CHF41.90
Download steht sofort bereit
Learn, prepare, and practice for CompTIA Security+ SY0-501 exam success with this CompTIA approved Cert Guide from Pearson IT Certification, a leader in IT certification learning and a CompTIA Authorized Platinum Partner.
· Master CompTIA Security+ SY0-501 exam topics
· Assess your knowledge with chapter-ending quizzes
· Review key concepts with exam preparation tasks
· Practice with realistic exam questions
CompTIA Security+ SY0-501 Cert Guide is a best-of-breed exam study guide. Best-selling author and expert instructor David L. Prowse shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
The book presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending chapter review activities help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.
The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment software offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA approved study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.
The CompTIA approved study guide helps you master all the topics on the Security+ exam, including
· Core computer system security
· OS hardening and virtualization
· Application security
· Network design elements
· Networking ports, protocols, and threats
· Network perimeter security
· Physical security and authentication models
· Access control
· Vulnerability and risk assessment
· Monitoring and auditing
· Cryptography, including PKI
· Redundancy and disaster recovery
· Social Engineering
· Policies and procedures
Autorentext
David L. Prowse is an author, technologist, and technical trainer. He has penned a dozen books for Pearson Education, including the well-received CompTIA A+ Exam Cram. He also develops video content, including the CompTIA A+ LiveLessons video course. Over the past two decades he has taught CompTIA A+, Network+, and Security+ certification courses, both in the classroom and via the Internet. David has 20 years of experience in the IT field and loves to share that experience with his readers, watchers, and students.
He runs the website www.davidlprowse.com in support of his books and videos.
Inhalt
Introduction xxiv
Chapter 1 Introduction to Security 3
Foundation Topics 4
Security 101 4
The CIA of Computer Security 4
The Basics of Information Security 6
Think Like a Hacker 9
Threat Actor Types and Attributes 10
Chapter Review Activities 12
Review Key Topics 12
Define Key Terms 12
Review Questions 13
Answers and Explanations 15
Chapter 2 Computer Systems Security Part I 19
Foundation Topics 19
Malicious Software Types 19
Viruses 20
Worms 21
Trojan Horses 22
Ransomware 22
Spyware 23
Rootkits 24
Spam 25
Summary of Malware Threats 25
Delivery of Malware 26
Via Software, Messaging, and Media 26
Botnets and Zombies 28
Active Interception 28
Privilege Escalation 29
Backdoors 29
Logic Bombs 29
Preventing and Troubleshooting Malware 30
Preventing and Troubleshooting Viruses 31
Preventing and Troubleshooting Worms and Trojans 35
Preventing and Troubleshooting Spyware 35
Preventing and Troubleshooting Rootkits 38
Preventing and Troubleshooting Spam 38
You Can't Save Every Computer from Malware! 40
Summary of Malware Prevention Techniques 40
Chapter Summary 41
Chapter Review Activities 42
Review Key Topics 42
Define Key Terms 42
Complete the Real-World Scenarios 43
Review Questions 43
Answers and Explanations 48
Chapter 3 Computer Systems Security Part II 53
Foundation Topics 53
Implementing Security Applications 53
Personal Software Firewalls 53
Host-Based Intrusion Detection Systems 55
Pop-Up Blockers 57
Data Loss Prevention Systems 59
Securing Computer Hardware and Peripherals 59
Securing the BIOS 60
Securing Storage Devices 62
Removable Storage 62
Network Attached Storage 63
Whole Disk Encryption 64
Hardware Security Modules 65
Securing Wireless Peripherals 66
Securing Mobile Devices 66
Malware 67
Botnet Activity 68
SIM Cloning and Carrier Unlocking 68
Wireless Attacks 69
Theft 70
Application Security 71
BYOD Concerns 74
Chapter Summary 78
Chapter Review Activities 79
Review Key Topics 79
Define Key Terms 79
Complete the Real-World Scenarios 80
Review Questions 80
Answers and Explanations 83
Chapter 4 OS Hardening and Virtualization 89
Foundation Topics 89
Hardening Operating Systems 89
Removing Unnecessary Applications and Services 90
Windows Update, Patches, and Hotfixes 97
Patches and Hotfixes 99
Patch Management 101
Group Policies, Security Templates, and Configuration Baselines 102
Hardening File Systems and Hard Drives 105
Virtualization Technology 109
Types of Virtualization and Their Purposes 110
Hypervisor 111
Securing Virtual Machines 113
Chapter Summary 115
Chapter Review Activities 117
Review Key Topics 117
Define Key Terms 118
Complete the Real-World Scenarios 118
Review Questions 118
Answers and Explanations 122
Chapter 5 Application Security 127
Foundation Topics 127
Securing the Browser 127
General Browser Security Procedures 129
Implement Policies 129
Train Your Users 133
Use a Proxy and Content Filter 133
Secure Against Malicious Code 135
Web Browser Concerns and Security Methods 135
Basic Browser Security 135
Cookies 136
LSOs 137
Add-ons 137
Advanced Browser Security 138
Securing Other Applications 140
Secure Programming 144
Software Development Life Cycle 145
Core SDLC and DevOps Principles 146
Programming Testing Methods 149
White-box and Black-box Testing 149
Compile-Time Errors Versus Runtime Errors 150
Input Validation 150
Static and Dynamic Code Analysis 151
Fuzz Testing 152
Programming Vulnerabilities and Attacks 152
Backdoors 153
Memory/Buffer Vulnerabilities 153
Arbitrary Code Execution/Remote Code Execution 155
XSS and XSRF 155
More Code Injection Examples 156
Directory Traversal 158
Zero Day Attack 158
Chapter Summary 160
Chapter Review Activities 161
Review Key Topics 161
Define Key Terms 162
Complete the Real-World Scenarios 162
Review Questions 162
Answers and Explanations 167
Chapter 6 Network Design Elements 173
Foundation Topics 173
Network Design 173
The OSI Model 173
Network Devices 175
Switch 175
Bridge 178
Router 178
Network Address Translation, and Private Versus Public IP 180
Network Zones and Interconnections 182
LAN Versus WAN 182
Internet 183
Demilitarized Zone (DMZ) 183
Intranets and Extranets 184
Network Access Control (NAC) 185
Subnetting 186
Virtual Local Area Network (VLAN) 188
Telephony 190
Modems 190
PBX Equipment 191
VoIP 191
Cloud Security and Server Defense 192
Cloud Computing 192
Cloud Security 195
S…