CompTIA® Security+ SY0-601 Cert Guide

?

CompTIA Security+

SY0-601 Cert Guide

Omar Santos

Ron Taylor

Joseph Mlodzianowski

A01_Santos_Fm_pi-plii_1.indd 1

01/06/21 2:49 pm

CompTIA? Security+ SY0-601 Cert Guide

Copyright ? 2022 by Pearson Education, Inc.

Editor-in-Chief

Mark Taub

All rights reserved. No part of this book shall be reproduced, stored in

a retrieval system, or transmitted by any means, electronic, mechanical,

photocopying, recording, or otherwise, without written permission from

the publisher. No patent liability is assumed with respect to the use of the

information contained herein. Although every precaution has been taken in

the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages

resulting from the use of the information contained herein.

Product Line Manager

Brett Bartow

ISBN-13: 978-0-13-677031-2

Managing Editor

Sandra Schroeder

ISBN-10: 0-13-677031-2

Library of Congress Control Number: 2021935686

ScoutAutomatedPrintCode

Trademarks

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification

cannot attest to the accuracy of this information. Use of a term in this book

should not be regarded as affecting the validity of any trademark or service

mark.

Warning and Disclaimer

Every effort has been made to make this book as complete and as accurate

as possible, but no warranty or fitness is implied. The information provided

is on an ¡°as is¡± basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or

damages arising from the information contained in this book.

Special Sales

For information about buying this title in bulk quantities, or for special

sales opportunities (which may include electronic versions; custom cover

designs; and content particular to your business, training goals, marketing

focus, or branding interests), please contact our corporate sales department

at corpsales@ or (800) 382-3419.

Executive Editor

Nancy Davis

Development Editor

Christopher A. Cleveland

Senior Project Editor

Tonya Simpson

Copy Editor

Chuck Hutchinson

Indexer

Erika Millen

Proofreader

Abigail Manheim

Technical Editor

Chris Crayton

Publishing Coordinator

Cindy Teeters

Cover Designer

Chuti Prasertsith

Compositor

codeMantra

For government sales inquiries, please contact

governmentsales@.

For questions about sales outside the U.S., please contact

intlcs@.

9780136770312_print.indb 2

30/05/21 4:24 pm

Contents at a Glance

Introduction

xliv

Part I: Threats, Attacks, and Vulnerabilities

CHAPTER 1 

Comparing and Contrasting Different Types of Social Engineering

Techniques 3

CHAPTER 2

Analyzing Potential Indicators to Determine the Type of Attack

29

CHAPTER 3 Analyzing Potential Indicators Associated with

Application Attacks

CHAPTER 4

61

Analyzing Potential Indicators Associated with Network Attacks

95

CHAPTER 5 

Understanding Different Threat Actors, Vectors, and Intelligence

Sources 117

CHAPTER 6 

Understanding the Security Concerns Associated with Various

Types of Vulnerabilities

133

CHAPTER 7

Summarizing the Techniques Used in Security Assessments

CHAPTER 8

Understanding the Techniques Used in Penetration Testing

171

193

Part II: Architecture and Design

CHAPTER 9 

Understanding the Importance of Security Concepts in

an Enterprise Environment

CHAPTER 10

209

Summarizing Virtualization and Cloud Computing Concepts

227

CHAPTER 11 

Summarizing Secure Application Development, Deployment,

and Automation Concepts

253

CHAPTER 12 

Summarizing Authentication and Authorization Design Concepts

CHAPTER 13

Implementing Cybersecurity Resilience

285

311

CHAPTER 14 

Understanding the Security Implications of Embedded

and Specialized Systems 335

CHAPTER 15

Understanding the Importance of Physical Security Controls 367

CHAPTER 16

Summarizing the Basics of Cryptographic Concepts

391

Part III: Implementation

CHAPTER 17

Implementing Secure Protocols 423

CHAPTER 18

Implementing Host or Application Security Solutions

CHAPTER 19

Implementing Secure Network Designs

CHAPTER 20

Installing and Configuring Wireless Security Settings

9780136770312_print.indb 3

447

483

547

30/05/21 4:24 pm

iv

CompTIA Security+ SY0-601 Cert Guide

CHAPTER 21

Implementing Secure Mobile Solutions

567

CHAPTER 22

Applying Cybersecurity Solutions to the Cloud

CHAPTER 23

Implementing Identity and Account Management Controls

CHAPTER 24

Implementing Authentication and Authorization Solutions

CHAPTER 25

Implementing Public Key Infrastructure

595

619

651

685

Part IV: Operations and Incident Response

CHAPTER 26

Using the Appropriate Tool to Assess Organizational Security

703

CHAPTER 27 

Summarizing the Importance of Policies, Processes,

and Procedures for Incident Response

755

CHAPTER 28

Using Appropriate Data Sources to Support an Investigation

CHAPTER 29

Applying Mitigation Techniques or Controls to Secure an

Environment 819

CHAPTER 30

Understanding the Key Aspects of Digital Forensics

781

837

Part V: Governance, Risk, and Compliance

CHAPTER 31

Comparing and Contrasting the Various Types of Controls 865

CHAPTER 32

Understanding the Importance of Applicable Regulations, Standards,

or Frameworks That Impact Organizational Security Posture 875

CHAPTER 33

Understanding the Importance of Policies to

Organizational Security 893

CHAPTER 34

Summarizing Risk Management Processes and Concepts

CHAPTER 35

Understanding Privacy and Sensitive Data Concepts

in Relation to Security 935

913

Part VI: Final Preparation

CHAPTER 36

Final Preparation

953

Glossary of Key Terms

955

APPENDIX A

Answers to the ¡°Do I Know This Already?¡±

Quizzes and Review Questions 1023

APPENDIX B

CompTIA Security+ (SY0-601) Cert Guide Exam Updates

Index

1087

1089

Online Elements:

APPENDIX C

Study Planner

Glossary of Key Terms

9780136770312_print.indb 4

30/05/21 4:24 pm

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download