
236(1)
Define Key Terms
237(1)
Complete the Real-World Scenarios
237(1)
Review Questions
237(7)
Chapter 11 Access Control Methods and Models 244(26)
Foundation Topics
245(1)
Access Control Models Defined
245(5)
Discretionary Access Control
245(1)
Mandatory Access Control
246(1)
Role-Based Access Control (RBAC)
247(1)
Attribute-based Access Control (ABAC)
248(1)
Access Control Wise Practices
249(1)
Rights, Permissions, and Policies
250(12)
Users, Groups, and Permissions
251(4)
Permission Inheritance and Propagation
255(1)
Moving and Copying Folders and Files
256(1)
Usernames and Passwords
256(2)
Policies
258(3)
User Account Control (UAC)
261(1)
Chapter Review Activities
262(8)
Chapter Summary
262(1)
Review Key Topics
262(1)
Define Key Terms
263(1)
Complete the Real-World Scenarios
263(1)
Review Questions
263(7)
Chapter 12 Vulnerability and Risk Assessment 270(24)
Foundation Topics
271(1)
Conducting Risk Assessments
271(9)
Qualitative Risk Assessment
272(1)
Quantitative Risk Assessment
273(1)
Security Analysis Methodologies
274(1)
Security Controls
275(1)
Vulnerability Management
276(1)
Penetration Testing
277(2)
OVAL
279(1)
Additional Vulnerabilities
279(1)
Assessing Vulnerability with Security Tools
280(7)
Network Mapping
280(2)
Vulnerability Scanning
282(1)
Network Sniffing
283(1)
Password Analysis
284(3)
Chapter Review Activities
287(7)
Chapter Summary
287(1)
Review Key Topics
287(1)
Define Key Terms
288(1)
Complete the Real-World Scenarios
288(1)
Review Questions
288(6)
Chapter 13 Monitoring and Auditing 294(28)
Foundation Topics
295(1)
Monitoring Methodologies
295(1)
Signature-Based Monitoring
295(1)
Anomaly-Based Monitoring
295(1)
Behavior-Based Monitoring
296(1)
Using Tools to Monitor Systems and Networks
296(8)
Performance Baselining
297(2)
Protocol Analyzers
299(1)
Wireshark
299(2)
SNMP
301(1)
Analytical Tools
302(2)
Use Static and Dynamic Tools
304(1)
Conducting Audits
304(11)
Auditing Files
305(1)
Logging
306(4)
Log File Maintenance and Security
310(1)
Auditing System Security Settings
311(3)
SIEM
314(1)
Chapter Review Activities
315(7)
Chapter Summary
315(1)
Review Key Topics
316(1)
Define Key Terms
316(1)
Complete the Real-World Scenarios
316(1)
Review Questions
316(6)
Chapter 14 Encryption and Hashing Concepts 322(28)
Foundation Topics
323(1)
Cryptography Concepts
323(6)
Symmetric Versus Asymmetric Key Algorithms
326(1)
Symmetric Key Algorithms
326(1)
Asymmetric Key Algorithms
327(1)
Public Key Cryptography
327(1)
Key Management
328(1)
Steganography
328(1)
Encryption Algorithms
329(7)
DES and 3DES
329(1)
AES
329(1)
RC
330(1)
Blowfish and Twofish
331(1)
Summary of Symmetric Algorithms
331(1)
RSA
331(2)
Diffie-Hellman
333(1)
Elliptic Curve
333(1)
More Encryption Types
334(1)
One-Time Pad
334(1)
PGP
335(1)
Pseudorandom Number Generators
336(1)
Hashing Basics
336(7)
Cryptographic Hash Functions
337(1)
MD5
338(1)
SHA
338(1)
RIPEMD and H MAC
338(1)
LANMAN, NTLM, and NTLMv2
339(1)
LANMAN
339(1)
NTLM and NTLMv2
340(1)
Hashing Attacks
341(1)
Pass the Hash
341(1)
Happy Birthday!
341(1)
Additional Password Hashing Concepts
342(1)
Chapter Review Activities
343(1)
Chapter Summary
343(7)
Review Key Topics
344(1)
Define Key Terms
344(1)
Complete the Real-World Scenarios
344(1)
Review Questions
345(5)
Chapter 15 PKI and Encryption Protocols 350(18)
Foundation Topics
351(1)
Public Key Infrastructure
351(5)
Certificates
351(1)
SSL Certificate Types
352(1)
Single-Sided and Dual-Sided Certificates
352(1)
Certificate Chain of Trust
352(1)
Certificate Formats
352(1)
Certificate Authorities
353(3)
Web of Trust
356(1)
Security Protocols
356(5)
S/MIME
357(1)
SSL/TLS
357(2)
SSH
359(1)
PPTP, L2TP, and IPsec
359(1)
PPTP
359(1)
L2TP
359(1)
IPsec
360(1)
Chapter Review Activities
361(7)
Chapter Summary
361(1)
Review Key Topics
361(1)
Define Key Terms
362(1)
Complete the Real-World Scenarios
362(1)
Review Questions
362(6)
Chapter 16 Redundancy and Disaster Recovery 368(22)
Foundation Topics
369(1)
Redundancy Planning
369(10)
Redundant Power
370(1)
Redundant Power Supplies
371(1)
Uninterruptible Power Supplies
371(1)
Backup Generators
372(2)
Redundant Data
374(2)
Redundant Networking
376(1)
Redundant Servers
377(1)
Redundant Sites
378(1)
Redundant People
379(1)
Disaster Recovery Planning and Procedures
379(6)
Data Backup
379(3)
DR Planning
382(3)
Chapter Review Activities
385(5)
Chapter Summary
385(1)
Review Key Topics
385(1)
Define Key Terms
386(1)
Complete the Real-World Scenarios
386(1)
Review Questions
386(4)
Chapter 17 Social Engineering, User Education, and Facilities Security 390(20)
Foundation Topics
391(1)
Social Engineering
391(5)
Pretexting
391(1)
Malicious Insider
391(1)
Diversion Theft
392(1)
Phishing
392(1)
Hoaxes
393(1)
Shoulder Surfing
394(1)
Eavesdropping
394(1)
Dumpster Diving
394(1)
Baiting
394(1)
Piggybacking/Tailgating
394(1)
Watering Hole Attack
395(1)
Summary of Social Engineering Types
395(1)
User Education
396(2)
Facilities Security
398(6)
Fire Suppression
398(1)
Fire Extinguishers
398(1)
Sprinkler Systems
399(1)
Special Hazard Protection Systems
399(1)
HVAC
400(1)
Shielding
401(1)
Vehicles
402(2)
Chapter Review Activities
404(6)
Chapter Summary
404(1)
Review Key Topics
404(1)
Define Key Terms
405(1)
Complete the Real-World Scenarios
405(1)
Review Questions
405(5)
Chapter 18 Policies and Procedures 410(22)
Foundation Topics
411(1)
Legislative and Organizational Policies
411(9)
Data Sensitivity and Classification of Information
411(2)
Personnel Security Policies
413(1)
Privacy Policies
414(1)
Acceptable Use
414(1)
Change Management
414(1)
Separation of Duties/job Rotation
415(1)
Mandatory Vacations
415(1)
Onboarding and Offloarding
415(1)
Due Diligence
416(1)
Due Care
416(1)
Due Process
416(1)
User Education and Awareness Training
416(1)
Summary of Personnel Security Policies
417(1)
How to Deal with Vendors
417(2)
How to Dispose of Computers and Other IT Equipment Securely
419(1)
Incident Response Procedures
420(4)
IT Security Frameworks
424(2)
Chapter Review Activities
426(6)
Chapter Summary
426(1)
Review Key Topics
426(1)
Define Key Terms
427(1)
Complete the Real-World Scenarios
427(1)
Review Questions
427(5)
Chapter 19 Taking the Real Exam 432(8)
Getting Ready and the Exam Preparation Checklist
432(3)
Tips for Taking the Real Exam
435(3)
Beyond the CompTIA Security+ Certification
438(2)
Practice Exam 1: SY0-501 440(18)
Glossary 458(22)
Index 480
David L. Prowse is an author, technologist, and technical trainer. He has penned a dozen books for Pearson Education, including the well-received CompTIA A+ Exam Cram. He also develops video content, including the CompTIA A+ LiveLessons video course. Over the past two decades he has taught CompTIA A+, Network+, and Security+ certification courses, both in the classroom and via the Internet. David has 20 years of experience in the IT field and loves to share that experience with his readers, watchers, and students.

He runs the website www.davidlprowse.com in support of his books and videos.