Название: CompTIA Security+ SY0-401 In Depth
Издательство: Cengage Learning
Автор:Mark Ciampa
Год: 2015
Количество страниц:576
Язык: English
Формат:pdf
Размер:19 Mb
COMPTIA SECURITY+ SY0-401 IN DEPTH will prepare you to pass CompTIA's new Security+ certification exam and earn this important credential in the field of computer security. This book offers in-depth coverage of all relevant topics, from handling malware to advanced cryptography, wireless and mobile security, and much more. Using the proven In Depth certification training method, this comprehensive, up-to-date, user-friendly test-prep guide covers exam objectives for the new Security+ SY0-401 certification exam; features end-of-chapter quizzes to test your mastery of each new skill you're learning; maps completely to the Security+ SY0-401 exam objectives; and includes a full glossary and helpful appendixes. Computer and network security is a crucially important and ever-growing field, and IT professionals must keep up with the latest challenges and technologies. The CompTIA Security+ SY0-401 certification exam validates the knowledge and best practices required of professionals responsible for securing computer networks and managing risk. The coaching and test-prep resources contained in COMPTIA SECURITY+ SY0-401 IN DEPTH will give you the skills and confidence you'll need to succeed on exam day.
Table of Contents
Title Page
Copyright Page
Brief Contents
Table of Contents
INTRODUCTION
CHAPTER 1 Introduction to Security
Challenges of Securing Information
Today’s Security Attacks
Difficulties in Defending Against Attacks
What Is Information Security?
Understanding Security
Defining Information Security
Information Security Terminology
Understanding the Importance of Information Security
Who Are the Attackers?
Cybercriminals
Script Kiddies
Brokers
Insiders
Cyberterrorists
Hactivists
State-Sponsored Attackers
Attacks and Defenses
Steps of an Attack
Defenses Against Attacks
Chapter Summary
Key Terms
Review Questions
PART I Threats
CHAPTER 2 Malware and Social Engineering Attacks
Attacks Using Malware
Circulation/Infection
Concealment
Payload Capabilities
Social Engineering Attacks
Psychological Approaches
Physical Procedures
Chapter Summary
Key Terms
Review Questions
CHAPTER 3 Application and Networking-Based Attacks
Application Attacks
Server-Side Web Application Attacks
Client-Side Application Attacks
Impartial Overflow Attacks
Networking-Based Attacks
Denial of Service (DoS)
Interception
Poisoning
Attacks on Access Rights
Chapter Summary
Key Terms
Review Questions
PART II Application, Data, and Host Security
CHAPTER 4 Host, Application, and Data Security
Securing the Host
Securing Devices
Securing the Operating System Software
Securing with Antimalware
Securing Static Environments
Application Security
Application Development Security
Application Hardening and Patch Management
Securing Data
Chapter Summary
Key Terms
Review Questions
PART III Cryptography
CHAPTER 5 Basic Cryptography
Defining Cryptography
What Is Cryptography?
Cryptography and Security
Cryptographic Algorithms
Hash Algorithms
Symmetric Cryptographic Algorithms
Asymmetric Cryptographic Algorithms
Using Cryptography
Encryption Through Software
Hardware Encryption
Chapter Summary
Key Terms
Review Questions
CHAPTER 6 Advanced Cryptography
Digital Certificates
Defining Digital Certificates
Managing Digital Certificates
Types of Digital Certificates
Public Key Infrastructure (PKI)
What Is Public Key Infrastructure (PKI)?
Public Key Cryptography Standards (PKCS)
Trust Models
Managing PKI
Key Management
Key Storage
Key Usage
Key Handling Procedures
Cryptographic Transport Protocols
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
Secure Shell (SSH)
Hypertext Transport Protocol Secure (HTTPS)
IP Security (IPsec)
Chapter Summary
Key Terms
Review Questions
PART IV Network Security
CHAPTER 7 Network Security Fundamentals
Security Through Network Devices
Standard Network Devices
Network Security Hardware
Security Through Network Technologies
Network Address Translation (NAT)
Network Access Control (NAC)
Security Through Network Design Elements
Demilitarized Zone (DMZ)
Subnetting
Virtual LANs (VLANs)
Remote Access
Chapter Summary
Key Terms
Review Questions
CHAPTER 8 Administering a Secure Network
Common Network Protocols
Internet Control Message Protocol (ICMP)
Simple Network Management Protocol (SNMP)
Domain Name System (DNS)
File Transfer Protocols
Storage Protocols
NetBIOS
Telnet
IPv6
Network Administration Principles
Device Security
Monitoring and Analyzing Logs
Network Design Management
Port Security
Securing Network Applications and Platforms
IP Telephony
Virtualization
Cloud Computing
Chapter Summary
Key Terms
Review Questions
PART V Mobile Security
CHAPTER 9 Wireless Network Security
Wireless Attacks
Bluetooth Attacks
Near Field Communication (NFC) Attacks
Wireless Local Area Network (WLAN) Attacks
Vulnerabilities of IEEE Wireless Security
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Setup (WPS)
MAC Address Filtering
Disabling SSID Broadcasts
Wireless Security Solutions
Wi-Fi Protected Access (WPA)
Wi-Fi Protected Access 2 (WPA2)
Additional Wireless Security Protections
Chapter Summary
Key Terms
Review Questions
CHAPTER 10 Mobile Device Security
Types of Mobile Devices
Portable Computers
Tablets
Smartphones
Wearable Technology
Legacy Devices
Mobile Device Removable Storage
Mobile Device Risks
Limited Physical Security
Connecting to Public Networks
Location Tracking
Installing Unsecured Applications
Accessing Untrusted Content
Bring Your Own Device (BYOD) Risks
Securing Mobile Devices
Device Setup
Device and App Management
Device Loss or Theft
Mobile Device App Security
BYOD Security
Chapter Summary
Key Terms
Review Questions
PART VI Access Control and Identity Management
CHAPTER 11 Access Control Fundamentals
What Is Access Control?
Access Control Terminology
Access Control Models
Best Practices for Access Control
Implementing Access Control
Access Control Lists (ACLs)
Group Policies
Account Restrictions
Authentication Services
RADIUS
Kerberos
Terminal Access Control Access Control System (TACACS)
Lightweight Directory Access Protocol (LDAP)
Security Assertion Markup Language (SAML)
Chapter Summary
Key Terms
Review Questions
CHAPTER 12 Authentication and Account Management
Authentication Credentials
What You Know: Passwords
What You Have: Tokens, Cards, and Cell Phones
What You Are: Biometrics
What You Do: Behavioral Biometrics
Where You Are: Geolocation
Single Sign-On
Microsoft Account
OpenID
Open Authorization (OAuth)
Account Management
Chapter Summary
Key Terms
Review Questions
PART VII Compliance and Operational Security
CHAPTER 13 Business Continuity
What Is Business Continuity?
Disaster Recovery
Disaster Recovery Plan (DRP)
Redundancy and Fault Tolerance
Data Backups
Environmental Controls
Fire Suppression
Electromagnetic Interference (EMI) Shielding
HVAC
Incident Response
Forensics
Incident Response Procedures
Chapter Summary
Key Terms
Review Questions
CHAPTER 14 Risk Mitigation
Controlling Risk
Privilege Management
Change Management
Incident Management
Risk Calculation
Reducing Risk Through Policies
What Is a Security Policy?
Balancing Trust and Control
Designing a Security Policy
Types of Security Policies
Awareness and Training
Compliance
User Practices
Threat Awareness
Training Techniques
Chapter Summary
Key Terms
Review Questions
CHAPTER 15 Vulnerability Assessment
Assessing Vulnerabilities
What Is Vulnerability Assessment?
Assessment Techniques
Assessment Tools
Vulnerability Scanning vs. Penetration Testing
Vulnerability Scanning
Penetration Testing
Third-Party Integration
Mitigating and Deterring Attacks
Creating a Security Posture
Selecting Appropriate Controls
Configuring Controls
Hardening
Reporting
Chapter Summary
Key Terms
Review Questions
APPENDIX A CompTIA SY0-401 Certification Exam Objectives
APPENDIX B Answers to Chapter Review Questions
APPENDIX C Security Websites
Security Organizations
Vendor Security Websites
Threat Analysis
Standards Organizations and Regulatory Agencies
Laws Protecting Private Information
Blogs
APPENDIX D Selected TCP/IP Ports and Their Threats
APPENDIX E References
GLOSSARY
INDEX
depositfiles.com
turbobit.net
|
Навигация
Вход на сайт
Реклама
CompTIA Security + SY0-401 In Depth 
