Muutke küpsiste eelistusi

CompTIA Securityplus Training Kit (Exam SY0-301) [Multiple-component retail product]

4.00/5 (3 hinnangut Goodreads-ist)
, ,
  • Formaat: Multiple-component retail product, 576 pages, kõrgus x laius x paksus: 226x188x28 mm, kaal: 974 g, Contains 1 Paperback / softback and 1 CD-ROM
  • Ilmumisaeg: 15-Sep-2013
  • Kirjastus: Microsoft Press,U.S.
  • ISBN-10: 0735664269
  • ISBN-13: 9780735664265
Teised raamatud teemal:
  • Multiple-component retail product
  • Hind: 53,60 €*
  • * saadame teile pakkumise kasutatud raamatule, mille hind võib erineda kodulehel olevast hinnast
  • See raamat on trükist otsas, kuid me saadame teile pakkumise kasutatud raamatule.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Lisa soovinimekirja
CompTIA Securityplus Training Kit (Exam SY0-301)Suurem pilt
  • Formaat: Multiple-component retail product, 576 pages, kõrgus x laius x paksus: 226x188x28 mm, kaal: 974 g, Contains 1 Paperback / softback and 1 CD-ROM
  • Ilmumisaeg: 15-Sep-2013
  • Kirjastus: Microsoft Press,U.S.
  • ISBN-10: 0735664269
  • ISBN-13: 9780735664265
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780735664265.html
Märksõnad:
Ace your preparation for the skills measured by CompTIA Security+ Exam SY0-301. Work at your own pace through a series of lessons and reviews that fully cover each exam objective. Then, reinforce what youve learned by applying your knowledge to real-world case scenarios and practice exercises. This guide is designed to help make the most of your study time.

Maximize your performance on the exam by demonstrating your mastery of:





Network Security Compliance and operational security Threats and vulnerabilities Application, data, and host security Access control and identity management Cryptography

PRACTICE TESTS Assess your skills with practice tests on CD. You can work through hundreds of questions using multiple testing modes to meet your specific learning needs. You get detailed explanations for right and wrong answersincluding a customized learning path that describes how and where to focus your studies.

For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.
Introduction xix
System requirements
xxii
Using the companion CD
xxiv
CompTIA professional certification program
xxvi
How certification helps your career
xxvi
It pays to get certified
xxvii
Four steps to getting certified and staying certified
xxvii
How to obtain more information
xxviii
Acknowledgments
xxviii
Support & feedback
xxx
Preparing for the exam
xxxi
Chapter 1 Risk management and incident response 1(38)
CIA and DAD triads
2(2)
Confidentiality and disclosure
3(1)
Integrity and alteration
3(1)
Availability and denial
3(1)
Risk assessment and mitigation
4(8)
Likelihood and impact
5(4)
Managing risk
9(3)
Security controls
12(2)
Technical controls
12(1)
Operational controls
12(1)
Management controls
13(1)
Incident response
14(20)
Incident response team
14(5)
Incident response life cycle
19(6)
Incident communications
25(1)
Collecting evidence
26(2)
Computer forensics
28(6)
Chapter Summary
34(1)
Chapter Review
35(2)
Answers
37(2)
Chapter 2 Network security technologies 39(28)
Network security
40(22)
Humongous Insurance: a modern secure network
41(1)
Firewalls
41(5)
Routers
46(1)
Switches
47(2)
Load balancers
49(2)
Proxies
51(1)
VPN concentrators
52(2)
Network intrusion detection systems (NIDS) and net- work intrusion prevention systems (NIPS)
54(3)
Protocol analyzers
57(1)
Inspection
58(4)
All-in-one security appliances
62(1)
Chapter Summary
62(1)
Chapter Review
63(2)
Answers
65(2)
Chapter 3 Secure network design and management 67(42)
Network design and implementation
69(15)
IP: the Internet Protocol
69(8)
Network and application protocols
77(6)
Ports and protocols
83(1)
Network design and segmentation
84(11)
Remote access
87(2)
Telephony and VoIP
89(1)
Virtualization
90(5)
Network administration and management
95(3)
Access control lists (ACLs)
95(1)
Firewall rules
96(1)
Logging
96(2)
Secure switch and router configuration
98(3)
VLAN management
98(1)
Port security
98(1)
802.1x authentication
99(1)
Flood guards
99(1)
Loop protection
100(1)
Preventing network bridging
100(1)
Wireless protocols: encryption and authentication
101(3)
Designing and implementing secure wireless networks
103(1)
Chapter Summary
104(1)
Chapter Review
105(2)
Answers
107(2)
Chapter 4 Operational and environmental security 109(40)
Security policies
111(7)
Security policy
113(1)
Privacy policy
113(2)
Acceptable use policy
115(1)
Personnel security best practices
115(3)
Security awareness and training
118(6)
Security policy training
118(1)
Compliance training
119(1)
User habits
119(4)
Threat awareness
123(1)
Information classification and labeling
124(4)
Personally identifying information (PII)
126(2)
Environmental controls
128(4)
Heating, ventilation, and air conditioning (HVAC)
128(1)
Fire suppression
129(1)
EMI shielding
130(1)
Environmental and video monitoring
130(2)
Business continuity planning
132(6)
Business impact assessment (BIA)
132(1)
Removing single points of failure
133(2)
Designing and testing the business continuity plan
135(2)
Succession planning
137(1)
Disaster recovery planning
138(6)
Disaster recovery metrics
138(2)
Backups
140(1)
Building fault-tolerant environments
141(2)
Disaster recovery sites
143(1)
Chapter Summary
144(1)
Chapter Review
145(2)
Answers
147(2)
Chapter 5 Threats and attacks 149(52)
Client-side attacks
151(15)
Malware
151(10)
Application attacks
161(3)
Application vulnerabilities
164(2)
Web attacks
166(5)
Cookies
166(2)
Header manipulation
168(1)
Directory traversal
169(1)
Cross-site scripting
170(1)
Preventing XSS
171(1)
Injection and modification attacks
171(4)
SQL injection
172(1)
LDAP and XML injection
173(1)
Command injection
174(1)
Network attacks
175(7)
Spoofing
175(1)
Packet sniffing
176(1)
Man-in-the-middle
176(1)
Replay attacks
177(1)
DNS and ARP poisoning
178(1)
Denial of service and distributed denial of service attacks
179(1)
Smurf attacks
180(1)
Xmas attacks
181(1)
Wireless attacks
182(6)
Rogue access points
183(2)
Bluetooth attacks
185(1)
War driving
185(1)
Packet sniffing and wireless networks
186(2)
Social engineering and phishing
188(7)
Hoaxes
190(1)
Phishing
190(3)
Email attacks
193(2)
Chapter Summary
195(1)
Chapter Review
196(2)
Answers
198(3)
Chapter 6 Monitoring, detection, and defense 201(52)
Securing and defending systems
202(21)
Hardening
203(6)
Secure system configuration and management
209(12)
Network device hardening
221(2)
Monitoring and reporting
223(18)
Continuous security monitoring
223(1)
System log monitoring
223(13)
Reporting and monitoring
236(5)
Physical security design and concepts
241(7)
Chapter Summary
248(1)
Chapter Review
249(2)
Answers
251(2)
Chapter 7 Vulnerability assessment and management 253(34)
Vulnerabilities and vulnerability assessment
255(6)
Risk-based vulnerability assessments
256(2)
Assessment techniques
258(3)
Vulnerability scanning
261(11)
Vulnerability scanning tools
261(2)
Port scanners
263(2)
Vulnerability scanners
265(4)
Honeypots and honeynets
269(3)
Penetration testing
272(9)
Types of penetration tests
274(1)
Conducting a penetration test
275(6)
Chapter Summary
281(1)
Chapter Review
282(2)
Answers
284(3)
Chapter 8 The importance of application security 287(30)
Fuzzing
287(3)
Secure coding concepts
290(6)
Error handling and exception handling
292(1)
Input validation
293(3)
Cross-site scripting prevention
296(1)
Cross-site request forgery (XSRF) prevention
297(4)
Application configuration baseline (proper settings)
301(2)
Application hardening
303(3)
Application patch management
306(3)
Chapter Summary
309(2)
Chapter Review
311(2)
Answers
313(4)
Chapter 9 Establishing host security 317(54)
Operating system security and settings
318(3)
Anti-malware
321(18)
Anti-virus
324(7)
Anti-spam
331(2)
Anti-spyware
333(3)
Pop-up blockers
336(1)
Host-based firewalls
337(2)
Patch management
339(2)
Hardware security
341(8)
Cable locks
343(2)
Safe
345(2)
Locking cabinets
347(2)
Host software baselining
349(2)
Mobile devices
351(11)
Screen lock
354(1)
Strong password
355(1)
Device encryption
356(2)
Remote wipe/sanitization
358(1)
Voice encryption
359(1)
GPS tracking
359(3)
Chapter Summary
362(2)
Chapter Review
364(3)
Answers
367(4)
Chapter 10 Understanding data security 371(40)
Data loss prevention (DLP)
371(2)
Data encryption
373(20)
Full-disk encryption
377(7)
Database encryption
384(1)
Individual file encryption
385(3)
Removable media
388(3)
Mobile devices
391(2)
Hardware-based encryption devices
393(8)
Trusted Platform Module
395(1)
Hardware security module
396(2)
USB encryption
398(1)
Hard drive encryption
399(2)
Cloud computing
401(1)
Chapter Summary
401(3)
Chapter Review
404(3)
Answers
407(4)
Chapter 11 Identity and access control 411(38)
Identification and authentication
412(2)
Authentication
413(1)
Authentication and authorization
414(9)
User accounts
414(1)
Single-factor vs. multifactor authentication
414(2)
Biometrics
416(4)
Tokens
420(3)
Authentication services
423(8)
RADIUS
423(1)
TACACS and TACACS+
424(1)
The Kerberos protocol
425(1)
LDAP
426(2)
Active Directory Domain Services
428(1)
Single sign-on
429(2)
Access control concepts and models
431(8)
Trusted operating systems
432(1)
Least privilege
432(1)
Separation of duties
433(1)
Job rotation
434(1)
Time-of-day restrictions
434(1)
Mandatory vacation
434(1)
Access control models
435(4)
Account management
439(5)
Passwords
439(3)
Privileges
442(1)
Centralized and decentralized privilege management
443(1)
Chapter Summary
444(1)
Chapter Review
445(2)
Answers
447(2)
Chapter 12 Cryptography 449(40)
Goals of cryptography
451(1)
Cryptographic concepts
452(8)
Symmetric vs. asymmetric cryptography
454(5)
One-time pads
459(1)
Symmetric encryption algorithms
460(7)
Data Encryption Standard
460(5)
Advanced Encryption Standard
465(1)
Blowfish
465(1)
Twofish
466(1)
RC4
467(1)
Asymmetric encryption algorithms
467(4)
Rivest, Shamir, and Adelman (RSA)
468(1)
Pretty Good Privacy (PGP)
468(2)
Elliptic curve cryptography (ECC)
470(1)
Digital signatures
471(5)
Cryptographic hashes
471(2)
Creating digital signatures
473(3)
Public-key infrastructure
476(2)
Digital certificates
476(2)
Key recovery and key escrow
478(1)
Protecting data with encryption
478(5)
Encrypting data at rest
479(2)
Encrypting data in motion
481(2)
Authentication
483(1)
Chapter Summary
484(1)
Chapter Review
485(2)
Answers
487(2)
Glossary 489(14)
Index 503
David Seidl serves as the Director of Information Security for Notre Dame in the Office of Information Technology. He bears broad responsibility for the information security on campus, and leads a team of six information security professionals. David has been a security professional for over 10 years, and has over 17 years of IT experience. He has a wide range of IT and Information Security experience ranging from system design to firewall and network security device administration, incident response and risk assessment.