51,95 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
In the newly revised ninth edition of CompTIA Security+ Study Guide: Exam SY0-701, veteran cybersecurity professionals and educators Mike Chapple and David Seidl deliver easy-to-follow coverage of the security fundamentals tested by the challenging CompTIA SY0-701 exam. You'll explore general security concepts, threats, vulnerabilities, mitigations, security architecture and operations, as well as security program management and oversight.
You'll get access to the information you need to start a new career--or advance an existing one--in cybersecurity, with efficient and accurate content. You'll also find:
* Practice exams that get you ready to succeed on your first try at the real thing and help you conquer test anxiety
* Hundreds of review questions that gauge your readiness for the certification exam and help you retain and remember key concepts
* Complimentary access to the online Sybex learning environment, complete with hundreds of additional practice questions and flashcards, and a glossary of key terms
Perfect for everyone planning to take the CompTIA SY0-701 exam, as well as those aiming to secure a higher-level certification like the CASP+, CISSP, or CISA, this study guide will also earn a place on the bookshelves of anyone who's ever wondered if IT security is right for them. It's a must-read reference!
In the newly revised ninth edition of CompTIA Security+ Study Guide: Exam SY0-701, veteran cybersecurity professionals and educators Mike Chapple and David Seidl deliver easy-to-follow coverage of the security fundamentals tested by the challenging CompTIA SY0-701 exam. You'll explore general security concepts, threats, vulnerabilities, mitigations, security architecture and operations, as well as security program management and oversight.
You'll get access to the information you need to start a new career--or advance an existing one--in cybersecurity, with efficient and accurate content. You'll also find:
* Practice exams that get you ready to succeed on your first try at the real thing and help you conquer test anxiety
* Hundreds of review questions that gauge your readiness for the certification exam and help you retain and remember key concepts
* Complimentary access to the online Sybex learning environment, complete with hundreds of additional practice questions and flashcards, and a glossary of key terms
Perfect for everyone planning to take the CompTIA SY0-701 exam, as well as those aiming to secure a higher-level certification like the CASP+, CISSP, or CISA, this study guide will also earn a place on the bookshelves of anyone who's ever wondered if IT security is right for them. It's a must-read reference!
ABOUT THE AUTHORS
MIKE CHAPPLE, PhD, SECURITY+, CYSA+, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, [...].
DAVID SEIDL, CYSA+, CISSP, PENTEST+, is Vice President for Information Technology and CIO at Miami University where he leads an award winning, nationally recognized IT organization. David is a bestselling author who has written over 20 books with a focus on cybersecurity certification and cyberwarfare.
Introduction xxxi
Chapter 1 Today's Security Professional 1
Cybersecurity Objectives 2
Data Breach Risks 3
The DAD Triad 4
Breach Impact 5
Implementing Security Controls 7
Gap Analysis 7
Security Control Categories 8
Security Control Types 9
Data Protection 10
Data Encryption 11
Data Loss Prevention 11
Data Minimization 12
Access Restrictions 13
Segmentation and Isolation 13
Summary 13
Exam Essentials 14
Review Questions 16
Chapter 2 Cybersecurity Threat Landscape 21
Exploring Cybersecurity Threats 23
Classifying Cybersecurity Threats 23
Threat Actors 25
Attacker Motivations 31
Threat Vectors and Attack Surfaces 32
Threat Data and Intelligence 35
Open Source Intelligence 35
Proprietary and Closed- Source Intelligence 38
Assessing Threat Intelligence 39
Threat Indicator Management and Exchange 40
Information Sharing Organizations 41
Conducting Your Own Research 42
Summary 42
Exam Essentials 43
Review Questions 45
Chapter 3 Malicious Code 49
Malware 50
Ransomware 51
Trojans 52
Worms 54
Spyware 55
Bloatware 56
Viruses 57
Keyloggers 59
Logic Bombs 60
Rootkits 60
Summary 62
Exam Essentials 62
Review Questions 64
Chapter 4 Social Engineering and Password Attacks 69
Social Engineering and Human Vectors 70
Social Engineering Techniques 71
Password Attacks 76
Summary 78
Exam Essentials 78
Review Questions 80
Chapter 5 Security Assessment and Testing 85
Vulnerability Management 87
Identifying Scan Targets 87
Determining Scan Frequency 89
Configuring Vulnerability Scans 91
Scanner Maintenance 95
Vulnerability Scanning Tools 98
Reviewing and Interpreting Scan Reports 101
Confirmation of Scan Results 111
Vulnerability Classification 112
Patch Management 112
Legacy Platforms 113
Weak Configurations 115
Error Messages 115
Insecure Protocols 116
Weak Encryption 117
Penetration Testing 118
Adopting the Hacker Mindset 119
Reasons for Penetration Testing 120
Benefits of Penetration Testing 120
Penetration Test Types 121
Rules of Engagement 123
Reconnaissance 125
Running the Test 125
Cleaning Up 126
Audits and Assessments 126
Security Tests 127
Security Assessments 128
Security Audits 129
Vulnerability Life Cycle 131
Vulnerability Identification 131
Vulnerability Analysis 132
Vulnerability Response and Remediation 132
Validation of Remediation 132
Reporting 133
Summary 133
Exam Essentials 134
Review Questions 136
Chapter 6 Application Security 141
Software Assurance Best Practices 143
The Software Development Life Cycle 143
Software Development Phases 144
DevSecOps and DevOps 146
Designing and Coding for Security 147
Secure Coding Practices 148
API Security 149
Software Security Testing 149
Analyzing and Testing Code 150
Injection Vulnerabilities 151
SQL Injection Attacks 151
Code Injection Attacks 155
Command Injection Attacks 155
Exploiting Authentication Vulnerabilities 156
Password Authentication 156
Session Attacks 157
Exploiting Authorization Vulnerabilities 160
Insecure Direct Object References 161
Directory Traversal 161
File Inclusion 163
Privilege Escalation 163
Exploiting Web Application Vulnerabilities 164
Cross- Site Scripting (XSS) 164
Request Forgery 167
Application Security Controls 168
Input Validation 168
Web Application Firewalls 170
Parameterized Queries 170
Sandboxing 171
Code Security 171
Secure Coding Practices 173
Source Code Comments 174
Error Handling 174
Hard- Coded Credentials 175
Package Monitoring 175
Memory Management 176
Race Conditions 177
Unprotected APIs 178
Automation and Orchestration 178
Use Cases of Automation and Scripting 179
Benefits of Automation and Scripting 179
Other Considerations 180
Summary 181
Exam Essentials 181
Review Questions 183
Chapter 7 Cryptography and the PKI 189
An Overview of Cryptography 190
Historical Cryptography 191
Goals of Cryptography 196
Confidentiality 197
Integrity 199
Authentication 200
Non-repudiation 200
Cryptographic Concepts 200
Cryptographic Keys 201
Ciphers 202
Modern Cryptography 202
Cryptographic Secrecy 202
Symmetric Key Algorithms 204
Asymmetric Key Algorithms 205
Hashing Algorithms 208
Symmetric Cryptography 208
Data Encryption Standard 208
Advanced Encryption Standard 209
Symmetric Key Management 209
Asymmetric Cryptography 211
RSA 212
Elliptic Curve 213
Hash Functions 214
Sha 215
md 5 216
Digital Signatures 216
HMAC 217
Public Key Infrastructure 218
Certificates 218
Certificate Authorities 219
Certificate Generation and Destruction 220
Certificate Formats 223
Asymmetric Key Management 224
Cryptographic Attacks 225
Brute Force 225
Frequency Analysis 225
Known Plain Text 226
Chosen Plain Text 226
Related Key Attack 226
Birthday Attack 226
Downgrade Attack 227
Hashing, Salting, and Key Stretching 227
Exploiting Weak Keys 228
Exploiting Human Error 228
Emerging Issues in Cryptography 229
Tor and the Dark Web 229
Blockchain 229
Lightweight Cryptography 230
Homomorphic Encryption 230
Quantum Computing 230
Summary 231
Exam Essentials 231
Review Questions 233
Chapter 8 Identity and Access Management 237
Identity 239
Authentication and Authorization 240
Authentication and Authorization Technologies 241
Authentication Methods 246
Passwords 247
Multifactor Authentication 251
One- Time Passwords 252
Biometrics 254
Accounts 256
Account Types 256
Provisioning and Deprovisioning Accounts 257
Access Control Schemes 259
Filesystem Permissions 260
Summary 262
Exam Essentials 262
Review Questions 264
Chapter 9 Resilience and Physical Security 269
Resilience and Recovery in Security Architectures 271
Architectural Considerations and Security 273
Storage Resiliency 274
Response and Recovery Controls 280
Capacity Planning for Resilience and Recovery 283
Testing Resilience and Recovery Controls and Designs 284
Physical Security Controls 285
Site Security 285
Detecting Physical Attacks 291
Summary 291
Exam Essentials 292
Review Questions 294
Chapter 10 Cloud and Virtualization Security 299
Exploring the Cloud 300
Benefits of the Cloud 301
Cloud Roles 303
Cloud Service Models 303
Cloud Deployment Models 307
Private Cloud 307
Shared Responsibility Model 309
Cloud Standards and Guidelines 312
Virtualization 314
Hypervisors 314
Cloud Infrastructure Components 316
Cloud Compute Resources 316
Cloud Storage Resources 319
Cloud Networking 322
Cloud Security Issues 325
Availability 325
Data Sovereignty 326
Virtualization Security 327
Application Security 327
Governance and Auditing of Third- Party Vendors 328
Hardening Cloud Infrastructure 328
Cloud Access Security Brokers 328
Resource Policies 329
Secrets Management 330
Summary 331
Exam Essentials 331
Review Questions 333
Chapter 11 Endpoint Security 337
Operating System Vulnerabilities 339
Hardware Vulnerabilities 340
Protecting Endpoints 341
Preserving Boot Integrity 342
Endpoint Security Tools 344
Hardening Techniques 350
Hardening 350
Service Hardening 350
Network Hardening 352
Default Passwords 352
Removing Unnecessary Software 353
Operating System Hardening 353
Configuration, Standards, and Schemas 356
Encryption 357
Securing Embedded and Specialized Systems 358
Embedded Systems 358
SCADA and ICS 361
Securing the Internet of Things 362
Communication Considerations 363
Security Constraints of Embedded Systems 364
Asset Management 365
Summary 368
Exam Essentials 369
Review Questions 371
Chapter 12 Network Security 375
Designing Secure Networks 377
Infrastructure Considerations 380
Network Design Concepts 380
Network Segmentation 383
Zero Trust 385
Network Access Control 387
Port Security and Port- Level Protections 388
Virtual Private Networks and Remote Access 390
Network Appliances and Security Tools 392
Deception and Disruption Technology 399
Network Security, Services, and Management 400
Secure Protocols 406
Using Secure Protocols 406
Secure Protocols 407
Network Attacks 410
On- Path Attacks 411
Domain Name System Attacks 412
Credential Replay Attacks 414
Malicious Code 415
Distributed...
Erscheinungsjahr: | 2023 |
---|---|
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Reihe: | Sybex Study Guide |
Inhalt: | 672 S. |
ISBN-13: | 9781394211418 |
ISBN-10: | 1394211414 |
Sprache: | Englisch |
Herstellernummer: | 1W394211410 |
Einband: | Kartoniert / Broschiert |
Autor: |
Chapple, Mike
Seidl, David |
Auflage: | 9. Auflage |
Hersteller: | Wiley John + Sons |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 235 x 185 x 37 mm |
Von/Mit: | Mike Chapple (u. a.) |
Erscheinungsdatum: | 07.12.2023 |
Gewicht: | 1,28 kg |
ABOUT THE AUTHORS
MIKE CHAPPLE, PhD, SECURITY+, CYSA+, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, [...].
DAVID SEIDL, CYSA+, CISSP, PENTEST+, is Vice President for Information Technology and CIO at Miami University where he leads an award winning, nationally recognized IT organization. David is a bestselling author who has written over 20 books with a focus on cybersecurity certification and cyberwarfare.
Introduction xxxi
Chapter 1 Today's Security Professional 1
Cybersecurity Objectives 2
Data Breach Risks 3
The DAD Triad 4
Breach Impact 5
Implementing Security Controls 7
Gap Analysis 7
Security Control Categories 8
Security Control Types 9
Data Protection 10
Data Encryption 11
Data Loss Prevention 11
Data Minimization 12
Access Restrictions 13
Segmentation and Isolation 13
Summary 13
Exam Essentials 14
Review Questions 16
Chapter 2 Cybersecurity Threat Landscape 21
Exploring Cybersecurity Threats 23
Classifying Cybersecurity Threats 23
Threat Actors 25
Attacker Motivations 31
Threat Vectors and Attack Surfaces 32
Threat Data and Intelligence 35
Open Source Intelligence 35
Proprietary and Closed- Source Intelligence 38
Assessing Threat Intelligence 39
Threat Indicator Management and Exchange 40
Information Sharing Organizations 41
Conducting Your Own Research 42
Summary 42
Exam Essentials 43
Review Questions 45
Chapter 3 Malicious Code 49
Malware 50
Ransomware 51
Trojans 52
Worms 54
Spyware 55
Bloatware 56
Viruses 57
Keyloggers 59
Logic Bombs 60
Rootkits 60
Summary 62
Exam Essentials 62
Review Questions 64
Chapter 4 Social Engineering and Password Attacks 69
Social Engineering and Human Vectors 70
Social Engineering Techniques 71
Password Attacks 76
Summary 78
Exam Essentials 78
Review Questions 80
Chapter 5 Security Assessment and Testing 85
Vulnerability Management 87
Identifying Scan Targets 87
Determining Scan Frequency 89
Configuring Vulnerability Scans 91
Scanner Maintenance 95
Vulnerability Scanning Tools 98
Reviewing and Interpreting Scan Reports 101
Confirmation of Scan Results 111
Vulnerability Classification 112
Patch Management 112
Legacy Platforms 113
Weak Configurations 115
Error Messages 115
Insecure Protocols 116
Weak Encryption 117
Penetration Testing 118
Adopting the Hacker Mindset 119
Reasons for Penetration Testing 120
Benefits of Penetration Testing 120
Penetration Test Types 121
Rules of Engagement 123
Reconnaissance 125
Running the Test 125
Cleaning Up 126
Audits and Assessments 126
Security Tests 127
Security Assessments 128
Security Audits 129
Vulnerability Life Cycle 131
Vulnerability Identification 131
Vulnerability Analysis 132
Vulnerability Response and Remediation 132
Validation of Remediation 132
Reporting 133
Summary 133
Exam Essentials 134
Review Questions 136
Chapter 6 Application Security 141
Software Assurance Best Practices 143
The Software Development Life Cycle 143
Software Development Phases 144
DevSecOps and DevOps 146
Designing and Coding for Security 147
Secure Coding Practices 148
API Security 149
Software Security Testing 149
Analyzing and Testing Code 150
Injection Vulnerabilities 151
SQL Injection Attacks 151
Code Injection Attacks 155
Command Injection Attacks 155
Exploiting Authentication Vulnerabilities 156
Password Authentication 156
Session Attacks 157
Exploiting Authorization Vulnerabilities 160
Insecure Direct Object References 161
Directory Traversal 161
File Inclusion 163
Privilege Escalation 163
Exploiting Web Application Vulnerabilities 164
Cross- Site Scripting (XSS) 164
Request Forgery 167
Application Security Controls 168
Input Validation 168
Web Application Firewalls 170
Parameterized Queries 170
Sandboxing 171
Code Security 171
Secure Coding Practices 173
Source Code Comments 174
Error Handling 174
Hard- Coded Credentials 175
Package Monitoring 175
Memory Management 176
Race Conditions 177
Unprotected APIs 178
Automation and Orchestration 178
Use Cases of Automation and Scripting 179
Benefits of Automation and Scripting 179
Other Considerations 180
Summary 181
Exam Essentials 181
Review Questions 183
Chapter 7 Cryptography and the PKI 189
An Overview of Cryptography 190
Historical Cryptography 191
Goals of Cryptography 196
Confidentiality 197
Integrity 199
Authentication 200
Non-repudiation 200
Cryptographic Concepts 200
Cryptographic Keys 201
Ciphers 202
Modern Cryptography 202
Cryptographic Secrecy 202
Symmetric Key Algorithms 204
Asymmetric Key Algorithms 205
Hashing Algorithms 208
Symmetric Cryptography 208
Data Encryption Standard 208
Advanced Encryption Standard 209
Symmetric Key Management 209
Asymmetric Cryptography 211
RSA 212
Elliptic Curve 213
Hash Functions 214
Sha 215
md 5 216
Digital Signatures 216
HMAC 217
Public Key Infrastructure 218
Certificates 218
Certificate Authorities 219
Certificate Generation and Destruction 220
Certificate Formats 223
Asymmetric Key Management 224
Cryptographic Attacks 225
Brute Force 225
Frequency Analysis 225
Known Plain Text 226
Chosen Plain Text 226
Related Key Attack 226
Birthday Attack 226
Downgrade Attack 227
Hashing, Salting, and Key Stretching 227
Exploiting Weak Keys 228
Exploiting Human Error 228
Emerging Issues in Cryptography 229
Tor and the Dark Web 229
Blockchain 229
Lightweight Cryptography 230
Homomorphic Encryption 230
Quantum Computing 230
Summary 231
Exam Essentials 231
Review Questions 233
Chapter 8 Identity and Access Management 237
Identity 239
Authentication and Authorization 240
Authentication and Authorization Technologies 241
Authentication Methods 246
Passwords 247
Multifactor Authentication 251
One- Time Passwords 252
Biometrics 254
Accounts 256
Account Types 256
Provisioning and Deprovisioning Accounts 257
Access Control Schemes 259
Filesystem Permissions 260
Summary 262
Exam Essentials 262
Review Questions 264
Chapter 9 Resilience and Physical Security 269
Resilience and Recovery in Security Architectures 271
Architectural Considerations and Security 273
Storage Resiliency 274
Response and Recovery Controls 280
Capacity Planning for Resilience and Recovery 283
Testing Resilience and Recovery Controls and Designs 284
Physical Security Controls 285
Site Security 285
Detecting Physical Attacks 291
Summary 291
Exam Essentials 292
Review Questions 294
Chapter 10 Cloud and Virtualization Security 299
Exploring the Cloud 300
Benefits of the Cloud 301
Cloud Roles 303
Cloud Service Models 303
Cloud Deployment Models 307
Private Cloud 307
Shared Responsibility Model 309
Cloud Standards and Guidelines 312
Virtualization 314
Hypervisors 314
Cloud Infrastructure Components 316
Cloud Compute Resources 316
Cloud Storage Resources 319
Cloud Networking 322
Cloud Security Issues 325
Availability 325
Data Sovereignty 326
Virtualization Security 327
Application Security 327
Governance and Auditing of Third- Party Vendors 328
Hardening Cloud Infrastructure 328
Cloud Access Security Brokers 328
Resource Policies 329
Secrets Management 330
Summary 331
Exam Essentials 331
Review Questions 333
Chapter 11 Endpoint Security 337
Operating System Vulnerabilities 339
Hardware Vulnerabilities 340
Protecting Endpoints 341
Preserving Boot Integrity 342
Endpoint Security Tools 344
Hardening Techniques 350
Hardening 350
Service Hardening 350
Network Hardening 352
Default Passwords 352
Removing Unnecessary Software 353
Operating System Hardening 353
Configuration, Standards, and Schemas 356
Encryption 357
Securing Embedded and Specialized Systems 358
Embedded Systems 358
SCADA and ICS 361
Securing the Internet of Things 362
Communication Considerations 363
Security Constraints of Embedded Systems 364
Asset Management 365
Summary 368
Exam Essentials 369
Review Questions 371
Chapter 12 Network Security 375
Designing Secure Networks 377
Infrastructure Considerations 380
Network Design Concepts 380
Network Segmentation 383
Zero Trust 385
Network Access Control 387
Port Security and Port- Level Protections 388
Virtual Private Networks and Remote Access 390
Network Appliances and Security Tools 392
Deception and Disruption Technology 399
Network Security, Services, and Management 400
Secure Protocols 406
Using Secure Protocols 406
Secure Protocols 407
Network Attacks 410
On- Path Attacks 411
Domain Name System Attacks 412
Credential Replay Attacks 414
Malicious Code 415
Distributed...
Erscheinungsjahr: | 2023 |
---|---|
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Reihe: | Sybex Study Guide |
Inhalt: | 672 S. |
ISBN-13: | 9781394211418 |
ISBN-10: | 1394211414 |
Sprache: | Englisch |
Herstellernummer: | 1W394211410 |
Einband: | Kartoniert / Broschiert |
Autor: |
Chapple, Mike
Seidl, David |
Auflage: | 9. Auflage |
Hersteller: | Wiley John + Sons |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 235 x 185 x 37 mm |
Von/Mit: | Mike Chapple (u. a.) |
Erscheinungsdatum: | 07.12.2023 |
Gewicht: | 1,28 kg |