CompTIA Security+ SY0-601 Cert Guide, 5th edition

Published by Pearson IT Certification (October 19, 2021) © 2022

  • Omar Santos Best-selling Cisco Press author, expert trainer, and Principal Engineer at Cisco (PSIRT)
  • Ron Taylor Author, speaker, and Cisco Security Architect
  • Joseph Mlodzianowski

eTextbook

per month

  • Anytime, anywhere learning with the Pearson+ app
  • Easy-to-use search, navigation and notebook
  • Simpler studying with flashcards
$47.99

  • A print text (hardcover or paperback) 
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

uCertify

$140.00

  • Includes the full Pearson e-text, pre- and post-assessments, quizzes, videos, and more
  • Provides hands-on skills to bridge conceptual knowledge and real-world application
  • Powerful student management tools yet easy to implement, customize, and manage
CompTIA Security+ SY0-601 Cert Guide shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics. 

The book presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending chapter review activities help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan. 

The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment software offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most. 
  • Case studies and hands-on video exercises in each chapter 
  • Three full practice tests based on the real Security + exam 
  • New! Video explanations of all answers in practice tests 
  • Memory tables, study strategies, tips, cautions, key terms, troubleshooting scenarios, last-minute review tearsheet, and more 
This book has been updated for the new version of the Security+ exam.
Introduction xliv
Part I: Threats, Attacks, and Vulnerabilities
Chapter 1 Comparing and Contrasting Different Types of Social Engineering Techniques 3
“Do I Know This Already?” Quiz 3
Foundation Topics 7
Social Engineering Fundamentals 7
    Phishing and Spear Phishing 9
    Smishing 12
    Vishing 12
    Spam and Spam over Internet Messaging (SPIM) 13
    Dumpster Diving 13
    Shoulder Surfing 14
    Pharming 14
    Piggybacking or Tailgating 15
    Eliciting Information 15
    Whaling 16
    Prepending 17
    Identity Fraud 17
    Invoice Scams 17
    Credential Harvesting 18
    Reconnaissance 18
    Hoaxes 19
    Impersonation or Pretexting 19
    Eavesdropping 19
    Baiting 20
    Watering Hole Attack 20
    Typo Squatting 20
    Influence Campaigns, Principles of Social Engineering, and Reasons for Effectiveness 21
User Security Awareness Education 22
Chapter Review Activities 24
Chapter 2 Analyzing Potential Indicators to Determine the Type of Attack 29
“Do I Know This Already?” Quiz 29
Foundation Topics 33
Malicious Software (Malware) 33
    Ransomware and Cryptomalware 33
    Trojans 35
    Remote Access Trojans (RATs) and Rootkits 35
    Worms 36
    Fileless Virus 37
    Command and Control, Bots, and Botnets 37
    Logic Bombs 39
    Potentially Unwanted Programs (PUPs) and Spyware 40
    Keyloggers 42
    Backdoors 43
    Malware Delivery Mechanisms 43
    You Can't Save Every Computer from Malware! 45
Password Attacks 45
    Dictionary-based and Brute-force Attacks 45
    Password Spraying 46
    Offline and Online Password Cracking 46
    Rainbow Tables 47
    Plaintext/Unencrypted 47
Physical Attacks 48
    Malicious Flash Drives 48
    Malicious Universal Serial Bus (USB) Cables 48
    Card Cloning Attacks 48
    Skimming 49
Adversarial Artificial Intelligence 50
    Tainted Training Data for Machine Learning 50
    Security of Machine Learning Algorithms 50
Supply-Chain Attacks 51
Cloud-based vs. On-premises Attacks 52
    Cloud Security Threats 52
    Cloud Computing Attacks 54
Cryptographic Attacks 55
    Collision 55
    Birthday 56
    Downgrade 56
Chapter Review Activities 57
Chapter 3 Analyzing Potential Indicators Associated with Application Attacks 61
“Do I Know This Already?” Quiz 61
Foundation Topics 67
Privilege Escalation 67
Cross-Site Scripting (XSS) Attacks 68
Injection Attacks 70
    Structured Query Language (SQL) Injection Attacks 70
    SQL Injection Categories 73
    Dynamic Link Library (DLL) Injection Attacks 74
    Lightweight Directory Access Protocol (LDAP) Injection Attacks 74
    Extensible Markup Language (XML) Injection Attacks 74
Pointer/Object Dereference 75
Directory Traversal 76
Buffer Overflows 77
    Arbitrary Code Execution/Remote Code Execution 78
Race Conditions 79
Error Handling 79
Improper Input Handling 80
    Compile-Time Errors vs. Runtime Errors 81
Replay Attacks 82
Request Forgeries 85
Application Programming Interface (API) Attacks 86
Resource Exhaustion 87
Memory Leaks 88
Secure Socket Layer (SSL) Stripping 88
Driver Manipulation 89
Pass the Hash 89
Chapter Review Activities 90
Chapter 4 Analyzing Potential Indicators Associated with Network Attacks 95
“Do I Know This Already?” Quiz 95
Foundation Topics 98
Wireless Attacks 98
    Evil Twin Attacks 98
    Rogue Access Points 99
    Bluesnarfing Attacks 99
    Bluejacking Attacks 100
    Disassociation and Deauthentication Attacks 101
    Jamming Attacks 102
    Radio Frequency Identifier (RFID) Attacks 102
    Near-Field Communication (NFC) Attacks 102
    Initialization Vector (IV) Attacks 103
On-Path Attacks 103
Layer 2 Attacks 105
    Address Resolution Protocol (ARP) Poisoning Attacks 105
    Media Access Control (MAC) Flooding Attacks 106
    MAC Cloning Attacks 106
    Best Practices to Protect Against Layer 2 Attacks 106
Domain Name System (DNS) Attacks 107
    Domain Hijacking Attacks 108
    DNS Poisoning Attacks 108
    Uniform Resource Locator (URL) Redirection Attacks 110
    Domain Reputation 110
Distributed Denial-of-Service (DDoS) Attacks 111
Malicious Code or Script Execution Attacks 113
Chapter Review Activities 114
Chapter 5 Understanding Different Threat Actors, Vectors, and Intelligence Sources 117
“Do I Know This Already?” Quiz 117
Foundation Topics 120
Actors and Threats 120
Attributes of Threat Actors 122
Attack Vectors 122
Threat Intelligence and Threat Intelligence Sources 123
    Structured Threat Information eXpression (STIX) and the Trusted Automated eXchange of Indicator Information (TAXII) 125
Research Sources 127
    The MITRE ATT&CK Framework 128
Chapter Review Activities 129
Chapter 6 Understanding the Security Concerns Associated with Various Types of Vulnerabilities 133
“Do I Know This Already?” Quiz 133
Foundation Topics 137
Cloud-based vs. On-premises Vulnerabilities 137
    Other “Cloud”-based Concerns 143
    Server Defense 144
Zero-day Vulnerabilities 149
Weak Configurations 150
Third-party Risks 155
Improper or Weak Patch Management 160
    Patches and Hotfixes 161
    Patch Management 163
Legacy Platforms 165
The Impact of Cybersecurity Attacks and Breaches 165
Chapter Review Activities 166
Chapter 7 Summarizing the Techniques Used in Security Assessments 171
“Do I Know This Already?” Quiz 171
Foundation Topics 175
Threat Hunting 175
    Security Advisories and Bulletins 177
Vulnerability Scans 180
    Credentialed vs. Noncredentialed 182
    Intrusive vs. Nonintrusive 182
    Common Vulnerability Scoring System (CVSS) 182
Logs and Security Information and Event Management (SIEM) 186
Security Orchestration, Automation, and Response (SOAR) 188
Chapter Review Activities 189
Chapter 8 Understanding the Techniques Used in Penetration Testing 193
“Do I Know This Already?” Quiz 193
Foundation Topics 197
Penetration Testing 197
    Bug Bounties vs. Penetration Testing 202
Passive and Active Reconnaissance 203
Exercise Types 205
Chapter Review Activities 206
Part II: Architecture and Design
Chapter 9
Understanding the Importance of Security Concepts in an Enterprise Environment 209
“Do I Know This Already?” Quiz 209
Foundation Topics 213
Configuration Management 213
Data Sovereignty and Data Protection 214
    Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Inspection 215
    API Considerations 216
    Data Masking and Obfuscation 216
    Encryption at Rest, in Transit/Motion, and in Processing 218
    Hashing 218
    Rights Management 219
    Geographical Considerations 220
    Data Breach Response and Recovery Controls 220
Site Resiliency 221
Deception and Disruption 222
    Fake Telemetry 223
    DNS Sinkhole 223
Chapter Review Activities 224
Chapter 10 Summarizing Virtualization and Cloud Computing Concepts 227
“Do I Know This Already?” Quiz 227
Foundation Topics 231
Cloud Models 231
    Public, Private, Hybrid, and Community Clouds 232
Cloud Service Providers 233
Cloud Architecture Components 234
    Fog and Edge Computing 234
    Thin Clients 235
    Containers 236
    Microservices and APIs 240
    Infrastructure as Code 241
    Serverless Architecture 243
    Services Integration 246
    Resource Policies 246
    Transit Gateway 246
Virtual Machine (VM) Sprawl Avoidance and VM Escape Protection 247
    Understanding and Avoiding VM Sprawl 247
    Protecting Against VM Escape Attacks 248
Chapter Review Activities 250
Chapter 11 Summarizing Secure Application Development, Deployment, and Automation Concepts 253
“Do I Know This Already?” Quiz 253
Foundation Topics 257
Software Development Environments and Methodologies 257
Application Provisioning and Deprovisioning 260
Software Integrity Measurement 261
Secure Coding Techniques 261
    Core SDLC and DevOps Principles 263
    Programming Testing Methods 266
    Programming Vulnerabilities and Attacks 270
Open Web Application Security Project (OWASP) 276
Software Diversity 278
Automation/Scripting 278
Elasticity and Scalability 279
Chapter Review Activities 280
Chapter 12 Summarizing Authentication and Authorization Design Concepts 285
“Do I Know This Already?” Quiz 285
Foundation Topics 289
Authentication Methods 289
    Directory Services 291
    Federations 292
    Attestation 294
    Authentication Methods and Technologies 295
Biometrics 300
    Fingerprints 300
    Retina 301
    Iris 301
    Facial 301
    Voice 302
    Vein 302
    Gait Analysis 302
    Efficacy Rates 302
    False Acceptance 303
    False Rejection 303
    Crossover Error Rate 304
Multifactor Authentication (MFA) Factors and Attributes 304
Authentication, Authorization, and Accounting (AAA) 306
Cloud vs. On-premises Requirements 306
Chapter Review Activities 308
Chapter 13 Implementing Cybersecurity Resilience 311
“Do I Know This Already?” Quiz 311
Foundation Topics 315
Redundancy 315
    Geographic Dispersal 315
    Disk Redundancy 315
    Network Resilience 319
    Power Resilience 320
Replication 323
    Storage Area Network 323
    Virtual Machines 324
On-premises vs. Cloud 325
Backup Types 326
    Full Backup 328
    Differential Backup 328
    Incremental Backup 328
Non-persistence 328
High Availability 329
Restoration Order 330
Diversity 331
    Technologies 331
    Vendors 331
    Crypto 331
    Controls 332
Chapter Review Activities 332
Chapter 14 Understanding the Security Implications of Embedded and Specialized Systems 335
“Do I Know This Already?” Quiz 335
Foundation Topics 339
Embedded Systems 339
Supervisory Control and Data Acquisition (SCADA)/Industrial Control Systems (ICS) 341
Internet of Things (IoT) 344
Specialized Systems 346
    Medical Systems 347
    Vehicles 347
    Aircraft 348
    Smart Meters 350
Voice over IP (VoIP) 351
Heating, Ventilation, and Air Conditioning (HVAC) 352
Drones 353
Multifunction Printers (MFP) 354
Real-Time Operating Systems (RTOS) 355
Surveillance Systems 355
System on a Chip (SoC) 356
Communication Considerations 357
    5G 357
    NarrowBand 358
    Baseband Radio 359
    Subscriber Identity Module (SIM) Cards 360
    Zigbee 360
Embedded System Constraints 361
    Power 361
    Compute 361
    Network 362
    Crypto 362
    Inability to Patch 362
    Authentication 363
    Range 363
    Cost 363
    Implied Trust 363
Chapter Review Activities 364
Chapter 15 Understanding the Importance of Physical Security Controls 367
“Do I Know This Already?” Quiz 367
Foundation Topics 370
Bollards/Barricades 370
Access Control Vestibules 372
Badges 373
Alarms 374
Signage 374
Cameras 375
Closed-Circuit Television (CCTV) 376
Industrial Camouflage 377
Personnel 377
Locks 378
USB Data Blockers 379
Lighting 380
Fencing 380
Fire Suppression 381
Sensors 381
Drones 382
Visitor Logs 383
Faraday Cages 383
Air Gap 384
Screened Subnet (Previously Known as Demilitarized Zone [DMZ]) 384
Protected Cable Distribution 385
Secure Areas 385
Secure Data Destruction 386
Chapter Review Activities 387
Chapter 16 Summarizing the Basics of Cryptographic Concepts 391
“Do I Know This Already?” Quiz 391
Foundation Topics 395
Digital Signatures 395
Key Length 396
Key Stretching 397
Salting 397
Hashing 398
Key Exchange 399
Elliptic-Curve Cryptography 399
Perfect Forward Secrecy 400
Quantum 401
    Communications 401
    Computing 402
Post-Quantum 402
Ephemeral 403
Modes of Operation 403
    Electronic Code Book Mode 404
    Cipher Block Chaining Mode 405
    Cipher Feedback Mode 406
    Output Feedback Mode 407
    Counter Mode 408
Blockchain 409
Cipher Suites 410
Symmetric vs. Asymmetric Encryption 411
Lightweight Cryptography 414
Steganography 415
    Audio Steganography 415
    Video Steganography 416
    Image Steganography 416
Homomorphic Encryption 417
Common Use Cases 417
Limitations 418
Chapter Review Activities 420
Part III: Implementation
Chapter 17 Implementing Secure Protocols 423
“Do I Know This Already?” Quiz 423
Foundation Topics 426
Protocols 426
    Domain Name System Security Extensions 426
    SSH 427
    Secure/Multipurpose Internet Mail Extensions 428
    Secure Real-Time Transport Protocol 430
    Lightweight Directory Access Protocol over SSL 432
    File Transfer Protocol, Secure 432
    Secure (or SSH) File Transfer Protocol 434
    Simple Network Management Protocol Version 3 434
    Hypertext Transfer Protocol over SSL/TLS 436
    IPsec 437
    Post Office Protocol/Internet Message Access Protocol 438
Use Cases 439
    Voice and Video 440
    Time Synchronization 440
    Email and Web 441
    File Transfer 441
    Directory Services 442
    Remote Access 442
    Domain Name Resolution 442
    Routing and Switching 443
    Network Address Allocation 443
    Subscription Services 444
Chapter Review Activities 444
Chapter 18 Implementing Host or Application Security Solutions 447
“Do I Know This Already?” Quiz 447
Foundation Topics 451
Endpoint Protection 451
    Antivirus 451
Antimalware 452
    Endpoint Detection and Response 452
    Data Loss Prevention 453
Next-Generation Firewall 453
Host-based Intrusion Prevention System 454
Host-based Intrusion Detection System 456
Host-based Firewall 457
Boot Integrity 458
    Boot Security/Unified Extensible Firmware Interface 459
    Measured Boot 459
    Boot Attestation 460
Database 461
    Tokenization 461
    Salting 462
    Hashing 463
Application Security 463
    Input Validations 464
    Secure Cookies 465
    Hypertext Transfer Protocol Headers 465
    Code Signing 466
    Allow List 467
    Block List/Deny List 467
    Secure Coding Practices 468
    Static Code Analysis 468
    Manual Code Review 470
    Dynamic Code Analysis 470
    Fuzzing 471
Hardening 471
    Open Ports and Services 471
    Registry 472
    Disk Encryption 473
    Operating System 473
    Patch Management 474
Self-Encrypting Drive/Full-Disk Encryption 475
    OPAL 476
Hardware Root of Trust 476
Trusted Platform Module 477
Sandboxing 478
Chapter Review Activities 479
Chapter 19 Implementing Secure Network Designs 483
“Do I Know This Already?” Quiz 483
Foundation Topics 488
Load Balancing 488
    Active/Active 488
    Active/Passive 488
    Scheduling 488
    Virtual IP 488
    Persistence 489
Network Segmentation 489
    Application-Based Segmentation and Microsegmentation 489
    Virtual Local Area Network 490
    Screened Subnet 491
    East-West Traffic 492
    Intranets and Extranets 492
    Zero Trust 494
Virtual Private Network 494
    Remote Access vs. Site-to-Site 496
    IPsec 497
    SSL/TLS 505
    HTML5 508
    Layer 2 Tunneling Protocol 508
DNS 509
Network Access Control 510
Out-of-Band Management 510
Port Security 511
    Broadcast Storm Prevention 512
    Bridge Protocol Data Unit Guard 512
    Loop Prevention 512
    Dynamic Host Configuration Protocol Snooping 512
    Media Access Control Filtering 513
Network Appliances 513
    Jump Servers 514
    Proxy Servers 514
    Network-Based Intrusion Detection System/Network-Based Intrusion
    Prevention System 516
    Summary of NIDS vs. NIPS 519
    HSM 524
    Sensors 524
    Collectors 525
    Aggregators 526
    Firewalls 526
    Hardware vs. Software 534
    Appliance vs. Host-based vs. Virtual 534
Access Control List 535
Route Security 535
Quality of Service 536
Implications of IPv6 536
Port Spanning/Port Mirroring 537
Monitoring Services 538
    Performance Baselining 539
File Integrity Monitors 542
Chapter Review Activities 542
Chapter 20 Installing and Configuring Wireless Security Settings 547
“Do I Know This Already?” Quiz 547
Foundation Topics 551
Cryptographic Protocols 551
    Wi-Fi Protected Access 2 (WPA2) 551
    Wi-Fi Protected Access 3 (WPA3) 551
    Counter-mode/CBC-MAC Protocol (CCMP) 552
    Simultaneous Authentication of Equals 552
    Wireless Cryptographic Protocol Summary 552
Authentication Protocols 553
    802.1X and EAP 553
    IEEE 802.1x 556
    Remote Authentication Dial-In User Service (RADIUS) Federation 556
Methods 557
    Wi-Fi Protected Setup 558
    Captive Portals 559
Installation Considerations 559
    Controller and Access Point Security 562
    Wireless Access Point Vulnerabilities 563
Chapter Review Activities 564
Chapter 21 Implementing Secure Mobile Solutions 567
“Do I Know This Already?” Quiz 567
Foundation Topics 570
Connection Methods and Receivers 570
    RFID and NFC 571
    More Wireless Connection Methods and Receivers 572
    Secure Implementation Best Practices 573
Mobile Device Management 574
    MDM Security Feature Concerns: Application and Content Management 576
    MDM Security Feature Concerns: Remote Wipe, Geofencing, Geolocation, Screen Locks, Passwords and PINs, Full Device Encryption 578
Mobile Device Management Enforcement and Monitoring 581
Mobile Devices 585
    MDM/Unified Endpoint Management 587
    SEAndroid 588
Deployment Models 588
    Secure Implementation of BYOD, CYOD, and COPE 589
Chapter Review Activities 591
Chapter 22 Applying Cybersecurity Solutions to the Cloud 595
“Do I Know This Already?” Quiz 595
Foundation Topics 598
Cloud Security Controls 598
    Security Assessment in the Cloud 598
    Understanding the Different Cloud Security Threats 598
    Cloud Computing Attacks 601
    High Availability Across Zones 603
    Resource Policies 603
    Integration and Auditing 604
    Secrets Management 604
    Storage 605
    Network 606
    Compute 607
    Summary of Cloud Security Controls 609
Solutions 611
    CASB 611
    Application Security 612
    Next-Generation Secure Web Gateway 613
    Firewall Considerations in a Cloud Environment 613
    Summary of Cybersecurity Solutions to the Cloud 614
Cloud Native Controls vs. Third-Party Solutions 615
Chapter Review Activities 615
Chapter 23 Implementing Identity and Account Management Controls 619
“Do I Know This Already?” Quiz 619
Foundation Topics 623
Identity 623
    Identity Provider (IdP) 623
    Authentication 625
    Certificates 626
    Tokens 627
    SSH Keys 628
    Smart Cards 629
Account Types 629
Account Policies 633
    Introduction to Identity and Access Management 633
    Attribute-Based Access Control (ABAC) 638
    Rights, Permissions, and Policies 640
    Permission Inheritance and Propagation 645
Chapter Review Activities 647
Chapter 24 Implementing Authentication and Authorization Solutions 651
“Do I Know This Already?” Quiz 651
Foundation Topics 655
Authentication Management 655
    Password Keys 655
    Password Vaults 655
    Trusted Platform Module 656
    Hardware Security Modules 656
    Knowledge-Based Authentication 656
Authentication/Authorization 657
    Security Assertion Markup Language 659
    OAuth 661
    OpenID and OpenID Connect 663
    Remote Authentication Technologies 670
Access Control Schemes 674
    Discretionary Access Control 674
    Mandatory Access Control 676
    Role-Based Access Control 677
    Attribute-Based Access Control 678
    Rule-Based Access Control 678
    Conditional Access 678
    Privileged Access Management 678
    Summary of Access Control Models 679
    Access Control Wise Practices 680
Chapter Review Activities 681
Chapter 25 Implementing Public Key Infrastructure 685
“Do I Know This Already?” Quiz 685
Foundation Topics 688
Public Key Infrastructure 688
    Key Management 688
    Certificate Authorities 689
    Certificate Attributes 691
    Subject Alternative Name 693
    Expiration 693
Types of Certificates 694
    SSL Certificate Types 694
    Certificate Chaining 696
Certificate Formats 697
PKI Concepts 698
    Trust Model 698
    Certificate Pinning 698
    Stapling, Key Escrow, Certificate Chaining, Online vs. Offline CA 698
Chapter Review Activities 700
Part IV: Operations and Incident Response
Chapter 26 Using the Appropriate Tool to Assess Organizational Security 703
“Do I Know This Already?” Quiz 703
Foundation Topics 707
Network Reconnaissance and Discovery 707
    tracert/traceroute 707
    nslookup/dig 709
    ipconfig/ifconfig 710
    nmap 711
    ping/pathping 714
    hping 717
    netstat 718
    netcat 720
    IP Scanners 721
    arp 721
    route 723
    curl 724
    theHarvester 725
    sn1per 726
    scanless 727
    dnsenum 728
    Nessus 730
    Cuckoo 731
File Manipulation 732
    head 733
    tail 734
    cat 734
    grep 735
    chmod 736
    Logger 737
Shell and Script Environments 738
    SSH 739
    PowerShell 740
    Python 741
    OpenSSL 741
Packet Capture and Replay 742
    Tcpreplay 742
    Tcpdump 742
    Wireshark 743
Forensics 744
    dd 744
    Memdump 745
    WinHex 746
    FTK Imager 747
    Autopsy 747
Exploitation Frameworks 747
Password Crackers 748
Data Sanitization 750
Chapter Review Activities 750
Chapter 27 Summarizing the Importance of Policies, Processes, and Procedures for Incident Response 755
“Do I Know This Already?” Quiz 755
Foundation Topics 760
Incident Response Plans 760
Incident Response Process 761
    Preparation 762
    Identification 763
    Containment 763
    Eradication 764
    Recovery 764
    Lessons Learned 764
Exercises 765
    Tabletop 765
    Walkthroughs 766
    Simulations 766
Attack Frameworks 767
    MITRE ATT&CK 767
    The Diamond Model of Intrusion Analysis 768
    Cyber Kill Chain 770
Stakeholder Management 771
Communication Plan 771
Disaster Recovery Plan 772
Business Continuity Plan 773
Continuity of Operations Planning (COOP) 774
Incident Response Team 775
Retention Policies 776
Chapter Review Activities 776
Chapter 28 Using Appropriate Data Sources to Support an Investigation 781
“Do I Know This Already?” Quiz 781
Foundation Topics 785
Vulnerability Scan Output 785
SIEM Dashboards 786
    Sensors 787
    Sensitivity 788
    Trends 788
    Alerts 788
    Correlation 788
Log Files 789
    Network 790
    System 791
    Application 792
    Security 793
    Web 794
    DNS 795
    Authentication 796
    Dump Files 797
    VoIP and Call Managers 799
    Session Initiation Protocol Traffic 800
syslog/rsyslog/syslog-ng 800
journalctl 802
NXLog 803
Bandwidth Monitors 804
Metadata 805
    Email 808
    Mobile 808
    Web 808
    File 809
NetFlow/sFlow 809
    NetFlow 809
    sFlow 810
    IPFIX 811
Protocol Analyzer Output 813
Chapter Review Activities 814
Chapter 29 Applying Mitigation Techniques or Controls to Secure an Environment 819
“Do I Know This Already?” Quiz 819
Foundation Topics 822
Reconfigure Endpoint Security Solutions 822
    Application Approved Lists 822
    Application Block List/Deny List 822
    Quarantine 823
Configuration Changes 824
    Firewall Rules 825
    MDM 825
    Data Loss Prevention 828
    Content Filter/URL Filter 828
    Update or Revoke Certificates 829
Isolation 830
Containment 830
Segmentation 831
SOAR 832
    Runbooks 833
    Playbooks 834
Chapter Review Activities 834
Chapter 30 Understanding the Key Aspects of Digital Forensics 837
“Do I Know This Already?” Quiz 837
Foundation Topics 842
Documentation/Evidence 842
    Legal Hold 842
    Video 842
    Admissibility 843
    Chain of Custody 844
    Timelines of Sequence of Events 844
    Tags 845
    Reports 846
    Event Logs 846
    Interviews 846
Acquisition 847
    Order of Volatility 848
    Disk 848
    Random-Access Memory 848
    Swap/Pagefile 849
    Operating System 850
    Device 850
    Firmware 851
    Snapshot 851
    Cache 852
    Network 852
    Artifacts 853
On-premises vs. Cloud 853
    Right-to-Audit Clauses 854
    Regulatory/Jurisdiction 855
    Data Breach Notification Laws 855
Integrity 856
    Hashing 856
    Checksums 857
    Provenance 857
Preservation 858
E-discovery 858
Data Recovery 859
Nonrepudiation 859
Strategic Intelligence/Counterintelligence 860
Chapter Review Activities 860
Part V: Governance, Risk, and Compliance
Chapter 31 Comparing and Contrasting the Various Types of Controls 865
“Do I Know This Already?” Quiz 865
Foundation Topics 868
Control Category 868
    Managerial Controls 868
    Operational Controls 868
    Technical Controls 868
    Summary of Control Categories 869
Control Types 869
    Preventative Controls 869
    Detective Controls 869
    Corrective Controls 870
    Deterrent Controls 870
    Compensating Controls 871
    Physical Controls 871
    Summary of Control Types 872
Chapter Review Activities 873
Chapter 32 Understanding the Importance of Applicable Regulations, Standards, or Frameworks That Impact Organizational Security Posture 875
“Do I Know This Already?” Quiz 875
Foundation Topics 878
Regulations, Standards, and Legislation 878
    General Data Protection Regulation 879
    National, Territory, or State Laws 879
    Payment Card Industry Data Security Standard (PCI DSS) 881
Key Frameworks 881
Benchmarks and Secure Configuration Guides 885
    Security Content Automation Protocol 885
Chapter Review Activities 889
Chapter 33 Understanding the Importance of Policies to Organizational Security 893
“Do I Know This Already?” Quiz 894
Foundation Topics 897
Personnel Policies 897
    Privacy Policies 897
    Acceptable Use 898
    Separation of Duties/Job Rotation 898
    Mandatory Vacations 898
    Onboarding and Offboarding 899
    Personnel Security Policies 900
Diversity of Training Techniques 900
    User Education and Awareness Training 901
Third-Party Risk Management 902
Data Concepts 904
    Understanding Classification and Governance 904
    Data Retention 906
Credential Policies 906
Organizational Policies 908
    Change Management and Change Control 909
    Asset Management 909
Chapter Review Activities 910
Chapter 34 Summarizing Risk Management Processes and Concepts 913
“Do I Know This Already?” Quiz 913
Foundation Topics 917
Risk Types 917
Risk Management Strategies 918
Risk Analysis 919
    Qualitative Risk Assessment 921
    Quantitative Risk Assessment 922
Disaster Analysis 924
Business Impact Analysis 926
    Disaster Recovery Planning 928
Chapter Review Activities 930
Chapter 35 Understanding Privacy and Sensitive Data Concepts in Relation to Security 935
“Do I Know This Already?” Quiz 935
Foundation Topics 940
Organizational Consequences of Privacy and Data Breaches 940
Notifications of Breaches 941
Data Types and Asset Classification 941
    Personally Identifiable Information and Protected Health Information 943
Privacy Enhancing Technologies 944
Roles and Responsibilities 945
Information Lifecycle 947
Impact Assessment 948
Terms of Agreement 948
Privacy Notice 949
Chapter Review Activities 949
Part VI: Final Preparation
Chapter 36 Final Preparation 953
Hands-on Activities 953
Suggested Plan for Final Review and Study 953
Summary 954
Glossary of Key Terms 955
Appendix A Answers to the “Do I Know This Already?” Quizzes and Review Questions 1023
Appendix B CompTIA Security+ (SY0-601) Cert Guide Exam Updates 1087

Online Elements:
Appendix C Study Planner
Glossary of Key Terms


9780136770312   TOC   6/19/2021


Omar Santos is an active member of the cybersecurity community, where he leads several industry-wide initiatives. He is a best-selling author and trainer. Omar is the author of more than 20 books and video courses, as well as numerous white papers, articles, and security configuration guidelines and best practices. Omar is a principal engineer of the Cisco Product Security Incident Response Team (PSIRT), Security Research and Operations, where he mentors and leads engineers and incident managers during the investigation and resolution of cybersecurity vulnerabilities.

Omar co-leads the DEF CON Red Team Village, is the chair of the Common Security Advisory Framework (CSAF) technical committee, is the co-chair of the Forum of Incident Response and Security Teams (FIRST) Open Source Security working group, and has been the chair of several initiatives in the Industry Consortium for Advancement of Security on the Internet (ICASI). His active role helps businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to increasing the security of their critical infrastructures. You can find additional information about Omar's current projects at h4cker.org and can follow Omar on Twitter @santosomar.

Ron Taylor has been in the information security field for more than 20 years working in various areas focusing on both offense and defense security roles. Ten of those years were spent in consulting. In 2008, he joined the Cisco Global Certification Team as an SME in information assurance. From there, he moved into a position with the Security Research and Operations group, where his focus was mostly on penetration testing of Cisco products and services. He was also involved in developing and presenting security training to internal development and test teams globally, and provided consulting support to many product teams as an SME on product security testing. His next role was incident manager for the Cisco Product Security Incident Response Team (PSIRT). Currently, Ron is a security architect specializing in the Cisco security product line. He has held a number of industry certifications, including GPEN, GWEB, GCIA, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP, PenTest+, and MCSE. Ron has also authored books and video courses, teaches, and is involved in organizing a number of cybersecurity conferences, including the BSides Raleigh, Texas Cyber Summit, Grayhat, and the Red Team Village at DEFCON.
Twitter: @Gu5G0rman
Linkedin: www.linkedin.com/in/-RonTaylor

Joseph Mlodzianowski is an information security aficionado and adventurer; he started multiple villages at RSA Conference, DEFCON, and BLACK HAT, among others, including founding the Red Team Village with the help of great friends. He has been in the information technology security field for more than 25 years working in infrastructure, security, networks, systems, design, offense, and defense. Joseph is currently an enterprise security architect of Cisco Managed Services. He spent more than 10 years in the Department of Defense as an operator, principal security network engineer, and SME designing and deploying complex technologies and supporting missions around the world in multiple theaters. He has consulted, investigated, and provided support for multiple federal agencies over the past 15 years. Joseph continues to contribute to content, reviews, and editing in the certification testing and curriculum process. He spent almost 15 years in the energy sector supporting refineries, pipelines, and chemical plants; specializing in industrial control networks; and building data centers. Joseph holds a broad range of certifications, including the Cisco CCIE, CNE, CSNA, CNSS-4012, CISSP, ITILv4, NSA IAM, NSA IEM, OIAC1180, FEMA IS-00317, ACMA, First Responder, Hazmat Certified, Member of Bexar County Sheriff's Office CERT, MCSE, and Certified Hacking Investigator. He also is a founding contributor to the CyManII | Cybersecurity Manufacturing Innovation Institute, a member of Messaging Malware Mobile Anti-Abuse Working Group (M3aawg.org), and founder of the Texas Cyber Summit and Grayhat Conferences. He believes in giving back to the community and supporting nonprofits.
Twitter: @Cedoxx
Linkedin: www.linkedin.com/in/mlodzianowski/

Need help? Get in touch

uCertify

The Pearson uCertify Courses and Labs combine Pearson's authorized and peer-reviewed content with uCertify's accessible, flexible, and scalable online learning platform. All Courses and Labs are mapped directly to Pearson texts to make integration into your current courses easy and convenient

The uCertify Courses are a foundational learning tool and come with the complete Pearson interactive e-text, pre- and post- assessments, quizzes, exercises, tests, instructional videos, and more. The uCertify Labs and Simulators provide hands-on skills and bridge the gap between conceptual knowledge and real-world application

Pearson+

All in one place. Pearson+ offers instant access to eTextbooks, videos and study tools in one intuitive interface. Students choose how they learn best with enhanced search, audio and flashcards. The Pearson+ app lets them read where life takes them, no wi-fi needed. Students can access Pearson+ through a subscription or their MyLab or Mastering course.

Video
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.

Pearson eTextbook: What’s on the inside just might surprise you

They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle.