Muutke küpsiste eelistusi

E-raamat: SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition

4.23/5 (74 hinnangut Goodreads-ist)
  • Formaat: 480 pages
  • Ilmumisaeg: 16-Oct-2015
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781259583063
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 56,16 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second EditionSuurem pilt
  • Formaat: 480 pages
  • Ilmumisaeg: 16-Oct-2015
  • Kirjastus: McGraw-Hill Education
  • Keel: eng
  • ISBN-13: 9781259583063
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

This fully-updated, integrated self-study system offers complete coverage of the revised 2015 Systems Security Certified Practitioner (SSCP) exam domains

Thoroughly revised for the April 2015 exam update, SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition enables you to take the exam with complete confidence. To aid in self-study, each chapter includes Exam Tips that highlight key exam information, chapter summaries that reinforce salient points, and end-of-chapter questions that are an accurate reflection of the content and question format of the real exam.

Beyond exam prep, the practical examples and real-world insights offered in this guide make it an ideal on-the-job reference for IT security professionals. You will learn the security concepts, tools, and procedures needed to employ and enforce solid security policies and effectively react to security incidents.

  • Features 100% coverage of the revised SSCP Common Body of Knowledge (CBK), effective April 2015
  • CD-ROM contains two full-length, customizable practice exams in the Total Tester exam engine and a searchable PDF copy of the book
  • Written by a bestselling IT security certification and training expert
Acknowledgments xviii
Introduction xix
Chapter 1 Security Fundamentals 1(26)
Reviewing the Requirements for SSCP
1(7)
Registering for the Exam
1(2)
Have One Year of Experience
3(1)
Passing the Exam
4(3)
Maintaining Your SSCP Certification
7(1)
Understanding Basic Security Concepts
8(5)
Confidentiality
9(1)
Integrity
10(2)
Availability
12(1)
Exploring Fundamentals of Security
13(7)
Least Privilege
13(1)
Separation of Duties
14(1)
Privacy
15(1)
Defense in Depth
15(1)
Nonrepudiation
16(1)
AAAs of Security
17(1)
Accountability
18(1)
Due Diligence
19(1)
Due Care
19(1)
Review
20(1)
Questions
21(2)
Answers
23(4)
Chapter 2 Access Controls 27(40)
Comparing Identification, Authentication, and Authorization
27(1)
Exploring Authentication
28(16)
Three Factors of Authentication
29(8)
Multifactor Authentication
37(1)
Reviewing Identification
38(1)
Single Sign-on Authentication
38(4)
Centralized vs. Decentralized Authentication
42(1)
Offline Authentication
43(1)
Device Authentication
43(1)
Implementing Access Controls
44(3)
Comparing Subjects and Objects
44(3)
Logical Access Controls
47(1)
Comparing Access Control Models
47(8)
Discretionary Access Control
47(2)
Non-Discretionary Access Control
49(6)
Access Control Matrix vs. Capability Table
55(1)
Participating in the Identity-Management Life Cycle
55(3)
Identity Proofing
56(1)
Provisioning and Authorization
56(1)
Maintenance and Entitlement
57(1)
De-provisioning
58(1)
Participating in Physical Security Operations
58(1)
Review
59(2)
Questions
61(3)
Answers
64(3)
Chapter 3 Basic Networking and Communications 67(48)
The OSI Model
67(5)
The Physical Layer (Layer 1)
68(1)
The Data Link Layer (Layer 2)
69(1)
The Network Layer (Layer 3)
70(1)
The Transport Layer (Layer 4)
70(1)
The Session Layer (Layer 5)
71(1)
The Presentation Layer (Layer 6)
72(1)
The Application Layer (Layer 7)
72(1)
Comparing the OSI and TCP/IP Models
72(1)
Network Topologies
73(6)
Ethernet
73(2)
Bus
75(1)
Star
76(1)
Tree
77(1)
Token Ring
77(1)
Mesh
78(1)
Reviewing Basic Protocols and Ports
79(12)
Comparing IPv4 and IPv6
79(1)
Dynamic Host Configuration Protocol
80(1)
Address Resolution Protocol
81(1)
Network Discovery Protocol
82(1)
Domain Name System
82(1)
Internet Control Message Protocol
83(1)
Internet Group Message Protocol
83(1)
Simple Network Management Protocol
84(1)
File Transfer Protocol
84(1)
Telnet
85(1)
Secure Shell
85(1)
HyperText Transfer Protocol and
HyperText Transfer Protocol Secure
86(1)
Transport Layer Security and Secure Sockets Layer
86(1)
Network File System
87(1)
Routing Protocols
87(1)
E-mail Protocols
87(1)
Tunneling Protocols
88(1)
Internet Protocol Security
88(1)
Mapping Well-Known Ports to Protocols
89(2)
Comparing Ports and Protocol Numbers
91(1)
Comparing Internetwork Trust Architectures
91(6)
Comparing Public and Private IP Addresses
93(1)
Using NAT
94(2)
Comparing Trust Relationships
96(1)
Exploring Wireless Technologies
97(10)
Securing Data Transmissions
99(2)
Wireless Device Administrator Password
101(1)
Wireless Service Set Identifier
102(1)
MAC Filtering
103(1)
Bluetooth
104(1)
GSM
104(1)
3G, LTE, and 4G
104(1)
WiMAX
105(1)
Radio Frequency Identification
105(1)
NFC
105(1)
Protecting Mobile Devices
106(1)
Review
107(2)
Questions
109(3)
Answers
112(3)
Chapter 4 Advanced Networking and Communications 115(42)
Managing LAN-Based Security
115(5)
Comparing Switches and Routers
115(2)
Segmentation
117(3)
Secure Device Management
120(1)
Understanding Telecommunications
120(3)
Internet Connections
120(2)
VoIP
122(1)
Securing Phones
122(1)
Converged Communications
123(1)
Using Proxy Servers
123(2)
Understanding Firewalls
125(5)
Packet-Filtering Firewall
125(2)
Stateful Inspection Firewall
127(1)
Application Firewall
127(1)
Next-Generation Firewall
128(1)
Defense Diversity
128(1)
Comparing Network-based and Host-based Firewalls
129(1)
Exploring Remote Access Solutions
130(8)
Risks and Vulnerabilities
131(1)
Tunneling Protocols
131(3)
Authentication
134(4)
Traffic Shaping
138(1)
Access and Admission Control
138(2)
Exploring Virtual Environments
140(4)
Virtualization Terminology
140(1)
Shared Storage
141(1)
Virtual Appliances
141(1)
Continuity and Resilience
142(1)
Separation of Data Plane and Control Plane
142(1)
Software-defined Networking
143(1)
Attacks and Countermeasures
143(1)
Understanding Cloud Computing
144(4)
Cloud Operation Models
145(1)
Storage
146(1)
Privacy
147(1)
Data Control and Third-party Outsourcing
147(1)
Compliance
148(1)
Review
148(2)
Questions
150(3)
Answers
153(4)
Chapter 5 Attacks 157(50)
Comparing Attackers
157(6)
Hackers and Crackers
158(1)
White Hats, Black Hats, and Grey Hats
158(1)
Advanced Persistent Threats
159(1)
Insider Attacks
160(1)
Script Kiddies
161(1)
Phreaks
162(1)
Accidental Threats
162(1)
Exploring Attack Types and Countermeasures
163(30)
Basic Countermeasures
163(1)
Spoofing
163(1)
DoS
164(1)
DDoS
165(1)
Botnets and Zombies
165(2)
Sniffing Attack
167(3)
Ping Sweep
170(1)
Port Scan
170(1)
Salami Attack
171(1)
Man-in-the-Middle
171(1)
Session Hijacking
172(1)
Replay
173(1)
Smurf and Fraggle Attacks
173(1)
Software Security as a Countermeasure
174(3)
Buffer Overflow Attacks
177(1)
Injection Attacks
178(2)
Cross-Site Scripting
180(1)
Cross-Site Request Forgery
180(2)
Password Attacks
182(3)
Spam
185(1)
Phishing Attacks
185(2)
Phishing and Drive-by Downloads
187(1)
Spear Phishing and Whaling
187(1)
Vishing
188(1)
Smishing
188(1)
Zero Day Exploits
188(2)
Covert Channel
190(1)
Wireless Attacks and Countermeasures
190(3)
Understanding Social Engineering
193(4)
Tailgating
194(1)
Impersonation
195(1)
Dumpster Diving
195(1)
Shoulder Surfing
195(1)
Pharming
195(1)
Social Networking Attacks
196(1)
User Awareness as a Countermeasure
196(1)
Review
197(2)
Questions
199(3)
Answers
202(5)
Chapter 6 Malicious Code and Activity 207(36)
Identifying Malicious Code
207(14)
Virus
207(3)
Worm
210(1)
Trojan Horse
211(1)
Scareware
211(2)
Ransomware
213(2)
Keylogger
215(1)
Logic Bomb
215(1)
Rootkits
215(1)
Mobile Code
216(1)
Backdoors and Trapdoors
217(1)
RATS
218(1)
Spyware
218(1)
Malware Hoaxes
218(1)
Analyzing the Stages of Regin
219(2)
Understanding Malware Delivery Methods
221(2)
Delivering Malware via Drive-by Downloads
221(1)
Delivering Malware via Malvertising
222(1)
Delivering Malware via E-mail
223(1)
Delivering Malware via USB Drives
223(1)
Implementing Malicious Code Countermeasures
223(12)
Antivirus Software
224(4)
Keeping AV Signatures Up to Date
228(1)
Spam Filters
229(1)
Content-Filtering Appliances
229(2)
Keeping Operating Systems Up to Date
231(1)
Scanners
231(1)
Beware of Shortened Links
231(1)
Sandboxing
232(1)
Least Privilege
232(1)
Software Security
233(1)
Application Whitelisting and Blacklisting
234(1)
Participating in Security Awareness and Training
234(1)
Common Vulnerabilities and Exposures
235(1)
Review
235(1)
Questions
236(4)
Answers
240(3)
Chapter 7 Risk, Response, and Recovery 243(32)
Defining Risk
243(7)
Identifying Threat Sources
245(1)
Identifying Threat Events
246(2)
Understanding Vulnerabilities
248(1)
Understanding Impact
249(1)
Managing Risk
250(4)
Residual Risk
251(1)
Identifying Assets
252(1)
Risk Visibility and Reporting
253(1)
Risk Register
253(1)
Performing Risk Assessments
254(8)
Quantitative Analysis
254(2)
Qualitative Analysis
256(2)
Risk Assessment Steps
258(4)
Address Findings
262(1)
Responding to Incidents
262(5)
Preparation
263(2)
Detection and Analysis
265(1)
Containment, Eradication, and Recovery
266(1)
Post-incident Activity
267(1)
Review
267(1)
Questions
268(4)
Answers
272(3)
Chapter 8 Monitoring and Analysis 275(28)
Operating and Maintaining Monitoring Systems
275(11)
Intrusion Detection Systems
275(1)
IDS Alerts
276(1)
Network-based Intrusion Detection Systems
277(1)
Host-based Intrusion Detection Systems
278(1)
Intrusion Prevention Systems
279(3)
Detection Methods
282(1)
Wireless Intrusion Detection and Prevention Systems
283(1)
Analyzing Results
283(1)
Detection Systems and Logs
284(1)
Detecting Unauthorized Changes
284(2)
Using Security Information and Event Management Tools
286(1)
Performing Security Assessment Activities
287(9)
Vulnerability Assessments
287(7)
Penetration Tests
294(2)
Review
296(1)
Questions
297(3)
Answers
300(3)
Chapter 9 Controls and Countermeasures 303(40)
Using Controls, Safeguards, and Countermeasures
303(4)
Performing a Cost-Benefit Analysis
304(1)
Security Controls Life Cycle
305(2)
Understanding Control Goals
307(4)
Preventive
307(1)
Detective
308(1)
Corrective
309(1)
Other Controls
309(2)
Comparing the Classes of Controls
311(2)
Management/Administrative Security Controls
311(1)
Technical Security Controls
312(1)
Operational Security Controls
312(1)
Physical Security Controls
313(1)
Combining Control Goals and Classes
313(1)
Exploring Some Basic Controls
314(11)
Hardening Systems
314(1)
Policies, Standards, Procedures, and Guidelines
315(2)
Response Plans
317(1)
Change Control and Configuration Management
317(1)
Testing Patches, Fixes, and Updates
318(2)
Endpoint Device Security
320(5)
User Awareness and Training Programs
325(1)
Understanding Fault Tolerance
325(6)
Fault Tolerance for Disks
325(4)
Failover Clusters
329(1)
Redundant Connections
330(1)
Understanding Backups
331(3)
Full Backups
332(1)
Full/Incremental Backup Strategy
332(1)
Full/Differential Backup Strategy
333(1)
Review
334(1)
Questions
335(4)
Answers
339(4)
Chapter 10 Auditing 343(28)
Understanding Auditing and Accountability
343(5)
Holding Users Accountable with Audit Logs
344(1)
Auditing with Logs
345(1)
Clipping Levels
346(2)
Understanding Audit Trails
348(1)
Exploring Audit Logs
348(6)
Operating System Logs
348(1)
Storing Logs on Remote Systems
349(1)
*Nix Logs
350(1)
Proxy Server Logs
351(1)
Firewall Logs
352(1)
Reviewing Logs
352(1)
Managing Audit Logs
353(1)
Performing Security Audits
354(4)
Auditing Passwords
355(1)
Auditing Security Policies
355(1)
ISACA
356(1)
Exploring PCI DSS Requirements
356(2)
Auditing Physical Access Controls
358(1)
Understanding Configuration Management
358(3)
Using Imaging for Configuration Management
359(1)
Using Group Policy for Configuration Management
360(1)
Understanding Change Management
361(2)
Review
363(1)
Questions
363(4)
Answers
367(4)
Chapter 11 Security Operations 371(36)
Handling Data
371(19)
Classifying Data
371(3)
Marking and Labeling Data
374(1)
Roles and Responsibilities
374(1)
Protecting Data from Cradle to Grave
375(1)
Data at Rest and Data in Motion
375(1)
Data Management Policies
376(6)
Understanding Databases
382(4)
Data Inference
386(1)
Data Diddling
386(1)
Securing Big Data
387(1)
Regulatory Requirements
387(3)
Training
390(1)
Managing Assets
390(2)
Hardware
390(1)
Software
391(1)
Data
391(1)
Certification and Accreditation
392(6)
Certification, Accreditation, and Security Assessments
392(1)
Common Criteria
393(1)
Using a Risk Management Framework
394(1)
Understanding Security Within the
System Development Life Cycle
395(3)
Review
398(1)
Questions
399(3)
Answers
402(5)
Chapter 12 Security Administration and Planning 407(32)
Understanding Security Policies
407(10)
Security Policy Characteristics
408(4)
Enforcing Security Policies
412(1)
Value of a Security Policy
412(1)
Security Policies Becoming More Common
413(1)
Understanding Code of Ethics
414(1)
Policy Awareness
415(1)
Updating Security Policies
416(1)
Understanding BCPs and DRPs
417(11)
Business Impact Analysis
419(3)
Disaster Recovery Plan
422(1)
Emergency Response Plans and Procedures
423(1)
Comparing a BCP and a DRP
423(1)
Restoration Planning
424(1)
Testing and Drills
424(1)
Alternative Locations
425(3)
Identifying Security Organizations
428(2)
NIST
428(1)
US-CERT
429(1)
SANS Institute
430(1)
CERT Division
430(1)
Review
430(1)
Questions
431(4)
Answers
435(4)
Chapter 13 Legal Issues 439(26)
Exploring Computer Forensics
439(9)
Participating in Incident Handling
439(3)
First Responders and Preserving the Scene
442(1)
Three Phases of a Computer Forensics Investigation
443(4)
Forensic Evidence Guidelines and Principles
447(1)
Comparing Computer Abuse and Computer Crime
448(2)
Understanding Fraud and Embezzlement Crime
450(2)
Mandatory Vacations
450(1)
Job Rotation
451(1)
Understanding Privacy Issues
452(5)
European Directives
454(1)
California Supreme Court Rules That ZIP Codes Are PII
455(1)
Connecticut's Public Act No. 08-167
455(1)
Children's Online Privacy Protection Act
456(1)
California Online Privacy Protection Act of 2003
456(1)
Review
457(1)
Questions
458(3)
Answers
461(4)
Chapter 14 Cryptography 465(46)
Understanding Basic Cryptography Concepts
465(4)
Cryptography Terminology
466(1)
Data Sensitivity
467(1)
Regulatory Requirements
468(1)
Participating in Security Awareness and Training
469(1)
Enforcing Integrity with Hashing
469(5)
Hashing Algorithms Provide One-Way Encryption
469(1)
Hashing Algorithms
470(2)
Verifying a Hash
472(1)
Salting Passwords
473(1)
Exploring Symmetric Encryption
474(5)
ROT13
475(1)
Composing and Rotating Keys
475(1)
Comparing Block and Stream Ciphers
476(1)
Advanced Encryption Standard
477(1)
Other Symmetric Encryption Algorithms
477(2)
Exploring Asymmetric Encryption
479(11)
RSA
481(1)
Transport Layer Security
481(2)
Secure Sockets Layer
483(1)
Diffie-Hellman
483(1)
Elliptic Curve Cryptography
484(1)
Secure Shell
484(1)
Protecting E-mail with S/MIME
484(6)
Pretty Good Privacy (PGP)
490(1)
Other Encryption Schemes
490(2)
Steganography
490(2)
IPsec
492(1)
Public Key Infrastructure
492(9)
Certificates
492(3)
Certificate Authority
495(4)
Key Escrow
499(1)
Alternative Certificate Trusts
500(1)
Comparing Cryptanalysis Attacks
501(1)
Managing Cryptographic Keys
501(1)
Known-Plaintext Attack
502(1)
Ciphertext-Only Attack
502(1)
Review
502(2)
Questions
504(3)
Answers
507(4)
Appendix About the CD-ROM 511(2)
System Requirements
511(1)
Total Tester Premium Practice Exam Software
511(1)
Installing and Running Total Tester
Premium Practice Exam Software
511(1)
PDF Copy of the Book
512(1)
Technical Support
512(1)
Total Seminars Technical Support
512(1)
McGraw-Hill Education Content Support
512(1)
Glossary 513(26)
Index 539
Darril Gibson, SSCP, CISSP, CompTIA Security+, CASP, MCT, MCSE, MCITP, ITIL, is CEO of Security Consulting and Training, LLC and is a Microsoft Certified Trainer. He has authored, coauthored, or contributed to more than a dozen books on CompTIA Security+, Windows Server 2006, Windows 7, SQL Server, and more.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97812595830636e.html
Märksõnad: