CompTIA Security+ SY0-701 Exam Cram

Auteur

Robert Shimonski, CASP+, CySA+, PenTest+, Security+, is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his current role, Rob is responsible for bringing operational support and incident response into the future with the help of new technologies such as cloud and artificial intelligence. His current focus is on deploying securely to the cloud (Azure, AWS, and Google), DevOps, DevSecOps, and AIOps. Rob spent many years in the technology trenches, handling networking and security architecture, design, engineering, testing, and development efforts for global projects. A go-to person for all things security related, Rob has been a major force in deploying security-related systems for 25+ years. Rob also worked for various companies reviewing and developing security curriculum as well as other security-related books, technical articles, and publications based on technology deployment, testing, hacking, pen testing, and many other aspects of security. Rob holds dozens of technology certifications, including 20+ CompTIA certifications, SANS.org GIAC, GSEC, and GCIH, as well as many vendor-based cloud-specialized certifications from Google, Microsoft Azure, and Amazon AWS. Rob is considered a leading expert in prepping others to achieve certification success.

Marty M. Weiss has spent his career serving in the U.S. Navy and as a civilian helping large organizations with their information security. He has a Bachelor of Science degree in computer studies from the University of Maryland Global Campus and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He also holds several certifications, including CISSP, CISA, and Security+. Having authored numerous acclaimed books on information technology and security, he is now diving into his next endeavora seductive romance novel where love and cybersecurity collide in a high-stakes adventure.

Texte du rabat

CompTIA Security+ SY0-701 Exam Cram is an all-inclusive study guide designed to help you pass the updated version of the CompTIA Security+ exam. Prepare for test day success with complete coverage of exam objectives and topics, plus hundreds of realistic practice questions. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time assessment and feedback with two complete exams.

Covers the critical information needed to score higher on your Security+ SY0-701 exam!

• General security concepts
• Threats, vulnerabilities, and mitigations
• Security architecture
• Security operations
• Security program management and oversight
  

Prepare for your exam with Pearson Test Prep

• Realistic practice questions and answers
• Comprehensive reporting and feedback
• Customized testing in study, practice exam, or flash card modes
• Complete coverage of CompTIA Security+ SY0-701 exam objectives

Contenu

Introduction. . . . . . . . . . . . . . . . . . . . . . . xxvi

Part 1: General Security Concepts 1

CHAPTER 1: Security Controls.. . . . . . . . . . . . . . . . . . . . . . 3

Nature of Controls.. . . . . . . . . . . . . . . . . . . 3

Functional Use of Controls.. . . . . . . . . . . . . . . . 4

What Next?.. . . . . . . . . . . . . . . . . . . . . . 9

CHAPTER 2: Fundamental Security Concepts.. . . . . . . . . . . . . . . . 11

Confidentiality, Integrity, and Availability (CIA).. . . . . . . . . 12

Non-Repudiation.. . . . . . . . . . . . . . . . . . . 13

Authentication, Authorization, and Accounting (AAA).. . . . . . . 13

Gap Analysis. . . . . . . . . . . . . . . . . . . . . 14

Zero Trust.. . . . . . . . . . . . . . . . . . . . . . 15

Physical Security. . . . . . . . . . . . . . . . . . . . 18

Video Surveillance. . . . . . . . . . . . . . . . . . . 20

Deception and Disruption Technology. . . . . . . . . . . . 23

What Next?.. . . . . . . . . . . . . . . . . . . . . 26

CHAPTER 3: Change Management Processes and the Impact to Security.. . . . . 27

Change Management. . . . . . . . . . . . . . . . . . 28

Business Processes Impacting Security Operations. . . . . . . . 28

Technical Implications.. . . . . . . . . . . . . . . . . . 31

Documentation. . . . . . . . . . . . . . . . . . . . 35

Version Control.. . . . . . . . . . . . . . . . . . . . 36

What Next?.. . . . . . . . . . . . . . . . . . . . . 38

CHAPTER 4: Cryptographic Solutions. . . . . . . . . . . . . . . . . . . 39

Public Key Infrastructure (PKI).. . . . . . . . . . . . . . 40

Encryption. . . . . . . . . . . . . . . . . . . . . . 43

Tools.. . . . . . . . . . . . . . . . . . . . . . . . 55

What Next?.. . . . . . . . . . . . . . . . . . . . . 80

Part 2: Threats, Vulnerabilities, and Mitigations 81

CHAPTER 5: Threat Actors and Motivations.. . . . . . . . . . . . . . . . 83

Threat Actors.. . . . . . . . . . . . . . . . . . . . . 84

Motivations.. . . . . . . . . . . . . . . . . . . . . 90

What Next?.. . . . . . . . . . . . . . . . . . . . . 96

CHAPTER 6: Threat Vectors and Attack Surfaces.. . . . . . . . . . . . 97

Types of Threat Vectors and Attack Surfaces. . . . . . . . . . 98

What Next?.. . . . . . . . .…