Sale!

Test Bank for CompTIA Security+ SY0-501 Cert Guide, Academic Edition (Certification Guide) (2nd Edition)

By:  
  • ISBN-10:  0789759128 / ISBN-13:  9780789759122
  • Ebook Details

    • Edition: 2nd edition
    • Format: Downloadable ZIP Fille
    • Resource Type : Testbank
    • Publication: 2017
    • Duration: Unlimited downloads
    • Delivery: Instant Download
     

    $35.00 $30.00

    SKU: b9f2680a86f9 Category:

    Table of content:

    Introduction xxii
    Chapter 1 Introduction to Security 2
    Foundation Topics 3
    Security 101 3
    The CIA of Computer Security 3
    The Basics of Information Security 4
    Think Like a Hacker 6
    Threat Actor Types and Attributes 7
    Chapter Review Activities 9
    Chapter 2 Computer Systems Security Part I 12
    Foundation Topics 13
    Malicious Software Types 13
    Viruses 13
    Worms 14
    Trojan Horses 14
    Ransomware 15
    Spyware 15
    Rootkits 16
    Spam 16
    Summary of Malware Threats 17
    Delivery of Malware 17
    Via Software, Messaging, and Media 18
    Botnets and Zombies 19
    Active Interception 19
    Privilege Escalation 19
    Backdoors 19
    Logic Bombs 20
    Preventing and Troubleshooting Malware 20
    Preventing and Troubleshooting Viruses 20
    Preventing and Troubleshooting Worms and Trojans 23
    Preventing and Troubleshooting Spyware 24
    Preventing and Troubleshooting Rootkits 25
    Preventing and Troubleshooting Spam 26
    You Can’t Save Every Computer from Malware! 27
    Summary of Malware Prevention Techniques 27
    Chapter Review Activities 29
    Chapter 3 Computer Systems Security Part II 34
    Foundation Topics 35
    Implementing Security Applications 35
    Personal Software Firewalls 35
    Host-Based Intrusion Detection Systems 36
    Pop-Up Blockers 38
    Data Loss Prevention Systems 38
    Securing Computer Hardware and Peripherals 39
    Securing the BIOS 39
    Securing Storage Devices 41
    Removable Storage 41
    Network Attached Storage 41
    Whole Disk Encryption 42
    Hardware Security Modules 43
    Securing Wireless Peripherals 43
    Securing Mobile Devices 44
    Malware 44
    Botnet Activity 45
    SIM Cloning and Carrier Unlocking 45
    Wireless Attacks 46
    Theft 46
    Application Security 47
    BYOD Concerns 49
    Chapter Review Activities 53
    Chapter 4 OS Hardening and Virtualization 58
    Foundation Topics 59
    Hardening Operating Systems 59
    Removing Unnecessary Applications and Services 59
    Windows Update, Patches, and Hotfixes 65
    Patches and Hotfixes 66
    Patch Management 68
    Group Policies, Security Templates, and Configuration Baselines 69
    Hardening File Systems and Hard Drives 71
    Virtualization Technology 74
    Types of Virtualization and Their Purposes 74
    Hypervisor 75
    Securing Virtual Machines 76
    Chapter Review Activities 79
    Chapter 5 Application Security 86
    Foundation Topics 87
    Securing the Browser 87
    General Browser Security Procedures 88
    Implement Policies 88
    Train Your Users 90
    Use a Proxy and Content Filter 91
    Secure Against Malicious Code 92
    Web Browser Concerns and Security Methods 92
    Basic Browser Security 92
    Cookies 92
    LSOs 93
    Add-ons 94
    Advanced Browser Security 94
    Securing Other Applications 95
    Secure Programming 99
    Software Development Life Cycle 99
    Core SDLC and DevOps Principles 100
    Programming Testing Methods 102
    White-box and Black-box Testing 102
    Compile-Time Errors Versus Runtime Errors 102
    Input Validation 103
    Static and Dynamic Code Analysis 104
    Fuzz Testing 104
    Programming Vulnerabilities and Attacks 104
    Backdoors 105
    Memory/Buffer Vulnerabilities 105
    Arbitrary Code Execution/Remote Code Execution 106
    XSS and XSRF 107
    More Code Injection Examples 107
    Directory Traversal 109
    Zero Day Attack 109
    Chapter Review Activities 111
    Chapter 6 Network Design Elements 118
    Foundation Topics 119
    Network Design 119
    The OSI Model 119
    Network Devices 120
    Switch 120
    Bridge 122
    Router 122
    Network Address Translation, and Private Versus Public IP 123
    Network Zones and Interconnections 125
    LAN Versus WAN 125
    Internet 126
    Demilitarized Zone (DMZ) 126
    Intranets and Extranets 127
    Network Access Control (NAC) 128
    Subnetting 128
    Virtual Local Area Network (VLAN) 130
    Telephony 131
    Modems 131
    PBX Equipment 132
    VoIP 132
    Cloud Security and Server Defense 133
    Cloud Computing 133
    Cloud Security 135
    Server Defense 137
    File Servers 137
    Network Controllers 137
    E-mail Servers 138
    Web Servers 139
    FTP Server 140
    Chapter Review Activities 142
    Chapter 7 Networking Protocols and Threats 148
    Foundation Topics 149
    Ports and Protocols 149
    Port Ranges, Inbound Versus Outbound, and Common Ports 149
    Protocols That Can Cause Anxiety on the Exam 155
    Malicious Attacks 155
    DoS 155
    DDoS 158
    Sinkholes and Blackholes 158
    Spoofing 159
    Session Hijacking 159
    Replay 161
    Null Sessions 161
    Transitive Access and Client-Side Attacks 162
    DNS Poisoning and Other DNS Attacks 162
    ARP Poisoning 164
    Summary of Network Attacks 164
    Chapter Review Activities 167
    Chapter 8 Network Perimeter Security 174
    Foundation Topics 175
    Firewalls and Network Security 175
    Firewalls 175
    Proxy Servers 179
    Honeypots and Honeynets 181
    Data Loss Prevention (DLP) 182
    NIDS Versus NIPS 183
    NIDS 183
    NIPS 184
    Summary of NIDS Versus NIPS 185
    The Protocol Analyzer’s Role in NIDS and NIPS 185
    Unified Threat Management 186
    Chapter Review Activities 187
    Chapter 9 Securing Network Media and Devices 194
    Foundation Topics 195
    Securing Wired Networks and Devices 195
    Network Device Vulnerabilities 195
    Default Accounts 195
    Weak Passwords 195
    Privilege Escalation 196
    Back Doors 197
    Network Attacks 197
    Other Network Device Considerations 197
    Cable Media Vulnerabilities 198
    Interference 198
    Crosstalk 199
    Data Emanation 199
    Tapping into Data and Conversations 200
    Securing Wireless Networks 201
    Wireless Access Point Vulnerabilities 202
    The Administration Interface 202
    SSID Broadcast 202
    Rogue Access Points 202
    Evil Twin 203
    Weak Encryption 203
    Wi-Fi Protected Setup 205
    Ad Hoc Networks 205
    VPN over Open Wireless 205
    Wireless Access Point Security Strategies 205
    Wireless Transmission Vulnerabilities 208
    Bluetooth and Other Wireless Technology Vulnerabilities 209
    Bluejacking 209
    Bluesnarfing 210
    RFID and NFC 210
    More Wireless Technologies 210
    Chapter Review Activities 212
    Chapter 10 Physical Security and Authentication Models 218
    Foundation Topics 219
    Physical Security 219
    General Building and Server Room Security 219
    Door Access 220
    Biometric Readers 221
    Authentication Models and Components 222
    Authentication Models 222
    Localized Authentication Technologies 224
    802.1X and EAP 224
    LDAP 226
    Kerberos and Mutual Authentication 227
    Remote Desktop Services 229
    Remote Authentication Technologies 230
    Remote Access Service 230
    Virtual Private Networks 231
    RADIUS Versus TACACS 234
    Chapter Review Activities 236
    Chapter 11 Access Control Methods and Models 244
    Foundation Topics 245
    Access Control Models Defined 245
    Discretionary Access Control 245
    Mandatory Access Control 246
    Role-Based Access Control (RBAC) 247
    Attribute-based Access Control (ABAC) 248
    Access Control Wise Practices 249
    Rights, Permissions, and Policies 250
    Users, Groups, and Permissions 251
    Permission Inheritance and Propagation 255
    Moving and Copying Folders and Files 256
    Usernames and Passwords 256
    Policies 258
    User Account Control (UAC) 261
    Chapter Review Activities 262
    Chapter 12 Vulnerability and Risk Assessment 270
    Foundation Topics 271
    Conducting Risk Assessments 271
    Qualitative Risk Assessment 272
    Quantitative Risk Assessment 273
    Security Analysis Methodologies 274
    Security Controls 275
    Vulnerability Management 276
    Penetration Testing 277
    OVAL 279
    Additional Vulnerabilities 279
    Assessing Vulnerability with Security Tools 280
    Network Mapping 280
    Vulnerability Scanning 282
    Network Sniffing 283
    Password Analysis 284
    Chapter Review Activities 287
    Chapter 13 Monitoring and Auditing 294
    Foundation Topics 295
    Monitoring Methodologies 295
    Signature-Based Monitoring 295
    Anomaly-Based Monitoring 295
    Behavior-Based Monitoring 296
    Using Tools to Monitor Systems and Networks 296
    Performance Baselining 297
    Protocol Analyzers 299
    Wireshark 299
    SNMP 301
    Analytical Tools 302
    Use Static and Dynamic Tools 304
    Conducting Audits 304
    Auditing Files 305
    Logging 306
    Log File Maintenance and Security 310
    Auditing System Security Settings 311
    SIEM 314
    Chapter Review Activities 315
    Chapter 14 Encryption and Hashing Concepts 322
    Foundation Topics 323
    Cryptography Concepts 323
    Symmetric Versus Asymmetric Key Algorithms 326
    Symmetric Key Algorithms 326
    Asymmetric Key Algorithms 327
    Public Key Cryptography 327
    Key Management 328
    Steganography 328
    Encryption Algorithms 329
    DES and 3DES 329
    AES 329
    RC 330
    Blowfish and Twofish 331
    Summary of Symmetric Algorithms 331
    RSA 331
    Diffie-Hellman 333
    Elliptic Curve 333
    More Encryption Types 334
    One-Time Pad 334
    PGP 335
    Pseudorandom Number Generators 336
    Hashing Basics 336
    Cryptographic Hash Functions 337
    MD5 338
    SHA 338
    RIPEMD and HMAC 338
    LANMAN, NTLM, and NTLMv2 339
    LANMAN 339
    NTLM and NTLMv2 340
    Hashing Attacks 341
    Pass the Hash 341
    Happy Birthday! 341
    Additional Password Hashing Concepts 342
    Chapter Review Activities 343
    Chapter 15 PKI and Encryption Protocols 350
    Foundation Topics 351
    Public Key Infrastructure 351
    Certificates 351
    SSL Certificate Types 352
    Single-Sided and Dual-Sided Certificates 352
    Certificate Chain of Trust 352
    Certificate Formats 352
    Certificate Authorities 353
    Web of Trust 356
    Security Protocols 356
    S/MIME 357
    SSL/TLS 357
    SSH 359
    PPTP, L2TP, and IPsec 359
    PPTP 359
    L2TP 359
    IPsec 360
    Chapter Review Activities 361
    Chapter 16 Redundancy and Disaster Recovery 368
    Foundation Topics 369
    Redundancy Planning 369
    Redundant Power 370
    Redundant Power Supplies 371
    Uninterruptible Power Supplies 371
    Backup Generators 372
    Redundant Data 374
    Redundant Networking 376
    Redundant Servers 377
    Redundant Sites 378
    Redundant People 379
    Disaster Recovery Planning and Procedures 379
    Data Backup 379
    DR Planning 382
    Chapter Review Activities 385
    Chapter 17 Social Engineering, User Education, and Facilities Security 390
    Foundation Topics 391
    Social Engineering 391
    Pretexting 391
    Malicious Insider 391
    Diversion Theft 392
    Phishing 392
    Hoaxes 393
    Shoulder Surfing 394
    Eavesdropping 394
    Dumpster Diving 394
    Baiting 394
    Piggybacking/Tailgating 394
    Watering Hole Attack 395
    Summary of Social Engineering Types 395
    User Education 396
    Facilities Security 398
    Fire Suppression 398
    Fire Extinguishers 398
    Sprinkler Systems 399
    Special Hazard Protection Systems 399
    HVAC 400
    Shielding 401
    Vehicles 402
    Chapter Review Activities 404
    Chapter 18 Policies and Procedures 410
    Foundation Topics 411
    Legislative and Organizational Policies 411
    Data Sensitivity and Classification of Information 411
    Personnel Security Policies 413
    Privacy Policies 414
    Acceptable Use 414
    Change Management 414
    Separation of Duties/Job Rotation 415
    Mandatory Vacations 415
    Onboarding and Offboarding 415
    Due Diligence 416
    Due Care 416
    Due Process 416
    User Education and Awareness Training 416
    Summary of Personnel Security Policies 417
    How to Deal with Vendors 417
    How to Dispose of Computers and Other IT Equipment Securely 419
    Incident Response Procedures 420
    IT Security Frameworks 424
    Chapter Review Activities 426
    Chapter 19 Taking the Real Exam 432
    Getting Ready and the Exam Preparation Checklist 432
    Tips for Taking the Real Exam 435
    Beyond the CompTIA Security+ Certification 438
    Practice Exam 1: SY0-501 440
    Glossary 458
    Elements Available Online
    Appendix A: Answers to the Review Questions
    Answers to Practice Exam 1
    View Recommended Resources
    Real-World Scenarios
    Flash Cards

    Reviews

    There are no reviews yet.

    Be the first to review “Test Bank for CompTIA Security+ SY0-501 Cert Guide, Academic Edition (Certification Guide) (2nd Edition)”

    Additional Information


    Resource Type:

    Ebook Title:

    Authors:

    Publisher: