TIENE EN SU CESTA DE LA COMPRA
en total 0,00 €
Learn the key objectives and most crucial concepts covered by the Security+ Exam SY0-601 with this comprehensive and practical study guide! An online test bank offers 650 practice questions and flashcards!
The Eighth Edition of the CompTIA Security+ Study Guide Exam SY0-601 efficiently and comprehensively prepares you for the SY0-601 Exam. Accomplished authors and security experts Mike Chapple and David Seidl walk you through the fundamentals of crucial security topics, including the five domains covered by the SY0-601 Exam:
Attacks, Threats, and Vulnerabilities
Architecture and Design
Implementation
Operations and Incident Response
Governance, Risk, and Compliance
The study guide comes with the Sybex online, interactive learning environment offering 650 practice questions! Includes a pre-assessment test, hundreds of review questions, practice exams, flashcards, and a glossary of key terms. The book is written in a practical and straightforward manner, ensuring you can easily learn and retain the material.
Perfect for everyone planning to take the SY0-601 Exam-as well as those who hope to secure a high-level certification like the CASP+, CISSP, or CISA-the study guide also belongs on the bookshelves of everyone who has ever wondered if the field of IT security is right for them. It's a must-have reference!
Table of contents
Introduction xxv
Assessment Test xxxvi
Chapter 1 Today's Security Professional 1
Cybersecurity Objectives 2
Data Breach Risks 3
The DAD Triad 3
Breach Impact 5
Implementing Security Controls 7
Security Control Categories 7
Security Control Types 8
Data Protection 9
Summary 12
Exam Essentials 12
Review Questions 14
Chapter 2 Cybersecurity Threat Landscape 19
Exploring Cybersecurity Threats 20
Classifying Cybersecurity Threats 20
Threat Actors 22
Threat Vectors 28
Threat Data and Intelligence 30
Open Source Intelligence 31
Proprietary and Closed-Source Intelligence 33
Assessing Threat Intelligence 35
Threat Indicator Management and Exchange 36
Public and Private Information Sharing Centers 37
Conducting Your Own Research 38
Summary 38
Exam Essentials 39
Review Questions 40
Chapter 3 Malicious Code 45
Malware 46
Ransomware 47
Trojans 47
Worms 48
Rootkits 48
Backdoors 49
Bots 50
Keyloggers 52
Logic Bombs 53
Viruses 53
Fileless Viruses 53
Spyware 54
Potentially Unwanted Programs (PUPs) 55
Malicious Code 55
Adversarial Artificial Intelligence 57
Summary 58
Exam Essentials 59
Review Questions 61
Chapter 4 Social Engineering, Physical, and Password Attacks 65
Social Engineering 66
Social Engineering Techniques 67
Influence Campaigns 72
Password Attacks 72
Physical Attacks 74
Summary 76
Exam Essentials 76
Review Questions 78
Chapter 5 Security Assessment and Testing 83
Vulnerability Management 84
Identifying Scan Targets 84
Determining Scan Frequency 86
Configuring Vulnerability Scans 87
Scanner Maintenance 92
Vulnerability Scanning Tools 95
Reviewing and Interpreting Scan Reports 96
Validating Scan Results 106
Security Vulnerabilities 107
Patch Management 107
Legacy Platforms 108
Weak Configurations 109
Error Messages 110
Insecure Protocols 111
Weak Encryption 112
Penetration Testing 113
Adopting the Hacker Mindset 114
Reasons for Penetration Testing 115
Benefits of Penetration Testing 115
Penetration Test Types 116
Rules of Engagement 118
Reconnaissance 119
Running the Test 120
Cleaning Up 120
Training and Exercises 120
Summary 122
Exam Essentials 122
Review Questions 124
Chapter 6 Secure Coding 129
Software Assurance Best Practices 130
The Software Development Life Cycle 130
Software Development Phases 131
Software Development Models 133
DevSecOps and DevOps 136
Designing and Coding for Security 138
Secure Coding Practices 138
API Security 139
Code Review Models 139
Software Security Testing 143
Analyzing and Testing Code 143
Injection Vulnerabilities 144
SQL Injection Attacks 145
Code Injection Attacks 148
Command Injection Attacks 149
Exploiting Authentication Vulnerabilities 150
Password Authentication 150
Session Attacks 151
Exploiting Authorization Vulnerabilities 154
Insecure Direct Object References 154
Directory Traversal 155
File Inclusion 156
Privilege Escalation 157
Exploiting Web Application Vulnerabilities 157
Cross-Site Scripting (XSS) 158
Request Forgery 160
Application Security Controls 161
Input Validation 162
Web Application Firewalls 163
Database Security 163
Code Security 166
Secure Coding Practices 168
Source Code Comments 168
Error Handling 168
Hard-Coded Credentials 170
Memory Management 170
Race Conditions 171
Unprotected APIs 172
Driver Manipulation 172
Summary 173
Exam Essentials 173
Review Questions 175
Chapter 7 Cryptography and the Public Key Infrastructure 179
An Overview of Cryptography 180
Historical Cryptography 181
Goals of Cryptography 186
Confidentiality 187
Integrity 188
Authentication 188
Nonrepudiation 189
Cryptographic Concepts 189
Cryptographic Keys 189
Ciphers 190
Modern Cryptography 191
Cryptographic Secrecy 191
Symmetric Key Algorithms 192
Asymmetric Key Algorithms 193
Hashing Algorithms 196
Symmetric Cryptography 197
Data Encryption Standard 197
Triple DES 199
Advanced Encryption Standard 200
Symmetric Key Management 200
Asymmetric Cryptography 203
RSA 203
Elliptic Curve 204
Hash Functions 205
SHA 206
MD5 207
Digital Signatures 207
HMAC 208
Digital Signature Standard 209
Public Key Infrastructure 209
Certificates 209
Certificate Authorities 211
Certificate Generation and Destruction 212
Certificate Formats 215
Asymmetric Key Management 216
Cryptographic Attacks 217
Emerging Issues in Cryptography 220
Tor and the Dark Web 220
Blockchain 220
Lightweight Cryptography 221
Homomorphic Encryption 221
Quantum Computing 222
Summary 222
Exam Essentials 222
Review Questions 224
Chapter 8 Identity and Access Management 229
Identity 230
Authentication and Authorization 231
Authentication and Authorization Technologies 232
Directory Services 236
Authentication Methods 237
Multifactor Authentication 237
One-Time Passwords 239
Biometrics 241
Knowledge-Based Authentication 243
Managing Authentication 244
Accounts 245
Account Types 245
Account Policies and Controls 245
Access Control Schemes 248
Filesystem Permissions 249
Summary 251
Exam Essentials 252
Review Questions 253
Chapter 9 Resilience and Physical Security 257
Building Cybersecurity Resilience 258
Storage Resiliency: Backups and Re