CompTIA Security+ SY0-501 Cert Guide

Learn, prepare, and practice for CompTIA Security+ SY0-501 exam success with this CompTIA approved Cert Guide from Pearson IT Certification, a leader in IT certification learning and a CompTIA Authorized Platinum Partner.

· Master CompTIA Security+ SY0-501 exam topics

· Assess your knowledge with chapter-ending quizzes

· Review key concepts with exam preparation tasks

· Practice with realistic exam questions

CompTIA Security+ SY0-501 Cert Guide is a best-of-breed exam study guide. Best-selling author and expert instructor David L. Prowse shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending chapter review activities help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment software offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA approved study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.

The CompTIA approved study guide helps you master all the topics on the Security+ exam, including

· Core computer system security

· OS hardening and virtualization

· Application security

· Network design elements

· Networking ports, protocols, and threats

· Network perimeter security

· Physical security and authentication models

· Access control

· Vulnerability and risk assessment

· Monitoring and auditing

· Cryptography, including PKI

· Redundancy and disaster recovery

· Social Engineering

· Policies and procedures

Autorentext

David L. Prowse is an author, technologist, and technical trainer. He has penned a dozen books for Pearson Education, including the well-received CompTIA A+ Exam Cram. He also develops video content, including the CompTIA A+ LiveLessons video course. Over the past two decades he has taught CompTIA A+, Network+, and Security+ certification courses, both in the classroom and via the Internet. David has 20 years of experience in the IT field and loves to share that experience with his readers, watchers, and students.

He runs the website www.davidlprowse.com in support of his books and videos.

Inhalt

Introduction xxiv

Chapter 1 Introduction to Security 3

Foundation Topics 4

Security 101 4

The CIA of Computer Security 4

The Basics of Information Security 6

Think Like a Hacker 9

Threat Actor Types and Attributes 10

Chapter Review Activities 12

Review Key Topics 12

Define Key Terms 12

Review Questions 13

Answers and Explanations 15

Chapter 2 Computer Systems Security Part I 19

Foundation Topics 19

Malicious Software Types 19

Viruses 20

Worms 21

Trojan Horses 22

Ransomware 22

Spyware 23

Rootkits 24

Spam 25

Summary of Malware Threats 25

Delivery of Malware 26

Via Software, Messaging, and Media 26

Botnets and Zombies 28

Active Interception 28

Privilege Escalation 29

Backdoors 29

Logic Bombs 29

Preventing and Troubleshooting Malware 30

Preventing and Troubleshooting Viruses 31

Preventing and Troubleshooting Worms and Trojans 35

Preventing and Troubleshooting Spyware 35

Preventing and Troubleshooting Rootkits 38

Preventing and Troubleshooting Spam 38

You Can't Save Every Computer from Malware! 40

Summary of Malware Prevention Techniques 40

Chapter Summary 41

Chapter Review Activities 42

Review Key Topics 42

Define Key Terms 42

Complete the Real-World Scenarios 43

Review Questions 43

Answers and Explanations 48

Chapter 3 Computer Systems Security Part II 53

Foundation Topics 53

Implementing Security Applications 53

Personal Software Firewalls 53

Host-Based Intrusion Detection Systems 55

Pop-Up Blockers 57

Data Loss Prevention Systems 59

Securing Computer Hardware and Peripherals 59

Securing the BIOS 60

Securing Storage Devices 62

Removable Storage 62

Network Attached Storage 63

Whole Disk Encryption 64

Hardware Security Modules 65

Securing Wireless Peripherals 66

Securing Mobile Devices 66

Malware 67

Botnet Activity 68

SIM Cloning and Carrier Unlocking 68

Wireless Attacks 69

Theft 70

Application Security 71

BYOD Concerns 74

Chapter Summary 78

Chapter Review Activities 79

Review Key Topics 79

Define Key Terms 79

Complete the Real-World Scenarios 80

Review Questions 80

Answers and Explanations 83

Chapter 4 OS Hardening and Virtualization 89

Foundation Topics 89

Hardening Operating Systems 89

Removing Unnecessary Applications and Services 90

Windows Update, Patches, and Hotfixes 97

Patches and Hotfixes 99

Patch Management 101

Group Policies, Security Templates, and Configuration Baselines 102

Hardening File Systems and Hard Drives 105

Virtualization Technology 109

Types of Virtualization and Their Purposes 110

Hypervisor 111

Securing Virtual Machines 113

Chapter Summary 115

Chapter Review Activities 117

Review Key Topics 117

Define Key Terms 118

Complete the Real-World Scenarios 118

Review Questions 118

Answers and Explanations 122

Chapter 5 Application Security 127

Foundation Topics 127

Securing the Browser 127

General Browser Security Procedures 129

Implement Policies 129

Train Your Users 133

Use a Proxy and Content Filter 133

Secure Against Malicious Code 135

Web Browser Concerns and Security Methods 135

Basic Browser Security 135

Cookies 136

LSOs 137

Add-ons 137

Advanced Browser Security 138

Securing Other Applications 140

Secure Programming 144

Software Development Life Cycle 145

Core SDLC and DevOps Principles 146

Programming Testing Methods 149

White-box and Black-box Testing 149

Compile-Time Errors Versus Runtime Errors 150

Input Validation 150

Static and Dynamic Code Analysis 151

Fuzz Testing 152

Programming Vulnerabilities and Attacks 152

Backdoors 153

Memory/Buffer Vulnerabilities 153

Arbitrary Code Execution/Remote Code Execution 155

XSS and XSRF 155

More Code Injection Examples 156

Directory Traversal 158

Zero Day Attack 158

Chapter Summary 160

Chapter Review Activities 161

Review Key Topics 161

Define Key Terms 162

Complete the Real-World Scenarios 162

Review Questions 162

Answers and Explanations 167

Chapter 6 Network Design Elements 173

Foundation Topics 173

Network Design 173

The OSI Model 173

Network Devices 175

Switch 175

Bridge 178

Router 178

Network Address Translation, and Private Versus Public IP 180

Network Zones and Interconnections 182

LAN Versus WAN 182

Internet 183

Demilitarized Zone (DMZ) 183

Intranets and Extranets 184

Network Access Control (NAC) 185

Subnetting 186

Virtual Local Area Network (VLAN) 188

Telephony 190

Modems 190

PBX Equipment 191

VoIP 191

Cloud Security and Server Defense 192

Cloud Computing 192

Cloud Security 195

S…