CompTIA Security+ SY0-701 Cert Guide

Auteur

Lewis Heuermann, CISSP, PMP, is a Navy submarine veteran and seasoned cybersecurity consultant who combines his extensive practical experience with deep academic insight to make cybersecurity accessible to all learners. His diverse background includes roles in systems and network engineering, network defense analysis, and cyber risk management. As a professor, he has developed and taught courses in cybersecurity and data analytics, utilizing tools like Python, SQL, Power BI, and Tableau. Lewis also holds several key IT certifications.

Texte du rabat

CompTIA Security+ SY0-701 Cert Guide from Pearson IT Certification helps you prepare to succeed on the CompTIA Security+ SY0-701 exam by directly addressing the exams objectives as stated by CompTIA. Leading instructor and cybersecurity professional Lewis Heuermann shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

Résumé

Learn, prepare, and practice for CompTIA Security+ SY0-701 exam success with this Cert Guide from Pearson IT Certification, a leader in IT Certification learning.

CompTIA Security+ SY0-701 Cert Guide from Pearson IT Certification helps you prepare to succeed on the CompTIA Security+ SY0-701 exam by directly addressing the exams objectives as stated by CompTIA. Leading instructor and cybersecurity professional Lewis Heuermann shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

• Complete coverage of the exam objectives and a test-preparation routine designed to help you pass the exams
• Do I Know This Already? quizzes, which allow you to decide how much time you need to spend on each section
• Chapter-ending Key Topic tables, which help you drill on key concepts you must know thoroughly
• The powerful Pearson Test Prep Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reports
• An online, interactive Flash Cards application to help you drill on Key Terms by chapter
• A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies
• Study plan suggestions and templates to help you organize and optimize your study time
  Well regarded for its level of detail, study plans, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that ensure your exam success.

This study guide helps you master all the topics on the CompTIA Security+ SY0-701 exam, deepening your knowledge of

• General Security Concepts: Security controls, security concepts, change management process, cryptographic solutions
• Threats, Vulnerabilities, and Mitigations: Threat actors and motivations, attack surfaces, types of vulnerabilities, indicators of malicious activity, mitigation techniques
• Security Architecture: Security implications of architecture models, secure enterprise infrastructure, protect data, resilience and recovery in security architecture
• Security Operations: Security techniques to computing resources, security implications, vulnerability management, monitoring concepts, enterprise capabilities to enhance security, access management, automation related to secure operations, incident response activities
• Security Program Management and Oversight: Security governance, risk management, third-party risk assessment and management, security compliance, audits and assessments, security awareness practices

Contenu

Introduction xxxix
Part I: General Security Concepts
Chapter 1 Comparing and Contrasting the Various Types of Controls 3
Do I Know This Already? Quiz 3
Foundation Topics 6
Control Categories 6
Technical Controls 6
Managerial Controls 6
Operational Controls 6
Physical Controls 7
Summary of Control Categories 7
Control Types 8
Preventive Controls 8
Deterrent Controls 8
Detective Controls 9
Corrective Controls 9
Compensating Controls 9
Directive Controls 10
Summary of Control Types 10
Chapter Review Activities 11
Chapter 2 Summarizing Fundamental Security Concepts 15
Do I Know This Already? Quiz 15
Foundation Topics 19
Confidentiality, Integrity, and Availability (CIA) 19
Non-repudiation 20
Authentication, Authorization, and Accounting (AAA) 21
Gap Analysis 22
Zero Trust 22
Physical Security 24
Bollards/Barricades 24
Access Control Vestibules 26
Fencing 27
Video Surveillance 28
Security Guards 28
Access Badges 29
Lighting 30
Sensors 30
Deception and Disruption Technology 31
Chapter Review Activities 32
Chapter 3 Understanding Change Managements Security Impact 37
Do I Know This Already? Quiz 37
Foundation Topics 41
Business Processes Impacting Security Operations 41
Approval Process 41
Ownership 41
Stakeholders 42
Impact Analysis 42
Test Results 42
Backout Plan 42
Maintenance Window 43
Standard Operating Procedure 43
Technical Implications 43
Allow Lists 44
Block Lists/Deny Lists 44
Restricted Activities 44
Downtime 45
Service Restart 45
Application Restart 46
Legacy Applications 46
Dependencies 46
Documentation 47
Updating Diagrams 47
Updating Policies/Procedures 48
Version Control 48
Chapter Review Activities 49
Chapter 4 Understanding the Importance of Using Appropriate Cryptographic Solutions 53
Do I Know This Already? Quiz 53
Foundation Topics 58
Public Key Infrastructure (PKI) 58
Public Key 58
Private and Public Key 58
Encryption 59
Level 59
Full Disk 59
Partition 60
File 60
Volume 60
Database 60
Record 61
Transport/Communication 61
Encryption at Rest, in Transit/Motion, and in Processing 61
Symmetric Versus Asymmetric Encryption 62
Key Exchange 64
Algorithms 65
Key Length 66
Tools 67
Trusted Platform Module 67
Hardware Security Module 68
Key Management System 68
Secure Enclave 69
Obfuscation 70
Steganography 70
Audio Steganography 71
Video Steganography 71
Image Steganography 72
Tokenization 72
Data Masking 74
Hashing 75
Salting 76
Digital Signatures 76
Key Stretching 77
Blockchain 78
Open Public Ledger 78
Certificates 79
Certificate Authorities 79
Certificate Revocation Lists 81
Online Certificate Status Protocol (OCSP) 82
Self-Signed 83
Certificate-Signing Request 90
Wildcard 90
Chapter Review Activities 90
Part II: Threats, Vulnerabilities, and Mitigations
Chapter 5 Comparing and Contrasting Common Threat Actors and Motivations 95
Do I Know This Already? Quiz 95
Foundation Topics 98
Threat Actors 98
Attributes of Actors 99
Motivations 100
War 101
Chapter Review Activities 102
Chapter 6 Understanding Common Threat Vectors and Attack Surfaces 105
Do I Know This Already? Quiz 105
Foundation Topics 109
Message-Based 109
Email 109
Short Message Service (SMS) 109
Instant Messaging (IM) 110
Spam and Spam over Internet Messaging (SPIM) 110
Image-Based 111
File-Based 111
Voice Call 111
Removable Device 111
Vulnerable Software 112
Unsupported Systems and Applications 112
Unsecure Networks 113
Open Service Ports 114
Default Credentials 115
Supply Chain 116
Human Vectors/Social Engineering 116
Phishing 117
Vishing 120
Smishing 121
Misinformation/Disinformation 121
Impersonation 121
Business Email Compromise (BEC) 122…