Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
CompTIA Security+ Study Guide with over 500 Practice Test Questions
Exam SY0-701
Taschenbuch von Mike Chapple (u. a.)
Sprache: Englisch

51,95 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung
Discover key exam objectives and crucial cybersecurity concepts for the CompTIA Security+ SY0-701 exam, along with an online test bank with hundreds of practice questions and flashcards

In the newly revised ninth edition of CompTIA Security+ Study Guide: Exam SY0-701, veteran cybersecurity professionals and educators Mike Chapple and David Seidl deliver easy-to-follow coverage of the security fundamentals tested by the challenging CompTIA SY0-701 exam. You'll explore general security concepts, threats, vulnerabilities, mitigations, security architecture and operations, as well as security program management and oversight.

You'll get access to the information you need to start a new career--or advance an existing one--in cybersecurity, with efficient and accurate content. You'll also find:
* Practice exams that get you ready to succeed on your first try at the real thing and help you conquer test anxiety
* Hundreds of review questions that gauge your readiness for the certification exam and help you retain and remember key concepts
* Complimentary access to the online Sybex learning environment, complete with hundreds of additional practice questions and flashcards, and a glossary of key terms

Perfect for everyone planning to take the CompTIA SY0-701 exam, as well as those aiming to secure a higher-level certification like the CASP+, CISSP, or CISA, this study guide will also earn a place on the bookshelves of anyone who's ever wondered if IT security is right for them. It's a must-read reference!
Discover key exam objectives and crucial cybersecurity concepts for the CompTIA Security+ SY0-701 exam, along with an online test bank with hundreds of practice questions and flashcards

In the newly revised ninth edition of CompTIA Security+ Study Guide: Exam SY0-701, veteran cybersecurity professionals and educators Mike Chapple and David Seidl deliver easy-to-follow coverage of the security fundamentals tested by the challenging CompTIA SY0-701 exam. You'll explore general security concepts, threats, vulnerabilities, mitigations, security architecture and operations, as well as security program management and oversight.

You'll get access to the information you need to start a new career--or advance an existing one--in cybersecurity, with efficient and accurate content. You'll also find:
* Practice exams that get you ready to succeed on your first try at the real thing and help you conquer test anxiety
* Hundreds of review questions that gauge your readiness for the certification exam and help you retain and remember key concepts
* Complimentary access to the online Sybex learning environment, complete with hundreds of additional practice questions and flashcards, and a glossary of key terms

Perfect for everyone planning to take the CompTIA SY0-701 exam, as well as those aiming to secure a higher-level certification like the CASP+, CISSP, or CISA, this study guide will also earn a place on the bookshelves of anyone who's ever wondered if IT security is right for them. It's a must-read reference!
Über den Autor

ABOUT THE AUTHORS

MIKE CHAPPLE, PhD, SECURITY+, CYSA+, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, [...].

DAVID SEIDL, CYSA+, CISSP, PENTEST+, is Vice President for Information Technology and CIO at Miami University where he leads an award winning, nationally recognized IT organization. David is a bestselling author who has written over 20 books with a focus on cybersecurity certification and cyberwarfare.

Inhaltsverzeichnis

Introduction xxxi

Chapter 1 Today's Security Professional 1

Cybersecurity Objectives 2

Data Breach Risks 3

The DAD Triad 4

Breach Impact 5

Implementing Security Controls 7

Gap Analysis 7

Security Control Categories 8

Security Control Types 9

Data Protection 10

Data Encryption 11

Data Loss Prevention 11

Data Minimization 12

Access Restrictions 13

Segmentation and Isolation 13

Summary 13

Exam Essentials 14

Review Questions 16

Chapter 2 Cybersecurity Threat Landscape 21

Exploring Cybersecurity Threats 23

Classifying Cybersecurity Threats 23

Threat Actors 25

Attacker Motivations 31

Threat Vectors and Attack Surfaces 32

Threat Data and Intelligence 35

Open Source Intelligence 35

Proprietary and Closed- Source Intelligence 38

Assessing Threat Intelligence 39

Threat Indicator Management and Exchange 40

Information Sharing Organizations 41

Conducting Your Own Research 42

Summary 42

Exam Essentials 43

Review Questions 45

Chapter 3 Malicious Code 49

Malware 50

Ransomware 51

Trojans 52

Worms 54

Spyware 55

Bloatware 56

Viruses 57

Keyloggers 59

Logic Bombs 60

Rootkits 60

Summary 62

Exam Essentials 62

Review Questions 64

Chapter 4 Social Engineering and Password Attacks 69

Social Engineering and Human Vectors 70

Social Engineering Techniques 71

Password Attacks 76

Summary 78

Exam Essentials 78

Review Questions 80

Chapter 5 Security Assessment and Testing 85

Vulnerability Management 87

Identifying Scan Targets 87

Determining Scan Frequency 89

Configuring Vulnerability Scans 91

Scanner Maintenance 95

Vulnerability Scanning Tools 98

Reviewing and Interpreting Scan Reports 101

Confirmation of Scan Results 111

Vulnerability Classification 112

Patch Management 112

Legacy Platforms 113

Weak Configurations 115

Error Messages 115

Insecure Protocols 116

Weak Encryption 117

Penetration Testing 118

Adopting the Hacker Mindset 119

Reasons for Penetration Testing 120

Benefits of Penetration Testing 120

Penetration Test Types 121

Rules of Engagement 123

Reconnaissance 125

Running the Test 125

Cleaning Up 126

Audits and Assessments 126

Security Tests 127

Security Assessments 128

Security Audits 129

Vulnerability Life Cycle 131

Vulnerability Identification 131

Vulnerability Analysis 132

Vulnerability Response and Remediation 132

Validation of Remediation 132

Reporting 133

Summary 133

Exam Essentials 134

Review Questions 136

Chapter 6 Application Security 141

Software Assurance Best Practices 143

The Software Development Life Cycle 143

Software Development Phases 144

DevSecOps and DevOps 146

Designing and Coding for Security 147

Secure Coding Practices 148

API Security 149

Software Security Testing 149

Analyzing and Testing Code 150

Injection Vulnerabilities 151

SQL Injection Attacks 151

Code Injection Attacks 155

Command Injection Attacks 155

Exploiting Authentication Vulnerabilities 156

Password Authentication 156

Session Attacks 157

Exploiting Authorization Vulnerabilities 160

Insecure Direct Object References 161

Directory Traversal 161

File Inclusion 163

Privilege Escalation 163

Exploiting Web Application Vulnerabilities 164

Cross- Site Scripting (XSS) 164

Request Forgery 167

Application Security Controls 168

Input Validation 168

Web Application Firewalls 170

Parameterized Queries 170

Sandboxing 171

Code Security 171

Secure Coding Practices 173

Source Code Comments 174

Error Handling 174

Hard- Coded Credentials 175

Package Monitoring 175

Memory Management 176

Race Conditions 177

Unprotected APIs 178

Automation and Orchestration 178

Use Cases of Automation and Scripting 179

Benefits of Automation and Scripting 179

Other Considerations 180

Summary 181

Exam Essentials 181

Review Questions 183

Chapter 7 Cryptography and the PKI 189

An Overview of Cryptography 190

Historical Cryptography 191

Goals of Cryptography 196

Confidentiality 197

Integrity 199

Authentication 200

Non-repudiation 200

Cryptographic Concepts 200

Cryptographic Keys 201

Ciphers 202

Modern Cryptography 202

Cryptographic Secrecy 202

Symmetric Key Algorithms 204

Asymmetric Key Algorithms 205

Hashing Algorithms 208

Symmetric Cryptography 208

Data Encryption Standard 208

Advanced Encryption Standard 209

Symmetric Key Management 209

Asymmetric Cryptography 211

RSA 212

Elliptic Curve 213

Hash Functions 214

Sha 215

md 5 216

Digital Signatures 216

HMAC 217

Public Key Infrastructure 218

Certificates 218

Certificate Authorities 219

Certificate Generation and Destruction 220

Certificate Formats 223

Asymmetric Key Management 224

Cryptographic Attacks 225

Brute Force 225

Frequency Analysis 225

Known Plain Text 226

Chosen Plain Text 226

Related Key Attack 226

Birthday Attack 226

Downgrade Attack 227

Hashing, Salting, and Key Stretching 227

Exploiting Weak Keys 228

Exploiting Human Error 228

Emerging Issues in Cryptography 229

Tor and the Dark Web 229

Blockchain 229

Lightweight Cryptography 230

Homomorphic Encryption 230

Quantum Computing 230

Summary 231

Exam Essentials 231

Review Questions 233

Chapter 8 Identity and Access Management 237

Identity 239

Authentication and Authorization 240

Authentication and Authorization Technologies 241

Authentication Methods 246

Passwords 247

Multifactor Authentication 251

One- Time Passwords 252

Biometrics 254

Accounts 256

Account Types 256

Provisioning and Deprovisioning Accounts 257

Access Control Schemes 259

Filesystem Permissions 260

Summary 262

Exam Essentials 262

Review Questions 264

Chapter 9 Resilience and Physical Security 269

Resilience and Recovery in Security Architectures 271

Architectural Considerations and Security 273

Storage Resiliency 274

Response and Recovery Controls 280

Capacity Planning for Resilience and Recovery 283

Testing Resilience and Recovery Controls and Designs 284

Physical Security Controls 285

Site Security 285

Detecting Physical Attacks 291

Summary 291

Exam Essentials 292

Review Questions 294

Chapter 10 Cloud and Virtualization Security 299

Exploring the Cloud 300

Benefits of the Cloud 301

Cloud Roles 303

Cloud Service Models 303

Cloud Deployment Models 307

Private Cloud 307

Shared Responsibility Model 309

Cloud Standards and Guidelines 312

Virtualization 314

Hypervisors 314

Cloud Infrastructure Components 316

Cloud Compute Resources 316

Cloud Storage Resources 319

Cloud Networking 322

Cloud Security Issues 325

Availability 325

Data Sovereignty 326

Virtualization Security 327

Application Security 327

Governance and Auditing of Third- Party Vendors 328

Hardening Cloud Infrastructure 328

Cloud Access Security Brokers 328

Resource Policies 329

Secrets Management 330

Summary 331

Exam Essentials 331

Review Questions 333

Chapter 11 Endpoint Security 337

Operating System Vulnerabilities 339

Hardware Vulnerabilities 340

Protecting Endpoints 341

Preserving Boot Integrity 342

Endpoint Security Tools 344

Hardening Techniques 350

Hardening 350

Service Hardening 350

Network Hardening 352

Default Passwords 352

Removing Unnecessary Software 353

Operating System Hardening 353

Configuration, Standards, and Schemas 356

Encryption 357

Securing Embedded and Specialized Systems 358

Embedded Systems 358

SCADA and ICS 361

Securing the Internet of Things 362

Communication Considerations 363

Security Constraints of Embedded Systems 364

Asset Management 365

Summary 368

Exam Essentials 369

Review Questions 371

Chapter 12 Network Security 375

Designing Secure Networks 377

Infrastructure Considerations 380

Network Design Concepts 380

Network Segmentation 383

Zero Trust 385

Network Access Control 387

Port Security and Port- Level Protections 388

Virtual Private Networks and Remote Access 390

Network Appliances and Security Tools 392

Deception and Disruption Technology 399

Network Security, Services, and Management 400

Secure Protocols 406

Using Secure Protocols 406

Secure Protocols 407

Network Attacks 410

On- Path Attacks 411

Domain Name System Attacks 412

Credential Replay Attacks 414

Malicious Code 415

Distributed...

Details
Erscheinungsjahr: 2023
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Reihe: Sybex Study Guide
Inhalt: 672 S.
ISBN-13: 9781394211418
ISBN-10: 1394211414
Sprache: Englisch
Herstellernummer: 1W394211410
Einband: Kartoniert / Broschiert
Autor: Chapple, Mike
Seidl, David
Auflage: 9. Auflage
Hersteller: Wiley John + Sons
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 235 x 185 x 37 mm
Von/Mit: Mike Chapple (u. a.)
Erscheinungsdatum: 07.12.2023
Gewicht: 1,28 kg
Artikel-ID: 127460044
Über den Autor

ABOUT THE AUTHORS

MIKE CHAPPLE, PhD, SECURITY+, CYSA+, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, [...].

DAVID SEIDL, CYSA+, CISSP, PENTEST+, is Vice President for Information Technology and CIO at Miami University where he leads an award winning, nationally recognized IT organization. David is a bestselling author who has written over 20 books with a focus on cybersecurity certification and cyberwarfare.

Inhaltsverzeichnis

Introduction xxxi

Chapter 1 Today's Security Professional 1

Cybersecurity Objectives 2

Data Breach Risks 3

The DAD Triad 4

Breach Impact 5

Implementing Security Controls 7

Gap Analysis 7

Security Control Categories 8

Security Control Types 9

Data Protection 10

Data Encryption 11

Data Loss Prevention 11

Data Minimization 12

Access Restrictions 13

Segmentation and Isolation 13

Summary 13

Exam Essentials 14

Review Questions 16

Chapter 2 Cybersecurity Threat Landscape 21

Exploring Cybersecurity Threats 23

Classifying Cybersecurity Threats 23

Threat Actors 25

Attacker Motivations 31

Threat Vectors and Attack Surfaces 32

Threat Data and Intelligence 35

Open Source Intelligence 35

Proprietary and Closed- Source Intelligence 38

Assessing Threat Intelligence 39

Threat Indicator Management and Exchange 40

Information Sharing Organizations 41

Conducting Your Own Research 42

Summary 42

Exam Essentials 43

Review Questions 45

Chapter 3 Malicious Code 49

Malware 50

Ransomware 51

Trojans 52

Worms 54

Spyware 55

Bloatware 56

Viruses 57

Keyloggers 59

Logic Bombs 60

Rootkits 60

Summary 62

Exam Essentials 62

Review Questions 64

Chapter 4 Social Engineering and Password Attacks 69

Social Engineering and Human Vectors 70

Social Engineering Techniques 71

Password Attacks 76

Summary 78

Exam Essentials 78

Review Questions 80

Chapter 5 Security Assessment and Testing 85

Vulnerability Management 87

Identifying Scan Targets 87

Determining Scan Frequency 89

Configuring Vulnerability Scans 91

Scanner Maintenance 95

Vulnerability Scanning Tools 98

Reviewing and Interpreting Scan Reports 101

Confirmation of Scan Results 111

Vulnerability Classification 112

Patch Management 112

Legacy Platforms 113

Weak Configurations 115

Error Messages 115

Insecure Protocols 116

Weak Encryption 117

Penetration Testing 118

Adopting the Hacker Mindset 119

Reasons for Penetration Testing 120

Benefits of Penetration Testing 120

Penetration Test Types 121

Rules of Engagement 123

Reconnaissance 125

Running the Test 125

Cleaning Up 126

Audits and Assessments 126

Security Tests 127

Security Assessments 128

Security Audits 129

Vulnerability Life Cycle 131

Vulnerability Identification 131

Vulnerability Analysis 132

Vulnerability Response and Remediation 132

Validation of Remediation 132

Reporting 133

Summary 133

Exam Essentials 134

Review Questions 136

Chapter 6 Application Security 141

Software Assurance Best Practices 143

The Software Development Life Cycle 143

Software Development Phases 144

DevSecOps and DevOps 146

Designing and Coding for Security 147

Secure Coding Practices 148

API Security 149

Software Security Testing 149

Analyzing and Testing Code 150

Injection Vulnerabilities 151

SQL Injection Attacks 151

Code Injection Attacks 155

Command Injection Attacks 155

Exploiting Authentication Vulnerabilities 156

Password Authentication 156

Session Attacks 157

Exploiting Authorization Vulnerabilities 160

Insecure Direct Object References 161

Directory Traversal 161

File Inclusion 163

Privilege Escalation 163

Exploiting Web Application Vulnerabilities 164

Cross- Site Scripting (XSS) 164

Request Forgery 167

Application Security Controls 168

Input Validation 168

Web Application Firewalls 170

Parameterized Queries 170

Sandboxing 171

Code Security 171

Secure Coding Practices 173

Source Code Comments 174

Error Handling 174

Hard- Coded Credentials 175

Package Monitoring 175

Memory Management 176

Race Conditions 177

Unprotected APIs 178

Automation and Orchestration 178

Use Cases of Automation and Scripting 179

Benefits of Automation and Scripting 179

Other Considerations 180

Summary 181

Exam Essentials 181

Review Questions 183

Chapter 7 Cryptography and the PKI 189

An Overview of Cryptography 190

Historical Cryptography 191

Goals of Cryptography 196

Confidentiality 197

Integrity 199

Authentication 200

Non-repudiation 200

Cryptographic Concepts 200

Cryptographic Keys 201

Ciphers 202

Modern Cryptography 202

Cryptographic Secrecy 202

Symmetric Key Algorithms 204

Asymmetric Key Algorithms 205

Hashing Algorithms 208

Symmetric Cryptography 208

Data Encryption Standard 208

Advanced Encryption Standard 209

Symmetric Key Management 209

Asymmetric Cryptography 211

RSA 212

Elliptic Curve 213

Hash Functions 214

Sha 215

md 5 216

Digital Signatures 216

HMAC 217

Public Key Infrastructure 218

Certificates 218

Certificate Authorities 219

Certificate Generation and Destruction 220

Certificate Formats 223

Asymmetric Key Management 224

Cryptographic Attacks 225

Brute Force 225

Frequency Analysis 225

Known Plain Text 226

Chosen Plain Text 226

Related Key Attack 226

Birthday Attack 226

Downgrade Attack 227

Hashing, Salting, and Key Stretching 227

Exploiting Weak Keys 228

Exploiting Human Error 228

Emerging Issues in Cryptography 229

Tor and the Dark Web 229

Blockchain 229

Lightweight Cryptography 230

Homomorphic Encryption 230

Quantum Computing 230

Summary 231

Exam Essentials 231

Review Questions 233

Chapter 8 Identity and Access Management 237

Identity 239

Authentication and Authorization 240

Authentication and Authorization Technologies 241

Authentication Methods 246

Passwords 247

Multifactor Authentication 251

One- Time Passwords 252

Biometrics 254

Accounts 256

Account Types 256

Provisioning and Deprovisioning Accounts 257

Access Control Schemes 259

Filesystem Permissions 260

Summary 262

Exam Essentials 262

Review Questions 264

Chapter 9 Resilience and Physical Security 269

Resilience and Recovery in Security Architectures 271

Architectural Considerations and Security 273

Storage Resiliency 274

Response and Recovery Controls 280

Capacity Planning for Resilience and Recovery 283

Testing Resilience and Recovery Controls and Designs 284

Physical Security Controls 285

Site Security 285

Detecting Physical Attacks 291

Summary 291

Exam Essentials 292

Review Questions 294

Chapter 10 Cloud and Virtualization Security 299

Exploring the Cloud 300

Benefits of the Cloud 301

Cloud Roles 303

Cloud Service Models 303

Cloud Deployment Models 307

Private Cloud 307

Shared Responsibility Model 309

Cloud Standards and Guidelines 312

Virtualization 314

Hypervisors 314

Cloud Infrastructure Components 316

Cloud Compute Resources 316

Cloud Storage Resources 319

Cloud Networking 322

Cloud Security Issues 325

Availability 325

Data Sovereignty 326

Virtualization Security 327

Application Security 327

Governance and Auditing of Third- Party Vendors 328

Hardening Cloud Infrastructure 328

Cloud Access Security Brokers 328

Resource Policies 329

Secrets Management 330

Summary 331

Exam Essentials 331

Review Questions 333

Chapter 11 Endpoint Security 337

Operating System Vulnerabilities 339

Hardware Vulnerabilities 340

Protecting Endpoints 341

Preserving Boot Integrity 342

Endpoint Security Tools 344

Hardening Techniques 350

Hardening 350

Service Hardening 350

Network Hardening 352

Default Passwords 352

Removing Unnecessary Software 353

Operating System Hardening 353

Configuration, Standards, and Schemas 356

Encryption 357

Securing Embedded and Specialized Systems 358

Embedded Systems 358

SCADA and ICS 361

Securing the Internet of Things 362

Communication Considerations 363

Security Constraints of Embedded Systems 364

Asset Management 365

Summary 368

Exam Essentials 369

Review Questions 371

Chapter 12 Network Security 375

Designing Secure Networks 377

Infrastructure Considerations 380

Network Design Concepts 380

Network Segmentation 383

Zero Trust 385

Network Access Control 387

Port Security and Port- Level Protections 388

Virtual Private Networks and Remote Access 390

Network Appliances and Security Tools 392

Deception and Disruption Technology 399

Network Security, Services, and Management 400

Secure Protocols 406

Using Secure Protocols 406

Secure Protocols 407

Network Attacks 410

On- Path Attacks 411

Domain Name System Attacks 412

Credential Replay Attacks 414

Malicious Code 415

Distributed...

Details
Erscheinungsjahr: 2023
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Reihe: Sybex Study Guide
Inhalt: 672 S.
ISBN-13: 9781394211418
ISBN-10: 1394211414
Sprache: Englisch
Herstellernummer: 1W394211410
Einband: Kartoniert / Broschiert
Autor: Chapple, Mike
Seidl, David
Auflage: 9. Auflage
Hersteller: Wiley John + Sons
Verantwortliche Person für die EU: Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de
Maße: 235 x 185 x 37 mm
Von/Mit: Mike Chapple (u. a.)
Erscheinungsdatum: 07.12.2023
Gewicht: 1,28 kg
Artikel-ID: 127460044
Sicherheitshinweis

Ähnliche Produkte

Ähnliche Produkte