Overview

CompTIA Security+ SY0-701 Exam Cram is an all-inclusive study guide designed to help you pass the updated version of the CompTIA Security+ exam. Prepare for test day success with complete coverage of exam objectives and topics, plus hundreds of realistic practice questions. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time assessment and feedback with two complete exams.   Covers the critical information needed to score higher on your Security+ SY0-701 exam!   General security concepts Threats, vulnerabilities, and mitigations Security architecture Security operations Security program management and oversight   Prepare for your exam with Pearson Test Prep   Realistic practice questions and answers Comprehensive reporting and feedback Customized testing in study, practice exam, or flash card modes Complete coverage of CompTIA Security+ SY0-701 exam objectives

Full Product Details

Author:   Robert Shimonski ,  Martin Weiss
Publisher:   Pearson Education (US)
Imprint:   Pearson IT Certification
Edition:   7th edition
Dimensions:   Width: 23.40cm , Height: 3.50cm , Length: 31.30cm
Weight:   1.016kg
ISBN:  

9780138225575

ISBN 10:   0138225575
Pages:   688
Publication Date:   02 September 2024
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Paperback
Publisher's Status:   Active
Availability:   Available To Order  
We have confirmation that this item is in stock with the supplier. It will be ordered in for you and dispatched immediately.

Table of Contents

Introduction. . . . . . . . . . . . . . . . . . . . . . . xxvi Part 1: General Security Concepts 1 CHAPTER 1: Security Controls.. . . . . . . . . . . . . . . . . . . . . . 3                 Nature of Controls.. . . . . . . . . . . . . . . . . . . 3                 Functional Use of Controls.. . . . . . . . . . . . . . . . 4                 What Next?.. . . . . . . . . . . . . . . . . . . . . . 9 CHAPTER 2: Fundamental Security Concepts.. . . . . . . . . . . . . . . . 11                 Confidentiality, Integrity, and Availability (CIA).. . . . . . . . . 12                 Non-Repudiation.. . . . . . . . . . . . . . . . . . . 13                 Authentication, Authorization, and Accounting (AAA).. . . . . . . 13                 Gap Analysis. . . . . . . . . . . . . . . . . . . . . 14                 Zero Trust.. . . . . . . . . . . . . . . . . . . . . . 15                 Physical Security. . . . . . . . . . . . . . . . . . . . 18                 Video Surveillance. . . . . . . . . . . . . . . . . . . 20                 Deception and Disruption Technology. . . . . . . . . . . . 23                 What Next?.. . . . . . . . . . . . . . . . . . . . . 26 CHAPTER 3: Change Management Processes and the Impact to Security.. . . . . 27                 Change Management. . . . . . . . . . . . . . . . . . 28                 Business Processes Impacting Security Operations. . . . . . . . 28                 Technical Implications.. . . . . . . . . . . . . . . . . . 31                 Documentation. . . . . . . . . . . . . . . . . . . . 35                 Version Control.. . . . . . . . . . . . . . . . . . . . 36                 What Next?.. . . . . . . . . . . . . . . . . . . . . 38 CHAPTER 4: Cryptographic Solutions. . . . . . . . . . . . . . . . . . . 39                 Public Key Infrastructure (PKI).. . . . . . . . . . . . . . 40                 Encryption. . . . . . . . . . . . . . . . . . . . . . 43                 Tools.. . . . . . . . . . . . . . . . . . . . . . . . 55                 What Next?.. . . . . . . . . . . . . . . . . . . . . 80 Part 2: Threats, Vulnerabilities, and Mitigations 81 CHAPTER 5: Threat Actors and Motivations.. . . . . . . . . . . . . . . . 83                 Threat Actors.. . . . . . . . . . . . . . . . . . . . . 84                 Motivations.. . . . . . . . . . . . . . . . . . . . . 90                 What Next?.. . . . . . . . . . . . . . . . . . . . . 96 CHAPTER 6: Threat Vectors and Attack Surfaces.. . . . . . . . . . . . 97                 Types of Threat Vectors and Attack Surfaces. . . . . . . . . . 98                 What Next?.. . . . . . . . . . . . . . . . . . . . . 114 CHAPTER 7: Vulnerability Types.. . . . . . . . . . . . . . . . . . .. 115                 Application. . . . . . . . . . . . . . . . . . . . . . 116                 Operating System-Based.. . . . . . . . . . . . . . . . . 118                 Web-Based. . . . . . . . . . . . . . . . . . . . . . 119                 Hardware. . . . . . . . . . . . . . . . . . . . . . 120                 Virtualization.. . . . . . . . . . . . . . . . . . . . . 121                 Cloud-Specific.. . . . . . . . . . . . . . . . . . . . 122                 Supply Chain.. . . . . . . . . . . . . . . . . . . . . 123                 Cryptographic.. . . . . . . . . . . . . . . . . . . . 125                 Misconfiguration. . . . . . . . . . . . . . . . . . . . 126                 Mobile Device.. . . . . . . . . . . . . . . . . . . . 127                 Zero-Day. . . . . . . . . . . . . . . . . . . . . . 127                 What Next?.. . . . . . . . . . . . . . . . . . . . . 130 CHAPTER 8: Malicious Attacks and Indicators.. . . . . . . . .. . . . . 131                 Malware Attacks.. . . . . . . . . . . . . . . . . . . . 132                 Physical Attacks.. . . . . . . . . . . . . . . . . . . . 138                 Network Attacks.. . . . . . . . . . . . . . . . . . . . 139                 Application Attacks.. . . . . . . . . . . . . . . . . . . 148                 Cryptographic Attacks.. . . . . . . . . . . . . . . . . . 153                 Password Attacks. . . . . . . . . . . . . . . . . . . . 154                 Indicators of Malicious Activity. . . . . . . . . . . . . . . 156                 What Next?.. . . . . . . . . . . . . . . . . . . . . 160 CHAPTER 9 Mitigation Techniques for Securing the Enterprise..  . . . . 161                 Segmentation.. . . . . . . . . . . . . . . . . . . . . 162                 Access Control.. . . . . . . . . . . . . . . . . . . . 162                 Application Allow List.. . . . . . . . . . . . . . . . . . 164                 Isolation. . . . . . . . . . . . . . . . . . . . . . . 165                 Patching.. . . . . . . . . . . . . . . . . . . . . . 165                 What Next?.. . . . . . . . . . . . . . . . . . . . . 176 Part 3: Security Architecture 177 CHAPTER 10: Security Implications of Architecture Models. . . . . . . . 179                 Architecture and Infrastructure Concepts. . . . . . . . . . . 180                 Considerations.. . . . . . . . . . . . . . . . . . . . 201                 What Next?.. . . . . . . . . . . . . . . . . . . . . 209 CHAPTER 11: Enterprise Architecture Security Principles.. . .  . . . . . . 211                 Infrastructure Considerations.. . . . . . . . . . . . . . . 212                 Secure Communication/Access.. . . . . . . . . . . . . . . 224                 Selection of Effective Controls.. . . . . . . . . . . . . . . 228                 What Next?.. . . . . . . . . . . . . . . . . . . . . 232 CHAPTER 12: Data Protection Strategies.. . . . . . . . . . . . . . . . . . 233                 Data Types. . . . . . . . . . . . . . . . . . . . . . 234                 Data Classifications.. . . . . . . . . . . . . . . . . . . 237                 General Data Considerations.. . . . . . . . . . . . . . . 238                 Methods to Secure Data. . . . . . . . . . . . . . . . . 240                 What Next?.. . . . . . . . . . . . . . . . . . . . . 246 CHAPTER 13: Resilience and Recovery in Security Architecture.. . . .. . 247                 High Availability.. . . . . . . . . . . . . . . . . . . . 248                 Site Considerations.. . . . . . . . . . . . . . . . . . . 249                 Platform Diversity. . . . . . . . . . . . . . . . . . . 251                 Multicloud Systems.. . . . . . . . . . . . . . . . . . . 252                 Continuity of Operations.. . . . . . . . . . . . . . . . . 252                 Capacity Planning. . . . . . . . . . . . . . . . . . . 253                 Testing.. . . . . . . . . . . . . . . . . . . . . . . 254                 Backups.. . . . . . . . . . . . . . . . . . . . . . . 255                 Power.. . . . . . . . . . . . . . . . . . . . . . . 261                 What Next?.. . . . . . . . . . . . . . . . . . . . . 264 Part 4: Security Operations 265 CHAPTER 14: Securing Resources. . . . . . . . . . . . . . . . . . . . 267                 Secure Baselines.. . . . . . . . . . . . . . . . . . . . 268                 Hardening Targets.. . . . . . . . . . . . . . . . . . . 270                 Wireless Devices. . . . . . . . . . . . . . . . . . . . 278                 Mobile Solutions. . . . . . . . . . . . . . . . . . . . 281                 Wireless Security Settings.. . . . . . . . . . . . . . . . 285                 Application Security.. . . . . . . . . . . . . . . . . . 289                 Sandboxing.. . . . . . . . . . . . . . . . . . . . . 290                 Monitoring.. . . . . . . . . . . . . . . . . . . . . 291                 What Next?.. . . . . . . . . . . . . . . . . . . . . 293 CHAPTER 15: Hardware, Software, and Data Asset Management.. . . . . . . . . 295                 Acquisition/Procurement Process.. . . . . . . . . . . . . . 296                 Assignment/Accounting.. . . . . . . . . . . . . . . . . 297                 Monitoring and Asset Tracking.. . . . . . . . . . . . . . . 299                 Disposal/Decommissioning.. . . . . . . . . . . . . . . . 300                 What Next?.. . . . . . . . . . . . . . . . . . . . . 305 CHAPTER 16: Vulnerability Management.. . . . . . . . . . . . . . . . . . 307                 Identification Methods. . . . . . . . . . . . . . . . . . 308                 Analysis.. . . . . . . . . . . . . . . . . . . . . . . 316                 Vulnerability Response and Remediation.. . . . . . . . . . . 322                 Validation of Remediation.. . . . . . . . . . . . . . . . 325                 Reporting. . . . . . . . . . . . . . . . . . . . . . 326                 What Next?.. . . . . . . . . . . . . . . . . . . . . 328 CHAPTER 17: Security Alerting and Monitoring. . . . . . . . . . . . . . . . 329                 Monitoring Computing Resources.. . . . . . . . . . . . . 330                 Activities.. . . . . . . . . . . . . . . . . . . . . . 332                 Tools.. . . . . . . . . . . . . . . . . . . . . . . . 336                 What Next?.. . . . . . . . . . . . . . . . . . . . . 347 CHAPTER 18: Enterprise Security Capabilities.. . . . . . . . . . . . . . . . 349                 Firewall.. . . . . . . . . . . . . . . . . . . . . . . 350                 IDS/IPS. . . . . . . . . . . . . . . . . . . . . . . 354                 Web Filter.. . . . . . . . . . . . . . . . . . . . . . 357                 Operating System Security.. . . . . . . . . . . . . . . . 361                 Implementation of Secure Protocols.. . . . . . . . . . . . . 363                 DNS Filtering.. . . . . . . . . . . . . . . . . . . . 366                 Email Security.. . . . . . . . . . . . . . . . . . . . 367                 File Integrity Monitoring. . . . . . . . . . . . . . . . . 369                 Data Loss Prevention (DLP).. . . . . . . . . . . . . . . 370                 Network Access Control (NAC).. . . . . . . . . . . . . . 371                 Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)..372                 User Behavior Analytics.. . . . . . . . . . . . . . . . . 373                 What Next?.. . . . . . . . . . . . . . . . . . . . . 375 CHAPTER 19: Identity and Access Management.. . . . . . . . . . . . . . . 377                 Provisioning/De-provisioning User Accounts.. . . . . . . . . . 378                 Permission Assignments and Implications. . . . . . . . . . . 379                 Identity Proofing.. . . . . . . . . . . . . . . . . . . 381                 Federation and Single Sign-On (SSO).. . . . . . . . . . . . 382                 Interoperability. . . . . . . . . . . . . . . . . . . . 385                 Attestation.. . . . . . . . . . . . . . . . . . . . . . 385                 Access Controls.. . . . . . . . . . . . . . . . . . . . 386                 Multifactor Authentication (MFA).. . . . . . . . . . . . . . 388                 Password Concepts.. . . . . . . . . . . . . . . . . . . 395                 Privileged Access Management Tools. . . . . . . . . . . . . 397                 What Next?.. . . . . . . . . . . . . . . . . . . . . 400 CHAPTER 20: Security Automation and Orchestration. . . . . . . . . . . . . 401                 Use Cases of Automation and Scripting.. . . . . . . . . . . . 402                 Benefits.. . . . . . . . . . . . . . . . . . . . . . . 405                 Other Considerations.. . . . . . . . . . . . . . . . . . 406                 What Next?.. . . . . . . . . . . . . . . . . . . . . 408 CHAPTER 21: Incident Response Activities. . . . . . . . . . . . . . . . . 409                 Incident Response Process.. . . . . . . . . . . . . . . . 410                 Training and Testing.. . . . . . . . . . . . . . . . . . 411                 Root Cause Analysis (RCA).. . . . . . . . . . . . . . . . 412                 Threat Hunting.. . . . . . . . . . . . . . . . . . . . 413                 Digital Forensics. . . . . . . . . . . . . . . . . . . . 414                 What Next?.. . . . . . . . . . . . . . . . . . . . . 417 CHAPTER 22: Data Sources for Supporting Investigations. . . . . . . . . . . . 419                 Log Data.. . . . . . . . . . . . . . . . . . . . . . 419                 Data Sources.. . . . . . . . . . . . . . . . . . . . . 421                 What Next?.. . . . . . . . . . . . . . . . . . . . . 423 Part 5: Security Program Management and Oversight 425 CHAPTER 23: Effective Security Governance.. . . . . . . . . . . . . . . . 427                 Governing Framework. . . . . . . . . . . . . . . . . . 428                 Policies.. . . . . . . . . . . . . . . . . . . . . . . 433                 Standards.. . . . . . . . . . . . . . . . . . . . . . 445                 Procedures.. . . . . . . . . . . . . . . . . . . . . . 447                 Guidelines.. . . . . . . . . . . . . . . . . . . . . . 452                 External Considerations. . . . . . . . . . . . . . . . . 453                 Roles and Responsibilities for Systems and Data.. . . . . . . . . 460                 What Next?.. . . . . . . . . . . . . . . . . . . . . 464 CHAPTER 24: Risk Management.. . . . . . . . . . . . . . . . . . . . . 465                 Risk Identification. . . . . . . . . . . . . . . . . . . 466                 Risk Assessment.. . . . . . . . . . . . . . . . . . . . 466                 Risk Analysis. . . . . . . . . . . . . . . . . . . . . 468                 Risk Register.. . . . . . . . . . . . . . . . . . . . . 472                 Risk Appetite and Tolerance.. . . . . . . . . . . . . . . . 474                 Risk Management Strategies. . . . . . . . . . . . . . . . 475                 Risk Reporting.. . . . . . . . . . . . . . . . . . . . 477                 Business Impact Analysis.. . . . . . . . . . . . . . . . . 478                 What Next?.. . . . . . . . . . . . . . . . . . . . . 483 CHAPTER 25: Third-Party Risk Assessment and Management. . . . . . . . . . 485                 Third-Party Risk Management.. . . . . . . . . . . . . . . 486                 What Next?.. . . . . . . . . . . . . . . . . . . . . 494 CHAPTER 26: Security Compliance.. . . . . . . . . . . . . . . . . . . . 495                 Compliance Reporting and Monitoring.. . . . . . . . . . . . 496                 Privacy.. . . . . . . . . . . . . . . . . . . . . . . 501                 What Next?.. . . . . . . . . . . . . . . . . . . . . 507 CHAPTER 27: Security Audits and Assessments.. . . . . . . . . . . . . . . 509                 Audits and Assessments.. . . . . . . . . . . . . . . . . 510                 Penetration Testing.. . . . . . . . . . . . . . . . . . . 513                 What Next?.. . . . . . . . . . . . . . . . . . . . . 523 CHAPTER 28: Security Awareness Practices. . . . . . . . . . . . . . . . . 525                 Security Awareness.. . . . . . . . . . . . . . . . . . . 526                 What Next?.. . . . . . . . . . . . . . . . . . . . . 550 Glossary of Essential Terms.. . . . . . . . . . . . . . . . . 551 Cram Sheet.. . . . . . . . . . . . . . . . . . . . . . . 603   9780138225575, TOC, 7/3/2024

Reviews

Author Information

Robert Shimonski, CASP+, CySA+, PenTest+, Security+, is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his current role, Rob is responsible for bringing operational support and incident response into the future with the help of new technologies such as cloud and artificial intelligence. His current focus is on deploying securely to the cloud (Azure, AWS, and Google), DevOps, DevSecOps, and AIOps. Rob spent many years in the technology “trenches,” handling networking and security architecture, design, engineering, testing, and development efforts for global projects. A go-to person for all things security related, Rob has been a major force in deploying security-related systems for 25+ years. Rob also worked for various companies reviewing and developing security curriculum as well as other security-related books, technical articles, and publications based on technology deployment, testing, hacking, pen testing, and many other aspects of security. Rob holds dozens of technology certifications, including 20+ CompTIA certifications, SANS.org GIAC, GSEC, and GCIH, as well as many vendor-based cloud-specialized certifications from Google, Microsoft Azure, and Amazon AWS. Rob is considered a leading expert in prepping others to achieve certification success.   Marty M. Weiss has spent his career serving in the U.S. Navy and as a civilian helping large organizations with their information security. He has a Bachelor of Science degree in computer studies from the University of Maryland Global Campus and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He also holds several certifications, including CISSP, CISA, and Security+. Having authored numerous acclaimed books on information technology and security, he is now diving into his next endeavor—a seductive romance novel where love and cybersecurity collide in a high-stakes adventure.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions