Atjaunināt sīkdatņu piekrišanu

CompTIA Securityplus Study Guide: Exam SY0-601 8th edition [Mīkstie vāki]

4.26/5 (163 ratings by Goodreads)
(University of Notre Dame), (Miami University; University of Notre Dame)
  • Formāts: Paperback / softback, 672 pages, height x width x depth: 236x185x41 mm, weight: 930 g
  • Sērija : Sybex Study Guide
  • Izdošanas datums: 25-Feb-2021
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119736250
  • ISBN-13: 9781119736257
Citas grāmatas par šo tēmu:
  • Mīkstie vāki
  • Cena: 64,91 €*
  • * Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena
  • Šī grāmata vairs netiek publicēta. Jums tiks paziņota lietotas grāmatas cena.
  • Daudzums:
  • Ielikt grozā
  • Pievienot vēlmju sarakstam
CompTIA Securityplus Study Guide: Exam SY0-601 8th editionPalielināt
  • Formāts: Paperback / softback, 672 pages, height x width x depth: 236x185x41 mm, weight: 930 g
  • Sērija : Sybex Study Guide
  • Izdošanas datums: 25-Feb-2021
  • Izdevniecība: Sybex Inc.,U.S.
  • ISBN-10: 1119736250
  • ISBN-13: 9781119736257
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781119736257.html

Learn the key objectives and most crucial concepts covered by the Security+ Exam SY0-601 with this comprehensive and practical study guide 

The Eighth Edition of the CompTIA Security+ Study Guide Exam SY0-601 efficiently and comprehensively prepares you for the SY0-601 Exam. Accomplished authors and security experts Mike Chapple and David Seidl walk you through the fundamentals of crucial security topics, including the five domains covered by the SY0-601 Exam: 

  • Attacks, Threats, and Vulnerabilities  
  • Architecture and Design  
  • Implementation  
  • Operations and Incident Response  
  • Governance, Risk, and Compliance 

The study guide comes with the Sybex online, interactive learning environment that includes a pre-assessment test, hundreds of review questions, practice exams, flashcards, and a glossary of key terms. The book is written in a practical and straightforward manner, ensuring you can easily learn and retain the material.  

Perfect for everyone planning to take the SY0-601 Exam—as well as those who hope to secure a high-level certification like the CASP+, CISSP, or CISA—the study guide also belongs on the bookshelves of everyone who has ever wondered if the field of IT security is right for them. It’s a must-have reference! 

Introduction xxv
Assessment Test xxxvi
Chapter 1 Today's Security Professional
1(18)
Cybersecurity Objectives
2(1)
Data Breach Risks
3(1)
The DAD Triad
3(2)
Breach Impact
5(2)
Implementing Security Controls
7(1)
Security Control Categories
7(1)
Security Control Types
8(1)
Data Protection
9(3)
Summary
12(1)
Exam Essentials
12(2)
Review Questions
14(5)
Chapter 2 Cybersecurity Threat Landscape
19(26)
Exploring Cybersecurity Threats
20(1)
Classifying Cybersecurity Threats
20(2)
Threat Actors
22(6)
Threat Vectors
28(2)
Threat Data and Intelligence
30(1)
Open Source Intelligence
31(2)
Proprietary and Closed-Source Intelligence
33(2)
Assessing Threat Intelligence
35(1)
Threat Indicator Management and Exchange
36(1)
Public and Private Information Sharing Centers
37(1)
Conducting Your Own Research
38(1)
Summary
38(1)
Exam Essentials
39(1)
Review Questions
40(5)
Chapter 3 Malicious Code
45(20)
Malware
46(1)
Ransomware
47(1)
Trojans
47(1)
Worms
48(1)
Rootkits
48(1)
Backdoors
49(1)
Bots
50(2)
Keyloggers
52(1)
Logic Bombs
53(1)
Viruses
53(1)
Fileless Viruses
53(1)
Spyware
54(1)
Potentially Unwanted Programs (PUPs)
55(1)
Malicious Code
55(2)
Adversarial Artificial Intelligence
57(1)
Summary
58(1)
Exam Essentials
59(2)
Review Questions
61(4)
Chapter 4 Social Engineering, Physical, and Password Attacks
65(18)
Social Engineering
66(1)
Social Engineering Techniques
67(5)
Influence Campaigns
72(1)
Password Attacks
72(2)
Physical Attacks
74(2)
Summary
76(1)
Exam Essentials
76(2)
Review Questions
78(5)
Chapter 5 Security Assessment and Testing
83(46)
Vulnerability Management
84(1)
Identifying Scan Targets
84(2)
Determining Scan Frequency
86(1)
Configuring Vulnerability Scans
87(5)
Scanner Maintenance
92(3)
Vulnerability Scanning Tools
95(1)
Reviewing and Interpreting Scan Reports
96(10)
Validating Scan Results
106(1)
Security Vulnerabilities
107(1)
Patch Management
107(1)
Legacy Platforms
108(1)
Weak Configurations
109(1)
Error Messages
110(1)
Insecure Protocols
111(1)
Weak Encryption
112(1)
Penetration Testing
113(1)
Adopting the Hacker Mindset
114(1)
Reasons for Penetration Testing
115(1)
Benefits of Penetration Testing
115(1)
Penetration Test Types
116(2)
Rules of Engagement
118(1)
Reconnaissance
119(1)
Running the Test
120(1)
Cleaning Up
120(1)
Training and Exercises
120(2)
Summary
122(1)
Exam Essentials
122(2)
Review Questions
124(5)
Chapter 6 Secure Coding
129(50)
Software Assurance Best Practices
130(1)
The Software Development Life Cycle
130(1)
Software Development Phases
131(2)
Software Development Models
133(3)
DevSecOps and DevOps
136(2)
Designing and Coding for Security
138(1)
Secure Coding Practices
138(1)
API Security
139(1)
Code Review Models
139(4)
Software Security Testing
143(1)
Analyzing and Testing Code
143(1)
Injection Vulnerabilities
144(1)
SQL Injection Attacks
145(3)
Code Injection Attacks
148(1)
Command Injection Attacks
149(1)
Exploiting Authentication Vulnerabilities
150(1)
Password Authentication
150(1)
Session Attacks
151(3)
Exploiting Authorization Vulnerabilities
154(1)
Insecure Direct Object References
154(1)
Directory Traversal
155(1)
File Inclusion
156(1)
Privilege Escalation
157(1)
Exploiting Web Application Vulnerabilities
157(1)
Cross-Site Scripting (XSS)
158(2)
Request Forgery
160(1)
Application Security Controls
161(1)
Input Validation
162(1)
Web Application Firewalls
163(1)
Database Security
163(3)
Code Security
166(2)
Secure Coding Practices
168(1)
Source Code Comments
168(1)
Error Handling
168(2)
Hard-Coded Credentials
170(1)
Memory Management
170(1)
Race Conditions
171(1)
Unprotected APIs
172(1)
Driver Manipulation
172(1)
Summary
173(1)
Exam Essentials
173(2)
Review Questions
175(4)
Chapter 7 Cryptography and the Public Key Infrastructure
179(50)
An Overview of Cryptography
180(1)
Historical Cryptography
181(5)
Goals of Cryptography
186(1)
Confidentiality
187(1)
Integrity
188(1)
Authentication
188(1)
Nonrepudiation
189(1)
Cryptographic Concepts
189(1)
Cryptographic Keys
189(1)
Ciphers
190(1)
Modern Cryptography
191(1)
Cryptographic Secrecy
191(1)
Symmetric Key Algorithms
192(1)
Asymmetric Key Algorithms
193(3)
Hashing Algorithms
196(1)
Symmetric Cryptography
197(1)
Data Encryption Standard
197(2)
Triple DES
199(1)
Advanced Encryption Standard
200(1)
Symmetric Key Management
200(3)
Asymmetric Cryptography
203(1)
RSA
203(1)
Elliptic Curve
204(1)
Hash Functions
205(1)
SHA
206(1)
MD5
207(1)
Digital Signatures
207(1)
HMAC
208(1)
Digital Signature Standard
209(1)
Public Key Infrastructure
209(1)
Certificates
209(2)
Certificate Authorities
211(1)
Certificate Generation and Destruction
212(3)
Certificate Formats
215(1)
Asymmetric Key Management
216(1)
Cryptographic Attacks
217(3)
Emerging Issues in Cryptography
220(1)
Tor and the Dark Web
220(1)
Blockchain
220(1)
Lightweight Cryptography
221(1)
Homomorphic Encryption
221(1)
Quantum Computing
222(1)
Summary
222(1)
Exam Essentials
222(2)
Review Questions
224(5)
Chapter 8 Identity and Access Management
229(28)
Identity
230(1)
Authentication and Authorization
231(1)
Authentication and Authorization Technologies
232(4)
Directory Services
236(1)
Authentication Methods
237(1)
Multifactor Authentication
237(2)
One-Time Passwords
239(2)
Biometrics
241(2)
Knowledge-Based Authentication
243(1)
Managing Authentication
244(1)
Accounts
245(1)
Account Types
245(1)
Account Policies and Controls
245(3)
Access Control Schemes
248(1)
Filesystem Permissions
249(2)
Summary
251(1)
Exam Essentials
252(1)
Review Questions
253(4)
Chapter 9 Resilience and Physical Security
257(28)
Building Cybersecurity Resilience
258(2)
Storage Resiliency: Backups and Replication
260(6)
Response and Recovery Controls
266(3)
Physical Security Controls
269(1)
Site Security
269(9)
Summary
278(1)
Exam Essentials
279(2)
Review Questions
281(4)
Chapter 10 Cloud and Virtualization Security
285(38)
Exploring the Cloud
286(1)
Benefits of the Cloud
287(2)
Cloud Roles
289(1)
Cloud Service Models
289(4)
Cloud Deployment Models
293(2)
Shared Responsibility Model
295(3)
Cloud Standards and Guidelines
298(2)
Virtualization
300(1)
Hyper visors
300(2)
Cloud Infrastructure Components
302(1)
Cloud Compute Resources
302(2)
Cloud Storage Resources
304(3)
Cloud Networking
307(4)
Cloud Security Issues
311(1)
Availability
311(1)
Data Sovereignty
311(1)
Virtualization Security
312(1)
Application Security
312(1)
Governance and Auditing
313(1)
Cloud Security Controls
313(1)
Cloud Access Security Brokers
314(1)
Resource Policies
314(2)
Secrets Management
316(1)
Summary
316(1)
Exam Essentials
316(2)
Review Questions
318(5)
Chapter 11 Endpoint Security
323(38)
Protecting Endpoints
324(1)
Preserving Boot Integrity
325(1)
Endpoint Security Tools
326(6)
Hardening Endpoints and Systems
332(1)
Service Hardening
333(2)
Operating System Hardening
335(1)
Hardening the Windows Registry
336(1)
Configuration, Standards, and Schemas
336(2)
Disk Security and Sanitization
338(3)
File Manipulation and Other Useful Command-Line Tools
341(2)
Scripting, Secure Transport, and Shells
343(1)
Securing Embedded and Specialized Systems
344(1)
Embedded Systems
345(1)
SCADA and ICS
346(2)
Securing the Internet of Things
348(1)
Specialized Systems
349(1)
Communication Considerations
350(1)
Security Constraints of Embedded Systems
351(1)
Summary
352(2)
Exam Essentials
354(2)
Review Questions
356(5)
Chapter 12 Network Security
361(58)
Designing Secure Networks
363(2)
Network Segmentation
365(1)
Network Access Control
366(1)
Port Security and Port-Level Protections
367(2)
Port Spanning/Port Mirroring
369(1)
Virtual Private Network
370(1)
Network Appliances and Security Tools
371(6)
Network Security, Services, and Management
377(5)
Deception and Disruption
382(1)
Secure Protocols
383(1)
Using Secure Protocols
383(1)
Secure Protocols
384(5)
Attacking and Assessing Networks
389(1)
On-Path Attacks
389(2)
Domain Name System Attacks
391(2)
Layer 2 Attacks
393(1)
Distributed Denial-of-Service Attacks
394(4)
Network Reconnaissance and Discovery Tools and Techniques
398(13)
Summary
411(1)
Exam Essentials
412(2)
Review Questions
414(5)
Chapter 13 Wireless and Mobile Security
419(30)
Building Secure Wireless Networks
420(1)
Connectivity Methods
421(4)
Wireless Network Models
425(1)
Attacks Against Wireless Networks
426(4)
Designing a Network
430(2)
Controller and Access Point Security
432(1)
Wi-Fi Security Standards
433(1)
Wireless Authentication
434(2)
Managing Secure Mobile Devices
436(1)
Mobile Device Deployment Methods
436(2)
Mobile Device Management
438(4)
Specialized Mobile Device Security Tools
442(1)
Summary
442(1)
Exam Essentials
443(2)
Review Questions
445(4)
Chapter 14 Incident Response
449(36)
Incident Response
450(1)
The Incident Response Process
451(6)
Attack Frameworks and Identifying Attacks
457(4)
Incident Response Data and Tools
461(1)
Security Information and Event Management Systems
462(2)
Alerts and Alarms
464(1)
Correlation and Analysis
465(1)
Rules
465(8)
Mitigation and Recovery
473(4)
Summary
477(1)
Exam Essentials
478(2)
Review Questions
480(5)
Chapter 15 Digital Forensics
485(26)
Digital Forensic Concepts
486(1)
Legal Holds and e-Discovery
487(1)
Conducting Digital Forensics
488(1)
Acquiring Forensic Data
489(4)
Acquisition Tools
493(3)
Validating Forensic Data Integrity
496(3)
Data Recovery
499(1)
Forensic Suites and a Forensic Case Example
499(5)
Reporting
504(1)
Digital Forensics and Intelligence
504(1)
Summary
505(1)
Exam Essentials
505(2)
Review Questions
507(4)
Chapter 16 Security Policies, Standards, and Compliance
511(28)
Understanding Policy Documents
512(1)
Policies
512(3)
Standards
515(2)
Procedures
517(1)
Guidelines
518(1)
Exceptions and Compensating Controls
519(1)
Personnel Management
520(1)
Least Privilege
520(1)
Separation of Duties
521(1)
Job Rotation and Mandatory Vacations
521(1)
Clean Desk Space
522(1)
Onboarding and Offboarding
522(1)
Nondisclosure Agreements
522(1)
Social Media
522(1)
User Training
522(1)
Third-Party Risk Management
523(1)
Winding Down Vendor Relationships
524(1)
Complying with Laws and Regulations
524(1)
Adopting Standard Frameworks
525(1)
NIST Cybersecurity Framework
525(3)
NIST Risk Management Framework
528(1)
ISO Standards
529(2)
Benchmarks and Secure Configuration Guides
531(1)
Security Control Verification and Quality Control
531(2)
Summary
533(1)
Exam Essentials
534(1)
Review Questions
535(4)
Chapter 17 Risk Management and Privacy
539(26)
Analyzing Risk
540(1)
Risk Identification
541(1)
Risk Calculation
542(1)
Risk Assessment
543(4)
Managing Risk
547(1)
Risk Mitigation
547(2)
Risk Avoidance
549(1)
Risk Transference
549(1)
Risk Acceptance
549(1)
Risk Analysis
550(2)
Disaster Recovery Planning
552(1)
Disaster Types
552(1)
Business Impact Analysis
553(1)
Privacy
553(1)
Sensitive Information Inventory
554(1)
Information Classification
554(2)
Data Roles and Responsibilities
556(1)
Information Lifecycle
557(1)
Privacy Enhancing Technologies
557(1)
Privacy and Data Breach Notification
558(1)
Summary
559(1)
Exam Essentials
559(1)
Review Questions
560(5)
Appendix Answers to Review Questions
565(38)
Chapter 1 Today's Security Professional
566(1)
Chapter 2 Cybersecurity Threat Landscape
567(2)
Chapter 3 Malicious Code
569(3)
Chapter 4 Social Engineering, Physical, and Password Attacks
572(2)
Chapter 5 Security Assessment and Testing
574(2)
Chapter 6 Secure Coding
576(2)
Chapter 7 Cryptography and the Public Key Infrastructure
578(1)
Chapter 8 Identity and Access Management
579(3)
Chapter 9 Resilience and Physical Security
582(2)
Chapter 10 Cloud and Virtualization Security
584(2)
Chapter 11 Endpoint Security
586(3)
Chapter 12 Network Security
589(2)
Chapter 13 Wireless and Mobile Security
591(3)
Chapter 14 Incident Response
594(2)
Chapter 15 Digital Forensics
596(2)
Chapter 16 Security Policies, Standards, and Compliance
598(2)
Chapter 17 Risk Management and Privacy
600(3)
Index 603
ABOUT THE AUTHORS

Mike Chapple, PhD, Security+, CySA+, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame. He's a cybersecurity professional and educator with over 20 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com.

David Seidl, Security+, CySA+, CISSP, PenTest+, is Vice President for Information Technology and CIO at Miami University. David co-led Notre Dame's move to the cloud and has written multiple cybersecurity certification books.