Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
CompTIA Security+ (Exam SYO-301): Training Kit
Introduction
About the exam
Prerequisites
Performance-based testing
Study tips
System requirements
Hardware requirements for virtualization
Software requirements
Using the companion CD
How to install the practice tests
How to use the practice tests
How to uninstall the practice tests
CompTIA professional certification program
How certification helps your career
It pays to get certified
Four steps to getting certified and staying certified
Stay certified! Take advantage of continuing education
How to obtain more information
Acknowledgments
Support & feedback
Errata
We want to hear from you
Stay in touch
Preparing for the exam
1. Risk management and incident response
CIA and DAD triads
Confidentiality and disclosure
Integrity and alteration
Availability and denial
Risk assessment and mitigation
Likelihood and impact
Qualitative risk assessment
Quantitative risk assessment
Managing risk
Risk avoidance
Risk transference
Risk mitigation
Risk deterrence
Risk acceptance
Security controls
Technical controls
Operational controls
Management controls
Incident response
Incident response team
First responder responsibilities
Staffing the incident response team
Training the incident response team
Incident response life cycle
Preparation
Detection and analysis
Containment, eradication, and recovery
Containment Activities
Eradication and Recovery Activities
Post-incident activity
Incident communications
Collecting evidence
Preserving the chain of custody
Interviewing witnesses
Tracking time and expense
Computer forensics
Order of volatility
Hashing
Imaging systems
Network traffic and logs
Time offsets
Screen shots
Video capture
Chapter summary
Chapter review
Answers
2. Network security technologies
Network security
Humongous Insurance: a modern secure network
Firewalls
Web application firewalls
Routers
Switches
Load balancers
Proxies
VPN concentrators
Network intrusion detection systems (NIDS) and network intrusion prevention systems (NIPS)
Host-based intrusion detection and prevention
False positives
Protocol analyzers
Inspection
Spam filters
Malware inspection
URL filtering
Web security gateways
All-in-one security appliances
Chapter summary
Chapter review
Answers
3. Secure network design and management
Network design and implementation
IP: the Internet Protocol
IPv4
IP addresses
Subnets and CIDR
IPv6
The Internet Protocol suite
Network and application protocols
Ports and protocols
Network design and segmentation
Remote access
Virtual private networks
Remote access services
Telephony and VoIP
Virtualization
Designing secure virtual data centers
Cloud computing
Network administration and management
Access control lists (ACLs)
Firewall rules
Logging
Secure switch and router configuration
VLAN management
Port security
802.1x authentication
Flood guards
Loop protection
Preventing network bridging
Wireless protocols: encryption and authentication
Designing and implementing secure wireless networks
Chapter summary
Chapter review
Answers
4. Operational and environmental security
Security policies
Security policy
Privacy policy
Acceptable use policy
Personnel security best practices
Mandatory vacations and job rotation
Separation of duties
Least privilege
Security awareness and training
Security policy training
Compliance training
User habits
Passwords
Data handling and disposal
Clean desk policy
Tailgating prevention
Personally owned devices
Social networking
P2P computing
Threat awareness
Information classification and labeling
Personally identifying information (PII)
Environmental controls
Heating, ventilation, and air conditioning (HVAC)
Fire suppression
EMI shielding
Environmental and video monitoring
Business continuity planning
Business impact assessment (BIA)
Removing single points of failure
Designing and testing the business continuity plan
Succession planning
Disaster recovery planning
Disaster recovery metrics
Recovery time objective
Recovery point objective
Mean time to restore
Mean time between failures
Backups
Building fault-tolerant environments
Hardware redundancy
Server redundancy
Disk redundancy
Disaster recovery sites
Hot sites
Warm sites
Cold sites
Chapter summary
Chapter review
Answers
5. Threats and attacks
Client-side attacks
Malware
Adware
Spyware
Viruses
Worms
Trojans
Botnets and zombies
Malicious add-ons
Rootkits
Backdoors
Logic bombs
Dealing with APTs
Application attacks
Privilege escalation
Insider threats
Application vulnerabilities
Zero-day attacks
Buffer overflow
Web attacks
Cookies
Header manipulation
Directory traversal
Cross-site scripting
Preventing XSS
Injection and modification attacks
SQL injection
LDAP and XML injection
Command injection
Network attacks
Spoofing
Packet sniffing
Man-in-the-middle
Replay attacks
DNS and ARP poisoning
Denial of service and distributed denial of service attacks
Smurf attacks
Xmas attacks
Wireless attacks
Rogue access points
Bluetooth attacks
War driving
Packet sniffing and wireless networks
Social engineering and phishing
Hoaxes
Phishing
Email attacks
Email attachments
Spam
Chapter summary
Chapter review
Answers
6. Monitoring, detection, and defense
Securing and defending systems
Hardening
Hardening standards
Configuration baselines
Templates
Secure system configuration and management
Updates and patches
Patch management methodologies
Disabling unnecessary services and ports
Host firewalls
Protecting management interfaces and applications
Password protection
Disabling unnecessary accounts
Network device hardening
MAC limiting and filtering
802.1x
Disabling ports
Monitoring and reporting
Continuous security monitoring
System log monitoring
Time stamps and log rotation
Windows vs. Linux logging
Event logs
Audit logs
Success vs. failure
Application logs
Security logs
Access logs
Reporting and monitoring
SEM, SIM, and SIEM devices
Alerts and alarms
Trends and thresholds
Physical security design and concepts
Hardware locks
Proximity readers
Access lists
Fences
Guards
Cameras and video surveillance
Mantraps
Chapter summary
Chapter review
Answers
7. Vulnerability assessment and management
Vulnerabilities and vulnerability assessment
Risk-based vulnerability assessments
Threat assessments
Vulnerability assessments
Assessment techniques
Risk calculations: threat vs. likelihood
Example: Humongous Insurance
Vulnerability scanning
Vulnerability scanning tools
Protocol analyzers and sniffers
Port scanners
Vulnerability scanners
Network vulnerability scanners
Web application vulnerability scanners
Honeypots and honeynets
Darknets
Tarpits
Penetration testing
Types of penetration tests
Black box penetration testing
White box penetration testing
Gray box penetration testing
Conducting a penetration test
Authority, scope, and audience
Penetration test planning and design
Target identification
Methods and tools
Vulnerability testing, validation, and assessment
Reporting
Remediation
Chapter summary
Chapter review
Answers
8. The importance of application security
Fuzzing
Secure coding concepts
Error handling and exception handling
Input validation
Cross-site scripting prevention
Cross-site request forgery (XSRF) prevention
Application configuration baseline (proper settings)
Application hardening
Application patch management
Chapter summary
Chapter review
Answers
9. Establishing host security
Operating system security and settings
Anti-malware
Anti-virus
Anti-spam
Anti-spyware
Pop-up blockers
Host-based firewalls
Patch management
Hardware security
Cable locks
Safe
Locking cabinets
Host software baselining
Mobile devices
Screen lock
Strong password
Device encryption
Remote wipe/sanitization
Voice encryption
GPS tracking
Chapter summary
Chapter review
Answers
10. Understanding data security
Data loss prevention (DLP)
Data encryption
Full-disk encryption
Implementing full-disk encryption
Decommissioning an encrypted device
Decrypting an encrypted device
Recovery options
Full-disk encryption vulnerabilities
Database encryption
Individual file encryption
Removable media
Mobile devices
Hardware-based encryption devices
Trusted Platform Module
Hardware security module
USB encryption
Hard drive encryption
Cloud computing
Chapter summary
Chapter review
Answers
11. Identity and access control
Identification and authentication
Authentication
Authentication and authorization
User accounts
Single-factor vs. multifactor authentication
Biometrics
Common biometric technologies
Biometric system failure modes
Deploying biometric authentication
Tokens
Smart cards
Common Access Cards
Personal Identification Verification cards
Authentication services
RADIUS
TACACS and TACACS+
The Kerberos protocol
LDAP
Active Directory Domain Services
Single sign-on
OpenID
SAML
Access control concepts and models
Trusted operating systems
Least privilege
Separation of duties
Job rotation
Time-of-day restrictions
Mandatory vacation
Access control models
Mandatory access control
Discretionary access control
Role-based access control
Account management
Passwords
Privileges
User-based privilege management
Group-based privilege management
Role-based privilege management
Centralized and decentralized privilege management
User-assigned privileges
Chapter summary
Chapter review
Answers
12. Cryptography
Goals of cryptography
Cryptographic concepts
Symmetric vs. asymmetric cryptography
Computational complexity
Scalability
Stream and block ciphers
One-time pads
Symmetric encryption algorithms
Data Encryption Standard
DES operation
Triple DES (3DES)
Advanced Encryption Standard
Blowfish
Twofish
RC4
Asymmetric encryption algorithms
Rivest, Shamir, and Adelman (RSA)
Pretty Good Privacy (PGP)
Elliptic curve cryptography (ECC)
Digital signatures
Cryptographic hashes
Creating digital signatures
Public-key infrastructure
Digital certificates
Certificate revocation lists
Key recovery and key escrow
Protecting data with encryption
Encrypting data at rest
File encryption
Whole-disk encryption
Encrypting data in motion
SSL and TLS
SSH
IPsec
Authentication
Chapter summary
Chapter review
Answers
A. Glossary
B. About the authors
Index
About the Authors
Copyright
← Prev
Back
Next →
← Prev
Back
Next →