Switch content of the page by the Role togglethe content would be changed according to the role
CompTIA Security+ SY0-601 Cert Guide, 5th edition
Published by Pearson IT Certification (October 19, 2021) © 2022
- Omar Santos Best-selling Cisco Press author, expert trainer, and Principal Engineer at Cisco (PSIRT)
- Ron Taylor Author, speaker, and Cisco Security Architect
- Joseph Mlodzianowski
eTextbook
/moper month
- Anytime, anywhere learning with the Pearson+ app
- Easy-to-use search, navigation and notebook
- Simpler studying with flashcards
$47.99
- A print text (hardcover or paperback)
- Free shipping
- Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
uCertify
$140.00
- Includes the full Pearson e-text, pre- and post-assessments, quizzes, videos, and more
- Provides hands-on skills to bridge conceptual knowledge and real-world application
- Powerful student management tools yet easy to implement, customize, and manage
CompTIA Security+ SY0-601 Cert Guide shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
The book presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending chapter review activities help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.
The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment software offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.
- Case studies and hands-on video exercises in each chapter
- Three full practice tests based on the real Security + exam
- New! Video explanations of all answers in practice tests
- Memory tables, study strategies, tips, cautions, key terms, troubleshooting scenarios, last-minute review tearsheet, and more
This book has been updated for the new version of the Security+ exam.
Introduction xliv
Part I: Threats, Attacks, and Vulnerabilities
Chapter 1 Comparing and Contrasting Different Types of Social Engineering Techniques 3
“Do I Know This Already?” Quiz 3
Foundation Topics 7
Social Engineering Fundamentals 7
Phishing and Spear Phishing 9
Smishing 12
Vishing 12
Spam and Spam over Internet Messaging (SPIM) 13
Dumpster Diving 13
Shoulder Surfing 14
Pharming 14
Piggybacking or Tailgating 15
Eliciting Information 15
Whaling 16
Prepending 17
Identity Fraud 17
Invoice Scams 17
Credential Harvesting 18
Reconnaissance 18
Hoaxes 19
Impersonation or Pretexting 19
Eavesdropping 19
Baiting 20
Watering Hole Attack 20
Typo Squatting 20
Influence Campaigns, Principles of Social Engineering, and Reasons for Effectiveness 21
User Security Awareness Education 22
Chapter Review Activities 24
Chapter 2 Analyzing Potential Indicators to Determine the Type of Attack 29
“Do I Know This Already?” Quiz 29
Foundation Topics 33
Malicious Software (Malware) 33
Ransomware and Cryptomalware 33
Trojans 35
Remote Access Trojans (RATs) and Rootkits 35
Worms 36
Fileless Virus 37
Command and Control, Bots, and Botnets 37
Logic Bombs 39
Potentially Unwanted Programs (PUPs) and Spyware 40
Keyloggers 42
Backdoors 43
Malware Delivery Mechanisms 43
You Can't Save Every Computer from Malware! 45
Password Attacks 45
Dictionary-based and Brute-force Attacks 45
Password Spraying 46
Offline and Online Password Cracking 46
Rainbow Tables 47
Plaintext/Unencrypted 47
Physical Attacks 48
Malicious Flash Drives 48
Malicious Universal Serial Bus (USB) Cables 48
Card Cloning Attacks 48
Skimming 49
Adversarial Artificial Intelligence 50
Tainted Training Data for Machine Learning 50
Security of Machine Learning Algorithms 50
Supply-Chain Attacks 51
Cloud-based vs. On-premises Attacks 52
Cloud Security Threats 52
Cloud Computing Attacks 54
Cryptographic Attacks 55
Collision 55
Birthday 56
Downgrade 56
Chapter Review Activities 57
Chapter 3 Analyzing Potential Indicators Associated with Application Attacks 61
“Do I Know This Already?” Quiz 61
Foundation Topics 67
Privilege Escalation 67
Cross-Site Scripting (XSS) Attacks 68
Injection Attacks 70
Structured Query Language (SQL) Injection Attacks 70
SQL Injection Categories 73
Dynamic Link Library (DLL) Injection Attacks 74
Lightweight Directory Access Protocol (LDAP) Injection Attacks 74
Extensible Markup Language (XML) Injection Attacks 74
Pointer/Object Dereference 75
Directory Traversal 76
Buffer Overflows 77
Arbitrary Code Execution/Remote Code Execution 78
Race Conditions 79
Error Handling 79
Improper Input Handling 80
Compile-Time Errors vs. Runtime Errors 81
Replay Attacks 82
Request Forgeries 85
Application Programming Interface (API) Attacks 86
Resource Exhaustion 87
Memory Leaks 88
Secure Socket Layer (SSL) Stripping 88
Driver Manipulation 89
Pass the Hash 89
Chapter Review Activities 90
Chapter 4 Analyzing Potential Indicators Associated with Network Attacks 95
“Do I Know This Already?” Quiz 95
Foundation Topics 98
Wireless Attacks 98
Evil Twin Attacks 98
Rogue Access Points 99
Bluesnarfing Attacks 99
Bluejacking Attacks 100
Disassociation and Deauthentication Attacks 101
Jamming Attacks 102
Radio Frequency Identifier (RFID) Attacks 102
Near-Field Communication (NFC) Attacks 102
Initialization Vector (IV) Attacks 103
On-Path Attacks 103
Layer 2 Attacks 105
Address Resolution Protocol (ARP) Poisoning Attacks 105
Media Access Control (MAC) Flooding Attacks 106
MAC Cloning Attacks 106
Best Practices to Protect Against Layer 2 Attacks 106
Domain Name System (DNS) Attacks 107
Domain Hijacking Attacks 108
DNS Poisoning Attacks 108
Uniform Resource Locator (URL) Redirection Attacks 110
Domain Reputation 110
Distributed Denial-of-Service (DDoS) Attacks 111
Malicious Code or Script Execution Attacks 113
Chapter Review Activities 114
Chapter 5 Understanding Different Threat Actors, Vectors, and Intelligence Sources 117
“Do I Know This Already?” Quiz 117
Foundation Topics 120
Actors and Threats 120
Attributes of Threat Actors 122
Attack Vectors 122
Threat Intelligence and Threat Intelligence Sources 123
Structured Threat Information eXpression (STIX) and the Trusted Automated eXchange of Indicator Information (TAXII) 125
Research Sources 127
The MITRE ATT&CK Framework 128
Chapter Review Activities 129
Chapter 6 Understanding the Security Concerns Associated with Various Types of Vulnerabilities 133
“Do I Know This Already?” Quiz 133
Foundation Topics 137
Cloud-based vs. On-premises Vulnerabilities 137
Other “Cloud”-based Concerns 143
Server Defense 144
Zero-day Vulnerabilities 149
Weak Configurations 150
Third-party Risks 155
Improper or Weak Patch Management 160
Patches and Hotfixes 161
Patch Management 163
Legacy Platforms 165
The Impact of Cybersecurity Attacks and Breaches 165
Chapter Review Activities 166
Chapter 7 Summarizing the Techniques Used in Security Assessments 171
“Do I Know This Already?” Quiz 171
Foundation Topics 175
Threat Hunting 175
Security Advisories and Bulletins 177
Vulnerability Scans 180
Credentialed vs. Noncredentialed 182
Intrusive vs. Nonintrusive 182
Common Vulnerability Scoring System (CVSS) 182
Logs and Security Information and Event Management (SIEM) 186
Security Orchestration, Automation, and Response (SOAR) 188
Chapter Review Activities 189
Chapter 8 Understanding the Techniques Used in Penetration Testing 193
“Do I Know This Already?” Quiz 193
Foundation Topics 197
Penetration Testing 197
Bug Bounties vs. Penetration Testing 202
Passive and Active Reconnaissance 203
Exercise Types 205
Chapter Review Activities 206
Part II: Architecture and Design
Chapter 9 Understanding the Importance of Security Concepts in an Enterprise Environment 209
“Do I Know This Already?” Quiz 209
Foundation Topics 213
Configuration Management 213
Data Sovereignty and Data Protection 214
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Inspection 215
API Considerations 216
Data Masking and Obfuscation 216
Encryption at Rest, in Transit/Motion, and in Processing 218
Hashing 218
Rights Management 219
Geographical Considerations 220
Data Breach Response and Recovery Controls 220
Site Resiliency 221
Deception and Disruption 222
Fake Telemetry 223
DNS Sinkhole 223
Chapter Review Activities 224
Chapter 10 Summarizing Virtualization and Cloud Computing Concepts 227
“Do I Know This Already?” Quiz 227
Foundation Topics 231
Cloud Models 231
Public, Private, Hybrid, and Community Clouds 232
Cloud Service Providers 233
Cloud Architecture Components 234
Fog and Edge Computing 234
Thin Clients 235
Containers 236
Microservices and APIs 240
Infrastructure as Code 241
Serverless Architecture 243
Services Integration 246
Resource Policies 246
Transit Gateway 246
Virtual Machine (VM) Sprawl Avoidance and VM Escape Protection 247
Understanding and Avoiding VM Sprawl 247
Protecting Against VM Escape Attacks 248
Chapter Review Activities 250
Chapter 11 Summarizing Secure Application Development, Deployment, and Automation Concepts 253
“Do I Know This Already?” Quiz 253
Foundation Topics 257
Software Development Environments and Methodologies 257
Application Provisioning and Deprovisioning 260
Software Integrity Measurement 261
Secure Coding Techniques 261
Core SDLC and DevOps Principles 263
Programming Testing Methods 266
Programming Vulnerabilities and Attacks 270
Open Web Application Security Project (OWASP) 276
Software Diversity 278
Automation/Scripting 278
Elasticity and Scalability 279
Chapter Review Activities 280
Chapter 12 Summarizing Authentication and Authorization Design Concepts 285
“Do I Know This Already?” Quiz 285
Foundation Topics 289
Authentication Methods 289
Directory Services 291
Federations 292
Attestation 294
Authentication Methods and Technologies 295
Biometrics 300
Fingerprints 300
Retina 301
Iris 301
Facial 301
Voice 302
Vein 302
Gait Analysis 302
Efficacy Rates 302
False Acceptance 303
False Rejection 303
Crossover Error Rate 304
Multifactor Authentication (MFA) Factors and Attributes 304
Authentication, Authorization, and Accounting (AAA) 306
Cloud vs. On-premises Requirements 306
Chapter Review Activities 308
Chapter 13 Implementing Cybersecurity Resilience 311
“Do I Know This Already?” Quiz 311
Foundation Topics 315
Redundancy 315
Geographic Dispersal 315
Disk Redundancy 315
Network Resilience 319
Power Resilience 320
Replication 323
Storage Area Network 323
Virtual Machines 324
On-premises vs. Cloud 325
Backup Types 326
Full Backup 328
Differential Backup 328
Incremental Backup 328
Non-persistence 328
High Availability 329
Restoration Order 330
Diversity 331
Technologies 331
Vendors 331
Crypto 331
Controls 332
Chapter Review Activities 332
Chapter 14 Understanding the Security Implications of Embedded and Specialized Systems 335
“Do I Know This Already?” Quiz 335
Foundation Topics 339
Embedded Systems 339
Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS) 341
Internet of Things (IoT) 344
Specialized Systems 346
Medical Systems 347
Vehicles 347
Aircraft 348
Smart Meters 350
Voice over IP (VoIP) 351
Heating, Ventilation, and Air Conditioning (HVAC) 352
Drones 353
Multifunction Printers (MFP) 354
Real-Time Operating Systems (RTOS) 355
Surveillance Systems 355
System on a Chip (SoC) 356
Communication Considerations 357
5G 357
NarrowBand 358
Baseband Radio 359
Subscriber Identity Module (SIM) Cards 360
Zigbee 360
Embedded System Constraints 361
Power 361
Compute 361
Network 362
Crypto 362
Inability to Patch 362
Authentication 363
Range 363
Cost 363
Implied Trust 363
Chapter Review Activities 364
Chapter 15 Understanding the Importance of Physical Security Controls 367
“Do I Know This Already?” Quiz 367
Foundation Topics 370
Bollards/Barricades 370
Access Control Vestibules 372
Badges 373
Alarms 374
Signage 374
Cameras 375
Closed-Circuit Television (CCTV) 376
Industrial Camouflage 377
Personnel 377
Locks 378
USB Data Blockers 379
Lighting 380
Fencing 380
Fire Suppression 381
Sensors 381
Drones 382
Visitor Logs 383
Faraday Cages 383
Air Gap 384
Screened Subnet (Previously Known as Demilitarized Zone [DMZ]) 384
Protected Cable Distribution 385
Secure Areas 385
Secure Data Destruction 386
Chapter Review Activities 387
Chapter 16 Summarizing the Basics of Cryptographic Concepts 391
“Do I Know This Already?” Quiz 391
Foundation Topics 395
Digital Signatures 395
Key Length 396
Key Stretching 397
Salting 397
Hashing 398
Key Exchange 399
Elliptic-Curve Cryptography 399
Perfect Forward Secrecy 400
Quantum 401
Communications 401
Computing 402
Post-Quantum 402
Ephemeral 403
Modes of Operation 403
Electronic Code Book Mode 404
Cipher Block Chaining Mode 405
Cipher Feedback Mode 406
Output Feedback Mode 407
Counter Mode 408
Blockchain 409
Cipher Suites 410
Symmetric vs. Asymmetric Encryption 411
Lightweight Cryptography 414
Steganography 415
Audio Steganography 415
Video Steganography 416
Image Steganography 416
Homomorphic Encryption 417
Common Use Cases 417
Limitations 418
Chapter Review Activities 420
Part III: Implementation
Chapter 17 Implementing Secure Protocols 423
“Do I Know This Already?” Quiz 423
Foundation Topics 426
Protocols 426
Domain Name System Security Extensions 426
SSH 427
Secure/Multipurpose Internet Mail Extensions 428
Secure Real-Time Transport Protocol 430
Lightweight Directory Access Protocol over SSL 432
File Transfer Protocol, Secure 432
Secure (or SSH) File Transfer Protocol 434
Simple Network Management Protocol Version 3 434
Hypertext Transfer Protocol over SSL/TLS 436
IPsec 437
Post Office Protocol/Internet Message Access Protocol 438
Use Cases 439
Voice and Video 440
Time Synchronization 440
Email and Web 441
File Transfer 441
Directory Services 442
Remote Access 442
Domain Name Resolution 442
Routing and Switching 443
Network Address Allocation 443
Subscription Services 444
Chapter Review Activities 444
Chapter 18 Implementing Host or Application Security Solutions 447
“Do I Know This Already?” Quiz 447
Foundation Topics 451
Endpoint Protection 451
Antivirus 451
Antimalware 452
Endpoint Detection and Response 452
Data Loss Prevention 453
Next-Generation Firewall 453
Host-based Intrusion Prevention System 454
Host-based Intrusion Detection System 456
Host-based Firewall 457
Boot Integrity 458
Boot Security/Unified Extensible Firmware Interface 459
Measured Boot 459
Boot Attestation 460
Database 461
Tokenization 461
Salting 462
Hashing 463
Application Security 463
Input Validations 464
Secure Cookies 465
Hypertext Transfer Protocol Headers 465
Code Signing 466
Allow List 467
Block List/Deny List 467
Secure Coding Practices 468
Static Code Analysis 468
Manual Code Review 470
Dynamic Code Analysis 470
Fuzzing 471
Hardening 471
Open Ports and Services 471
Registry 472
Disk Encryption 473
Operating System 473
Patch Management 474
Self-Encrypting Drive/Full-Disk Encryption 475
OPAL 476
Hardware Root of Trust 476
Trusted Platform Module 477
Sandboxing 478
Chapter Review Activities 479
Chapter 19 Implementing Secure Network Designs 483
“Do I Know This Already?” Quiz 483
Foundation Topics 488
Load Balancing 488
Active/Active 488
Active/Passive 488
Scheduling 488
Virtual IP 488
Persistence 489
Network Segmentation 489
Application-Based Segmentation and Microsegmentation 489
Virtual Local Area Network 490
Screened Subnet 491
East-West Traffic 492
Intranets and Extranets 492
Zero Trust 494
Virtual Private Network 494
Remote Access vs. Site-to-Site 496
IPsec 497
SSL/TLS 505
HTML5 508
Layer 2 Tunneling Protocol 508
DNS 509
Network Access Control 510
Out-of-Band Management 510
Port Security 511
Broadcast Storm Prevention 512
Bridge Protocol Data Unit Guard 512
Loop Prevention 512
Dynamic Host Configuration Protocol Snooping 512
Media Access Control Filtering 513
Network Appliances 513
Jump Servers 514
Proxy Servers 514
Network-Based Intrusion Detection System/Network-Based Intrusion
Prevention System 516
Summary of NIDS vs. NIPS 519
HSM 524
Sensors 524
Collectors 525
Aggregators 526
Firewalls 526
Hardware vs. Software 534
Appliance vs. Host-based vs. Virtual 534
Access Control List 535
Route Security 535
Quality of Service 536
Implications of IPv6 536
Port Spanning/Port Mirroring 537
Monitoring Services 538
Performance Baselining 539
File Integrity Monitors 542
Chapter Review Activities 542
Chapter 20 Installing and Configuring Wireless Security Settings 547
“Do I Know This Already?” Quiz 547
Foundation Topics 551
Cryptographic Protocols 551
Wi-Fi Protected Access 2 (WPA2) 551
Wi-Fi Protected Access 3 (WPA3) 551
Counter-mode/CBC-MAC Protocol (CCMP) 552
Simultaneous Authentication of Equals 552
Wireless Cryptographic Protocol Summary 552
Authentication Protocols 553
802.1X and EAP 553
IEEE 802.1x 556
Remote Authentication Dial-In User Service (RADIUS) Federation 556
Methods 557
Wi-Fi Protected Setup 558
Captive Portals 559
Installation Considerations 559
Controller and Access Point Security 562
Wireless Access Point Vulnerabilities 563
Chapter Review Activities 564
Chapter 21 Implementing Secure Mobile Solutions 567
“Do I Know This Already?” Quiz 567
Foundation Topics 570
Connection Methods and Receivers 570
RFID and NFC 571
More Wireless Connection Methods and Receivers 572
Secure Implementation Best Practices 573
Mobile Device Management 574
MDM Security Feature Concerns: Application and Content Management 576
MDM Security Feature Concerns: Remote Wipe, Geofencing, Geolocation, Screen Locks, Passwords and PINs, Full Device Encryption 578
Mobile Device Management Enforcement and Monitoring 581
Mobile Devices 585
MDM/Unified Endpoint Management 587
SEAndroid 588
Deployment Models 588
Secure Implementation of BYOD, CYOD, and COPE 589
Chapter Review Activities 591
Chapter 22 Applying Cybersecurity Solutions to the Cloud 595
“Do I Know This Already?” Quiz 595
Foundation Topics 598
Cloud Security Controls 598
Security Assessment in the Cloud 598
Understanding the Different Cloud Security Threats 598
Cloud Computing Attacks 601
High Availability Across Zones 603
Resource Policies 603
Integration and Auditing 604
Secrets Management 604
Storage 605
Network 606
Compute 607
Summary of Cloud Security Controls 609
Solutions 611
CASB 611
Application Security 612
Next-Generation Secure Web Gateway 613
Firewall Considerations in a Cloud Environment 613
Summary of Cybersecurity Solutions to the Cloud 614
Cloud Native Controls vs. Third-Party Solutions 615
Chapter Review Activities 615
Chapter 23 Implementing Identity and Account Management Controls 619
“Do I Know This Already?” Quiz 619
Foundation Topics 623
Identity 623
Identity Provider (IdP) 623
Authentication 625
Certificates 626
Tokens 627
SSH Keys 628
Smart Cards 629
Account Types 629
Account Policies 633
Introduction to Identity and Access Management 633
Attribute-Based Access Control (ABAC) 638
Rights, Permissions, and Policies 640
Permission Inheritance and Propagation 645
Chapter Review Activities 647
Chapter 24 Implementing Authentication and Authorization Solutions 651
“Do I Know This Already?” Quiz 651
Foundation Topics 655
Authentication Management 655
Password Keys 655
Password Vaults 655
Trusted Platform Module 656
Hardware Security Modules 656
Knowledge-Based Authentication 656
Authentication/Authorization 657
Security Assertion Markup Language 659
OAuth 661
OpenID and OpenID Connect 663
Remote Authentication Technologies 670
Access Control Schemes 674
Discretionary Access Control 674
Mandatory Access Control 676
Role-Based Access Control 677
Attribute-Based Access Control 678
Rule-Based Access Control 678
Conditional Access 678
Privileged Access Management 678
Summary of Access Control Models 679
Access Control Wise Practices 680
Chapter Review Activities 681
Chapter 25 Implementing Public Key Infrastructure 685
“Do I Know This Already?” Quiz 685
Foundation Topics 688
Public Key Infrastructure 688
Key Management 688
Certificate Authorities 689
Certificate Attributes 691
Subject Alternative Name 693
Expiration 693
Types of Certificates 694
SSL Certificate Types 694
Certificate Chaining 696
Certificate Formats 697
PKI Concepts 698
Trust Model 698
Certificate Pinning 698
Stapling, Key Escrow, Certificate Chaining, Online vs. Offline CA 698
Chapter Review Activities 700
Part IV: Operations and Incident Response
Chapter 26 Using the Appropriate Tool to Assess Organizational Security 703
“Do I Know This Already?” Quiz 703
Foundation Topics 707
Network Reconnaissance and Discovery 707
tracert/traceroute 707
nslookup/dig 709
ipconfig/ifconfig 710
nmap 711
ping/pathping 714
hping 717
netstat 718
netcat 720
IP Scanners 721
arp 721
route 723
curl 724
theHarvester 725
sn1per 726
scanless 727
dnsenum 728
Nessus 730
Cuckoo 731
File Manipulation 732
head 733
tail 734
cat 734
grep 735
chmod 736
Logger 737
Shell and Script Environments 738
SSH 739
PowerShell 740
Python 741
OpenSSL 741
Packet Capture and Replay 742
Tcpreplay 742
Tcpdump 742
Wireshark 743
Forensics 744
dd 744
Memdump 745
WinHex 746
FTK Imager 747
Autopsy 747
Exploitation Frameworks 747
Password Crackers 748
Data Sanitization 750
Chapter Review Activities 750
Chapter 27 Summarizing the Importance of Policies, Processes, and Procedures for Incident Response 755
“Do I Know This Already?” Quiz 755
Foundation Topics 760
Incident Response Plans 760
Incident Response Process 761
Preparation 762
Identification 763
Containment 763
Eradication 764
Recovery 764
Lessons Learned 764
Exercises 765
Tabletop 765
Walkthroughs 766
Simulations 766
Attack Frameworks 767
MITRE ATT&CK 767
The Diamond Model of Intrusion Analysis 768
Cyber Kill Chain 770
Stakeholder Management 771
Communication Plan 771
Disaster Recovery Plan 772
Business Continuity Plan 773
Continuity of Operations Planning (COOP) 774
Incident Response Team 775
Retention Policies 776
Chapter Review Activities 776
Chapter 28 Using Appropriate Data Sources to Support an Investigation 781
“Do I Know This Already?” Quiz 781
Foundation Topics 785
Vulnerability Scan Output 785
SIEM Dashboards 786
Sensors 787
Sensitivity 788
Trends 788
Alerts 788
Correlation 788
Log Files 789
Network 790
System 791
Application 792
Security 793
Web 794
DNS 795
Authentication 796
Dump Files 797
VoIP and Call Managers 799
Session Initiation Protocol Traffic 800
syslog/rsyslog/syslog-ng 800
journalctl 802
NXLog 803
Bandwidth Monitors 804
Metadata 805
Email 808
Mobile 808
Web 808
File 809
NetFlow/sFlow 809
NetFlow 809
sFlow 810
IPFIX 811
Protocol Analyzer Output 813
Chapter Review Activities 814
Chapter 29 Applying Mitigation Techniques or Controls to Secure an Environment 819
“Do I Know This Already?” Quiz 819
Foundation Topics 822
Reconfigure Endpoint Security Solutions 822
Application Approved Lists 822
Application Block List/Deny List 822
Quarantine 823
Configuration Changes 824
Firewall Rules 825
MDM 825
Data Loss Prevention 828
Content Filter/URL Filter 828
Update or Revoke Certificates 829
Isolation 830
Containment 830
Segmentation 831
SOAR 832
Runbooks 833
Playbooks 834
Chapter Review Activities 834
Chapter 30 Understanding the Key Aspects of Digital Forensics 837
“Do I Know This Already?” Quiz 837
Foundation Topics 842
Documentation/Evidence 842
Legal Hold 842
Video 842
Admissibility 843
Chain of Custody 844
Timelines of Sequence of Events 844
Tags 845
Reports 846
Event Logs 846
Interviews 846
Acquisition 847
Order of Volatility 848
Disk 848
Random-Access Memory 848
Swap/Pagefile 849
Operating System 850
Device 850
Firmware 851
Snapshot 851
Cache 852
Network 852
Artifacts 853
On-premises vs. Cloud 853
Right-to-Audit Clauses 854
Regulatory/Jurisdiction 855
Data Breach Notification Laws 855
Integrity 856
Hashing 856
Checksums 857
Provenance 857
Preservation 858
E-discovery 858
Data Recovery 859
Nonrepudiation 859
Strategic Intelligence/Counterintelligence 860
Chapter Review Activities 860
Part V: Governance, Risk, and Compliance
Chapter 31 Comparing and Contrasting the Various Types of Controls 865
“Do I Know This Already?” Quiz 865
Foundation Topics 868
Control Category 868
Managerial Controls 868
Operational Controls 868
Technical Controls 868
Summary of Control Categories 869
Control Types 869
Preventative Controls 869
Detective Controls 869
Corrective Controls 870
Deterrent Controls 870
Compensating Controls 871
Physical Controls 871
Summary of Control Types 872
Chapter Review Activities 873
Chapter 32 Understanding the Importance of Applicable Regulations, Standards, or Frameworks That Impact Organizational Security Posture 875
“Do I Know This Already?” Quiz 875
Foundation Topics 878
Regulations, Standards, and Legislation 878
General Data Protection Regulation 879
National, Territory, or State Laws 879
Payment Card Industry Data Security Standard (PCI DSS) 881
Key Frameworks 881
Benchmarks and Secure Configuration Guides 885
Security Content Automation Protocol 885
Chapter Review Activities 889
Chapter 33 Understanding the Importance of Policies to Organizational Security 893
“Do I Know This Already?” Quiz 894
Foundation Topics 897
Personnel Policies 897
Privacy Policies 897
Acceptable Use 898
Separation of Duties/Job Rotation 898
Mandatory Vacations 898
Onboarding and Offboarding 899
Personnel Security Policies 900
Diversity of Training Techniques 900
User Education and Awareness Training 901
Third-Party Risk Management 902
Data Concepts 904
Understanding Classification and Governance 904
Data Retention 906
Credential Policies 906
Organizational Policies 908
Change Management and Change Control 909
Asset Management 909
Chapter Review Activities 910
Chapter 34 Summarizing Risk Management Processes and Concepts 913
“Do I Know This Already?” Quiz 913
Foundation Topics 917
Risk Types 917
Risk Management Strategies 918
Risk Analysis 919
Qualitative Risk Assessment 921
Quantitative Risk Assessment 922
Disaster Analysis 924
Business Impact Analysis 926
Disaster Recovery Planning 928
Chapter Review Activities 930
Chapter 35 Understanding Privacy and Sensitive Data Concepts in Relation to Security 935
“Do I Know This Already?” Quiz 935
Foundation Topics 940
Organizational Consequences of Privacy and Data Breaches 940
Notifications of Breaches 941
Data Types and Asset Classification 941
Personally Identifiable Information and Protected Health Information 943
Privacy Enhancing Technologies 944
Roles and Responsibilities 945
Information Lifecycle 947
Impact Assessment 948
Terms of Agreement 948
Privacy Notice 949
Chapter Review Activities 949
Part VI: Final Preparation
Chapter 36 Final Preparation 953
Hands-on Activities 953
Suggested Plan for Final Review and Study 953
Summary 954
Glossary of Key Terms 955
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 1023
Appendix B CompTIA Security+ (SY0-601) Cert Guide Exam Updates 1087
Online Elements:
Appendix C Study Planner
Glossary of Key Terms
9780136770312 TOC 6/19/2021
Part I: Threats, Attacks, and Vulnerabilities
Chapter 1 Comparing and Contrasting Different Types of Social Engineering Techniques 3
“Do I Know This Already?” Quiz 3
Foundation Topics 7
Social Engineering Fundamentals 7
Phishing and Spear Phishing 9
Smishing 12
Vishing 12
Spam and Spam over Internet Messaging (SPIM) 13
Dumpster Diving 13
Shoulder Surfing 14
Pharming 14
Piggybacking or Tailgating 15
Eliciting Information 15
Whaling 16
Prepending 17
Identity Fraud 17
Invoice Scams 17
Credential Harvesting 18
Reconnaissance 18
Hoaxes 19
Impersonation or Pretexting 19
Eavesdropping 19
Baiting 20
Watering Hole Attack 20
Typo Squatting 20
Influence Campaigns, Principles of Social Engineering, and Reasons for Effectiveness 21
User Security Awareness Education 22
Chapter Review Activities 24
Chapter 2 Analyzing Potential Indicators to Determine the Type of Attack 29
“Do I Know This Already?” Quiz 29
Foundation Topics 33
Malicious Software (Malware) 33
Ransomware and Cryptomalware 33
Trojans 35
Remote Access Trojans (RATs) and Rootkits 35
Worms 36
Fileless Virus 37
Command and Control, Bots, and Botnets 37
Logic Bombs 39
Potentially Unwanted Programs (PUPs) and Spyware 40
Keyloggers 42
Backdoors 43
Malware Delivery Mechanisms 43
You Can't Save Every Computer from Malware! 45
Password Attacks 45
Dictionary-based and Brute-force Attacks 45
Password Spraying 46
Offline and Online Password Cracking 46
Rainbow Tables 47
Plaintext/Unencrypted 47
Physical Attacks 48
Malicious Flash Drives 48
Malicious Universal Serial Bus (USB) Cables 48
Card Cloning Attacks 48
Skimming 49
Adversarial Artificial Intelligence 50
Tainted Training Data for Machine Learning 50
Security of Machine Learning Algorithms 50
Supply-Chain Attacks 51
Cloud-based vs. On-premises Attacks 52
Cloud Security Threats 52
Cloud Computing Attacks 54
Cryptographic Attacks 55
Collision 55
Birthday 56
Downgrade 56
Chapter Review Activities 57
Chapter 3 Analyzing Potential Indicators Associated with Application Attacks 61
“Do I Know This Already?” Quiz 61
Foundation Topics 67
Privilege Escalation 67
Cross-Site Scripting (XSS) Attacks 68
Injection Attacks 70
Structured Query Language (SQL) Injection Attacks 70
SQL Injection Categories 73
Dynamic Link Library (DLL) Injection Attacks 74
Lightweight Directory Access Protocol (LDAP) Injection Attacks 74
Extensible Markup Language (XML) Injection Attacks 74
Pointer/Object Dereference 75
Directory Traversal 76
Buffer Overflows 77
Arbitrary Code Execution/Remote Code Execution 78
Race Conditions 79
Error Handling 79
Improper Input Handling 80
Compile-Time Errors vs. Runtime Errors 81
Replay Attacks 82
Request Forgeries 85
Application Programming Interface (API) Attacks 86
Resource Exhaustion 87
Memory Leaks 88
Secure Socket Layer (SSL) Stripping 88
Driver Manipulation 89
Pass the Hash 89
Chapter Review Activities 90
Chapter 4 Analyzing Potential Indicators Associated with Network Attacks 95
“Do I Know This Already?” Quiz 95
Foundation Topics 98
Wireless Attacks 98
Evil Twin Attacks 98
Rogue Access Points 99
Bluesnarfing Attacks 99
Bluejacking Attacks 100
Disassociation and Deauthentication Attacks 101
Jamming Attacks 102
Radio Frequency Identifier (RFID) Attacks 102
Near-Field Communication (NFC) Attacks 102
Initialization Vector (IV) Attacks 103
On-Path Attacks 103
Layer 2 Attacks 105
Address Resolution Protocol (ARP) Poisoning Attacks 105
Media Access Control (MAC) Flooding Attacks 106
MAC Cloning Attacks 106
Best Practices to Protect Against Layer 2 Attacks 106
Domain Name System (DNS) Attacks 107
Domain Hijacking Attacks 108
DNS Poisoning Attacks 108
Uniform Resource Locator (URL) Redirection Attacks 110
Domain Reputation 110
Distributed Denial-of-Service (DDoS) Attacks 111
Malicious Code or Script Execution Attacks 113
Chapter Review Activities 114
Chapter 5 Understanding Different Threat Actors, Vectors, and Intelligence Sources 117
“Do I Know This Already?” Quiz 117
Foundation Topics 120
Actors and Threats 120
Attributes of Threat Actors 122
Attack Vectors 122
Threat Intelligence and Threat Intelligence Sources 123
Structured Threat Information eXpression (STIX) and the Trusted Automated eXchange of Indicator Information (TAXII) 125
Research Sources 127
The MITRE ATT&CK Framework 128
Chapter Review Activities 129
Chapter 6 Understanding the Security Concerns Associated with Various Types of Vulnerabilities 133
“Do I Know This Already?” Quiz 133
Foundation Topics 137
Cloud-based vs. On-premises Vulnerabilities 137
Other “Cloud”-based Concerns 143
Server Defense 144
Zero-day Vulnerabilities 149
Weak Configurations 150
Third-party Risks 155
Improper or Weak Patch Management 160
Patches and Hotfixes 161
Patch Management 163
Legacy Platforms 165
The Impact of Cybersecurity Attacks and Breaches 165
Chapter Review Activities 166
Chapter 7 Summarizing the Techniques Used in Security Assessments 171
“Do I Know This Already?” Quiz 171
Foundation Topics 175
Threat Hunting 175
Security Advisories and Bulletins 177
Vulnerability Scans 180
Credentialed vs. Noncredentialed 182
Intrusive vs. Nonintrusive 182
Common Vulnerability Scoring System (CVSS) 182
Logs and Security Information and Event Management (SIEM) 186
Security Orchestration, Automation, and Response (SOAR) 188
Chapter Review Activities 189
Chapter 8 Understanding the Techniques Used in Penetration Testing 193
“Do I Know This Already?” Quiz 193
Foundation Topics 197
Penetration Testing 197
Bug Bounties vs. Penetration Testing 202
Passive and Active Reconnaissance 203
Exercise Types 205
Chapter Review Activities 206
Part II: Architecture and Design
Chapter 9 Understanding the Importance of Security Concepts in an Enterprise Environment 209
“Do I Know This Already?” Quiz 209
Foundation Topics 213
Configuration Management 213
Data Sovereignty and Data Protection 214
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Inspection 215
API Considerations 216
Data Masking and Obfuscation 216
Encryption at Rest, in Transit/Motion, and in Processing 218
Hashing 218
Rights Management 219
Geographical Considerations 220
Data Breach Response and Recovery Controls 220
Site Resiliency 221
Deception and Disruption 222
Fake Telemetry 223
DNS Sinkhole 223
Chapter Review Activities 224
Chapter 10 Summarizing Virtualization and Cloud Computing Concepts 227
“Do I Know This Already?” Quiz 227
Foundation Topics 231
Cloud Models 231
Public, Private, Hybrid, and Community Clouds 232
Cloud Service Providers 233
Cloud Architecture Components 234
Fog and Edge Computing 234
Thin Clients 235
Containers 236
Microservices and APIs 240
Infrastructure as Code 241
Serverless Architecture 243
Services Integration 246
Resource Policies 246
Transit Gateway 246
Virtual Machine (VM) Sprawl Avoidance and VM Escape Protection 247
Understanding and Avoiding VM Sprawl 247
Protecting Against VM Escape Attacks 248
Chapter Review Activities 250
Chapter 11 Summarizing Secure Application Development, Deployment, and Automation Concepts 253
“Do I Know This Already?” Quiz 253
Foundation Topics 257
Software Development Environments and Methodologies 257
Application Provisioning and Deprovisioning 260
Software Integrity Measurement 261
Secure Coding Techniques 261
Core SDLC and DevOps Principles 263
Programming Testing Methods 266
Programming Vulnerabilities and Attacks 270
Open Web Application Security Project (OWASP) 276
Software Diversity 278
Automation/Scripting 278
Elasticity and Scalability 279
Chapter Review Activities 280
Chapter 12 Summarizing Authentication and Authorization Design Concepts 285
“Do I Know This Already?” Quiz 285
Foundation Topics 289
Authentication Methods 289
Directory Services 291
Federations 292
Attestation 294
Authentication Methods and Technologies 295
Biometrics 300
Fingerprints 300
Retina 301
Iris 301
Facial 301
Voice 302
Vein 302
Gait Analysis 302
Efficacy Rates 302
False Acceptance 303
False Rejection 303
Crossover Error Rate 304
Multifactor Authentication (MFA) Factors and Attributes 304
Authentication, Authorization, and Accounting (AAA) 306
Cloud vs. On-premises Requirements 306
Chapter Review Activities 308
Chapter 13 Implementing Cybersecurity Resilience 311
“Do I Know This Already?” Quiz 311
Foundation Topics 315
Redundancy 315
Geographic Dispersal 315
Disk Redundancy 315
Network Resilience 319
Power Resilience 320
Replication 323
Storage Area Network 323
Virtual Machines 324
On-premises vs. Cloud 325
Backup Types 326
Full Backup 328
Differential Backup 328
Incremental Backup 328
Non-persistence 328
High Availability 329
Restoration Order 330
Diversity 331
Technologies 331
Vendors 331
Crypto 331
Controls 332
Chapter Review Activities 332
Chapter 14 Understanding the Security Implications of Embedded and Specialized Systems 335
“Do I Know This Already?” Quiz 335
Foundation Topics 339
Embedded Systems 339
Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS) 341
Internet of Things (IoT) 344
Specialized Systems 346
Medical Systems 347
Vehicles 347
Aircraft 348
Smart Meters 350
Voice over IP (VoIP) 351
Heating, Ventilation, and Air Conditioning (HVAC) 352
Drones 353
Multifunction Printers (MFP) 354
Real-Time Operating Systems (RTOS) 355
Surveillance Systems 355
System on a Chip (SoC) 356
Communication Considerations 357
5G 357
NarrowBand 358
Baseband Radio 359
Subscriber Identity Module (SIM) Cards 360
Zigbee 360
Embedded System Constraints 361
Power 361
Compute 361
Network 362
Crypto 362
Inability to Patch 362
Authentication 363
Range 363
Cost 363
Implied Trust 363
Chapter Review Activities 364
Chapter 15 Understanding the Importance of Physical Security Controls 367
“Do I Know This Already?” Quiz 367
Foundation Topics 370
Bollards/Barricades 370
Access Control Vestibules 372
Badges 373
Alarms 374
Signage 374
Cameras 375
Closed-Circuit Television (CCTV) 376
Industrial Camouflage 377
Personnel 377
Locks 378
USB Data Blockers 379
Lighting 380
Fencing 380
Fire Suppression 381
Sensors 381
Drones 382
Visitor Logs 383
Faraday Cages 383
Air Gap 384
Screened Subnet (Previously Known as Demilitarized Zone [DMZ]) 384
Protected Cable Distribution 385
Secure Areas 385
Secure Data Destruction 386
Chapter Review Activities 387
Chapter 16 Summarizing the Basics of Cryptographic Concepts 391
“Do I Know This Already?” Quiz 391
Foundation Topics 395
Digital Signatures 395
Key Length 396
Key Stretching 397
Salting 397
Hashing 398
Key Exchange 399
Elliptic-Curve Cryptography 399
Perfect Forward Secrecy 400
Quantum 401
Communications 401
Computing 402
Post-Quantum 402
Ephemeral 403
Modes of Operation 403
Electronic Code Book Mode 404
Cipher Block Chaining Mode 405
Cipher Feedback Mode 406
Output Feedback Mode 407
Counter Mode 408
Blockchain 409
Cipher Suites 410
Symmetric vs. Asymmetric Encryption 411
Lightweight Cryptography 414
Steganography 415
Audio Steganography 415
Video Steganography 416
Image Steganography 416
Homomorphic Encryption 417
Common Use Cases 417
Limitations 418
Chapter Review Activities 420
Part III: Implementation
Chapter 17 Implementing Secure Protocols 423
“Do I Know This Already?” Quiz 423
Foundation Topics 426
Protocols 426
Domain Name System Security Extensions 426
SSH 427
Secure/Multipurpose Internet Mail Extensions 428
Secure Real-Time Transport Protocol 430
Lightweight Directory Access Protocol over SSL 432
File Transfer Protocol, Secure 432
Secure (or SSH) File Transfer Protocol 434
Simple Network Management Protocol Version 3 434
Hypertext Transfer Protocol over SSL/TLS 436
IPsec 437
Post Office Protocol/Internet Message Access Protocol 438
Use Cases 439
Voice and Video 440
Time Synchronization 440
Email and Web 441
File Transfer 441
Directory Services 442
Remote Access 442
Domain Name Resolution 442
Routing and Switching 443
Network Address Allocation 443
Subscription Services 444
Chapter Review Activities 444
Chapter 18 Implementing Host or Application Security Solutions 447
“Do I Know This Already?” Quiz 447
Foundation Topics 451
Endpoint Protection 451
Antivirus 451
Antimalware 452
Endpoint Detection and Response 452
Data Loss Prevention 453
Next-Generation Firewall 453
Host-based Intrusion Prevention System 454
Host-based Intrusion Detection System 456
Host-based Firewall 457
Boot Integrity 458
Boot Security/Unified Extensible Firmware Interface 459
Measured Boot 459
Boot Attestation 460
Database 461
Tokenization 461
Salting 462
Hashing 463
Application Security 463
Input Validations 464
Secure Cookies 465
Hypertext Transfer Protocol Headers 465
Code Signing 466
Allow List 467
Block List/Deny List 467
Secure Coding Practices 468
Static Code Analysis 468
Manual Code Review 470
Dynamic Code Analysis 470
Fuzzing 471
Hardening 471
Open Ports and Services 471
Registry 472
Disk Encryption 473
Operating System 473
Patch Management 474
Self-Encrypting Drive/Full-Disk Encryption 475
OPAL 476
Hardware Root of Trust 476
Trusted Platform Module 477
Sandboxing 478
Chapter Review Activities 479
Chapter 19 Implementing Secure Network Designs 483
“Do I Know This Already?” Quiz 483
Foundation Topics 488
Load Balancing 488
Active/Active 488
Active/Passive 488
Scheduling 488
Virtual IP 488
Persistence 489
Network Segmentation 489
Application-Based Segmentation and Microsegmentation 489
Virtual Local Area Network 490
Screened Subnet 491
East-West Traffic 492
Intranets and Extranets 492
Zero Trust 494
Virtual Private Network 494
Remote Access vs. Site-to-Site 496
IPsec 497
SSL/TLS 505
HTML5 508
Layer 2 Tunneling Protocol 508
DNS 509
Network Access Control 510
Out-of-Band Management 510
Port Security 511
Broadcast Storm Prevention 512
Bridge Protocol Data Unit Guard 512
Loop Prevention 512
Dynamic Host Configuration Protocol Snooping 512
Media Access Control Filtering 513
Network Appliances 513
Jump Servers 514
Proxy Servers 514
Network-Based Intrusion Detection System/Network-Based Intrusion
Prevention System 516
Summary of NIDS vs. NIPS 519
HSM 524
Sensors 524
Collectors 525
Aggregators 526
Firewalls 526
Hardware vs. Software 534
Appliance vs. Host-based vs. Virtual 534
Access Control List 535
Route Security 535
Quality of Service 536
Implications of IPv6 536
Port Spanning/Port Mirroring 537
Monitoring Services 538
Performance Baselining 539
File Integrity Monitors 542
Chapter Review Activities 542
Chapter 20 Installing and Configuring Wireless Security Settings 547
“Do I Know This Already?” Quiz 547
Foundation Topics 551
Cryptographic Protocols 551
Wi-Fi Protected Access 2 (WPA2) 551
Wi-Fi Protected Access 3 (WPA3) 551
Counter-mode/CBC-MAC Protocol (CCMP) 552
Simultaneous Authentication of Equals 552
Wireless Cryptographic Protocol Summary 552
Authentication Protocols 553
802.1X and EAP 553
IEEE 802.1x 556
Remote Authentication Dial-In User Service (RADIUS) Federation 556
Methods 557
Wi-Fi Protected Setup 558
Captive Portals 559
Installation Considerations 559
Controller and Access Point Security 562
Wireless Access Point Vulnerabilities 563
Chapter Review Activities 564
Chapter 21 Implementing Secure Mobile Solutions 567
“Do I Know This Already?” Quiz 567
Foundation Topics 570
Connection Methods and Receivers 570
RFID and NFC 571
More Wireless Connection Methods and Receivers 572
Secure Implementation Best Practices 573
Mobile Device Management 574
MDM Security Feature Concerns: Application and Content Management 576
MDM Security Feature Concerns: Remote Wipe, Geofencing, Geolocation, Screen Locks, Passwords and PINs, Full Device Encryption 578
Mobile Device Management Enforcement and Monitoring 581
Mobile Devices 585
MDM/Unified Endpoint Management 587
SEAndroid 588
Deployment Models 588
Secure Implementation of BYOD, CYOD, and COPE 589
Chapter Review Activities 591
Chapter 22 Applying Cybersecurity Solutions to the Cloud 595
“Do I Know This Already?” Quiz 595
Foundation Topics 598
Cloud Security Controls 598
Security Assessment in the Cloud 598
Understanding the Different Cloud Security Threats 598
Cloud Computing Attacks 601
High Availability Across Zones 603
Resource Policies 603
Integration and Auditing 604
Secrets Management 604
Storage 605
Network 606
Compute 607
Summary of Cloud Security Controls 609
Solutions 611
CASB 611
Application Security 612
Next-Generation Secure Web Gateway 613
Firewall Considerations in a Cloud Environment 613
Summary of Cybersecurity Solutions to the Cloud 614
Cloud Native Controls vs. Third-Party Solutions 615
Chapter Review Activities 615
Chapter 23 Implementing Identity and Account Management Controls 619
“Do I Know This Already?” Quiz 619
Foundation Topics 623
Identity 623
Identity Provider (IdP) 623
Authentication 625
Certificates 626
Tokens 627
SSH Keys 628
Smart Cards 629
Account Types 629
Account Policies 633
Introduction to Identity and Access Management 633
Attribute-Based Access Control (ABAC) 638
Rights, Permissions, and Policies 640
Permission Inheritance and Propagation 645
Chapter Review Activities 647
Chapter 24 Implementing Authentication and Authorization Solutions 651
“Do I Know This Already?” Quiz 651
Foundation Topics 655
Authentication Management 655
Password Keys 655
Password Vaults 655
Trusted Platform Module 656
Hardware Security Modules 656
Knowledge-Based Authentication 656
Authentication/Authorization 657
Security Assertion Markup Language 659
OAuth 661
OpenID and OpenID Connect 663
Remote Authentication Technologies 670
Access Control Schemes 674
Discretionary Access Control 674
Mandatory Access Control 676
Role-Based Access Control 677
Attribute-Based Access Control 678
Rule-Based Access Control 678
Conditional Access 678
Privileged Access Management 678
Summary of Access Control Models 679
Access Control Wise Practices 680
Chapter Review Activities 681
Chapter 25 Implementing Public Key Infrastructure 685
“Do I Know This Already?” Quiz 685
Foundation Topics 688
Public Key Infrastructure 688
Key Management 688
Certificate Authorities 689
Certificate Attributes 691
Subject Alternative Name 693
Expiration 693
Types of Certificates 694
SSL Certificate Types 694
Certificate Chaining 696
Certificate Formats 697
PKI Concepts 698
Trust Model 698
Certificate Pinning 698
Stapling, Key Escrow, Certificate Chaining, Online vs. Offline CA 698
Chapter Review Activities 700
Part IV: Operations and Incident Response
Chapter 26 Using the Appropriate Tool to Assess Organizational Security 703
“Do I Know This Already?” Quiz 703
Foundation Topics 707
Network Reconnaissance and Discovery 707
tracert/traceroute 707
nslookup/dig 709
ipconfig/ifconfig 710
nmap 711
ping/pathping 714
hping 717
netstat 718
netcat 720
IP Scanners 721
arp 721
route 723
curl 724
theHarvester 725
sn1per 726
scanless 727
dnsenum 728
Nessus 730
Cuckoo 731
File Manipulation 732
head 733
tail 734
cat 734
grep 735
chmod 736
Logger 737
Shell and Script Environments 738
SSH 739
PowerShell 740
Python 741
OpenSSL 741
Packet Capture and Replay 742
Tcpreplay 742
Tcpdump 742
Wireshark 743
Forensics 744
dd 744
Memdump 745
WinHex 746
FTK Imager 747
Autopsy 747
Exploitation Frameworks 747
Password Crackers 748
Data Sanitization 750
Chapter Review Activities 750
Chapter 27 Summarizing the Importance of Policies, Processes, and Procedures for Incident Response 755
“Do I Know This Already?” Quiz 755
Foundation Topics 760
Incident Response Plans 760
Incident Response Process 761
Preparation 762
Identification 763
Containment 763
Eradication 764
Recovery 764
Lessons Learned 764
Exercises 765
Tabletop 765
Walkthroughs 766
Simulations 766
Attack Frameworks 767
MITRE ATT&CK 767
The Diamond Model of Intrusion Analysis 768
Cyber Kill Chain 770
Stakeholder Management 771
Communication Plan 771
Disaster Recovery Plan 772
Business Continuity Plan 773
Continuity of Operations Planning (COOP) 774
Incident Response Team 775
Retention Policies 776
Chapter Review Activities 776
Chapter 28 Using Appropriate Data Sources to Support an Investigation 781
“Do I Know This Already?” Quiz 781
Foundation Topics 785
Vulnerability Scan Output 785
SIEM Dashboards 786
Sensors 787
Sensitivity 788
Trends 788
Alerts 788
Correlation 788
Log Files 789
Network 790
System 791
Application 792
Security 793
Web 794
DNS 795
Authentication 796
Dump Files 797
VoIP and Call Managers 799
Session Initiation Protocol Traffic 800
syslog/rsyslog/syslog-ng 800
journalctl 802
NXLog 803
Bandwidth Monitors 804
Metadata 805
Email 808
Mobile 808
Web 808
File 809
NetFlow/sFlow 809
NetFlow 809
sFlow 810
IPFIX 811
Protocol Analyzer Output 813
Chapter Review Activities 814
Chapter 29 Applying Mitigation Techniques or Controls to Secure an Environment 819
“Do I Know This Already?” Quiz 819
Foundation Topics 822
Reconfigure Endpoint Security Solutions 822
Application Approved Lists 822
Application Block List/Deny List 822
Quarantine 823
Configuration Changes 824
Firewall Rules 825
MDM 825
Data Loss Prevention 828
Content Filter/URL Filter 828
Update or Revoke Certificates 829
Isolation 830
Containment 830
Segmentation 831
SOAR 832
Runbooks 833
Playbooks 834
Chapter Review Activities 834
Chapter 30 Understanding the Key Aspects of Digital Forensics 837
“Do I Know This Already?” Quiz 837
Foundation Topics 842
Documentation/Evidence 842
Legal Hold 842
Video 842
Admissibility 843
Chain of Custody 844
Timelines of Sequence of Events 844
Tags 845
Reports 846
Event Logs 846
Interviews 846
Acquisition 847
Order of Volatility 848
Disk 848
Random-Access Memory 848
Swap/Pagefile 849
Operating System 850
Device 850
Firmware 851
Snapshot 851
Cache 852
Network 852
Artifacts 853
On-premises vs. Cloud 853
Right-to-Audit Clauses 854
Regulatory/Jurisdiction 855
Data Breach Notification Laws 855
Integrity 856
Hashing 856
Checksums 857
Provenance 857
Preservation 858
E-discovery 858
Data Recovery 859
Nonrepudiation 859
Strategic Intelligence/Counterintelligence 860
Chapter Review Activities 860
Part V: Governance, Risk, and Compliance
Chapter 31 Comparing and Contrasting the Various Types of Controls 865
“Do I Know This Already?” Quiz 865
Foundation Topics 868
Control Category 868
Managerial Controls 868
Operational Controls 868
Technical Controls 868
Summary of Control Categories 869
Control Types 869
Preventative Controls 869
Detective Controls 869
Corrective Controls 870
Deterrent Controls 870
Compensating Controls 871
Physical Controls 871
Summary of Control Types 872
Chapter Review Activities 873
Chapter 32 Understanding the Importance of Applicable Regulations, Standards, or Frameworks That Impact Organizational Security Posture 875
“Do I Know This Already?” Quiz 875
Foundation Topics 878
Regulations, Standards, and Legislation 878
General Data Protection Regulation 879
National, Territory, or State Laws 879
Payment Card Industry Data Security Standard (PCI DSS) 881
Key Frameworks 881
Benchmarks and Secure Configuration Guides 885
Security Content Automation Protocol 885
Chapter Review Activities 889
Chapter 33 Understanding the Importance of Policies to Organizational Security 893
“Do I Know This Already?” Quiz 894
Foundation Topics 897
Personnel Policies 897
Privacy Policies 897
Acceptable Use 898
Separation of Duties/Job Rotation 898
Mandatory Vacations 898
Onboarding and Offboarding 899
Personnel Security Policies 900
Diversity of Training Techniques 900
User Education and Awareness Training 901
Third-Party Risk Management 902
Data Concepts 904
Understanding Classification and Governance 904
Data Retention 906
Credential Policies 906
Organizational Policies 908
Change Management and Change Control 909
Asset Management 909
Chapter Review Activities 910
Chapter 34 Summarizing Risk Management Processes and Concepts 913
“Do I Know This Already?” Quiz 913
Foundation Topics 917
Risk Types 917
Risk Management Strategies 918
Risk Analysis 919
Qualitative Risk Assessment 921
Quantitative Risk Assessment 922
Disaster Analysis 924
Business Impact Analysis 926
Disaster Recovery Planning 928
Chapter Review Activities 930
Chapter 35 Understanding Privacy and Sensitive Data Concepts in Relation to Security 935
“Do I Know This Already?” Quiz 935
Foundation Topics 940
Organizational Consequences of Privacy and Data Breaches 940
Notifications of Breaches 941
Data Types and Asset Classification 941
Personally Identifiable Information and Protected Health Information 943
Privacy Enhancing Technologies 944
Roles and Responsibilities 945
Information Lifecycle 947
Impact Assessment 948
Terms of Agreement 948
Privacy Notice 949
Chapter Review Activities 949
Part VI: Final Preparation
Chapter 36 Final Preparation 953
Hands-on Activities 953
Suggested Plan for Final Review and Study 953
Summary 954
Glossary of Key Terms 955
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 1023
Appendix B CompTIA Security+ (SY0-601) Cert Guide Exam Updates 1087
Online Elements:
Appendix C Study Planner
Glossary of Key Terms
9780136770312 TOC 6/19/2021
Omar Santos is an active member of the cybersecurity community, where he leads several industry-wide initiatives. He is a best-selling author and trainer. Omar is the author of more than 20 books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), Security Research and Operations, where he mentors and leads engineers and incident managers during the investigation and resolution of cybersecurity vulnerabilities.
Omar co-leads the DEF CON Red Team Village, is the chair of the Common Security Advisory Framework (CSAF) technical committee, is the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group, and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. You can find additional information about Omar's current projects at h4cker.org and can follow Omar on Twitter @santosomar.
Ron Taylor has been in the information security field for more than 20 years working in various areas focusing on both offense and defense security roles. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in information assurance. From there, he moved into a position with the Security Research and Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally, and provided consulting support to many product teams as an SME on product security testing. His next role was incident manager for the Cisco Product Security Incident Response Team (PSIRT). Currently, Ron is a security architect specializing in the Cisco security product line. He has held a number of industry certifications, including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, PenTest+, and MCSE. Ron has also authored books and video courses, teaches, and is involved in organizing a number of cybersecurity conferences, including the BSides Raleigh, Texas Cyber Summit, Grayhat, and the Red Team Village at DEFCON.
Twitter: @Gu5G0rmanLinkedin: www.linkedin.com/in/-RonTaylor
Joseph Mlodzianowski is an information security aficionado and adventurer; he started multiple villages at RSA Conference, DEFCON, and BLACK HAT, among others, including founding the Red Team Village with the help of great friends. He has been in the information technology security field for more than 25 years working in infrastructure, security, networks, systems, design, offense, and defense. Joseph is currently an enterprise security architect of Cisco Managed Services. He spent more than 10 years in the Department of Defense as an operator, principal security network engineer, and SME designing and deploying complex technologies and supporting missions around the world in multiple theaters. He has consulted, investigated, and provided support for multiple federal agencies over the past 15 years. Joseph continues to contribute to content, reviews, and editing in the certification testing and curriculum process. He spent almost 15 years in the energy sector supporting refineries, pipelines, and chemical plants; specializing in industrial control networks; and building data centers. Joseph holds a broad range of certifications, including the Cisco CCIE, CNE, CSNA, CNSS-4012, CISSP, ITILv4, NSA IAM, NSA IEM, OIAC1180, FEMA IS-00317, ACMA, First Responder, Hazmat Certified, Member of Bexar County Sheriff's Office CERT, MCSE, and Certified Hacking Investigator. He also is a founding contributor to the CyManII | Cybersecurity Manufacturing Innovation Institute, a member of Messaging Malware Mobile Anti-Abuse Working Group (M3aawg.org), and founder of the Texas Cyber Summit and Grayhat Conferences. He believes in giving back to the community and supporting nonprofits.
Twitter: @CedoxxLinkedin: www.linkedin.com/in/mlodzianowski/
Need help? Get in touch
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.