Book description
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.
This fully updated study guide covers every topic on the current version of the CompTIA Security+ exam
Take the latest version of the CompTIA Security+ exam with complete confidence using the detailed information contained in this highly effective self-study system. Written by two leading information security experts, this authoritative guide addresses the skills required for securing a network and managing risk and enables you to become CompTIA certified.
CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601) covers all exam domains and features 200 accurate practice questions. To aid in study, the book features learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. All questions mirror those on the live exam in tone, format, and content. Beyond fully preparing you for the challenging exam, the book also serves as a valuable on-the-job reference for IT professionals.
- Provides 100% coverage of every objective on exam SY0-601
- Online content includes performance-based question simulations and 200 multiple-choice practice questions
- Written by a team of experienced IT security educators
Table of contents
- Cover
- Title Page
- Copyright Page
- Dedication
- About the Authors
- Contents
- Preface
- Acknowledgments
- Introduction
- Objective Map: Exam SY0-601
-
Part I Threats, Attacks, and Vulnerabilities
-
Chapter 1 Social Engineering Techniques
- Social Engineering Methods
- Phishing
- Smishing
- Vishing
- Spam
- Spam over Instant Messaging (SPIM)
- Spear Phishing
- Dumpster Diving
- Shoulder Surfing
- Pharming
- Tailgating
- Eliciting Information
- Whaling
- Prepending
- Identity Fraud
- Invoice Scams
- Credential Harvesting
- Reconnaissance
- Hoax
- Impersonation
- Watering Hole Attack
- Typosquatting
- Pretexting
- Influence Campaigns
- Principles (Reasons for Effectiveness)
- Defenses
- Chapter Review
- Chapter 2 Type of Attack Indicators
-
Chapter 3 Application Attack Indicators
- Privilege Escalation
- Cross-Site Scripting
- Injection Attacks
- Pointer/Object Dereference
- Directory Traversal
- Buffer Overflow
- Race Condition
- Improper Error Handling
- Improper Input Handling
- Replay Attacks
- Integer Overflow
- Request Forgery
- Application Programming Interface (API) Attacks
- Resource Exhaustion
- Memory Leak
- Secure Sockets Layer (SSL) Stripping
- Driver Manipulation
- Pass the Hash
- Chapter Review
- Chapter 4 Network Attack Indicators
-
Chapter 5 Threat Actors, Vectors, and Intelligence Sources
- Actors and Threats
- Attributes of Actors
- Vectors
-
Threat Intelligence Sources
- Open Source Intelligence (OSINT)
- Closed/Proprietary
- Vulnerability Databases
- Public/Private Information Sharing Centers
- Dark Web
- Indicators of Compromise
- Automated Indicator Sharing (AIS)
- Structured Threat Information Expression (STIX) / Trusted Automated Exchange of Intelligence Information (TAXII)
- Predictive Analysis
- Threat Maps
- File/Code Repositories
- Research Sources
- Chapter Review
- Chapter 6 Vulnerabilities
- Chapter 7 Security Assessments
- Chapter 8 Penetration Testing
-
Chapter 1 Social Engineering Techniques
-
Part II Architecture and Design
- Chapter 9 Enterprise Security Architecture
-
Chapter 10 Virtualization and Cloud Security
- Cloud Models
- Cloud Service Providers
- Managed Service Provider (MSP) / Managed Security Service Provider (MSSP)
- On-Premises vs. Off-Premises
- Fog Computing
- Edge Computing
- Thin Client
- Containers
- Microservices/API
- Infrastructure as Code
- Serverless Architecture
- Services Integration
- Resource Policies
- Transit Gateway
- Virtualization
- Chapter Review
- Chapter 11 Secure Application Development, Deployment, and Automation Concepts
- Chapter 12 Authentication and Authorization
- Chapter 13 Cybersecurity Resilience
-
Chapter 14 Embedded and Specialized Systems
- Embedded Systems
- Supervisory Control and Data Acquisition (SCADA) / Industrial Control System (ICS)
- Internet of Things (IoT)
- Specialized Systems
- Voice over IP (VoIP)
- Heating, Ventilation, Air Conditioning (HVAC)
- Drones
- Multifunction Printers (MFPs)
- Real-time Operating Systems (RTOSs)
- Surveillance Systems
- System on a Chip (SoC)
- Communication Considerations
- Constraints
- Chapter Review
-
Chapter 15 Physical Security Controls
- Bollards/Barricades
- Access Control Vestibules
- Badges
- Alarms
- Signage
- Cameras
- Closed-Circuit Television (CCTV)
- Industrial Camouflage
- Personnel
- Locks
- USB Data Blocker
- Lighting
- Fencing
- Fire Suppression
- Sensors
- Drones
- Visitor Logs
- Faraday Cages
- Air Gap
- Screened Subnet
- Protected Cable Distribution
- Secure Areas
- Secure Data Destruction
- Chapter Review
-
Chapter 16 Cryptographic Concepts
- General Cryptographic Concepts
- Digital Signatures
- Key Length
- Key Stretching
- Salting
- Hashing
- Key Exchange
- Elliptic Curve Cryptography
- Perfect Forward Secrecy
- Quantum Cryptography
- Post-Quantum Era
- Ephemeral Keys
- Modes of Operation
- Counter
- Blockchain
- Cipher Suites
- Symmetric vs. Asymmetric
- Lightweight Cryptography
- Steganography
- Homomorphic Encryption
- Common Use Cases
- Limitations
- Chapter Review
-
Part III Implementation
-
Chapter 17 Secure Protocols
-
Protocols
- Domain Name System Security Extensions (DNSSEC)
- SSH
- Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Secure Real-time Transport Protocol (SRTP)
- Lightweight Directory Access Protocol over SSL (LDAPS)
- File Transfer Protocol, Secure (FTPS)
- SSH File Transfer Protocol (SFTP)
- Simple Network Management Protocol, Version 3 (SNMPv3)
- Hypertext Transfer Protocol over SSL/TLS (HTTPS)
- IPSec
- Post Office Protocol (POP) / Internet Message Access Protocol (IMAP)
- Use Cases
- Chapter Review
-
Protocols
- Chapter 18 Host and Application Security
-
Chapter 19 Secure Network Design
- Load Balancing
- Network Segmentation
- Virtual Private Network (VPN)
- DNS
- Network Access Control (NAC)
- Out-of-Band Management
- Port Security
- Network Appliances
- Access Control List (ACL)
- Route Security
- Quality of Service (QoS)
- Implications of IPv6
- Port Spanning/Port Mirroring
- Monitoring Services
- File Integrity Monitors
- Chapter Review
- Chapter 20 Wireless Security
-
Chapter 21 Secure Mobile Solutions
- Connection Methods and Receivers
- Mobile Device Management (MDM)
- Mobile Devices
-
Enforcement and Monitoring
- Third-Party Application Stores
- Rooting/Jailbreaking
- Sideloading
- Custom Firmware
- Carrier Unlocking
- Firmware OTA Updates
- Camera Use
- SMS/Multimedia Message Service (MMS)/Rich Communication Services (RCS)
- External Media
- USB On-The-Go (USB OTG)
- Recording Microphone
- GPS Tagging
- Wi-Fi Direct/Ad Hoc
- Tethering
- Hotspot
- Payment Methods
- Deployment Models
- Chapter Review
- Chapter 22 Implementing Cloud Security
- Chapter 23 Identity and Account Management Controls
- Chapter 24 Implement Authentication and Authorization
- Chapter 25 Public Key Infrastructure
-
Chapter 17 Secure Protocols
-
Part IV Operations and Incident Response
- Chapter 26 Tools/Assess Organizational Security
- Chapter 27 Incident Response Policies, Processes, and Procedures
- Chapter 28 Investigations
- Chapter 29 Mitigation Techniques and Controls
- Chapter 30 Digital Forensics
-
Part V Governance, Risk, and Compliance
- Chapter 31 Security Controls
- Chapter 32 Regulations, Standards, and Frameworks
- Chapter 33 Organizational Policies
-
Chapter 34 Risk Management
- Risk Types
- Risk Management Strategies
-
Risk Analysis
- Risk Register
- Risk Matrix/Heat Map
- Risk Control Assessment
- Risk Control Self-Assessment
- Risk Awareness
- Inherent Risk
- Residual Risk
- Control Risk
- Risk Appetite
- Regulations That Affect Risk Posture
- Risk Assessment Types
- Likelihood of Occurrence
- Impact
- Asset Value
- Single-Loss Expectancy (SLE)
- Annualized Loss Expectancy (ALE)
- Annualized Rate of Occurrence (ARO)
- Disasters
- Business Impact Analysis
- Chapter Review
- Chapter 35 Privacy
- Part VI Appendixes and Glossary
- Glossary
- Index
Product information
- Title: CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)), 6th Edition
- Author(s):
- Release date: April 2021
- Publisher(s): McGraw-Hill
- ISBN: 9781260464016
You might also like
audiobook
CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)
This fully updated study guide covers every topic on the current version of the CompTIA Security+ …
book
CompTIA Security+ SY0-601 Exam Cram, 6th Edition
CompTIA® Security+ SY0-601 Exam Cram, is the perfect study guide to help you pass the newly …
book
CompTIA A+ Certification All-in-One Exam Guide, Eleventh Edition (Exams 220-1101 & 220-1102), 11th Edition
This bestselling on-the-job reference and test preparation guide has been fully revised for new 2022 exam …
book
Principles of Computer Security: CompTIA Security+ and Beyond, Sixth Edition (Exam SY0-601), 6th Edition
Fully updated computer security essentials—mapped to the CompTIA Security+ SY0-601 exam Save 10% on any CompTIA …