Atjaunināt sīkdatņu piekrišanu

Mike Meyers' CompTIA Securityplus Certification Passport, Fifth Edition (Exam SY0-501) 5th Revised edition [Multiple-component retail product]

4.00/5 (2 ratings by Goodreads)
  • Formāts: Multiple-component retail product, height x width x depth: 229x178x30 mm, weight: 730 g, Illustrations, Contains 1 Paperback / softback and 1 CD-ROM
  • Izdošanas datums: 20-Nov-2017
  • Izdevniecība: McGraw-Hill Inc.,US
  • ISBN-10: 1260026566
  • ISBN-13: 9781260026566
Citas grāmatas par šo tēmu:
  • Multiple-component retail product
  • Cena: 39,45 €
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Mike Meyers' CompTIA Securityplus Certification Passport, Fifth Edition (Exam SY0-501) 5th Revised editionPalielināt
  • Formāts: Multiple-component retail product, height x width x depth: 229x178x30 mm, weight: 730 g, Illustrations, Contains 1 Paperback / softback and 1 CD-ROM
  • Izdošanas datums: 20-Nov-2017
  • Izdevniecība: McGraw-Hill Inc.,US
  • ISBN-10: 1260026566
  • ISBN-13: 9781260026566
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9781260026566.html
Keywords:

This quick review, cram-style study guide offers 100% coverage of every topic on the latest version of the CompTIA Security+ exam

This powerful exam preparation resource presents an accelerated review of the pertinent technology and covers all objectives for the CompTIA Security+ exam (exam SY0-501). Written in the proven Passport format developed by training expert Mike Meyers, the book enables you to focus on specific topics, determine areas of need, and tailor an effective course for study.

Mike Meyers’ CompTIA Security+ Certification Passport, Fifth Edition (Exam SY0-501) features accurate practice exam questions and in-depth answer explanations as well as end-of-chapter bulleted summaries that reinforce salient points. Throughout, “Exam Tips” highlight important topics, “Local Lingo” notes define need-to-know terms, “Travel Advisories” alert you to potential pitfalls, and “Travel Assistance” icons specify resources for further information.

• Provides complete coverage of every objective on exam SY0-501
• Electronic content includes 200 practice questions and a secured book PDF
• Written by a pair of security experts and edited by certification guru Mike Meyers

Acknowledgments xxix
Check-In xxxi
I Mission Assurance 1(130)
1 Organizational Security and Compliance
3(38)
Objective 1.01 Explain Risk Management Processes and Concepts
5(21)
Risk Control Types
6(2)
Administrative
6(1)
Technical
6(1)
Physical
6(2)
Risk Assessment
8(6)
Asset Identification
9(1)
Risk Analysis
10(1)
Risk Likelihood and Impact
11(1)
Solutions and Countermeasures
12(2)
Risk Register
14(1)
Risk Management Options
14(1)
False Positives and Negatives
15(1)
Using Organizational Policies to Reduce Risk
16(10)
Security Policies
16(2)
Network Security Policies
18(5)
Human Resources Policies
23(3)
Objective 1.02 Implement Appropriate Risk Mitigation Strategies
26(5)
Change Management Policy
27(1)
Incident Management and Response Policy
27(1)
Perform Routine Audits
28(1)
Develop Standard Operating Procedures
28(1)
User Rights and Permissions Reviews
29(1)
Data Loss Prevention and Regulatory Compliance
29(2)
Objective 1.03 Integrate with Third Parties
31(4)
Interoperability Agreements
32(1)
Service Level Agreements
32(1)
Business Partnership Agreements
32(1)
Memorandums of Agreement/Understanding
33(1)
Interconnection Security Agreement
33(1)
Privacy Considerations
33(1)
Risk Awareness
34(1)
Unauthorized Data Sharing
34(1)
Data Ownerships
34(1)
Data Backup
35(1)
Verification of Adherence
35(1)
Checkpoint
35(1)
Review Questions
36(3)
Review Answers
39(2)
2 Security Training and Incident Response
41(44)
Objective 2.01 Explain the Importance of Security-Related Awareness and Training
43(18)
Effective Security Training and Awareness
43(8)
Onboarding
44(1)
Nondisclosure Agreements
45(1)
Awareness Training
45(3)
Continual Education
48(1)
Threat Awareness
48(2)
Recurring Training
50(1)
Security Metrics
50(1)
Data and Documentation Policies
51(5)
Standards and Guidelines
51(3)
Data Retention Policy
54(1)
Hardware Disposal and Data Destruction Policy
54(1)
IT Documentation
55(1)
Best Practices for User Habits
56(5)
Password Policy
56(1)
Clean Desk Policy
57(1)
Personally Owned Devices
57(1)
Workstation Locking and Access Tailgating
58(1)
Data Handling
58(1)
Instant Messaging
58(1)
P2P Applications
59(1)
Social Networking/Media
60(1)
Compliance with Laws, Regulations, Best Practices, and Standards
60(1)
Objective 2.02 Analyze and Differentiate Among Types of Social Engineering Attacks
61(6)
Phishing
62(1)
Whaling
63(1)
Shoulder Surfing
64(1)
Tailgating
64(1)
Pharming
65(1)
Spim
65(1)
Vishing
66(1)
Spam
66(1)
Hoaxes
67(1)
Objective 2.03 Execute Appropriate Incident Response Procedures
67(6)
Preparation
68(1)
Incident Identification
68(1)
First Responders
68(1)
Incident Containment
69(1)
Damage and Loss Control
69(1)
Data Breaches
70(1)
Escalation Policy
70(1)
Reporting and Notification
71(1)
Mitigation and Recovery Steps
72(1)
Lessons Learned
72(1)
Objective 2.04 Implement Basic Forensic Procedures
73(6)
Data Acquisition and Preservation
74(13)
Order of Volatility
74(1)
Capture a System Image
74(1)
Network and System Logs
75(1)
Time Offsets
75(1)
Use Hashing to Protect Evidence Integrity
75(1)
Take Screenshots
76(1)
Capture Video
76(1)
Chain of Custody
77(1)
Interview Witnesses
77(1)
Track Resources Expended
78(1)
Big Data Analysis
78(1)
Checkpoint
79(1)
Review Questions
80(2)
Review Answers
82(3)
3 Business Continuity and Disaster Recovery
85(46)
Objective 3.01 Explain Concepts of Business Continuity and Disaster Recovery
87(10)
Select the Appropriate Control to Meet the Goals of Security
87(2)
Types of Disasters
89(1)
Natural
89(1)
Human Error and Sabotage
89(1)
Network and Hacking Attacks
90(1)
Viruses
90(1)
Recovery Plans
90(7)
Disaster Recovery Team
91(1)
Risk Analysis
92(1)
Business Impact Analysis
92(2)
Privacy Impact Assessment
94(1)
Disaster Recovery and IT Contingency Plans
94(1)
Documentation
95(1)
Testing
96(1)
After-Action Reporting
96(1)
Objective 3.02 Execute Disaster Recovery and Continuity of Operations Plans and Procedures
97(18)
High Availability and Redundancy Planning
97(8)
Service Levels
98(1)
Reliability Factors
99(1)
Spare Equipment Redundancy
100(3)
Alternate Site Redundancy
103(1)
Alternate Business Practices
104(1)
Fault Tolerance
105(10)
Hard Drives
106(1)
Power Supplies
107(1)
Network Interface Cards
108(1)
CPU
108(1)
Uninterruptible Power Supply
108(1)
Backups
108(1)
Planning
109(1)
Backup Hardware
110(1)
Backup Types
110(2)
Media Rotation and Retention
112(1)
Backup Documentation
113(1)
Restoration
113(1)
Offsite Storage
114(1)
Online Backup
114(1)
Objective 3.03 Explain the Impact and Proper Use of Environmental Controls
115(10)
Facility Construction Issues
116(1)
Location Planning
116(1)
Facility Construction
116(1)
Computer Room Construction
117(1)
Environmental Issues
117(3)
Temperature
117(1)
Humidity
118(1)
Ventilation
119(1)
Monitoring
119(1)
Electrical Power
119(1)
Cable Shielding
120(3)
Coaxial
121(1)
Twisted Pair
122(1)
Fiber Optic
122(1)
Wireless Networks and Cells
123(1)
Fire Suppression
123(12)
Water
124(1)
Chemical-Based Fire Suppression
125(1)
Checkpoint
125(1)
Review Questions
126(2)
Review Answers
128(3)
II Cryptography and PKI 131(62)
4 Cryptography and Encryption Basics
133(34)
Objective 4.01 Utilize the Concepts of Cryptography
135(13)
Information Assurance
135(2)
Confidentiality
135(1)
Integrity
135(1)
Authentication
135(1)
Nonrepudiation
136(1)
Obfuscation
136(1)
Algorithms
137(8)
Symmetric Keys
139(1)
Asymmetric Keys
140(3)
In-Band/Out-of-Band Key Exchange
143(1)
Ephemeral Keys
143(1)
Perfect Forward Secrecy
144(1)
Random/Pseudo-Random Numbers and Inputs
144(1)
Steganography
145(1)
Digital Signatures
145(1)
Basic Hashing Concepts
145(1)
Message Digest Hashing
146(1)
Message Digest 5 (MD5)
147(1)
Secure Hash Algorithm (SHA)
147(1)
RIPEMD
148(1)
HMAC
148(1)
Objective 4.02 Use and Apply Appropriate Cryptographic Tools and Products
148(13)
Symmetric Encryption Algorithms
149(2)
DES and 3DES
149(1)
AES
149(1)
Blowfish
150(1)
Twofish
150(1)
IDEA
150(1)
RC4
150(1)
Asymmetric Encryption Algorithms
151(1)
RSA
151(1)
Elliptic Curve Cryptography
151(1)
Diffie-Hellman
151(1)
DSA
152(1)
One-Time Pad
152(1)
Quantum Cryptography
152(1)
Implementing Encryption Protocols
152(8)
Wireless Encryption Protocol
152(2)
Pretty Good Privacy
154(1)
GNU Privacy Guard (GPG)
155(1)
S/MIME
155(1)
SSL and TLS
156(1)
HTTPS
157(1)
IPSec
158(1)
SSH
159(1)
Key Stretching
159(1)
Decision Making
160(9)
Data States
160(1)
Choosing and Implementing the Best Method
161(1)
Checkpoint
161(1)
Review Questions
162(2)
Review Answers
164(3)
5 Public Key Infrastructure
167(26)
Objective 5.01 Explain the Fundamentals of Public Key Infrastructure
169(12)
Digital Certificates
169(1)
Certificate Authorities
170(2)
Trust Models
172(3)
Web of Trust
172(1)
Third-Party (Single Authority) Trust
172(1)
Hierarchical Model
173(2)
Key Management and Storage
175(6)
Centralized vs. Decentralized Storage
175(2)
Key Storage and Protection
177(1)
Key Escrow
178(1)
Key Recovery
179(1)
Multiple Key Pairs
180(1)
Key History
181(1)
Objective 5.02 Implementing PKI Concepts to Promote Trust
181(6)
Certificate Life Cycle
182(4)
Certificate Requested, Issued, Published, and Received
183(1)
Certificate Suspension and Revocation
183(2)
Certificate Expiration
185(1)
Key Destruction
186(1)
Certificate Renewal
186(1)
Checkpoint
187(1)
Review Questions
188(2)
Review Answers
190(3)
III Identity and Access Management 193(62)
6 Access Control
195(34)
Objective 6.01 Explain the Fundamental Concepts and Best Practices Related to Authentication, Authorization, and Access Control
197(11)
Users and Resources
197(5)
Levels of Security
198(1)
Access Security Grouping
199(3)
Access Control Best Practices
202(3)
Separation of Duties
202(1)
Rotation of Job Duties
203(1)
Mandatory Vacations
203(1)
Implicit Deny
204(1)
Explicit Deny
204(1)
Least Privilege
204(1)
Access Control Models
205(3)
Mandatory Access Control
205(1)
Discretionary Access Control
206(1)
Role-Based Access Control
206(1)
Rule-Based Access Control
206(1)
Attribute-Based Access Control
207(1)
Objective 6.02 Implement Appropriate Security Controls When Performing Account Management
208(9)
Account Maintenance
208(3)
Using Appropriate Naming Conventions
208(1)
Limiting Logon Attempts
209(1)
Setting Account Expiry Dates
209(1)
Disabling Unused Accounts
209(1)
Setting Time Restrictions
209(1)
Setting Machine Restrictions
210(1)
Using Tokens
210(1)
Restricting Multiple/Shared/Guest/Generic Accounts
210(1)
User Access Reviews
211(1)
Credential Management
211(2)
Password Policies
212(1)
Domain Accounts and Single Sign-On
212(1)
Federation
213(1)
Security Roles and Privileges
213(1)
User
213(1)
Group
214(1)
Role
214(1)
File and Print Security Controls
214(3)
File and Print ACLs
215(2)
Objective 6.03 Analyze and Differentiate Among Types of Mitigation and Deterrent Techniques
217(6)
Physical Barriers
218(1)
Lighting
218(1)
Video Surveillance
218(1)
Locks
219(2)
Hardware Locks
220(1)
Man-Trap
221(1)
Security Guards
221(1)
Access Logs
221(1)
Personal Identification Verification Card
222(1)
Smart Card
222(1)
Common Access Card
223(1)
Checkpoint
223(1)
Review Questions
224(3)
Review Answers
227(2)
7 Authentication and Identity Management
229(26)
Objective 7.01 Explain the Fundamental Concepts and Best Practices Related to Authentication, Authorization, and Access Services
230(11)
Authentication Models
231(2)
Single-Factor Authentication
231(1)
Two-Factor Authentication
231(1)
Multifactor Authentication
232(1)
Single Sign-On
232(1)
Authentication Methods
233(8)
Remote Access Authentication
233(3)
Remote Access Applications
236(2)
Remote Access Protocols
238(1)
VPN Protocols
239(2)
Objective 7.02 Explain the Function and Purpose of Authentication Services
241(10)
PAP
242(1)
CHAP
242(1)
LANMAN
243(1)
NTLM and NTLMv2
243(1)
Extensible Authentication Protocol
243(1)
RADIUS
244(1)
LDAP
244(1)
SAML
245(1)
TACACS
245(1)
Kerberos
246(1)
OAuth and OpenID Connect
247(1)
802.1X
248(1)
Certificates (Mutual Authentication)
248(1)
HOTP/TOTP
249(1)
Biometrics
249(2)
Checkpoint
251(1)
Review Questions
252(2)
Review Answers
254(1)
IV Network Security 255(116)
8 Securing Networks
257(42)
Objective 8.01 Implement Security Functionality on Network Devices and Other Technologies
258(19)
Firewalls
259(2)
Routers
261(1)
Switches
261(2)
Load Balancers
263(1)
Proxy Servers
264(1)
All-in-One Security Appliances
264(4)
Data Loss Prevention
265(1)
Malware Inspection
265(1)
Anti-spam Filter
265(2)
Content Filtering
267(1)
URL Filtering
268(1)
Security Information and Event Management
268(1)
Web Security Gateway
269(1)
Intrusion Detection and Prevention
269(6)
Active Detection
272(1)
Passive Detection
272(1)
Monitoring Methodologies
273(2)
Application-Aware Devices
275(1)
Protocol Analyzers
276(1)
Objective 8.02 Explain Network Design Elements and Compounds
277(17)
Security Zones
277(4)
DMZ
278(2)
Intranet
280(1)
Extranet
280(1)
Network Security Techniques
281(6)
NAC
281(1)
NAT
282(2)
Internal Network Addressing
284(1)
Subnetting
284(1)
VLAN
285(2)
Remote Access
287(4)
Modems
287(1)
VPN
287(2)
Telephony
289(1)
VoIP
290(1)
Media Gateway
290(1)
Virtualization
291(1)
Cloud Computing
292(8)
Everything as a Service
292(1)
Cloud Deployment
293(1)
Checkpoint
294(1)
Review Questions
294(3)
Review Answers
297(2)
9 Secure Network Administration
299(40)
Objective 9.01 Implement and Use Common Protocols
300(9)
TCP/IP
301(1)
IPv4
301(1)
IPv6
302(1)
ICMP
302(1)
HTTP and HTTPS
303(1)
Telnet
303(1)
SSH
304(2)
FTP
304(1)
TFTP
305(1)
FTPS and SFTP
305(1)
SCP
306(1)
DNS
306(1)
SNMP
307(1)
IPSec
308(1)
NetBIOS
308(1)
iSCSI
308(1)
Fibre Channel
309(1)
RTP
309(1)
Objective 9.02 Identify Commonly Used Default Network Ports
309(3)
TCP/IP Network Ports
310(2)
Objective 9.03 Analyze and Differentiate Among Types of Network Attacks
312(13)
Denial of Service
313(2)
Distributed Denial of Service
313(1)
Ping Attack
313(1)
SYN Flood
314(1)
DNS Amplification
314(1)
Flood Protection
315(1)
Back Door
315(1)
NULL Sessions
316(1)
Spoofing
316(2)
Smurf Attack
318(1)
TCP/IP Hijacking
318(1)
Man-in-the-Middle
318(2)
Replay
320(1)
Xmas Attack
320(1)
DNS Poisoning
321(1)
ARP Poisoning
322(1)
Domain Kiting
322(1)
Typosquatting
323(1)
Client-side Attacks
323(1)
Watering Hole Attack
324(1)
Zero-Day Attack
324(1)
Malicious Insider Threats
324(1)
Objective 9.04 Apply and Implement Secure Network Administration Principles
325(9)
Networking Device Configuration
325(4)
Firewall Administration
325(1)
Router Administration
326(1)
ACL Rules
327(2)
Network Separation
329(1)
Unified Threat Management
329(1)
Network Device Threats and Risks
329(2)
Weak Passwords
330(1)
Default Accounts
330(1)
Transitive Access and Privilege Escalation
330(1)
Network Loops
331(1)
Network Device Hardening
331(9)
Secure Remote Access
331(1)
Device Placement
332(1)
Disable Unused Services
332(1)
Employ DDoS Mitigation
333(1)
Firmware/OS Updates
333(1)
Log Files
334(1)
Checkpoint
334(1)
Review Questions
335(2)
Review Answers
337(2)
10 Securing Wireless Networks
339(32)
Objective 10.01 Implement Wireless Networks in a Secure Manner
340(18)
Wireless LAN Technologies
341(1)
Narrowband Technology
341(1)
Spread-Spectrum Technology
341(1)
Infrared Technology
342(1)
Wireless Access
342(4)
Site Surveys
343(2)
WLAN Topologies
345(1)
Wireless Protocols
346(4)
Wireless Access Protocol
347(1)
Bluetooth
347(2)
802.11
349(1)
Securing Wireless Networks
350(1)
Access Point Security
350(1)
Service Set Identifier
351(1)
MAC Address Filtering
352(1)
Encryption
352(1)
WPA and WPA2 Security
353(1)
Wi-Fi Protected Setup
354(1)
802.1X
354(1)
Wireless Authentication Protocols
355(1)
EAP
355(1)
LEAP
356(1)
PEAP
356(1)
VPN Wireless Access
356(1)
Personal Firewall
357(1)
Captive Portals
358(1)
Objective 10.02 Analyze and Differentiate Among Types of Wireless Attacks
358(7)
Data Emanation
358(1)
Jamming
359(1)
Bluetooth Vulnerabilities
359(1)
Near-Field Communication
360(1)
War Driving
361(1)
Access Points (Evil Twin)
361(1)
Deauthentication and Disassociation
362(1)
War Chalking
362(1)
Packet Sniffing and Eavesdropping
363(1)
Replay Attacks
363(1)
WPS Attacks
363(1)
WEP/WPA Attacks
364(10)
IV Attack
364(1)
TKIP Attack
364(1)
WPA2 Attacks
364(1)
Checkpoint
365(1)
Review Questions
366(2)
Review Answers
368(3)
V Host, Application, and Data Security 371(88)
11 Securing Host Systems
373(48)
Objective 11.01 Analyze and Differentiate Among Types of Malware
374(10)
Viruses
375(3)
Types of Viruses
375(2)
File Types That Commonly Carry Viruses
377(1)
Polymorphic Malware
378(1)
Metamorphic Malware
378(1)
Keyloggers
378(1)
Trojan Horses
379(1)
Remote Access Trojan
379(1)
Logic Bombs
379(1)
Worms
380(1)
Adware and Spyware
380(1)
Ransomware
381(1)
Rootkits
382(1)
Botnets
383(1)
Objective 11.02 Carry Out Appropriate Procedures to Establish Host Security
384(22)
Physical Hardware Security
384(2)
Supply Chain Risk
385(1)
Host Software Security Baseline
386(1)
Operating System Hardening
387(8)
Trusted Operating System
387(1)
Operating System Updates
387(1)
Patch Management
388(1)
BIOS and UEFI Security
388(1)
Services and OS Configuration
389(1)
File System Security
390(1)
System User Accounts and Password Threats
390(2)
Management Interface Security
392(1)
Host Internet Access
393(1)
Software Access and Privileges
393(1)
Peripherals
394(1)
Host Security Applications
395(9)
Whitelists or Blacklists
395(1)
Antivirus and Anti-spyware Software
395(2)
Virus Signature Files
397(1)
Anti-spam Software
397(1)
Host-Based Firewalls
398(2)
Web Browser Security
400(3)
Host-Based Intrusion Detection System
403(1)
Live Media
404(1)
Virtualization
404(2)
Hypervisors
404(1)
Virtualization Risks
405(1)
Objective 11.03 Understand Mobile Security Concepts and Technologies
406(10)
Mobile Device Security
406(1)
Securing Your Connection
406(1)
Deployment Models
407(1)
BYOD
408(1)
CYOD
408(1)
COPE
408(1)
Corporate-Owned
408(1)
VDI
408(1)
Deployment Concerns
408(3)
Ownership
409(1)
Security Management
409(1)
Legal
410(1)
Protection from Theft
411(1)
Password/Screen Lock/Lockout
411(1)
Biometrics
411(1)
GPS Tracking
411(1)
Remote Wipe
412(1)
Full Device Encryption
412(1)
Voice Encryption
412(1)
Protection from Users
412(10)
Mobile Camera Security
413(1)
Mobile Device Management
413(1)
Asset Control
414(1)
Push Notification Technologies
414(1)
Storage
415(1)
Data Containerization
415(1)
Checkpoint
416(1)
Review Questions
416(3)
Review Answers
419(2)
12 Securing Applications and Data
421(38)
Objective 12.01 Analyze and Differentiate Among Types of Attacks and Vulnerabilities
422(16)
Web Application Vulnerabilities
423(9)
JavaScript
423(1)
ActiveX
424(1)
Buffer Overflows
425(1)
Resource Exhaustion
425(1)
Privilege Escalation
426(1)
Hijacking
426(1)
HTML Attachments
427(1)
Malicious Add-Ons
428(1)
CGI Scripts
428(1)
Cross-Site Scripting
429(1)
Cross-Site Request Forgery (XSRF)
429(1)
Header Manipulation
429(1)
Injection
429(1)
Directory Traversal
430(1)
Arbitrary Code Execution
431(1)
Zero-Day Attacks
431(1)
Race Conditions
431(1)
Internet Server Vulnerabilities
432(6)
FTP Servers
432(1)
DNS Servers
433(1)
DHCP Servers
434(1)
Database Servers
435(1)
LDAP and Directory Services
436(1)
E-mail Servers
436(2)
General Considerations
438(1)
Objective 12.02 Explain the Importance of Application Security
438(9)
Development Life-Cycle Models
439(1)
Waterfall Method
439(1)
Agile Method
439(1)
Secure Coding Concepts
439(6)
Secure Development Operations
440(1)
Change Management
440(1)
Input Validation
441(1)
Escaping
441(1)
Code Testing and Verification
441(1)
Error and Exception Handling
442(1)
Transitive Access
442(1)
Server-Side vs. Client-Side Validation
443(1)
Cross-Site Scripting
443(1)
Cross-Site Request Forgery
443(1)
Code Reuse and Third-Party Libraries
444(1)
Secure Deployment
444(1)
NoSQL vs. SQL Databases
445(1)
Application Hardening
445(2)
Application Configuration Baseline
446(1)
Application Patch Management
446(1)
Objective 12.03 Explain the Importance of Data Security
447(7)
Data Loss Prevention
448(1)
Data Encryption
449(3)
Trusted Platform Module
449(1)
Hardware Security Module
449(1)
Full Disk Encryption
450(1)
Database Encryption
450(1)
Individual File Encryption
451(1)
Removable Media and Mobile Devices
451(1)
Data Destruction and Media Sanitization
451(1)
Cloud Storage
452(1)
Storage Area Networks
453(1)
Handling Big Data
454(1)
Checkpoint
454(1)
Review Questions
455(2)
Review Answers
457(2)
VI Threats and Vulnerabilities 459(64)
13 Monitoring for Security Threats
461(34)
Objective 13.01 Analyze, Interpret, and Troubleshoot Different Types of Mitigation and Deterrent Techniques
462(27)
Security Posture
463(1)
Detecting Security-Related Anomalies
464(6)
System and Performance Monitoring
464(1)
Protocol Analyzers
465(2)
Network Monitor
467(1)
Intrusion Detection and Intrusion Prevention Systems
468(1)
Bypass of Security Equipment
469(1)
Monitoring Logs
470(7)
System Logs
470(1)
Performance Logs
471(1)
Access Logs
472(1)
DNS Logs
473(1)
Firewall Logs
473(1)
Antivirus Logs
474(1)
Security Logging Applications
475(1)
Reports and Trend Monitoring
476(1)
Alarms and Notifications
477(1)
System Auditing
477(5)
System Baselines
478(1)
Auditing Event Logs
478(2)
User Access Rights Review
480(1)
Reviewing Audit Information
481(1)
Auditing the Administrators
481(1)
Storage and Retention Policies
482(1)
Hardening the System
482(3)
Disable Unnecessary Services
483(1)
Protect Management Interfaces and Applications
483(1)
Utilize Password Protection
483(1)
Disable Unnecessary Accounts
484(1)
Improve Baseline Configurations
484(1)
Ensure Systems Are Up to Date
485(1)
Implement User Training
485(1)
Network Security
485(2)
Limit and Filter MAC Addresses
486(1)
802.1X
486(1)
Disable Unused Interfaces and Ports
487(1)
Rogue Machine Detection
487(1)
Mitigating Threats in Alternative Environments
487(2)
Checkpoint
489(1)
Review Questions
490(2)
Review Answers
492(3)
14 Vulnerability Assessments
495(28)
Objective 14.01 Implement Assessment Tools and Techniques to Discover Security Threats and Vulnerabilities
496(16)
Vulnerability Assessment Tools
498(14)
Banner Grabbing
499(1)
Network Mappers
499(1)
Port Scanners
500(2)
Vulnerability Scanners
502(1)
Protocol Analyzers
503(1)
Password Crackers
504(2)
Honeypots and Honeynets
506(2)
Other Command-Line Tools
508(1)
OVAL
508(1)
Application Code Assessments
509(3)
Objective 14.02 Implement Penetration Tests When Appropriate
512(5)
White, Black, and Gray Box Testing
515(14)
White Box Testing
515(1)
Black Box Testing
516(1)
Gray Box Testing
517(1)
Checkpoint
517(1)
Review Questions
518(2)
Review Answers
520(3)
VII Appendixes 523(8)
A Career Flight Path
525(4)
CompTIA Security+ Exam Format
526(1)
CompTIA Security+ and Beyond
526(1)
Getting the Latest Information on the CompTIA Security+ Exam
527(2)
B About the CD-ROM
529(2)
System Requirements
529(1)
Total Tester Premium Practice Exam Software
529(1)
Installing and Running Total Tester Premium Practice Exam Software
529(1)
Secured Book PDF
530(1)
Technical Support
530(1)
Index 531
Dawn Dunkerley, PhD, is a researcher whose interests include cyberwarfare, cybersecurity, and the success and measurement of organizational cybersecurity initiatives.

T.J. Samuelle, CompTIA Security+, is an IT consultant and author of several books on CompTIA certifications.

Michael Meyers, CompTIA A+, CompTIA Network+, is the industrys leading authority on CompTIA A+ certification.  He is the president and founder of Total Seminars, LLC.