CompTIA Security+: SY0-601 Certification Guide - Second Edition

Book description

Learn IT security essentials and prepare for the Security+ exam with this CompTIA exam guide, complete with additional online resources—including flashcards, PBQs, and mock exams—at securityplus.training

Key Features

  • Written by Ian Neil, one of the world's top CompTIA Security+ trainers
  • Test your knowledge of cybersecurity jargon and acronyms with realistic exam questions
  • Learn about cryptography, encryption, and security policies to deliver a robust infrastructure

Book Description

The CompTIA Security+ certification validates the fundamental knowledge required to perform core security functions and pursue a career in IT security. Authored by Ian Neil, a world-class CompTIA certification trainer, this book is a best-in-class study guide that fully covers the CompTIA Security+ 601 exam objectives.

Complete with chapter review questions, realistic mock exams, and worked solutions, this guide will help you master the core concepts to pass the exam the first time you take it. With the help of relevant examples, you'll learn fundamental security concepts from certificates and encryption to identity and access management (IAM). As you progress, you'll delve into the important domains of the exam, including cloud security, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, cryptography, and public key infrastructure (PKI).

You can access extra practice materials, including flashcards, performance-based questions, practical labs, mock exams, key terms glossary, and exam tips on the author's website at securityplus.training.

By the end of this Security+ book, you'll have gained the knowledge and understanding to take the CompTIA exam with confidence.

What you will learn

  • Master cybersecurity fundamentals, from the CIA triad through to IAM
  • Explore cloud security and techniques used in penetration testing
  • Use different authentication methods and troubleshoot security issues
  • Secure the devices and applications used by your company
  • Identify and protect against various types of malware and viruses
  • Protect yourself against social engineering and advanced attacks
  • Understand and implement PKI concepts
  • Delve into secure application development, deployment, and automation

Who this book is for

If you want to take and pass the CompTIA Security+ SY0-601 exam, even if you are not from an IT background, this book is for you. You'll also find this guide useful if you want to become a qualified security professional. This CompTIA book is also ideal for US Government and US Department of Defense personnel seeking cybersecurity certification.

Table of contents

  1. CompTIA Security+: SY0-601 Certification Guide
  2. Second Edition
  3. Why subscribe?
  4. Contributors
  5. About the author
  6. About the reviewers
  7. Packt is searching for authors like you
  8. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Additional online resources
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Reviews
  9. Objectives for the CompTIA Security+ 601 exam
    1. Exam Objectives (Domains)
  10. Section 1: Security Aims and Objectives
  11. Chapter 1: Understanding Security Fundamentals
    1. Security Fundamentals
      1. CIA Triad Concept
      2. Least Privilege
      3. Defense in Depth Model
    2. Comparing Control Types
      1. Managerial Controls
      2. Operational Controls
      3. Technical Controls
      4. Deterrent Controls
      5. Detective Controls
      6. Corrective Controls
      7. Compensating Controls
      8. Preventative Controls
      9. Access Controls
      10. Discretionary Access Control
      11. Mandatory Access Control
        1. MAC Roles
      12. Role-Based Access Control
      13. Rule-Based Access Control
      14. Attribute-Based Access Control
      15. Group-Based Access Control
      16. Linux-Based Access Control
        1. Linux File Permissions (not SELinux)
    3. Physical Security Controls
      1. Perimeter Security
      2. Building Security
      3. Device Protection
    4. Understanding Digital Forensics
      1. Five-Minute Practical
      2. Collection of Evidence
      3. Cloud Forensics
        1. Right-to-Audit Clauses
        2. Regulatory and Jurisdiction
        3. Data Breach Notifications/Laws
    5. Review Questions
  12. Chapter 2: Implementing Public Key Infrastructure
    1. PKI Concepts
      1. Certificate Hierarchy
      2. Certificate Trust
      3. Certificate Validity
      4. Certificate Management Concepts
      5. Types of Certificates
    2. Asymmetric and Symmetric Encryption
      1. Encryption Explained
      2. Digital Signatures Explained
      3. Cryptography Algorithms and Their Characteristics
      4. Symmetric Algorithms
      5. Asymmetric Algorithms
      6. Symmetric versus Asymmetric Analogy
      7. Lightweight Cryptography
      8. XOR Encryption
    3. Key Stretching Algorithms
    4. Salting Passwords
    5. Cipher Modes
      1. Stream versus Block Cipher Analogy
      2. Modes of Operation
    6. Quantum Computing
    7. Blockchain and the Public Ledger
    8. Hashing and Data Integrity
    9. Comparing and Contrasting the Basic Concepts of Cryptography
      1. Asymmetric – PKI
        1. Asymmetric – Weak/Depreciated Algorithms
        2. Asymmetric – Ephemeral Keys
      2. Symmetric Algorithm – Modes of Operation
        1. Symmetric Encryption – Streams versus Block Ciphers
        2. Symmetric Encryption – Confusion
      3. Hashing Algorithms
      4. Crypto Service Provider
      5. Crypto Module
      6. Data Protection
    10. Basic Cryptographic Terminologies
      1. Obfuscation
      2. Pseudo-Random Number Generator
      3. Nonce
      4. Perfect Forward Secrecy
      5. Security through Obscurity
      6. Collision
      7. Steganography
      8. Homomorphic Encryption
      9. Diffusion
      10. Implementation Decisions
    11. Common Use Cases for Cryptography
      1. Supporting Confidentiality
      2. Supporting Integrity
      3. Supporting Non-Repudiation
      4. Supporting Obfuscation
      5. Low-Power Devices
      6. High Resiliency
      7. Supporting Authentication
      8. Resource versus Security Constraints
    12. Practical Exercises
      1. Practical Exercise 1 – Building a Certificate Server
      2. Practical Exercise 2 – Encrypting Data with EFS and Stealing Certificates
      3. Practical Exercise 3 – Revoking the EFS Certificate
    13. Review Questions
  13. Chapter 3: Investigating Identity and Access Management
    1. Understanding Identity and Access Management Concepts
    2. Identity Types
    3. Account Types
    4. Authentication Types
      1. Security Tokens and Devices
      2. Certificate-Based Authentication
        1. Port-Based Authentication
        2. Location-Based Authentication
        3. Miscellaneous Authentication Technologies
    5. Implementing Authentication and Authorization Solutions
      1. Authentication Management
      2. Authentication Protocols
      3. Authentication, Authorization, and Accounting (AAA) Servers
        1. Remote Access Authentication
      4. Access Control Schemes
        1. Privilege Access Management
        2. Mandatory Access Control
        3. Discretionary Access Control
        4. Least Privilege
        5. Linux Permissions (not SELinux)
        6. Role-Based Access Control
        7. Rule-Based Access Control
        8. Attribute-Based Access Control
        9. Group-Based Access
    6. Summarizing Authentication and Authorization Design Concepts
      1. Directory Services
        1. LDAP
        2. Kerberos
        3. Transitive Trust
        4. Federation Services
        5. Shibboleth
        6. Attestation
        7. Single Sign-On (SSO)
        8. Internet-Based Open-Source Authentication
        9. Biometrics
        10. Authentication Factors
        11. Number of Factors – Examples
    7. Cloud versus On-Premises Authentication
      1. On-Premises
      2. In the Cloud
    8. Common Account Management Policies
      1. Account Creation
      2. Employees Moving Departments
        1. Disabling an Account
      3. Account Recertification
      4. Account Maintenance
      5. Account Monitoring
      6. Security Information and Event Management
        1. Account Audits
        2. Passwords
        3. Default/Administrator Password
        4. Passwords – Group Policy
        5. Password Recovery
        6. Credential Management
    9. Practical Exercise – Password Policy
    10. Review Questions
  14. Chapter 4: Exploring Virtualization and Cloud Concepts
    1. Overview of Cloud Computing
    2. Implementing Different Cloud Deployment Models
    3. Understanding Cloud Service Models
      1. Infrastructure as a Service (IaaS)
      2. Software as a Service (SaaS)
      3. Platform as a Service (PaaS)
      4. Security as a Service (SECaaS)
      5. Anything as a Service (XaaS)
    4. Understanding Cloud Computing Concepts
    5. Understanding Cloud Storage Concepts
    6. Selecting Cloud Security Controls
      1. High Availability Access Zones
      2. Resource Policies
      3. Secret Management
      4. Integration and Auditing
      5. Storage
      6. Networks
      7. Compute
      8. Solutions
    7. Exploring the Virtual Network Environments
    8. Review Questions
  15. Section 2: Monitoring the Security Infrastructure
  16. Chapter 5: Monitoring, Scanning, and Penetration Testing
    1. Penetration Testing Concepts
      1. Rules of Engagement (ROE)
      2. Network Exploitation Techniques
    2. Passive and Active Reconnaissance
      1. Reconnaissance Tools
    3. Exercise Types
    4. Vulnerability Scanning Concepts
      1. Credentialed versus Non-Credentialed Scans
      2. Intrusive versus Non-Intrusive Vulnerability Scans
      3. Other Types of Scans That Can Be Performed
      4. Penetration Testing versus Vulnerability Scanning
    5. Syslog/Security Information and Event Management
    6. Security Orchestration, Automation, and Response
      1. Threat Hunting
    7. Review Questions
  17. Chapter 6: Understanding Secure and Insecure Protocols
    1. Introduction to Protocols
    2. Insecure Protocols and Their Use Cases
    3. Secure Protocols and Their Use Cases
    4. Additional Use Cases and Their Protocols
      1. Subscription Services and Their Protocols
      2. Routing and Its Protocols
      3. Switching and Its Protocols
      4. Active Directory (Directory Services) and Its Protocols
    5. Review Questions
  18. Chapter 7: Delving into Network and Security Concepts
    1. Installing and Configuring Network Components
      1. Firewall
      2. Network Address Translation Gateway
      3. Router
      4. Access Control List – Network Devices
      5. Switch
      6. Tap/Port Mirror
      7. Aggregation Switches
      8. Honeypot
      9. Honeyfile
      10. Fake Telemetry
      11. Proxy Server
      12. Jump Servers
      13. Load Balancer
        1. Load Balancer Scheduling
        2. Load Balancer Configurations
    2. Remote Access Capabilities
      1. IPSec
        1. IPSec – Handshake
      2. VPN Concentrator
        1. Site-to-Site VPN
        2. VPN Always On versus On-Demand
        3. SSL VPNs
      3. Split Tunneling
      4. Remote Support
    3. Secure Network Architecture Concepts
      1. Software-Defined Network
      2. Network Segmentation
      3. Intrusion Prevention System
      4. Intrusion Detection System
        1. Modes of Detection
      5. Modes of Operation
      6. Sensor/Collector
      7. Monitoring Data
      8. Network Access Control
      9. Domain Name System
      10. DNS Poisoning
        1. DNSSEC
      11. DNS Sinkhole
    4. Network Reconnaissance and Discovery
      1. Exploitation Frameworks
    5. Forensic Tools
    6. IP Addressing
      1. IP Schema
      2. IP Version 4
      3. Subnet Mask
      4. CIDR Mask
      5. Network Address Allocation
        1. IP Version 4 – Lease Process
        2. IP Version 4 Lease Process – Troubleshooting
      6. IP Version 6 Addressing
    7. Review Questions
  19. Chapter 8: Securing Wireless and Mobile Solutions
    1. Implementing Wireless Security
    2. Wireless Access Point Controllers
      1. Securing Access to Your WAP
      2. Wireless Bandwidth/Band Selection
      3. Wireless Channels
      4. Wireless Antenna Types
      5. Wireless Coverage
      6. Wireless – Open System Authentication
      7. Wireless Encryption
        1. Wi-Fi Protected Access Version 2 (WPA2)
        2. Wi-Fi Protected Access Version 3 (WPA3)
      8. Wireless Captive Portals
      9. Wireless Attacks
      10. Wireless Authentication Protocols
    3. Deploying Mobile Devices Securely
      1. Mobile Device Management
      2. Bring Your Own Device
      3. Choose Your Own Device
      4. Corporate-Owned Personally-Enabled
    4. Mobile Device Connection Methods
      1. Mobile Device Management Concepts
      2. Device Management
      3. Device Protection
      4. Device Data
      5. Mobile Device Enforcement and Monitoring
    5. Review Questions
  20. Section 3: Protecting the Security Environment
  21. Chapter 9: Identifying Threats, Attacks, and Vulnerabilities
    1. Virus and Malware Attacks
    2. Social Engineering Attacks
    3. Threat Actors
    4. Advanced Attacks
      1. Password Attacks
      2. Physical Attacks
      3. On-Path Attacks
      4. Network Attacks
      5. Application/Programming Attacks
      6. Hijacking-Related Attacks
      7. Driver Manipulation
      8. Cryptographic Attacks
      9. Security Concerns with Various Type of Vulnerabilities
      10. Cloud vs. On-Premises Vulnerabilities
        1. Zero Day Virus
        2. Weak Configurations
      11. Third-Party Risks
    5. Review Questions
  22. Chapter 10: Governance, Risk, and Compliance
    1. Risk Management Processes and Concepts
      1. Risk Types
      2. Risk Management Strategies
      3. Risk Analysis
      4. Calculating Loss
      5. Disasters
      6. Business Impact Analysis Concepts
    2. Threat Actors, Vectors, and Intelligence Concepts
      1. Threat Actors
      2. Attack Vectors
      3. Threat Intelligence Sources
      4. Research Sources
    3. The Importance of Policies for Organizational Security
      1. Personnel
      2. Diversity of Training Techniques
      3. Third-Party Risk Management
      4. Data
      5. Credential Policies
      6. Organizational Policies
    4. Regulations, Standards, and Legislation
      1. Key Frameworks
      2. Benchmarks/Secure Configuration Guides
    5. Privacy and Sensitive Data Concepts
      1. Data Sovereignty
      2. Legal implications
      3. Geographic considerations
      4. Organizational Consequences of Privacy Breaches
      5. Notifications of Breaches
      6. Data Types
        1. Classification
      7. Privacy-Enhancing Technologies
      8. Data Roles and Responsibilities
      9. Information Life Cycle
      10. Impact Assessment
      11. Terms of Agreement
      12. Privacy Notice
    6. Review Questions
  23. Chapter 11: Managing Application Security
    1. Implementing Host or Application Security
      1. Boot Integrity
      2. Endpoint Protection
      3. Databases
      4. Application Security
      5. Hardening
      6. Full Disk Encryption (FDE)
      7. Self-Encrypting Drives (SEDs)
        1. Hardware Security Module (HSM)
        2. Sandboxing
    2. Understanding the Security Implications of Embedded and Specialist Systems
      1. Internet of Things (IoT)
      2. Real-Time Operating System (RTOS)
      3. Multifunctional Printers (MFPs)
      4. Surveillance Systems
      5. System on a Chip (SoC)
      6. Heating, Ventilation, and Air Conditioning (HVAC)
      7. Specialized Devices
      8. Embedded Systems
      9. Supervisory Control and Data Acquisition (SCADA)
      10. Industrial Control System
      11. Communication Considerations
      12. Constraints
    3. Understanding Secure Application Development, Deployment, and Automation
      1. Software Diversity
      2. Elasticity
      3. Scalability
      4. Environment
      5. Automation/Scripting
      6. Provisioning and Deprovisioning
      7. Version Control
      8. Integrity Measurement
      9. Secure Coding Techniques
      10. Open Web Application Security Project (OWASP)
    4. Review Questions
  24. Chapter 12: Dealing with Incident Response Procedures
    1. Incident Response Procedures
      1. Response and Recovery Controls
      2. Disaster Recovery Exercises
      3. Attack Frameworks
        1. MITRE ATT&CK Framework
        2. Cyber Kill Chain
        3. The Diamond Model of Intrusion Analysis
      4. Stakeholder Management
        1. Communication Plan
        2. Disaster Recovery Plan
        3. Business Continuity Plan (BCP)
      5. Continuity of Operations Planning (COOP)
        1. Incident Response Team
        2. Roles and Responsibilities
        3. Retention Policies
    2. Utilizing Data Sources to Support Investigations
      1. Vulnerability Scan Output
      2. SIEM Dashboards
      3. Log Files
      4. Log Managers
      5. journalctl
      6. NXLog
      7. Bandwidth Monitors
      8. Metadata
      9. Network Monitoring
      10. Protocol Analyzer Output
    3. Knowing How to Apply Mitigation Techniques or Controls to Secure an Environment
      1. Reconfigure Endpoint Security Solutions
      2. Application Approved List
      3. Application Block List/Deny List
      4. Quarantine
      5. Configuration Management
      6. Isolation
      7. Containment
      8. Segmentation
      9. Security Orchestration, Automation, and Response (SOAR)
    4. Implementing Cybersecurity Resilience
      1. Redundancy
        1. Disk
        2. Geographic Dispersal
        3. Network
        4. Power
        5. Replication
        6. On-Premises versus the Cloud
        7. Backup Types
        8. Secure Data Destruction
        9. Non-Persistence
        10. High Availability
        11. Restoration Order
        12. Diversity
        13. Control Diversity
    5. Review Questions
  25. Section 4: Mock Tests
  26. Chapter 13: Mock Exam 1
  27. Mock Exam 1 Solutions
  28. Chapter 14: Mock Exam 2
  29. Mock Exam 2 Solutions
  30. Chapter Review Solutions
    1. Chapter 1 – Understanding Security Fundamentals
    2. Chapter 2 – Implementing Public Key Infrastructure
    3. Chapter 3 – Investigating Identity and Access Management
    4. Chapter 4 – Exploring Virtualization and Cloud Concepts
    5. Chapter 5 – Monitoring, Scanning, and Penetration Testing
    6. Chapter 6 – Understanding Secure and Insecure Protocols
    7. Chapter 7 – Delving into Network and Security Concepts
    8. Chapter 8 – Securing Wireless and Mobile Solutions
    9. Chapter 9 – Identifying Threats, Attacks, and Vulnerabilities
    10. Chapter 10 – Governance, Risk, and Compliance
    11. Chapter 11 – Managing Application Security
    12. Chapter 12 – Dealing with Incident Response Procedures
  31. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product information

  • Title: CompTIA Security+: SY0-601 Certification Guide - Second Edition
  • Author(s): Ian Neil
  • Release date: December 2020
  • Publisher(s): Packt Publishing
  • ISBN: 9781800564244