Librería Portfolio

Learn the key objectives and most crucial concepts covered by the Security+ Exam SY0-601 with this comprehensive and practical study guide! An online test bank offers 650 practice questions and flashcards!

The Eighth Edition of the CompTIA Security+ Study Guide Exam SY0-601 efficiently and comprehensively prepares you for the SY0-601 Exam. Accomplished authors and security experts Mike Chapple and David Seidl walk you through the fundamentals of crucial security topics, including the five domains covered by the SY0-601 Exam:

Attacks, Threats, and Vulnerabilities
Architecture and Design
Implementation
Operations and Incident Response
Governance, Risk, and Compliance

The study guide comes with the Sybex online, interactive learning environment offering 650 practice questions! Includes a pre-assessment test, hundreds of review questions, practice exams, flashcards, and a glossary of key terms. The book is written in a practical and straightforward manner, ensuring you can easily learn and retain the material.

Perfect for everyone planning to take the SY0-601 Exam-as well as those who hope to secure a high-level certification like the CASP+, CISSP, or CISA-the study guide also belongs on the bookshelves of everyone who has ever wondered if the field of IT security is right for them. It's a must-have reference!




Table of contents

Introduction xxv

Assessment Test xxxvi

Chapter 1 Today's Security Professional 1

Cybersecurity Objectives 2

Data Breach Risks 3

The DAD Triad 3

Breach Impact 5

Implementing Security Controls 7

Security Control Categories 7

Security Control Types 8

Data Protection 9

Summary 12

Exam Essentials 12

Review Questions 14

Chapter 2 Cybersecurity Threat Landscape 19

Exploring Cybersecurity Threats 20

Classifying Cybersecurity Threats 20

Threat Actors 22

Threat Vectors 28

Threat Data and Intelligence 30

Open Source Intelligence 31

Proprietary and Closed-Source Intelligence 33

Assessing Threat Intelligence 35

Threat Indicator Management and Exchange 36

Public and Private Information Sharing Centers 37

Conducting Your Own Research 38

Summary 38

Exam Essentials 39

Review Questions 40

Chapter 3 Malicious Code 45

Malware 46

Ransomware 47

Trojans 47

Worms 48

Rootkits 48

Backdoors 49

Bots 50

Keyloggers 52

Logic Bombs 53

Viruses 53

Fileless Viruses 53

Spyware 54

Potentially Unwanted Programs (PUPs) 55

Malicious Code 55

Adversarial Artificial Intelligence 57

Summary 58

Exam Essentials 59

Review Questions 61

Chapter 4 Social Engineering, Physical, and Password Attacks 65

Social Engineering 66

Social Engineering Techniques 67

Influence Campaigns 72

Password Attacks 72

Physical Attacks 74

Summary 76

Exam Essentials 76

Review Questions 78

Chapter 5 Security Assessment and Testing 83

Vulnerability Management 84

Identifying Scan Targets 84

Determining Scan Frequency 86

Configuring Vulnerability Scans 87

Scanner Maintenance 92

Vulnerability Scanning Tools 95

Reviewing and Interpreting Scan Reports 96

Validating Scan Results 106

Security Vulnerabilities 107

Patch Management 107

Legacy Platforms 108

Weak Configurations 109

Error Messages 110

Insecure Protocols 111

Weak Encryption 112

Penetration Testing 113

Adopting the Hacker Mindset 114

Reasons for Penetration Testing 115

Benefits of Penetration Testing 115

Penetration Test Types 116

Rules of Engagement 118

Reconnaissance 119

Running the Test 120

Cleaning Up 120

Training and Exercises 120

Summary 122

Exam Essentials 122

Review Questions 124

Chapter 6 Secure Coding 129

Software Assurance Best Practices 130

The Software Development Life Cycle 130

Software Development Phases 131

Software Development Models 133

DevSecOps and DevOps 136

Designing and Coding for Security 138

Secure Coding Practices 138

API Security 139

Code Review Models 139

Software Security Testing 143

Analyzing and Testing Code 143

Injection Vulnerabilities 144

SQL Injection Attacks 145

Code Injection Attacks 148

Command Injection Attacks 149

Exploiting Authentication Vulnerabilities 150

Password Authentication 150

Session Attacks 151

Exploiting Authorization Vulnerabilities 154

Insecure Direct Object References 154

Directory Traversal 155

File Inclusion 156

Privilege Escalation 157

Exploiting Web Application Vulnerabilities 157

Cross-Site Scripting (XSS) 158

Request Forgery 160

Application Security Controls 161

Input Validation 162

Web Application Firewalls 163

Database Security 163

Code Security 166

Secure Coding Practices 168

Source Code Comments 168

Error Handling 168

Hard-Coded Credentials 170

Memory Management 170

Race Conditions 171

Unprotected APIs 172

Driver Manipulation 172

Summary 173

Exam Essentials 173

Review Questions 175

Chapter 7 Cryptography and the Public Key Infrastructure 179

An Overview of Cryptography 180

Historical Cryptography 181

Goals of Cryptography 186

Confidentiality 187

Integrity 188

Authentication 188

Nonrepudiation 189

Cryptographic Concepts 189

Cryptographic Keys 189

Ciphers 190

Modern Cryptography 191

Cryptographic Secrecy 191

Symmetric Key Algorithms 192

Asymmetric Key Algorithms 193

Hashing Algorithms 196

Symmetric Cryptography 197

Data Encryption Standard 197

Triple DES 199

Advanced Encryption Standard 200

Symmetric Key Management 200

Asymmetric Cryptography 203

RSA 203

Elliptic Curve 204

Hash Functions 205

SHA 206

MD5 207

Digital Signatures 207

HMAC 208

Digital Signature Standard 209

Public Key Infrastructure 209

Certificates 209

Certificate Authorities 211

Certificate Generation and Destruction 212

Certificate Formats 215

Asymmetric Key Management 216

Cryptographic Attacks 217

Emerging Issues in Cryptography 220

Tor and the Dark Web 220

Blockchain 220

Lightweight Cryptography 221

Homomorphic Encryption 221

Quantum Computing 222

Summary 222

Exam Essentials 222

Review Questions 224

Chapter 8 Identity and Access Management 229

Identity 230

Authentication and Authorization 231

Authentication and Authorization Technologies 232

Directory Services 236

Authentication Methods 237

Multifactor Authentication 237

One-Time Passwords 239

Biometrics 241

Knowledge-Based Authentication 243

Managing Authentication 244

Accounts 245

Account Types 245

Account Policies and Controls 245

Access Control Schemes 248

Filesystem Permissions 249

Summary 251

Exam Essentials 252

Review Questions 253

Chapter 9 Resilience and Physical Security 257

Building Cybersecurity Resilience 258

Storage Resiliency: Backups and Re