CompTIA Security+ SY0-601 Exam Cram, 6th Edition

CompTIA Security+ SY0-601 Exam Cram, 6th Edition

by Diane Barrett, Martin M. Weiss
Released December 2020
Publisher(s): Pearson IT Certification
ISBN: 9780136798767

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

CompTIA® Security+ SY0-601 Exam Cram, is the perfect study guide to help you pass the newly updated version of the CompTIA Security+ exam. It provides coverage and practice questions for every exam topic. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time practice and feedback with two complete exams.

Related Content

Video: CompTIA Security+ SY0-601

Live Courses: CompTIA Security + SY0-601 Crash Course

Covers the critical information you’ll need to know to score higher on your Security+ SY0-601 exam!

  • Assess the different types of attacks, threats, and vulnerabilities organizations face

  • Understand security concepts across traditional, cloud, mobile, and IoT environments

  • Explain and implement security controls across multiple environments

  • Identify, analyze, and respond to operational needs and security incidents

  • Understand and explain the relevance of concepts related to governance, risk, and compliance

Exclusive State-of-the-Art Web-based Test Engine with Practice Questions Make sure you’re 100% ready for the real exam!

  • Detailed explanations of correct and incorrect answers

  • Multiple test modes

  • Random questions and order of answers

  • Coverage of each current Security+ exam objective

..

Table of contents

  1. Cover Page
  2. About This eBook
  3. Title Page
  4. Copyright Page
  5. Credits
  6. Contents at a Glance
  7. Table of Contents
  8. About the Author
  9. Dedication
  10. Acknowledgments
  11. About the Technical Reviewer
  12. We Want to Hear from You!
  13. Reader Services
  14. Introduction
    1. How to Prepare for the Exam
    2. Taking a Certification Exam
    3. About This Book
    4. Pearson Test Prep Practice Test Software
    5. Contacting the Author
  15. Part I: Attacks, Threats, and Vulnerabilities
    1. Chapter 1: Social Engineering Techniques
      1. The Social Engineer
      2. Phishing and Related Attacks
      3. Principles of Influence (Reasons for Effectiveness)
      4. What Next?
    2. Chapter 2: Attack Basics
      1. Malware
      2. Physical Attacks
      3. Adversarial Artificial Intelligence (AI)
      4. Password Attacks
      5. Downgrade Attacks
      6. What Next?
    3. Chapter 3: Application Attacks
      1. Race Conditions
      2. Improper Software Handling
      3. Resource Exhaustion
      4. Overflows
      5. Code Injections
      6. Driver Manipulation
      7. Request Forgeries
      8. Directory Traversal
      9. Replay Attack
      10. Secure Sockets Layer (SSL) Stripping
      11. Application Programming Interface (API) Attacks
      12. Pass-the-Hash Attack
      13. What Next?
    4. Chapter 4: Network Attacks
      1. Wireless
      2. On-Path Attack
      3. Layer 2 Attacks
      4. Domain Name System (DNS) Attacks
      5. Denial of Service
      6. Malicious Code and Script Execution
      7. What Next?
    5. Chapter 5: Threat Actors, Vectors, and Intelligence Sources
      1. Threat Actor Attributes
      2. Threat Actor Types
      3. Vectors
      4. Threat Intelligence and Research Sources
      5. What Next?
    6. Chapter 6: Vulnerabilities
      1. Cloud-Based vs. On-Premises
      2. Zero-Day
      3. Weak Configurations
      4. Third-Party Risks
      5. Impacts
      6. What Next?
    7. Chapter 7: Security Assessment Techniques
      1. Vulnerability Scans
      2. Threat Assessment
      3. What Next?
    8. Chapter 8: Penetration Testing Techniques
      1. Testing Methodology
      2. Team Exercises
      3. What Next?
  16. Part II: Architecture and Design
    1. Chapter 9: Enterprise Security Concepts
      1. Configuration Management
      2. Data Confidentiality
      3. Deception and Disruption
      4. What Next?
    2. Chapter 10: Virtualization and Cloud Computing
      1. Virtualization
      2. On-Premises vs. Off-Premises
      3. Cloud Models
      4. What Next?
    3. Chapter 11: Secure Application Development, Deployment, and Automation
      1. Application Environment
      2. Integrity Measurement
      3. Change Management and Version Control
      4. Secure Coding Techniques
      5. Automation and Scripting
      6. Scalability and Elasticity
      7. What Next?
    4. Chapter 12: Authentication and Authorization Design
      1. Identification and Authentication, Authorization, and Accounting (AAA)
      2. Multifactor Authentication
      3. Single Sign-on
      4. Authentication Technologies
      5. What Next?
    5. Chapter 13: Cybersecurity Resilience
      1. Redundancy
      2. Backups
      3. Defense in Depth
      4. What Next?
    6. Chapter 14: Embedded and Specialized Systems
      1. Embedded Systems
      2. SCADA and ICS
      3. Smart Devices and IoT
      4. What Next?
    7. Chapter 15: Physical Security Controls
      1. Perimeter Security
      2. Internal Security
      3. Equipment Security
      4. Environmental Controls
      5. Secure Data Destruction
      6. What Next?
    8. Chapter 16: Cryptographic Concepts
      1. Cryptosystems
      2. Use of Proven Technologies and Implementation
      3. Steganography
      4. Cryptography Use Cases
      5. Cryptography Constraints
      6. What Next?
  17. Part III: Implementation
    1. Chapter 17: Secure Protocols
      1. Secure Web Protocols
      2. Secure File Transfer Protocols
      3. Secure Email Protocols
      4. Secure Internet Protocols
      5. Secure Protocol Use Cases
      6. What Next?
    2. Chapter 18: Host and Application Security Solutions
      1. Endpoint Protection
      2. Application Security
      3. Hardware and Firmware Security
      4. Operating System Security
      5. What Next?
    3. Chapter 19: Secure Network Design
      1. Network Devices and Segmentation
      2. Security Devices and Boundaries
      3. What Next?
    4. Chapter 20: Wireless Security Settings
      1. Access Methods
      2. Wireless Cryptographic Protocols
      3. Authentication Protocols
      4. Wireless Access Installations
      5. What Next?
    5. Chapter 21: Secure Mobile Solutions
      1. Communication Methods
      2. Mobile Device Management Concepts
      3. Enforcement and Monitoring
      4. Deployment Models
      5. What Next?
    6. Chapter 22: Cloud Cybersecurity Solutions
      1. Cloud Workloads
      2. Third-Party Cloud Security Solutions
      3. What Next?
    7. Chapter 23: Identity and Account Management Controls
      1. Account Types
      2. Account Management
      3. Account Policy Enforcement
      4. What Next?
    8. Chapter 24: Authentication and Authorization Solutions
      1. Authentication
      2. Access Control
      3. What Next?
    9. Chapter 25: Public Key Infrastructure
      1. PKI Components
      2. What Next?
  18. Part IV: Operations and Incident Response
    1. Chapter 26: Organizational Security
      1. Shell and Script Environments
      2. Network Reconnaissance and Discovery
      3. Packet Capture and Replay
      4. Password Crackers
      5. Forensics and Data Sanitization
      6. What Next?
    2. Chapter 27: Incident Response
      1. Attack Frameworks
      2. Incident Response Plan
      3. Incident Response Process
      4. Continuity and Recovery Plans
      5. What Next?
    3. Chapter 28: Incident Investigation
      1. SIEM Dashboards
      2. Logging
      3. Network Activity
      4. What Next?
    4. Chapter 29: Incident Mitigation
      1. Containment and Eradication
      2. What Next?
    5. Chapter 30: Digital Forensics
      1. Data Breach Notifications
      2. Strategic Intelligence/Counterintelligence Gathering
      3. Track Person-hours
      4. Order of Volatility
      5. Chain of Custody
      6. Data Acquisition
      7. What Next?
  19. Part V: Governance, Risk, and Compliance
    1. Chapter 31: Control Types
      1. Nature of Controls
      2. Functional Use of Controls
      3. Compensating Controls
      4. What Next?
    2. Chapter 32: Regulations, Standards, and Frameworks
      1. Industry-Standard Frameworks and Reference Architectures
      2. Benchmarks and Secure Configuration Guides
      3. What Next?
    3. Chapter 33: Organizational Security Policies
      1. Policy Framework
      2. Human Resource Management Policies
      3. Third-Party Risk Management
      4. What Next?
    4. Chapter 34: Risk Management
      1. Risk Analysis
      2. Risk Assessment
      3. Business Impact Analysis
      4. What Next?
    5. Chapter 35: Sensitive Data and Privacy
      1. Sensitive Data Protection
      2. Privacy Impact Assessment
      3. What Next?
  20. Glossary of Essential Terms and Components
  21. Index
  22. Where are the companion content files? - Register
  23. Inside Front Cover
  24. Inside Back Cover
  25. Code Snippets

Product information

  • Title: CompTIA Security+ SY0-601 Exam Cram, 6th Edition
  • Author(s): Diane Barrett, Martin M. Weiss
  • Release date: December 2020
  • Publisher(s): Pearson IT Certification
  • ISBN: 9780136798767