CompTIA Security+ SY0-701 Certification Guide, Third Edition (for DUC PHAM) [3 ed.] 9781835461532

Table of contents :
CompTIA Security+ SY0-701 Certification Guide
Third Edition
Contributors
About the Author
About the Reviewers
Preface
Who This Book Is For
What This Book Covers
Domain 1: General Security Concepts
Domain 2: Threats, Vulnerabilities, and Mitigations
Domain 3: Security Architecture
Domain 4: Security Operations
Domain 5 - Security Operations
How to Use This Book
End of Chapter Self-Assessment Questions
Additional Online Resources
Download the Color Images
Conventions Used
Get in Touch
Reviews
Domain 1: General Security Concepts
Compare and contrast various types of security controls
Introduction
Control Categories
Technical Controls
Managerial Controls
Operational Controls
Physical Controls
Control Types
Summary
Exam Objectives 1.1
Chapter Review Questions
Summarize fundamental security concepts
Introduction
Confidentiality, Integrity, and Availability
Non-Repudiation
Authentication, Authorization, and Accounting
Gap Analysis
Zero Trust
The Data Plane
Physical Security
Deception and Disruption Technology
Summary
Exam Objectives 1.2
Chapter Review Questions
Explain the importance of change management processes and the impact to security
Introduction
Change Management
Technical Implications
Documentation
Version Control
Summary
Exam Objectives 1.3
Chapter Review Questions
Explain the importance of using appropriate cryptographic solutions
Introduction
Public Key Infrastructure (PKI)
Encryption
Tools
Obfuscation
Hashing
Salting
Digital Signatures
Key Stretching
Blockchain
Open Public Ledger
Certificates
Summary
Exam Objectives 1.4
Chapter Review Questions
Domain 2: Threats, Vulnerabilities, and Mitigations
Compare and contrast common threat actors and motivations
Introduction
Threat Actors
Attributes of Actors
Motivations
Summary
Exam Objectives 2.1
Chapter Review Questions
Explain common threat vectors and attack surfaces
Introduction
Message-Based
Image-Based
File-Based
Voice Call
Removable Device
Vulnerable Software
Unsupported Systems and Applications
Unsecure Networks
Open Service Ports
Default Credentials
Supply Chain
Human Vectors/Social Engineering
Summary
Exam Objectives 2.2
Chapter Review Questions
Explain various types of vulnerabilities
Introduction
Application Vulnerabilities
Operating System (OS)-Based Vulnerabilities
Web-Based Vulnerabilities
Hardware Vulnerabilities
Virtualization Vulnerabilities
Cloud-Specific Vulnerabilities
Supply Chain Vulnerabilities
Cryptographic Vulnerabilities
Misconfiguration Vulnerabilities
Mobile Device Vulnerabilities
Zero-Day Vulnerabilities
Summary
Exam Objective 2.3
Chapter Review Questions
Given a scenario, analyze indicators of malicious activity
Introduction
Malware Attacks
Potentially Unwanted Programs (PUPs)
Ransomware
Trojans
Remote Access Trojans
Worms
Spyware
Bloatware
Viruses
Polymorphic Viruses
Keyloggers
Logic Bombs
Rootkits
Malware Inspection
Physical Attacks
Physical Brute Force
Radio Frequency Identification (RFID) Cloning
Environmental
Network Attacks
Pivoting
Distributed Denial-of-Service (DDoS)
ARP Poisoning
Domain Name System (DNS) attacks
DNS Commands
DNS Tools
Wireless Attacks
On-path
Session Replay
Replay Attack
Credential Replay
Malicious Code
Application Attacks
Injection Attack
Buffer Overflow
Privilege Escalation
Forgery Attacks
Directory Traversal
Cryptographic Attacks
Downgrade Attacks
Collision
Birthday
Pass-the-Hash Attack
Password Attacks
Indicators of Attack
Summary
Exam Objectives 2.4
Chapter Review Questions
Explain the purpose of mitigation techniques used to secure the enterprise
Introduction
Segmentation
Access Control
Application Allow List
Application Block List
Isolation
Patching
Encryption
Monitoring
Least Privilege
Configuration Enforcement
Decommissioning
Hardening Techniques
Summary
Exam Objectives 2.5
Chapter Review Questions
Domain 3: Security Architecture
Compare and contrast security implications of different architecture models
Introduction
Securing the Network
Securing the Servers
Securing the Hosts
Architecture and Infrastructure Concepts
Cloud Computing
Responsibility Matrix
Hybrid Considerations
Infrastructure as Code (IaC)
Serverless
Microservices
Network Infrastructure
Physical Isolation
Logical Segmentation
Software-Defined Networking (SDN)
On-Premises
Centralized versus Decentralized
Containerization
Virtualization
IoT
Industrial Control Systems (ICS) / Supervisory Control and Data Acquisition (SCADA)
Real-Time Operating System (RTOS)
Embedded Systems
High Availability
Considerations for Your Infrastructure
Summary
Exam Objectives 3.1
Chapter Review Questions
Given a scenario, apply security principles to secure enterprise infrastructure
Introduction
Infrastructure Considerations
Device Placement
Security Zones
Attack Surface
Connectivity
Failure Modes
Device Attribute
Network Appliances
Port Security
Firewall Types
Secure Communication/Access
Virtual Private Network (VPN)
Remote Access
Tunneling
Software-Defined Wide Area Network
Secure Access Service Edge
Selection of Effective Controls
Summary
Exam Objectives 3.2
Chapter Review Questions
Compare and contrast concepts and strategies to protect data
Introduction
Data Types
Data Classifications
General Data Considerations
Methods to Secure Data
Summary
Exam Objectives 3.3
Chapter Review Questions
Explain the importance of resilience and recovery in security architecture
Introduction
High Availability
Load Balancer Configurations
Clustering
Site Considerations
Cloud Data Replication
Data Sovereignty
Platform Diversity
Multi-Cloud Systems
Continuity of Operations
Capacity Planning
Testing
Backups
Important Backup Features
Power
Summary
Exam Objectives 3.4
Chapter Review Questions
Domain 4: Security Operations
Given a scenario, apply common security techniques to computing resources
Introduction
Secure Baselines
Establish
Deploy
Maintain
Hardening Targets
Wireless Devices
Mobile Solutions
Mobile Device Management
Deployment Models
Connection Methods
Mobile Solutions – Other Factors
Wireless Security Settings
Wi-Fi Protected Access 3
AAA/Remote Authentication Dial-In User Service (RADIUS)
Cryptographic Protocols
Authentication Protocols
Application Security
Sandboxing
Monitoring
Summary
Exam Objectives 4.1
Chapter Review Questions
Explain the security implications of proper hardware, software, and data asset management
Introduction
Acquisition/Procurement Process
Assignment/Accounting
Monitoring/Asset Tracking
Disposal/Decommissioning
Summary
Exam Objective 4.2
Chapter Review Questions
Explain various activities associated with vulnerability management
Introduction
Identification Methods
Vulnerability Scans
Security Content Automation Protocol
Application Security
Package Monitoring
Threat Feeds
OSINT
Proprietary/Third-Party
Information-Sharing Organizations
The Dark Web
Penetration Testing
Responsible Disclosure Program
Bug Bounty Program
System/Process Audit
Analysis
Confirmation
Prioritization
CVE
CVSS
Vulnerability classification
Exposure factor
Environmental variable
Industry/organizational impact
Risk tolerance
Vulnerability Response and Remediation
Patching
Insurance
Segmentation
Validation of Remediation
Rescanning
Audit
Verification
Reporting
Summary
Exam Objective 4.3
Chapter Review Questions
Explain security alerting and monitoring concepts and tools
Introduction
Monitoring Computing Resources
Activities
Alert Response and Remediation/Validation
Tools
Security Content Automation Protocol (SCAP)
Benchmarks
Agents/Agentless
Security Information and Event Management (SIEM)
Antivirus
Data Loss Prevention (DLP)
Simple Network Management Protocol (SNMP) Traps
NetFlow
Vulnerability Scanners
Summary
Exam Objectives 4.4
Chapter Review Questions
Given a scenario, modify enterprise capabilities to enhance security
Introduction
Firewall
Firewall Types
Rules
Access Control List
Ports/Protocols
TCP
UDP
Zones
IDSs/IPSs
Trends in IDSs/IPSs
IDS/IPS Signatures
Web Filtering
Operating System Security
Group Policy
SELinux
The Implementation of Secure Protocols
Insecure Protocols
Secure Protocols
DNS Filtering
Email Security
File Integrity Monitoring
Data Loss Prevention (DLP)
Network Access Control (NAC)
Endpoint Detection and Response, and Extended Detection and Response
User Behavior Analytics
Summary
Exam Objectives 4.5
Chapter Review Questions
Given a scenario, implement and maintain identity and access management
Introduction
Provisioning User Accounts
Active Directory (Directory Services)
New User Accounts
Kerberos
Linux
Creating a Linux Account
Deprovisioning User Accounts
Permission Assignments and Implications
Identity Proofing
Federation
Single Sign-On (SSO)
Interoperability
Attestation
Access Controls
Mandatory Access Control (MAC)
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)
Discretionary-Based Access Control (DAC)
Time-of-Day Restrictions
Least Privilege
Multi-Factor Authentication
Biometric Authentication
Hard Authentication
Soft Authentication
Factors of Authentication
Tokens
Password Concepts
Password Managers
Passwordless
Privileged Access Management (PAM)
PAM Tools
Summary
Exam Objective 4.6
Chapter Review Questions
Explain the importance of automation and orchestration related to secure operations
Introduction
Security Orchestration, Automation, and Response (SOAR)
Use Cases of Automation and Scripting
Benefits
Other Considerations
Summary
Exam Objectives 4.7
Chapter Review Questions
Explain appropriate incident response activities
Introduction
Process
Attack Frameworks
MITRE ATT&CK Framework
Cyber Kill Chain
The Diamond Model of Intrusion Analysis
Training
Testing
Root Cause Analysis
Threat Hunting
Digital Forensics
Legal Hold
Chain of Custody
Acquisition
Reporting
Preservation
E-Discovery
Right-to-Audit Clause
Summary
Exam Objectives 4.8
Chapter Review Questions
Given a scenario, use data sources to support an investigation
Introduction
Log Data
Data Sources
Packet Captures
Summary
Exam Objectives 4.9
Chapter Review Questions
Domain 5: Security Program Management and Oversight
Summarize elements of effective security governance
Introduction
Guidelines
Policies
Software Development Life Cycle
Standards
Password Standards
Access Control Standards
Physical Security Standards
Procedures
External Considerations
Monitoring and Revision
Types of Governance Structures
Roles and Responsibilities for Systems and Data
Summary
Exam Objectives 5.1
Chapter Review Questions
Explain elements of the risk management process
Introduction
Risk Identification
Risk Assessment
Risk Analysis
Calculating Equipment Loss
Risk Register
Risk Tolerance
Risk Appetite
Risk Management Strategies
Risk Reporting
Business Impact Analysis
Summary
Exam Objectives 5.2
Chapter Review Questions
Explain the processes associated with third-party risk assessment and management
Introduction
Vendor Assessment
Vendor Selection
Agreement Types
Vendor Monitoring
Questionnaires
Rules of Engagement
Summary
Exam Objectives 5.3
Chapter Review Questions
Summarize elements of effective security compliance
Introduction
Compliance Reporting
Consequences of Non-Compliance
Compliance Monitoring
Privacy – Regulations
Privacy – Data
Summary
Exam Objectives 5.4
Chapter Review Questions
Explain types and purposes of audits and assessments
Introduction
Attestation
Internal
Compliance
Audit Committee
Self-Assessments
External
Regulatory
Examinations
Assessment
Independent Third-Party Audit
Penetration Testing
Reconnaissance
Summary
Exam Objectives 5.5
Chapter Review Questions
Given a scenario, implement security awareness practices
Introduction
Phishing
Anomalous Behavior Recognition
User Guidance and Training
Reporting and Monitoring
Effectiveness
Development
Execution
Summary
Exam Objectives 5.6
Chapter Review Questions
Accessing the online practice resources
Troubleshooting Tips
Solutions
Chapter 1: Compare and contrast various types of security controls
Chapter 2: Summarize fundamental security concepts
Chapter 3: Explain the importance of change management processes and the impact to security
Chapter 4: Explain the importance of using appropriate cryptographic solutions
Chapter 5: Compare and contrast common threat actors and motivations
Chapter 6: Explain common threat vectors and attack surfaces
Chapter 7: Explain various types of vulnerabilities
Chapter 8: Given a scenario, analyze indicators of malicious activity
Chapter 9: Explain the purpose of mitigation techniques used to secure the enterprise
Chapter 10: Compare and contrast security implications of different architecture models
Chapter 11: Given a scenario, apply security principles to secure enterprise infrastructure
Chapter 12: Compare and contrast concepts and strategies to protect data
Chapter 13: Explain the importance of resilience and recovery in security architecture
Chapter 14: Given a scenario, apply common security techniques to computing resources
Chapter 15: Explain the security implications of proper hardware, software, and data asset management
Chapter 16: Explain various activities associated with vulnerability management
Chapter 17: Explain security alerting and monitoring concepts and tools
Chapter 18: Given a scenario, modify enterprise capabilities to enhance security
Chapter 19: Given a scenario, implement and maintain identity and access management
Chapter 20: Explain the importance of automation and orchestration related to secure operations
Chapter 21: Explain appropriate incident response activities
Chapter 22: Given a scenario, use data sources to support an investigation
Chapter 23: Summarize elements of effective security governance
Chapter 24: Explain elements of the risk management process
Chapter 25: Explain the processes associated with third-party risk assessment and management
Chapter 26: Summarize elements of effective security compliance
Chapter 27: Explain types and purposes of audits and assessments
Chapter 28: Given a scenario, implement security awareness practices
Why subscribe?
Other Books You May Enjoy
Share Your Thoughts
Coupon Code for CompTIA Security+ Exam Vouchers