CONTENTS
Preface
Acknowledgments
Introduction
Objective Map: Exam SY0-501
Part I Threats, Attacks, and Vulnerabilities
Chapter 1 Malware and Indicators of Compromise
Malware
Polymorphic Malware
Viruses
Crypto-malware
Ransomware
Worm
Trojan
Rootkit
Keylogger
Adware
Spyware
Bots
RAT
Logic Bomb
Backdoor
Indicators of Compromise
Chapter Review
Questions
Answers
Chapter 2 Attacks
Social Engineering Methods
Phishing
Spear Phishing
Whaling
Vishing
Tailgating
Impersonation
Dumpster Diving
Shoulder Surfing
Hoax
Watering Hole Attack
Social Engineering Principles
Application/Service Attacks
DoS
DDoS
Man-in-the-Middle
Buffer Overflow
Injection
Cross-Site Scripting
Cross-Site Request Forgery
Privilege Escalation
ARP Poisoning
Amplification
DNS Poisoning
Domain Hijacking
Man-in-the-Browser
Zero Day
Replay
Pass the Hash
Hijacking and Related Attacks
Driver Manipulation
Spoofing
MAC Spoofing
IP Address Spoofing
Wireless Attacks
Replay
IV
Evil Twin
Rogue AP
Jamming
WPS
Bluejacking
Bluesnarfing
RFID
NFC
Disassociation
Cryptographic Attacks
Birthday
Known Plaintext/Ciphertext
Password Attacks
Rainbow Tables
Dictionary
Brute Force
Hybrid Attack
Collision
Downgrade
Replay
Weak Implementations
Chapter Review
Questions
Answers
Chapter 3 Threat Actors
Types of Actors
Script Kiddies
Hacktivists
Organized Crime
Nation States/APT
Insiders
Competitors
Attributes of Actors
Internal/External
Level of Sophistication
Resources/Funding
Intent/Motivation
Use of Open Source Intelligence
Chapter Review
Questions
Answers
Chapter 4 Vulnerability Scanning and Penetration Testing
Penetration Testing Concepts
Active Reconnaissance
Passive Reconnaissance
Pivot
Initial Exploitation
Persistence
Escalation of Privilege
Black Box
White Box
Gray Box
Pen Testing vs. Vulnerability Scanning
Vulnerability Scanning Concepts
Passively Test Security Controls
Identify Vulnerability
Identify Lack of Security Controls
Identify Common Misconfigurations
Intrusive vs. Non-intrusive
Credentialed vs. Non-credentialed
False Positive
Chapter Review
Questions
Answers
Chapter 5 Vulnerabilities and Impacts
Race Conditions
System Vulnerabilities
End-of-Life Systems
Embedded Systems
Lack of Vendor Support
Improper Input Handling
Improper Error Handling
Misconfiguration/Weak Configuration
Default Configuration
Resource Exhaustion
Untrained Users
Improperly Configured Accounts
Vulnerable Business Processes
Weak Cipher Suites and Implementations
Memory/Buffer Vulnerability
Memory Leak
Integer Overflow
Buffer Overflow
Pointer Dereference
DLL Injection
System Sprawl/Undocumented Assets
Architecture/Design Weaknesses
New Threats/Zero Day
Improper Certificate and Key Management
Chapter Review
Questions
Answers
Part II Technologies and Tools
Chapter 6 Network Components
Firewall
How Do Firewalls Work?
Firewall Rules
ACL
Application-Based vs. Network-Based
Stateful vs. Stateless
Implicit Deny
Secure Network Administration Principles
Rule-Based Management
VPN Concentrator
Remote Access vs. Site-to-Site
IPSec
Split Tunnel vs. Full Tunnel
TLS
Always-on VPN
NIPS/NIDS
Signature-Based
Heuristic/Behavioral
Anomaly
Inline vs. Passive
In-Band vs. Out-of-Band
Rules
Analytics
Router
ACLs
Antispoofing
Switch
Port Security
Layer 2 vs. Layer 3
Loop Prevention
Flood Guard
Proxy
Forward and Reverse Proxy
Transparent
Application/Multipurpose
Load Balancer
Scheduling
Active-Passive
Active-Active
Virtual IPs
Access Point
SSID
MAC Filtering
Signal Strength
Band Selection/Width
Antenna Types and Placement
Fat vs. Thin
Controller-Based vs. Standalone
SIEM
Aggregation
Correlation
Automated Alerting and Triggers
Time Synchronization
Event Deduplication
Logs/WORM
DLP
USB Blocking
Cloud-Based
E-mail
NAC
Dissolvable vs. Permanent
Host Health Checks
Agent vs. Agentless
Mail Gateway
Spam Filter
DLP
Encryption
Bridge
SSL/TLS Accelerators
SSL Decryptors
Media Gateway
Hardware Security Module
Chapter Review
Questions
Answers
Chapter 7 Security Tools and Technologies
Protocol Analyzer
Switched Port Analyzer
Network Scanners
Rogue System Detection
Network Mapping
Wireless Scanners/Cracker
Password Cracker
Vulnerability Scanner
Configuration Compliance Scanner
Exploitation Frameworks
Data Sanitization Tools
Steganography Tools
Honeypot
Backup Utilities
Banner Grabbing
Passive vs. Active
Command-Line Tools
ping
netstat
tracert
nslookup/dig
arp
ipconfig/ip/ifconfig
tcpdump
nmap
netcat
Security Technologies
HIDS/HIPS
Antivirus
File Integrity Check
Host-Based Firewall
Application Whitelisting
Removable Media Control
Advanced Malware Tools
Patch Management Tools
UTM
DLP
Data Execution Prevention
Web Application Firewall
Chapter Review
Questions
Answers
Chapter 8 Troubleshooting Common Security Issues
Unencrypted Credentials/Clear Text
Logs and Events Anomalies
Permission Issues
Access Violations
Certificate Issues
Data Exfiltration
Misconfigured Devices
Firewall
Content Filter
Access Points
Weak Security Configurations
Personnel Issues
Policy Violation
Insider Threat
Social Engineering
Social Media
Personal E-mail
Unauthorized Software
Baseline Deviation
License Compliance Violation (Availability/Integrity)
Asset Management
Authentication Issues
Chapter Review
Questions
Answers
Chapter 9 Mobile Devices
Connection Methods
Cellular
Wi-Fi
SATCOM
Bluetooth
NFC
ANT
Infrared
USB
Mobile Device Management Concepts
Application Management
Content Management
Remote Wipe
Geofencing
Geolocation
Screen Locks
Push Notification Services
Passwords and Pins
Biometrics
Context-Aware Authentication
Containerization
Storage Segmentation
Full Device Encryption
Enforcement and Monitoring
Third-Party App Stores
Rooting/Jailbreaking
Sideloading
Custom Firmware
Carrier Unlocking
Firmware OTA Updates
Camera Use
SMS/MMS
External Media
USB OTG
Recording Microphone
GPS Tagging
Wi-Fi Direct/Ad Hoc
Tethering
Payment Methods
Deployment Models
BYOD
CYOD
COPE
Corporate-Owned
VDI
Chapter Review
Questions
Answers
Chapter 10 Implementing Secure Protocols
Secure Protocols
DNSSEC
SSH
S/MIME
SRTP
LDAPS
FTPS
SFTP
SNMPv3
SSL/TLS
HTTPS
Secure POP/IMAP
Use Cases
Voice and Video
Time Synchronization
E-mail and Web
File Transfer
Directory Services
Remote Access
Domain Name Resolution
Routing and Switching
Network Address Allocation
Subscription Services
Chapter Review
Questions
Answers
Part III Architecture and Design
Chapter 11 Architecture Frameworks and Secure Network Architectures
Industry-Standard Frameworks and Reference Architectures
Regulatory
Non-regulatory
National vs. International
Industry-Specific Frameworks
Benchmarks/Secure Configuration Guides
Platform/Vendor-Specific Guides
General Purpose Guides
Defense-in-Depth/Layered Security
Vendor Diversity
Control Diversity
User Training
Zones/Topologies
DMZ
Extranet
Intranet
Wireless
Guest
Honeynets
NAT
Ad Hoc
Segregation/Segmentation/Isolation
Physical
Logical (VLAN)
Virtualization
Air Gaps
Tunneling/VPN
Site-to-Site
Remote Access
Security Device/Technology Placement
Sensors
Collectors
Correlation Engines
Filters
Proxies
Firewalls
VPN Concentrators
SSL Accelerators
Load Balancers
DDoS Mitigator
Aggregation Switches
Taps and Port Mirror
SDN
Chapter Review
Questions
Answers
Chapter 12 Secure Systems Design and Deployment
Hardware/Firmware Security
FDE/SED
TPM
HSM
UEFI/BIOS
Secure Boot and Attestation
Supply Chain
Hardware Root of Trust
EMI/EMP
Operating Systems
Types
Patch Management
Disabling Unnecessary Ports and Services
Least Functionality
Secure Configurations
Trusted Operating System
Application Whitelisting/Blacklisting
Disable Default Accounts/Passwords
Peripherals
Wireless Keyboards
Wireless Mice
Displays
Wi-Fi-Enabled MicroSD Cards
Printers/MFDs
External Storage Devices
Digital Cameras
Sandboxing
Environment
Development
Test
Staging
Production
Secure Baseline
Integrity Measurement
Chapter Review
Questions
Answers
Chapter 13 Embedded Systems
SCADA/ICS
Smart Devices/IoT
Wearable Technology
Home Automation
HVAC
SoC
RTOS
Printers/MFDs
Camera Systems
Special Purpose
Medical Devices
Vehicles
Aircraft/UAV
Chapter Review
Questions
Answers
Chapter 14 Application Development and Deployment
Development Lifecycle Models
Waterfall vs. Agile
Secure DevOps
Security Automation
Continuous Integration
Baselining
Immutable Systems
Infrastructure as Code
Version Control and Change Management
Provisioning and Deprovisioning
Secure Coding Techniques
Proper Error Handling
Proper Input Validation
Normalization
Stored Procedures
Code Signing
Encryption
Obfuscation/Camouflage
Code Reuse/Dead Code
Server-Side vs. Client-Side Execution and Validation
Memory Management
Use of Third-Party Libraries and SDKs
Data Exposure
Code Quality and Testing
Static Code Analyzers
Dynamic Analysis (e.g., Fuzzing)
Stress Testing
Sandboxing
Model Verification
Compiled vs. Runtime Code
Chapter Review
Questions
Answers
Chapter 15 Cloud and Virtualization
Hypervisor
Type I
Type II
Application Cells/Containers
VM Sprawl Avoidance
VM Escape Protection
Cloud Storage
Cloud Deployment Models
SaaS
PaaS
IaaS
Private
Public
Hybrid
Community
On-Premise vs. Hosted vs. Cloud
VDI/VDE
Cloud Access Security Broker
Security as a Service
Chapter Review
Questions
Answers
Chapter 16 Resiliency and Automation Strategies
Automation/Scripting
Automated Courses of Action
Continuous Monitoring
Configuration Validation
Templates
Master Image
Non-persistence
Snapshots
Revert to Known State
Rollback to Known Configuration
Live Boot Media
Elasticity
Scalability
Distributive Allocation
Redundancy
Fault Tolerance
High Availability
RAID
Chapter Review
Questions
Answers
Chapter 17 Physical Security Controls
Lighting
Signs
Fencing/Gate/Cage
Security Guards
Alarms
Safe
Secure Cabinets/Enclosures
Protected Distribution/Protected Cabling
Airgap
Mantrap
Faraday Cages
Lock Types
Biometrics
Barricades/Bollards
Tokens/Cards
Environmental Controls
HVAC
Hot and Cold Aisles
Fire Suppression
Cable Locks
Screen Filters
Cameras
Motion Detection
Logs
Infrared Detection
Key Management
Chapter Review
Questions
Answers
Part IV Identity and Access Management
Chapter 18 Identity, Access, and Accounts
Identification, Authentication, Authorization, and Accounting (AAA)
Multifactor Authentication
Something You Are
Something You Have
Something You Know
Something You Do
Somewhere You Are
Federation
Single Sign-on
Transitive Trust
Account Types
User Account
Shared and Generic Accounts/Credentials
Guest Accounts
Service Accounts
Privileged Accounts
General Concepts
Least Privilege
Onboarding/Offboarding
Permission Auditing and Review
Usage Auditing and Review
Time-of-Day Restrictions
Recertification
Standard Naming Convention
Account Maintenance
Group-Based Access Control
Location-Based Policies
Account Policy Enforcement
Credential Management
Group Policy
Password Complexity
Expiration
Recovery
Disablement
Lockout
Password History
Password Reuse
Password Length
Chapter Review
Questions
Answers
Chapter 19 Identity and Access Services
LDAP
Kerberos
TACACS+
TACACS+ Authentication
TACACS+ Authorization
TACACS+ Accounting
CHAP
PAP
MSCHAP
RADIUS
SAML
OpenID Connect
OAUTH
Shibboleth
Secure Token
NTLM
Chapter Review
Questions
Answers
Chapter 20 Identity and Access Management Controls
Access Control Models
MAC
DAC
ABAC
Role-Based Access Control
Rule-Based Access Control
Physical Access Control
Proximity Cards
Smart Cards
Biometric Factors
Fingerprint Scanner
Retinal Scanner
Iris Scanner
Voice Recognition
Facial Recognition
False Positives and False Negatives
False Acceptance Rate
False Rejection Rate
Crossover Error Rate
Biometrics Calculation Example
Tokens
Hardware
Software
HOTP/TOTP
Certificate-Based Authentication
PIV/CAC/Smart Card
IEEE 802.1x
File System Security
Database Security
Chapter Review
Questions
Answers
Part V Risk Management
Chapter 21 Policies, Plans, and Procedures
Standard Operating Procedure
Agreement Types
BPA
SLA
ISA
MOU/MOA
Personnel Management
Mandatory Vacations
Job Rotation
Separation of Duties
Clean Desk
Background Checks
Exit Interviews
Role-Based Awareness Training
NDA
Onboarding
Continuing Education
Acceptable Use Policy/Rules of Behavior
Adverse Actions
General Security Policies
Social Media Networks/Applications
Personal E-mail
Chapter Review
Questions
Answers
Chapter 22 Risk Management and Business Impact Analysis
Business Impact Analysis Concepts
RTO/RPO
MTBF
MTTR
Mission-Essential Functions
Identification of Critical Systems
Single Point of Failure
Impact
Privacy Impact Assessment
Privacy Threshold Assessment
Risk Management Concepts
Threat Assessment
Risk Assessment
Change Management
Security Controls
Deterrent
Preventive
Detective
Corrective
Compensating
Technical
Administrative
Physical
Chapter Review
Questions
Answers
Chapter 23 Incident Response, Disaster Recovery, and Continuity of Operations
Incident Response Plan
Documented Incident Types/Category Definitions
Roles and Responsibilities
Reporting Requirements/Escalation
Cyber-Incident Response Teams
Exercise
Incident Response Process
Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned
Disaster Recovery
Recovery Sites
Hot Sites
Warm Sites
Cold Sites
Order of Restoration
Backup Concepts
Differential
Incremental
Snapshots
Full
Geographic Considerations
Off-Site Backups
Distance
Location Selection
Legal Implications
Data Sovereignty
Continuity of Operation Planning
Exercises/Tabletop
After-Action Reports
Failover
Alternate Processing Sites
Alternate Business Practices
Chapter Review
Questions
Answers
Chapter 24 Digital Forensics
Order of Volatility
Chain of Custody
Legal Hold
Data Acquisition
Standards for Evidence
Types of Evidence
Three Rules Regarding Evidence
Capture System Image
Network Traffic and Logs
Capture Video
Record Time Offset
Take Hashes
Screenshots
Witness Interviews
Preservation
Recovery
Strategic Intelligence/Counterintelligence Gathering
Active Logging
Track Man-Hours
Chapter Review
Questions
Answers
Chapter 25 Data Security and Privacy Practices
Data Destruction and Media Sanitization
Burning
Shredding
Pulping
Pulverizing
Degaussing
Purging
Wiping
Data Sensitivity Labeling and Handling
Confidential
Private
Public
Proprietary
PII
PHI
Data Roles
Owner
Steward/Custodian
Privacy Officer
Data Retention
Legal and Compliance
Chapter Review
Questions
Answers
Part VI Cryptography and Public Key Infrastructure
Chapter 26 Cryptographic Concepts
General Cryptographic Concepts
Fundamental Methods
Symmetric Algorithms
Modes of Operation
Asymmetric Algorithms
Symmetric vs. Asymmetric
Hashing
Salt, IV, Nonce
Elliptic Curve
Weak/Deprecated Algorithms
Key Exchange
Cryptographic Objectives
Digital Signatures
Diffusion
Confusion
Collision
Steganography
Obfuscation
Stream vs. Block
Key Strength
Session Keys
Ephemeral Key
Secret Algorithm
Data-in-Transit
Data-at-Rest
Data-in-Use
Random/Pseudo-Random Number Generation
Key Stretching
Implementation vs. Algorithm Selection
Perfect Forward Secrecy
Security Through Obscurity
Common Use Cases
Chapter Review
Questions
Answers
Chapter 27 Cryptographic Algorithms
Symmetric Algorithms
DES
3DES
AES
RC4
Blowfish/Twofish
Cipher Modes
CBC
GCM
ECB
CTM/CTR
Stream vs. Block
Asymmetric Algorithms
RSA
DSA
Diffie-Hellman
Elliptic Curve
PGP/GPG
Hashing Algorithms
MD5
SHA
HMAC
RIPEMD
Key Stretching Algorithms
BCRYPT
PBKDF2
Obfuscation
XOR
ROT13
Substitution Ciphers
Chapter Review
Questions
Answers
Chapter 28 Wireless Security
Cryptographic Protocols
WEP
WPA
WPA2
CCMP
TKIP
Authentication Protocols
EAP
PEAP
EAP-FAST
EAP-TLS
EAP-TTLS
IEEE 802.1X
RADIUS Federation
Methods
PSK vs. Enterprise vs. Open
WPS
Setting Up WPA2
Captive Portals
Chapter Review
Questions
Answers
Chapter 29 Public Key Infrastructure
PKI Components
Certificate Authority
Intermediate CA
Revocation
Suspension
CSR
Certificate
Public Key
Private Key
Object Identifiers
PKI Concepts
Online vs. Offline CA
Stapling
Pinning
Trust Model
Key Escrow
Certificate Chaining
Types of Certificates
Wildcard
SAN
Code Signing
Self-Signed
Machine/Computer
E-mail
User
Root
Domain Validation
Extended Validation
Certificate Formats
DER
PEM
CER
KEY
PFX
P12
P7B
Chapter Review
Questions
Answers
Part VII Appendixes and Glossary
Appendix A OSI Model and Internet Protocols
Networking Frameworks and Protocols
OSI Model
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Internet Protocols
TCP
UDP
IP
Message Encapsulation
Review
Appendix B About the Download
System Requirements
Installing and Running Total Tester
About Total Tester
Technical Support
Glossary
Index