CompTIA Security+ SY0-701 Cert Guide

CompTIA Security+ SY0-701 Cert Guide

by Lewis Heuermann
Released April 2024
Publisher(s): Pearson IT Certification
ISBN: 9780138293215

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Learn, prepare, and practice for CompTIA Security+ SY0-701 exam success with this Cert Guide from Pearson IT Certification, a leader in IT Certification learning.

CompTIA Security+ SY0-701 Cert Guide from Pearson IT Certification helps you prepare to succeed on the CompTIA Security+ SY0-701 exam by directly addressing the exams objectives as stated by CompTIA. Leading instructor and cybersecurity professional Lewis Heuermann shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

  • Complete coverage of the exam objectives and a test-preparation routine designed to help you pass the exams

  • Do I Know This Already? quizzes, which allow you to decide how much time you need to spend on each section

  • Chapter-ending Key Topic tables, which help you drill on key concepts you must know thoroughly

  • The powerful Pearson Test Prep Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports

  • An online, interactive Flash Cards application to help you drill on Key Terms by chapter

  • A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies

  • Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, study plans, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that ensure your exam success.

This study guide helps you master all the topics on the CompTIA Security+ SY0-701 exam, deepening your knowledge of

  • General Security Concepts: Security controls, security concepts, change management process, cryptographic solutions

  • Threats, Vulnerabilities, and Mitigations: Threat actors and motivations, attack surfaces, types of vulnerabilities, indicators of malicious activity, mitigation techniques

  • Security Architecture: Security implications of architecture models, secure enterprise infrastructure, protect data, resilience and recovery in security architecture

  • Security Operations: Security techniques to computing resources, security implications, vulnerability management, monitoring concepts, enterprise capabilities to enhance security, access management, automation related to secure operations, incident response activities

  • Security Program Management and Oversight: Security governance, risk management, third-party risk assessment and management, security compliance, audits and assessments, security awareness practices

Table of contents

  1. Cover Page
  2. About This eBook
  3. Title Page
  4. Copyright Page
  5. Contents at a Glance
  6. Table of Contents
  7. About the Author
  8. Dedication
  9. Acknowledgments
  10. About the Technical Reviewer
  11. We Want to Hear from You!
  12. Reader Services
  13. Introduction
    1. Goals and Methods
    2. Who Should Read This Book?
    3. CompTIA Security+ Exam Topics
    4. Companion Website
    5. How to Access the Pearson Test Prep (PTP) App
    6. Figure Credits
  14. Part I: General Security Concepts
    1. Chapter 1. Comparing and Contrasting the Various Types of Controls
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Control Categories
      4. Control Types
      5. Chapter Review Activities
      6. Review Key Topics
      7. Define Key Terms
      8. Review Questions
    2. Chapter 2. Summarizing Fundamental Security Concepts
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Confidentiality, Integrity, and Availability (CIA)
      4. Non-repudiation
      5. Authentication, Authorization, and Accounting (AAA)
      6. Gap Analysis
      7. Zero Trust
      8. Physical Security
      9. Deception and Disruption Technology
      10. Chapter Review Activities
      11. Review Key Topics
      12. Define Key Terms
      13. Review Questions
    3. Chapter 3. Understanding Change Management’s Security Impact
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Business Processes Impacting Security Operations
      4. Technical Implications
      5. Documentation
      6. Version Control
      7. Chapter Review Activities
      8. Review Key Topics
      9. Define Key Terms
      10. Review Questions
    4. Chapter 4. Understanding the Importance of Using Appropriate Cryptographic Solutions
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Public Key Infrastructure (PKI)
      4. Encryption
      5. Transport/Communication
      6. Symmetric Versus Asymmetric Encryption
      7. Key Exchange
      8. Algorithms
      9. Key Length
      10. Tools
      11. Trusted Platform Module
      12. Hardware Security Module
      13. Key Management System
      14. Secure Enclave
      15. Obfuscation
      16. Steganography
      17. Hashing
      18. Salting
      19. Digital Signatures
      20. Key Stretching
      21. Blockchain
      22. Open Public Ledger
      23. Certificates
      24. Chapter Review Activities
      25. Review Key Topics
      26. Define Key Terms
      27. Review Questions
  15. Part II: Threats, Vulnerabilities, and Mitigations
    1. Chapter 5. Comparing and Contrasting Common Threat Actors and Motivations
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Threat Actors
      4. Attributes of Actors
      5. Motivations
      6. War
      7. Chapter Review Activities
      8. Review Key Topics
      9. Define Key Terms
      10. Review Questions
    2. Chapter 6. Understanding Common Threat Vectors and Attack Surfaces
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Message-Based
      4. Image-Based
      5. File-Based
      6. Voice Call
      7. Removable Device
      8. Vulnerable Software
      9. Unsupported Systems and Applications
      10. Unsecure Networks
      11. Open Service Ports
      12. Default Credentials
      13. Supply Chain
      14. Human Vectors/Social Engineering
      15. Chapter Review Activities
      16. Review Key Topics
      17. Define Key Terms
      18. Review Questions
    3. Chapter 7. Understanding Various Types of Vulnerabilities
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Application
      4. Operating System (OS)–Based
      5. Web-Based
      6. Hardware
      7. Virtualization
      8. Cloud Specific
      9. Supply Chain
      10. Cryptographic
      11. Misconfiguration
      12. Mobile Device
      13. Zero-Day Vulnerabilities
      14. Chapter Review Activities
      15. Review Key Topics
      16. Define Key Terms
      17. Review Questions
    4. Chapter 8. Understanding Indicators of Malicious Activity
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Malware Attacks
      4. Physical Attacks
      5. Network Attacks
      6. Application Attacks
      7. Cryptographic Attacks
      8. Password Attacks
      9. Indicators
      10. Chapter Review Activities
      11. Review Key Topics
      12. Define Key Terms
      13. Review Questions
    5. Chapter 9. Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Segmentation
      4. Access Control
      5. Isolation
      6. Patching
      7. Encryption
      8. Monitoring
      9. Least Privilege
      10. Configuration Enforcement
      11. Decommissioning
      12. Hardening Techniques
      13. Chapter Review Activities
      14. Review Key Topics
      15. Define Key Terms
      16. Review Questions
  16. Part III: Security Architecture
    1. Chapter 10. Comparing and Contrasting Security Implications of Different Architecture Models
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Architecture and Infrastructure Concepts
      4. Considerations
      5. Chapter Review Activities
      6. Review Key Topics
      7. Define Key Terms
      8. Review Questions
    2. Chapter 11. Applying Security Principles to Secure Enterprise Infrastructure
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Infrastructure Considerations
      4. Secure Communication/Access
      5. Selection of Effective Controls
      6. Chapter Review Activities
      7. Review Key Topics
      8. Define Key Terms
      9. Review Questions
    3. Chapter 12. Comparing and Contrasting Concepts and Strategies to Protect Data
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Data Types
      4. Data Classifications
      5. General Data Considerations
      6. Methods to Secure Data
      7. Chapter Review Activities
      8. Review Key Topics
      9. Define Key Terms
      10. Review Questions
    4. Chapter 13. Understanding the Importance of Resilience and Recovery in Security Architecture
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. High Availability
      4. Site Considerations
      5. Platform Diversity
      6. Multi-Cloud System
      7. Continuity of Operations
      8. Capacity Planning
      9. Testing
      10. Backups
      11. Power
      12. Chapter Review Activities
      13. Review Key Topics
      14. Define Key Terms
      15. Review Questions
  17. Part IV: Security Operations
    1. Chapter 14. Applying Common Security Techniques to Computing Resources
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Secure Baselines
      4. Hardening Targets
      5. Wireless Devices
      6. Mobile Solutions
      7. Connection Methods
      8. Wireless Security Settings
      9. Application Security
      10. Sandboxing
      11. Monitoring
      12. Chapter Review Activities
      13. Review Key Topics
      14. Define Key Terms
      15. Review Questions
    2. Chapter 15. Understanding the Security Implications of Hardware, Software, and Data Asset Management
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Acquisition/Procurement Process
      4. Assignment/Accounting
      5. Monitoring/Asset Tracking
      6. Disposal/Decommissioning
      7. Chapter Review Activities
      8. Review Key Topics
      9. Define Key Terms
      10. Review Questions
    3. Chapter 16. Understanding Various Activities Associated with Vulnerability Management
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Identification Methods
      4. Analysis
      5. Vulnerability Response and Remediation
      6. Validation of Remediation
      7. Reporting
      8. Chapter Review Activities
      9. Review Key Topics
      10. Define Key Terms
      11. Review Questions
    4. Chapter 17. Understanding Security Alerting and Monitoring Concepts and Tools
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Monitoring and Computing Resources
      4. Activities
      5. Tools
      6. Chapter Review Activities
      7. Review Key Topics
      8. Define Key Terms
      9. Review Questions
    5. Chapter 18. Modifying Enterprise Capabilities to Enhance Security
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Firewall
      4. IDS/IPS
      5. Web Filter
      6. Operating System Security
      7. Implementation of Secure Protocols
      8. DNS Filtering
      9. Email Security
      10. File Integrity Monitoring
      11. DLP
      12. Network Access Control (NAC)
      13. Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)
      14. User Behavior Analytics
      15. Chapter Review Activities
      16. Review Key Topics
      17. Define Key Terms
      18. Review Questions
    6. Chapter 19. Implementing and Maintaining Identity and Access Management
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Provisioning/De-provisioning User Accounts
      4. Permission Assignments and Implications
      5. Identity Proofing
      6. Federation
      7. Single Sign-On (SSO)
      8. Interoperability
      9. Attestation
      10. Access Controls
      11. Multifactor Authentication (MFA)
      12. Password Concepts
      13. Privileged Access Management Tools
      14. Chapter Review Activities
      15. Review Key Topics
      16. Define Key Terms
      17. Review Questions
    7. Chapter 20. Understanding the Importance of Automation and Orchestration Related to Secure Operations
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Use Cases of Automation and Scripting
      4. Benefits
      5. Other Considerations
      6. Chapter Review Activities
      7. Review Key Topics
      8. Define Key Terms
      9. Review Questions
    8. Chapter 21. Understanding Appropriate Incident Response Activities
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Process
      4. Training
      5. Testing
      6. Root Cause Analysis
      7. Threat Hunting
      8. Digital Forensics
      9. Chapter Review Activities
      10. Review Key Topics
      11. Define Key Terms
      12. Review Questions
    9. Chapter 22. Using Data Sources to Support an Investigation
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Log Data
      4. Data Sources
      5. Chapter Review Activities
      6. Review Key Topics
      7. Define Key Terms
      8. Review Questions
  18. Part V: Security Program Management and Oversight
    1. Chapter 23. Summarizing Elements of Effective Security Governance
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Guidelines
      4. Policies
      5. Standards
      6. Procedures
      7. External Considerations
      8. Monitoring and Revision
      9. Types of Governance Structures
      10. Roles and Responsibilities for Systems and Data
      11. Chapter Review Activities
      12. Review Key Topics
      13. Define Key Terms
      14. Review Questions
    2. Chapter 24. Understanding Elements of the Risk Management Process
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Risk Identification
      4. Risk Assessment
      5. Risk Analysis
      6. Risk Register
      7. Risk Tolerance
      8. Risk Appetite
      9. Risk Management Strategies
      10. Risk Reporting
      11. Business Impact Analysis
      12. Chapter Review Activities
      13. Review Key Topics
      14. Define Key Terms
      15. Review Questions
    3. Chapter 25. Understanding the Processes Associated with Third-Party Risk Assessment and Management
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Vendor Assessment
      4. Vendor Selection
      5. Agreement Types
      6. Vendor Monitoring
      7. Questionnaires
      8. Rules of Engagement
      9. Chapter Review Activities
      10. Review Key Topics
      11. Define Key Terms
      12. Review Questions
    4. Chapter 26. Summarizing Elements of Effective Security Compliance
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Compliance Reporting
      4. Consequences of Non-compliance
      5. Compliance Monitoring
      6. Attestation and Acknowledgment
      7. Privacy
      8. Chapter Review Activities
      9. Review Key Topics
      10. Define Key Terms
      11. Review Questions
    5. Chapter 27. Understanding Types and Purposes of Audits and Assessments
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Attestation
      4. Internal
      5. External
      6. Penetration Testing
      7. Chapter Review Activities
      8. Review Key Topics
      9. Define Key Terms
      10. Review Questions
    6. Chapter 28. Implementing Security Awareness Practices
      1. “Do I Know This Already?” Quiz
      2. Foundation Topics
      3. Phishing
      4. Anomalous Behavior Recognition
      5. User Guidance and Training
      6. Reporting and Monitoring
      7. Development
      8. Execution
      9. Chapter Review Activities
      10. Review Key Topics
      11. Define Key Terms
      12. Review Questions
  19. Part VI: Final Preparation
    1. Chapter 29. Final Preparation
      1. Hands-on Activities
      2. Suggested Plan for Final Review and Study
      3. Summary
  20. Appendix A. Answers to the “Do I Know This Already?” Quizzes and Review Questions
  21. Index
  22. Appendix B. Study Planner
  23. Glossary of Key Terms
  24. Where are the companion content files? - Register
  25. Code Snippets

Product information

  • Title: CompTIA Security+ SY0-701 Cert Guide
  • Author(s): Lewis Heuermann
  • Release date: April 2024
  • Publisher(s): Pearson IT Certification
  • ISBN: 9780138293215