book

CompTIA Security+ SY0-701 Cert Guide

by Lewis Heuermann

April 2024

Beginner to intermediate

814 pages

21h 54m

English

Pearson IT Certification

Read now

Unlock full access

Goals and MethodsWho Should Read This Book?CompTIA Security+ Exam TopicsCompanion WebsiteHow to Access the Pearson Test Prep (PTP) AppFigure Credits
“Do I Know This Already?” QuizFoundation TopicsControl CategoriesControl TypesChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsConfidentiality, Integrity, and Availability (CIA)Non-repudiationAuthentication, Authorization, and Accounting (AAA)Gap AnalysisZero TrustPhysical SecurityDeception and Disruption TechnologyChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsBusiness Processes Impacting Security OperationsTechnical ImplicationsDocumentationVersion ControlChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsPublic Key Infrastructure (PKI)EncryptionTransport/CommunicationSymmetric Versus Asymmetric EncryptionKey ExchangeAlgorithmsKey LengthToolsTrusted Platform ModuleHardware Security ModuleKey Management SystemSecure EnclaveObfuscationSteganographyHashingSaltingDigital SignaturesKey StretchingBlockchainOpen Public LedgerCertificatesChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsThreat ActorsAttributes of ActorsMotivationsWarChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsMessage-BasedImage-BasedFile-BasedVoice CallRemovable DeviceVulnerable SoftwareUnsupported Systems and ApplicationsUnsecure NetworksOpen Service PortsDefault CredentialsSupply ChainHuman Vectors/Social EngineeringChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsApplicationOperating System (OS)–BasedWeb-BasedHardwareVirtualizationCloud SpecificSupply ChainCryptographicMisconfigurationMobile DeviceZero-Day VulnerabilitiesChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsMalware AttacksPhysical AttacksNetwork AttacksApplication AttacksCryptographic AttacksPassword AttacksIndicatorsChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsSegmentationAccess ControlIsolationPatchingEncryptionMonitoringLeast PrivilegeConfiguration EnforcementDecommissioningHardening TechniquesChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsArchitecture and Infrastructure ConceptsConsiderationsChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsInfrastructure ConsiderationsSecure Communication/AccessSelection of Effective ControlsChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsData TypesData ClassificationsGeneral Data ConsiderationsMethods to Secure DataChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsHigh AvailabilitySite ConsiderationsPlatform DiversityMulti-Cloud SystemContinuity of OperationsCapacity PlanningTestingBackupsPowerChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsSecure BaselinesHardening TargetsWireless DevicesMobile SolutionsConnection MethodsWireless Security SettingsApplication SecuritySandboxingMonitoringChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsAcquisition/Procurement ProcessAssignment/AccountingMonitoring/Asset TrackingDisposal/DecommissioningChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsIdentification MethodsAnalysisVulnerability Response and RemediationValidation of RemediationReportingChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsMonitoring and Computing ResourcesActivitiesToolsChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsFirewallIDS/IPSWeb FilterOperating System SecurityImplementation of Secure ProtocolsDNS FilteringEmail SecurityFile Integrity MonitoringDLPNetwork Access Control (NAC)Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)User Behavior AnalyticsChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsProvisioning/De-provisioning User AccountsPermission Assignments and ImplicationsIdentity ProofingFederationSingle Sign-On (SSO)InteroperabilityAttestationAccess ControlsMultifactor Authentication (MFA)Password ConceptsPrivileged Access Management ToolsChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsUse Cases of Automation and ScriptingBenefitsOther ConsiderationsChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsProcessTrainingTestingRoot Cause AnalysisThreat HuntingDigital ForensicsChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsLog DataData SourcesChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsGuidelinesPoliciesStandardsProceduresExternal ConsiderationsMonitoring and RevisionTypes of Governance StructuresRoles and Responsibilities for Systems and DataChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsRisk IdentificationRisk AssessmentRisk AnalysisRisk RegisterRisk ToleranceRisk AppetiteRisk Management StrategiesRisk ReportingBusiness Impact AnalysisChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsVendor AssessmentVendor SelectionAgreement TypesVendor MonitoringQuestionnairesRules of EngagementChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsCompliance ReportingConsequences of Non-complianceCompliance MonitoringAttestation and AcknowledgmentPrivacyChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsAttestationInternalExternalPenetration TestingChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
“Do I Know This Already?” QuizFoundation TopicsPhishingAnomalous Behavior RecognitionUser Guidance and TrainingReporting and MonitoringDevelopmentExecutionChapter Review ActivitiesReview Key TopicsDefine Key TermsReview Questions
Hands-on ActivitiesSuggested Plan for Final Review and StudySummary

Content preview from CompTIA Security+ SY0-701 Cert Guide

Chapter 9 Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise

This chapter covers the following topics related to Objective 2.5 (Explain the purpose of mitigation techniques used to secure the enterprise) of the CompTIA Security+ SY0-701 certification exam:

This chapter explores various mitigation techniques for securing the enterprise. It focuses on the implementation and understanding of practices like segmentation, access control (including ACLs and permissions), application allow listing, isolation, patching, encryption, monitoring, least ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

CompTIA Security+ (SY0-701)

ACI Learning, Wes Bryan, Anthony Sequeira, Daniel Lowrie, Sophie Goodwin

CompTIA Security+ SY0-701

Sari Greene

CompTIA Security+ Certification (SY0-701): The Total Course

Mike Meyers, Lyndon Williams, Dan Lachance

CompTIA Security+ (SY0-701) Full Training Guide

Alexander Oni

Publisher Resources

ISBN: 9780138293215

Chapter 9

Understanding the Purpose of Mitigation Techniques Used to Secure the Enterprise