Atjaunināt sīkdatņu piekrišanu

CompTIA Securityplus Deluxe Study Guide with Online Labs: Exam SY0-601 5th edition [Hardback]

(University of Notre Dame),
  • Formāts: Hardback, 672 pages, height x width x depth: 239x196x41 mm, weight: 1134 g
  • Izdošanas datums: 01-Jul-2021
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119812283
  • ISBN-13: 9781119812289
Citas grāmatas par šo tēmu:
  • Hardback
  • Cena: 134,94 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Standarta cena: 158,75 €
  • Ietaupiet 15%
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
CompTIA Securityplus Deluxe Study Guide with Online Labs: Exam SY0-601 5th editionPalielināt
  • Formāts: Hardback, 672 pages, height x width x depth: 239x196x41 mm, weight: 1134 g
  • Izdošanas datums: 01-Jul-2021
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119812283
  • ISBN-13: 9781119812289
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781119812289.html
Keywords:
Learn the key objectives and most crucial concepts covered by the Security+ Exam SY0-601 with this comprehensive and practical Deluxe Study Guide

Covers 100% of exam objectives including threats, attacks, and vulnerabilities; technologies and tools; architecture and design; identity and access management; risk management; cryptography and PKI, and much more... Includes interactive online learning environment and study tools with:





4 custom practice exams 100 Electronic Flashcards Searchable key term glossary Plus 33 Online Security+ Practice Lab Modules

Expert Security+ SY0-601 exam preparation--Now with 33 Online Lab Modules

The Fifth edition of CompTIA Security+ Deluxe Study Guide offers invaluable preparation for Exam SY0-601. Written by expert authors, Mike Chapple and David Seidl, the book covers 100% of the exam objectives with clear and concise explanations. Discover how to handle threats, attacks, and vulnerabilities using industry-standard tools and technologies, while gaining and understanding the role of architecture and design. Spanning topics from everyday tasks like identity and access management to complex subjects such as risk management and cryptography, this study guide helps you consolidate your knowledge base in preparation for the Security+ exam. Illustrative examples show how these processes play out in real-world scenarios, allowing you to immediately translate essential concepts to on-the-job application.

Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for:





Attacks, Threats, and Vulnerabilities Architecture and Design Implementation Operations and Incident Response Governance, Risk, and Compliance

Interactive learning environment

Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to:





Interactive test bank with 4 bonus exams. Practice questions help you identify areas where further review is needed. 100 Electronic Flashcards to reinforce learning and last-minute prep before the exam. Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared.

ABOUT THE PRACTICE LABS SECURITY+ LABS

So you can practice with hands-on learning in a real environment, Sybex has bundled Practice Labs virtual labs that run from your browser. The registration code is included with the book and gives you 6 months unlimited access to Practice Labs CompTIA Security+ Exam SY0-601 Labs with 33 unique lab modules to practice your skills. If you are unable to register your lab PIN code, please contact Wiley customer support for a replacement PIN code.
Introduction xxv
Assessment Test xxxvi
Chapter 1 Today's Security Professional
1(18)
Cybersecurity Objectives
2(1)
Data Breach Risks
3(1)
The DAD Triad
3(2)
Breach Impact
5(2)
Implementing Security Controls
7(1)
Security Control Categories
7(1)
Security Control Types
8(1)
Data Protection
9(3)
Summary
12(1)
Exam Essentials
12(2)
Review Questions
14(5)
Chapter 2 Cybersecurity Threat Landscape
19(26)
Exploring Cybersecurity Threats
20(1)
Classifying Cybersecurity Threats
20(2)
Threat Actors
22(6)
Threat Vectors
28(2)
Threat Data and Intelligence
30(1)
Open Source Intelligence
31(2)
Proprietary and Closed-Source Intelligence
33(2)
Assessing Threat Intelligence
35(1)
Threat Indicator Management and Exchange
36(1)
Public and Private Information Sharing Centers
37(1)
Conducting Your Own Research
38(1)
Summary
38(1)
Exam Essentials
39(1)
Review Questions
40(5)
Chapter 3 Malicious Code
45(20)
Malware
46(1)
Ransomware
47(1)
Trojans
47(1)
Worms
48(1)
Rootkits
48(1)
Backdoors
49(1)
Bots
50(2)
Keyloggers
52(1)
Logic Bombs
53(1)
Viruses
53(1)
Fileless Viruses
53(1)
Spyware
54(1)
Potentially Unwanted Programs (PUPs)
55(1)
Malicious Code
55(2)
Adversarial Artificial Intelligence
57(1)
Summary
58(1)
Exam Essentials
59(2)
Review Questions
61(4)
Chapter 4 Social Engineering, Physical, and Password Attacks
65(18)
Social Engineering
66(1)
Social Engineering Techniques
67(5)
Influence Campaigns
72(1)
Password Attacks
72(2)
Physical Attacks
74(2)
Summary
76(1)
Exam Essentials
76(2)
Review Questions
78(5)
Chapter 5 Security Assessment and Testing
83(46)
Vulnerability Management
84(1)
Identifying Scan Targets
84(2)
Determining Scan Frequency
86(1)
Configuring Vulnerability Scans
87(5)
Scanner Maintenance
92(3)
Vulnerability Scanning Tools
95(1)
Reviewing and Interpreting Scan Reports
96(10)
Validating Scan Results
106(1)
Security Vulnerabilities
107(1)
Patch Management
107(1)
Legacy Platforms
108(1)
Weak Configurations
109(1)
Error Messages
110(1)
Insecure Protocols
111(1)
Weak Encryption
112(1)
Penetration Testing
113(1)
Adopting the Hacker Mindset
114(1)
Reasons for Penetration Testing
115(1)
Benefits of Penetration Testing
115(1)
Penetration Test Types
116(2)
Rules of Engagement
118(1)
Reconnaissance
119(1)
Running the Test
120(1)
Cleaning Up
120(1)
Training and Exercises
120(2)
Summary
122(1)
Exam Essentials
122(2)
Review Questions
124(5)
Chapter 6 Secure Coding
129(50)
Software Assurance Best Practices
130(1)
The Software Development Life Cycle
130(1)
Software Development Phases
131(2)
Software Development Models
133(3)
DevSecOps and DevOps
136(2)
Designing and Coding for Security
138(1)
Secure Coding Practices
138(1)
API Security
139(1)
Code Review Models
139(4)
Software Security Testing
143(1)
Analyzing and Testing Code
143(1)
Injection Vulnerabilities
144(1)
SQL Injection Attacks
145(3)
Code Injection Attacks
148(1)
Command Injection Attacks
149(1)
Exploiting Authentication Vulnerabilities
150(1)
Password Authentication
150(1)
Session Attacks
151(3)
Exploiting Authorization Vulnerabilities
154(1)
Insecure Direct Object References
154(1)
Directory Traversal
155(1)
File Inclusion
156(1)
Privilege Escalation
157(1)
Exploiting Web Application Vulnerabilities
157(1)
Cross-Site Scripting (XSS)
158(2)
Request Forgery
160(1)
Application Security Controls
161(1)
Input Validation
162(1)
Web Application Firewalls
163(1)
Database Security
163(3)
Code Security
166(2)
Secure Coding Practices
168(1)
Source Code Comments
168(1)
Error Handling
168(2)
Hard-Coded Credentials
170(1)
Memory Management
170(1)
Race Conditions
171(1)
Unprotected APIs
172(1)
Driver Manipulation
172(1)
Summary
173(1)
Exam Essentials
173(2)
Review Questions
175(4)
Chapter 7 Cryptography and the Public Key Infrastructure
179(50)
An Overview of Cryptography
180(1)
Historical Cryptography
181(5)
Goals of Cryptography
186(1)
Confidentiality
187(1)
Integrity
188(1)
Authentication
188(1)
Nonrepudiation
189(1)
Cryptographic Concepts
189(1)
Cryptographic Keys
189(1)
Ciphers
190(1)
Modern Cryptography
191(1)
Cryptographic Secrecy
191(1)
Symmetric Key Algorithms
192(1)
Asymmetric Key Algorithms
193(3)
Hashing Algorithms
196(1)
Symmetric Cryptography
197(1)
Data Encryption Standard
197(2)
Triple DES
199(1)
Advanced Encryption Standard
200(1)
Symmetric Key Management
200(3)
Asymmetric Cryptography
203(1)
RSA
203(1)
Elliptic Curve
204(1)
Hash Functions
205(1)
SHA
206(1)
MD5
207(1)
Digital Signatures
207(1)
HMAC
208(1)
Digital Signature Standard
209(1)
Public Key Infrastructure
209(1)
Certificates
209(2)
Certificate Authorities
211(1)
Certificate Generation and Destruction
212(3)
Certificate Formats
215(1)
Asymmetric Key Management
216(1)
Cryptographic Attacks
217(3)
Emerging Issues in Cryptography
220(1)
Tor and the Dark Web
220(1)
Blockchain
220(1)
Lightweight Cryptography
221(1)
Homomorphic Encryption
221(1)
Quantum Computing
222(1)
Summary
222(1)
Exam Essentials
222(2)
Review Questions
224(5)
Chapter 8 Identity and Access Management
229(28)
Identity
230(1)
Authentication and Authorization
231(1)
Authentication and Authorization Technologies
232(4)
Directory Services
236(1)
Authentication Methods
237(1)
Multifactor Authentication
237(2)
One-Time Passwords
239(2)
Biometrics
241(2)
Knowledge-Based Authentication
243(1)
Managing Authentication
244(1)
Accounts
245(1)
Account Types
245(1)
Account Policies and Controls
245(3)
Access Control Schemes
248(1)
Filesystem Permissions
249(2)
Summary
251(1)
Exam Essentials
252(1)
Review Questions
253(4)
Chapter 9 Resilience and Physical Security
257(28)
Building Cybersecurity Resilience
258(2)
Storage Resiliency: Backups and Replication
260(6)
Response and Recovery Controls
266(3)
Physical Security Controls
269(1)
Site Security
269(9)
Summary
278(1)
Exam Essentials
279(2)
Review Questions
281(4)
Chapter 10 Cloud and Virtualization Security
285(38)
Exploring the Cloud
286(1)
Benefits of the Cloud
287(2)
Cloud Roles
289(1)
Cloud Service Models
289(4)
Cloud Deployment Models
293(2)
Shared Responsibility Model
295(3)
Cloud Standards and Guidelines
298(2)
Virtualization
300(1)
Hypervisors
300(2)
Cloud Infrastructure Components
302(1)
Cloud Compute Resources
302(2)
Cloud Storage Resources
304(3)
Cloud Networking
307(4)
Cloud Security Issues
311(1)
Availability
311(1)
Data Sovereignty
311(1)
Virtualization Security
312(1)
Application Security
312(1)
Governance and Auditing
313(1)
Cloud Security Controls
313(1)
Cloud Access Security Brokers
314(1)
Resource Policies
314(2)
Secrets Management
316(1)
Summary
316(1)
Exam Essentials
316(2)
Review Questions
318(5)
Chapter 11 Endpoint Security
323(38)
Protecting Endpoints
324(1)
Preserving Boot Integrity
325(1)
Endpoint Security Tools
326(6)
Hardening Endpoints and Systems
332(1)
Service Hardening
333(2)
Operating System Hardening
335(1)
Hardening the Windows Registry
336(1)
Configuration, Standards, and Schemas
336(2)
Disk Security and Sanitization
338(3)
File Manipulation and Other Useful Command-Line Tools
341(2)
Scripting, Secure Transport, and Shells
343(1)
Securing Embedded and Specialized Systems
344(1)
Embedded Systems
345(1)
SCADA and ICS
346(2)
Securing the Internet of Things
348(1)
Specialized Systems
349(1)
Communication Considerations
350(1)
Security Constraints of Embedded Systems
351(1)
Summary
352(2)
Exam Essentials
354(2)
Review Questions
356(5)
Chapter 12 Network Security
361(58)
Designing Secure Networks
363(2)
Network Segmentation
365(1)
Network Access Control
366(1)
Port Security and Port-Level Protections
367(2)
Port Spanning/Port Mirroring
369(1)
Virtual Private Network
370(1)
Network Appliances and Security Tools
371(6)
Network Security, Services, and Management
377(5)
Deception and Disruption
382(1)
Secure Protocols
383(1)
Using Secure Protocols
383(1)
Secure Protocols
384(5)
Attacking and Assessing Networks
389(1)
On-Path Attacks
389(2)
Domain Name System Attacks
391(2)
Layer 2 Attacks
393(1)
Distributed Denial-of-Service Attacks
394(4)
Network Reconnaissance and Discovery Tools and Techniques
398(13)
Summary
411(1)
Exam Essentials
412(2)
Review Questions
414(5)
Chapter 13 Wireless and Mobile Security
419(30)
Building Secure Wireless Networks
420(1)
Connectivity Methods
421(4)
Wireless Network Models
425(1)
Attacks Against Wireless Networks
426(4)
Designing a Network
430(2)
Controller and Access Point Security
432(1)
Wi-Fi Security Standards
433(1)
Wireless Authentication
434(2)
Managing Secure Mobile Devices
436(1)
Mobile Device Deployment Methods
436(2)
Mobile Device Management
438(4)
Specialized Mobile Device Security Tools
442(1)
Summary
442(1)
Exam Essentials
443(2)
Review Questions
445(4)
Chapter 14 Incident Response
449(36)
Incident Response
450(1)
The Incident Response Process
451(6)
Attack Frameworks and Identifying Attacks
457(4)
Incident Response Data and Tools
461(1)
Security Information and Event Management Systems
462(2)
Alerts and Alarms
464(1)
Correlation and Analysis
465(1)
Rules
465(8)
Mitigation and Recovery
473(4)
Summary
477(1)
Exam Essentials
478(2)
Review Questions
480(5)
Chapter 15 Digital Forensics
485(26)
Digital Forensic Concepts
486(1)
Legal Holds and e-Discovery
487(1)
Conducting Digital Forensics
488(1)
Acquiring Forensic Data
489(4)
Acquisition Tools
493(3)
Validating Forensic Data Integrity
496(3)
Data Recovery
499(1)
Forensic Suites and a Forensic Case Example
499(5)
Reporting
504(1)
Digital Forensics and Intelligence
504(1)
Summary
505(1)
Exam Essentials
505(2)
Review Questions
507(4)
Chapter 16 Security Policies, Standards, and Compliance
511(28)
Understanding Policy Documents
512(1)
Policies
512(3)
Standards
515(2)
Procedures
517(1)
Guidelines
518(1)
Exceptions and Compensating Controls
519(1)
Personnel Management
520(1)
Least Privilege
520(1)
Separation of Duties
521(1)
Job Rotation and Mandatory Vacations
521(1)
Clean Desk Space
522(1)
Onboarding and Offboarding
522(1)
Nondisclosure Agreements
522(1)
Social Media
522(1)
User Training
522(1)
Third-Party Risk Management
523(1)
Winding Down Vendor Relationships
524(1)
Complying with Laws and Regulations
524(1)
Adopting Standard Frameworks
525(1)
NIST Cybersecurity Framework
525(3)
NIST Risk Management Framework
528(1)
ISO Standards
529(2)
Benchmarks and Secure Configuration Guides
531(1)
Security Control Verification and Quality Control
531(2)
Summary
533(1)
Exam Essentials
534(1)
Review Questions
535(4)
Chapter 17 Risk Management and Privacy
539(26)
Analyzing Risk
540(1)
Risk Identification
541(1)
Risk Calculation
542(1)
Risk Assessment
543(4)
Managing Risk
547(1)
Risk Mitigation
547(2)
Risk Avoidance
549(1)
Risk Transference
549(1)
Risk Acceptance
549(1)
Risk Analysis
550(2)
Disaster Recovery Planning
552(1)
Disaster Types
552(1)
Business Impact Analysis
553(1)
Privacy
553(1)
Sensitive Information Inventory
554(1)
Information Classification
554(2)
Data Roles and Responsibilities
556(1)
Information Lifecycle
557(1)
Privacy Enhancing Technologies
557(1)
Privacy and Data Breach Notification
558(1)
Summary
559(1)
Exam Essentials
559(1)
Review Questions
560(5)
Appendix Answers to Review Questions
565(38)
Chapter 1 Today's Security Professional
566(1)
Chapter 2 Cybersecurity Threat Landscape
567(2)
Chapter 3 Malicious Code
569(3)
Chapter 4 Social Engineering, Physical, and Password Attacks
572(2)
Chapter 5 Security Assessment and Testing
574(2)
Chapter 6 Secure Coding
576(2)
Chapter 7 Cryptography and the Public Key Infrastructure
578(1)
Chapter 8 Identity and Access Management
579(3)
Chapter 9 Resilience and Physical Security
582(2)
Chapter 10 Cloud and Virtualization Security
584(2)
Chapter 11 Endpoint Security
586(3)
Chapter 12 Network Security
589(2)
Chapter 13 Wireless and Mobile Security
591(3)
Chapter 14 Incident Response
594(2)
Chapter 15 Digital Forensics
596(2)
Chapter 16 Security Policies, Standards, and Compliance
598(2)
Chapter 17 Risk Management and Privacy
600(3)
Index 603
ABOUT THE AUTHORS

Mike Chappie, PhD, Security+, CySA+, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. Hes a cybersecurity professional and educator with over 20 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.

David Seidl, Security+, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dames move to the cloud, and has written multiple cybersecurity certification books.

Wiley has partnered up with Practice Labs, the IT Competency Hub, to give IT learners discounted access to their live, virtual Practice Labs. Connect to real devices using actual hardware and software straight from a web browser. Practice labs allow you to cement your theoretical studies with practical, hands-on experience. Master your IT skills and gain virtual world experience to increase your employability. Each purchase provides 6 months unlimited access. Ready to practice your IT skills?