CompTIA Security+ SY0-601 Exam Cram, 6/e

CompTIA? Security+ SY0-601 Exam Cram

Marty M. Weiss

Pearson 221 River Street Hoboken, NJ 07030 USA

CompTIA? Security+ SY0-601 Exam Cram Copyright ? 2021 by Pearson Education, Inc.

All rights reserved. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, request forms, and the appropriate contacts within the Pearson Education Global Rights & Permissions Department, please visit permissions.

No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.

ISBN-13: 978-0-13-679867-5 ISBN-10: 0-13-679867-5

Library of Congress Control Number: 2020914528

ScoutAutomatedPrintCode

Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an "as is" basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book.

Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at corpsales@ or (800) 382-3419.

For government sales inquiries, please contact governmentsales@.

For questions about sales outside the U.S., please contact intlcs@.

Editor-in-Chief Mark Taub

Director, ITP Product Management Brett Bartow

Executive Editor Nancy Davis

Development Editor Ellie C. Bru

Managing Editor Sandra Schroeder

Project Editor Mandie Frank

Copy Editor Kitty Wilson

Indexer Ken Johnson

Proofreader Donna Mulder

Technical Editor Christopher Crayton

Publishing Coordinator Cindy Teeters

Designer Chuti Prasertsith

Compositor codeMantra

Credits

Figure Number Attribution/Credit

Figure 2-1Screenshot of an example of what user's see when they were infected with ransomware ? WannaCry

Figure 5-1Screenshot of an example of an interactive threat map ? 2018 AO Kaspersky Lab

Figure 10-4Screenshot of The AWS Management Console ? 2020, Amazon Web Services, Inc.

Figure 12-1

Courtesy of Apple, Inc.

Figure 23-1Screenshot of Windows local security policy settings for the account lockout policy ? Microsoft 2020

Figure 23-2Screenshot of Windows local security policy settings for the password policy ? Microsoft 2020

Figure 24-1Screenshot of Standard Microsoft Windows file permissions ? Microsoft 2020

Figure 25-1Screenshot of details of a digital certificate ? 2020 Apple Inc.

Figure 26-1Screenshot of using a command-line interface to access a remote computer by using SSH ? 2020 Apple, Inc.

Figure 26-2Screenshot of using the cURL command to return the source code of a web page ? 2020 Apple, Inc.

Figure 26-3Screenshot of using the ping command-line utility ? 2020 Apple, Inc.

Figure 28-1Screenshot of an example of a SIEM system security dashboard ? security information and event management

Figure 28-2Screenshot of Microsoft Windows Event Viewer Security log ? Microsoft 2020

Figure 28-3Screenshot of Activity Monitor for macOS ? 2020 Apple, Inc.

Contents at a Glance

Introduction

Part I: Attacks, Threats, and Vulnerabilities CHAPTER 1 Social Engineering Techniques CHAPTER 2 Attack Basics CHAPTER 3 Application Attacks CHAPTER 4 Network Attacks CHAPTER 5 Threat Actors, Vectors, and Intelligence Sources CHAPTER 6 Vulnerabilities CHAPTER 7 Security Assessment Techniques CHAPTER 8 Penetration Testing Techniques

Part II: Architecture and Design CHAPTER 9 Enterprise Security Concepts CHAPTER 10 Virtualization and Cloud Computing CHAPTER 11 Secure Application Development, Deployment, and Automation CHAPTER 12 Authentication and Authorization Design CHAPTER 13 Cybersecurity Resilience CHAPTER 14 Embedded and Specialized Systems CHAPTER 15 Physical Security Controls CHAPTER 16 Cryptographic Concepts

Part III: Implementation CHAPTER 17 Secure Protocols CHAPTER 18 Host and Application Security Solutions CHAPTER 19 Secure Network Design CHAPTER 20 Wireless Security Settings CHAPTER 21 Secure Mobile Solutions CHAPTER 22 Cloud Cybersecurity Solutions CHAPTER 23 Identity and Account Management Controls

xxvii

1 3 15 35 53 73 89 99 111

121 123 145

165 189 205 225 239 261

279 281 307 339 371 389 421 433

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download