Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Dedication
Acknowledgments
About the Author
Table of Contents
Introduction
Who This Book Is For
About This Book
Appendixes
How to Use This Book
Conventions
Remember This
Vendor Neutral
Free Online Resources
Additional Web Resources
Assumptions
Set a Goal
About the Exam
Passing Score
Exam Prerequisites
Beta Questions
Exam Format
Question Types
Multiple Choice
Performance-Based Questions
Question Complexity
Practice Test Questions Strategy
Exam Test Provider
Voucher Code for 10 Percent Off
Exam Domains
Objective to Chapter Map
1.0 Threats, Attacks and Vulnerabilities
2.0 Architecture and Design
3.0 Implementation
4.0 Operations and Incident Response
5.0 Governance, Risk, and Compliance
Recertification Requirements
601 Pre-Assessment Exam
Pre-Assessment Exam Answers
Chapter 1 Mastering Security Basics
Understanding Core Security Goals
What Is a Use Case?
Ensure Confidentiality
Encryption
Access Controls
Provide Integrity
Increase Availability
Redundancy and Fault Tolerance
Scalability and Elasticity
Patching
Understanding Resiliency
Resource Versus Security Constraints
Introducing Basic Risk Concepts
Understanding Security Controls
Managerial Controls
Operational Controls
Technical Controls
Control Types
Preventive Controls
Detective Controls
Corrective and Recovery Controls
Physical Controls
Deterrent Controls
Compensating Controls
Response Controls
Combining Control Categories and Types
Using Command-Line Tools
Network Reconnaissance and Discovery
Ping
Using Ping to Check Name Resolution
Beware of Firewalls
Using Ping to Assess Organizational Security
hping
Ipconfig and ifconfig
Netstat
Tracert and traceroute
Pathping
Arp
Linux and LAMP
cat Command
grep Command
head Command
tail Command
logger Command
journalctl Command
chmod Command
Understanding Logs
Windows Logs
Network Logs
Centralized Logging Methods
SIEM Systems
Syslog
Linux Logs
Chapter 1 Exam Topic Review
Chapter 1 Practice Questions
Chapter 1 Practice Question Answers
Chapter 2 Understanding Identity and Access Management
Exploring Authentication Management
Comparing Identification and AAA
Comparing Authentication Factors
Something You Know
Something You Have
Something You Are
Two-Factor and Multifactor Authentication
Authentication Attributes
Authentication Log Files
Managing Accounts
Credential Policies and Account Types
Privileged Access Management
Require Administrators to Use Two Accounts
Prohibiting Shared and Generic Accounts
Disablement Policies
Time-Based Logins
Account Audits
Comparing Authentication Services
Single Sign-On
Kerberos
SSO and a Federation
SAML
SAML and Authorization
OAuth
OpenID and OpenID Connection
Comparing Access Control Schemes
Role-Based Access Control
Using Roles Based on Jobs and Functions
Documenting Roles with a Matrix
Establishing Access with Group-Based Privileges
Rule-Based Access Control
Discretionary Access Control
Filesystem Permissions
SIDs and DACLs
The Owner Establishes Access
Mandatory Access Control
Labels and Lattice
Establishing Access
Attribute-Based Access Control
Conditional Access
Chapter 2 Exam Topic Review
Chapter 2 Practice Questions
Chapter 2 Practice Question Answers
Chapter 3 Exploring Network Technologies and Tools
Reviewing Basic Networking Concepts
Basic Networking Protocols
Implementing Protocols for Use Cases
Voice and Video Use Case
File Transfer Use Case
Email and Web Use Cases
Directory Services and LDAPS
Remote Access Use Case
OpenSSH
Time Synchronization Use Case
Network Address Allocation Use Case
Domain Name Resolution Use Case
Subscription Services Use Case
Quality of Service
Understanding Basic Network Devices
Switches
Security Benefit of a Switch
Port Security
Broadcast Storm and Loop Prevention
Bridge Protocol Data Unit Guard
Routers
Routers and ACLs
Deny Implicit Deny
The Route Command and Route Security
Firewalls
Host-Based Firewalls
Software Versus Hardware Firewalls
Stateless Firewall Rules
Stateful Versus Stateless
Web Application Firewall
Next-Generation Firewall
Implementing Network Designs
Intranet Versus Extranet
Screened Subnet
Network Address Translation Gateway
Physical Isolation and Air Gaps
Logical Separation and Segmentation
Isolating Traffic with a VLAN
East-West Traffic
Zero Trust
Network Appliances
Proxy Servers
Caching Content for Performance
Transparent Proxy Versus Non-transparent Proxy
Reverse Proxy
Unified Threat Management
Jump Server
Security Implications of IPv6
Summarizing Routing and Switching Use Cases
Chapter 3 Exam Topic Review
Chapter 3 Practice Questions
Chapter 3 Practice Question Answers
Chapter 4 Securing Your Network
Exploring Advanced Security Devices
Understanding IDSs and IPSs
HIDS
NIDS
Sensor and Collector Placement
Detection Methods
Data Sources and Trends
Reporting Based on Rules
False Positives Versus False Negatives
IPS Versus IDS—Inline Versus Passive
Honeypots
Honeynets
Honeyfile
Fake Telemetry
Securing Wireless Networks
Reviewing Wireless Basics
Band Selection and Channel Overlaps
Access Point SSID
Enable MAC Filtering
Site Surveys and Footprinting
Wireless Access Point Placement
Wireless Cryptographic Protocols
WPA2 and CCMP
Open, PSK, and Enterprise Modes
WPA3 and Simultaneous Authentication of Equals
Authentication Protocols
IEEE 802.1X Security
Controller and Access Point Security
Captive Portals
Understanding Wireless Attacks
Disassociation Attacks
Wi-Fi Protected Setup
Rogue Access Point
Evil Twin
Jamming Attacks
IV Attacks
Near Field Communication Attacks
RFID Attacks
Bluetooth Attacks
Wireless Replay Attacks
War Driving and War Flying
Using VPNs for Remote Access
VPNs and VPN Appliances
Remote Access VPN
IPsec as a Tunneling Protocol
SSL/TLS as a Tunneling Protocol
Split Tunnel Versus Full Tunnel
Site-to-Site VPNs
Always-On VPN
L2TP as a Tunneling Protocol
HTML5 VPN Portal
Network Access Control
Host Health Checks
Agent Versus Agentless NAC
Authentication and Authorization Methods
PAP
CHAP
RADIUS
TACACS+
AAA Protocols
Chapter 4 Exam Topic Review
Chapter 4 Practice Questions
Chapter 4 Practice Question Answers
Chapter 5 Securing Hosts and Data
Summarize Virtualization Concepts
Thin Clients and Virtual Desktop Infrastructure
Containers
VM Escape Protection
VM Sprawl Avoidance
Replication
Snapshots
Non-Persistence
Implementing Secure Systems
Endpoint Security
Hardening Systems
Configuration Management
Secure Baseline and Integrity Measurements
Using Master Images for Baseline Configurations
Patch Management
Change Management Policy
Application Approved Lists and Block Lists
Application Programming Interfaces
Microservices and APIs
FDE and SED
Boot Integrity
Boot Security and UEFI
Trusted Platform Module
Hardware Security Module
Protecting Data
Data Loss Prevention
Rights Management
Removable Media
Data Exfiltration
Protecting Confidentiality with Encryption
Database Security
Summarizing Cloud Concepts
Software as a Service
Platform as a Service
Infrastructure as a Service
Anything as a Service
Cloud Deployment Models
Managed Security Service Provider
Cloud Service Provider Responsibilities
Cloud Security Controls
On-Premises Versus Off-Premises
On-Premises
Off-Premises
Cloud Access Security Broker
Cloud-Based DLP
Next-Generation Secure Web Gateway
Firewall Considerations
Infrastructure as Code
Edge and Fog Computing
Cloud Security Alliance
Deploying Mobile Devices Securely
Deployment Models
Connection Methods and Receivers
Mobile Device Management
Mobile Device Enforcement and Monitoring
Unauthorized Software
Messaging Services
Hardware Control
Unauthorized Connections
SEAndroid
Exploring Embedded Systems
Understanding Internet of Things
ICS and SCADA Systems
IoT and Embedded Systems
Security Implications of Embedded Systems
Embedded System Constraints
Communication Considerations
Chapter 5 Exam Topic Review
Chapter 5 Practice Questions
Chapter 5 Practice Question Answers
Chapter 6 Comparing Threats, Vulnerabilities, and Common Attacks
Understanding Threat Actors
Attack Vectors
Shadow IT
Determining Malware Types
Viruses
Worms
Logic Bombs
Backdoors
Trojans
Remote Access Trojan
Keyloggers
Spyware
Rootkit
Bots and Botnets
Command and Control
Ransomware and Cryptomalware
Potentially Unwanted Programs
Fileless Virus
Potential Indicators of a Malware Attack
Recognizing Common Attacks
Social Engineering
Impersonation
Shoulder Surfing
Tricking Users with Hoaxes
Tailgating and Access Control Vestibules
Dumpster Diving
Zero-Day Vulnerabilities
Watering Hole Attacks
Typo Squatting
Eliciting Information
Pretexting and Prepending
Identity Theft and Identity Fraud
Invoice Scams
Credential Harvesting
Reconnaissance
Influence Campaigns
Attacks via Email and Phone
Spam
Spam over Internet Messaging
Phishing
Spear Phishing
Whaling
Vishing
Smishing
One Click Lets Them In
Blocking Malware and Other Attacks
Spam Filters
Antivirus and Anti-Malware Software
Signature-Based Detection
Heuristic-Based Detection
File Integrity Monitors
Cuckoo Sandbox
Why Social Engineering Works
Authority
Intimidation
Consensus
Scarcity
Urgency
Familiarity
Trust
Threat Intelligence Sources
Research Sources
Chapter 6 Exam Topic Review
Chapter 6 Practice Questions
Chapter 6 Practice Question Answers
Chapter 7 Protecting Against Advanced Attacks
Understanding Attack Frameworks
Cyber Kill Chain
Diamond Model of Intrusion Analysis
MITRE ATT&CK
Identifying Network Attacks
DoS Versus DDoS
SYN Flood Attacks
Spoofing
On-Path Attacks
Secure Sockets Layer Stripping
Layer 2 Attacks
ARP Poisoning Attacks
MAC Flooding
MAC Cloning
DNS Attacks
DNS Poisoning Attacks
Pharming Attack
URL Redirection
Domain Hijacking
Domain Reputation
DNS Sinkhole
DNS Log Files
Replay Attacks and Session Replays
Summarizing Secure Coding Concepts
OWASP
Code Reuse and Dead Code
Third-Party Libraries and SDKs
Input Validation
Client-Side and Server-Side Input Validation
Other Input Validation Techniques
Avoiding Race Conditions
Proper Error Handling
Code Obfuscation and Camouflage
Software Diversity
Outsourced Code Development
Data Exposure
HTTP Headers
Secure Cookie
Code Signing
Analyzing and Reviewing Code
Software Version Control
Secure Development Environment
Database Concepts
Normalization
SQL Queries
Provisioning and Deprovisioning
Integrity Measurement
Web Server Logs
Using Scripting for Automation
Identifying Malicious Code and Scripts
PowerShell
Bash
Python
Macros
Visual Basic for Applications (VBA)
OpenSSL
SSH
Identifying Application Attacks
Zero-Day Attacks
Memory Vulnerabilities
Memory Leak
Buffer Overflows and Buffer Overflow Attacks
Integer Overflow
Pointer/Object Dereference
Other Injection Attacks
Dynamic Link Library Injection
Lightweight Directory Access Protocol Injection
Extensible Markup Language Injection
Directory Traversal
Cross-Site Scripting
Cross-Site Request Forgery
Server-Side Request Forgeries
Client-Side Request Forgeries
Driver Manipulation
Artificial Intelligence and Machine Learning
AI and ML in Cybersecurity
Adversarial Artificial Intelligence
Tainted Data for Machine Learning
Security of Machine Learning Algorithms
Chapter 7 Exam Topic Review
Chapter 7 Practice Questions
Chapter 7 Practice Question Answers
Chapter 8 Using Risk Management Tools
Understanding Risk Management
Threats
Risk Types
Vulnerabilities
Risk Management Strategies
Risk Assessment Types
Risk Analysis
Supply Chain Risks
Threat Hunting
Comparing Scanning and Testing Tools
Checking for Vulnerabilities
Password Crackers
Network Scanners
Vulnerability Scanning
Credentialed Versus Non-Credentialed
Configuration Review
Penetration Testing
Rules of Engagement
Reconnaissance
Footprinting Versus Fingerprinting
Initial Exploitation
Persistence
Lateral Movement
Privilege Escalation
Pivoting
Known, Unknown, and Partially Known Testing Environments
Cleanup
Bug Bounty Programs
Intrusive Versus Non-Intrusive Testing
Exercise Types
Capturing Network Traffic
Packet Capture and Replay
Tcpreplay and Tcpdump
NetFlow, sFlow, and IPFIX
Understanding Frameworks and Standards
Key Frameworks
Risk Management Framework
Reference Architecture
Exploitation Frameworks
Benchmarks and Configuration Guides
Chapter 8 Exam Topic Review
Chapter 8 Practice Questions
Chapter 8 Practice Question Answers
Chapter 9 Implementing Controls to Protect Assets
Comparing Physical Security Controls
Securing Door Access with Cards
Comparing Locks
Physical Locks
Physical Cipher Locks
Biometric Locks
Cable Locks
Increasing Security with Personnel
Monitoring Areas with Cameras
Sensors
Fencing, Lighting, and Alarms
Securing Access with Barricades
Using Signage
Drones
Asset Management
Implementing Diversity
Creating Secure Areas
Air Gap
Vaults
Faraday Cage
Safes
Hot and Cold Aisles
Physical Attacks
Malicious Universal Serial Bus (USB) Cable
Malicious Flash Drive
Card Skimming and Card Cloning
Fire Suppression
Protected Cable Distribution
Adding Redundancy and Fault Tolerance
Single Point of Failure
Disk Redundancies
RAID-0
RAID-1
RAID-5 and RAID-6
RAID-10
Disk Multipath
Server Redundancy and High Availability
Active/Active Load Balancers
Active/Passive Load Balancers
NIC Teaming
Power Redundancies
Protecting Data with Backups
Backup Media
Online Versus Offline Backups
Comparing Backup Types
Full Backups
Restoring a Full Backup
Differential Backups
Order of Restoration for a Full/Differential Backup Set
Incremental Backups
Order of Restoration for a Full/Incremental Backup Set
Choosing Full/Incremental or Full/Differential
Snapshot and Image Backups
Copy Backup
Testing Backups
Backups and Geographic Considerations
Comparing Business Continuity Elements
Business Impact Analysis Concepts
Site Risk Assessment
Impact
Recovery Time Objective
Recovery Point Objective
Comparing MTBF and MTTR
Continuity of Operations Planning
Site Resiliency
Restoration Order
Disaster Recovery
Testing Plans with Exercises
Chapter 9 Exam Topic Review
Chapter 9 Practice Questions
Chapter 9 Practice Question Answers
Chapter 10 Understanding Cryptography and PKI
Introducing Cryptography Concepts
Providing Integrity with Hashing
Hash Versus Checksum
MD5
Secure Hash Algorithms
HMAC
Hashing Files
Hashing Messages
Using HMAC
Hashing Passwords
Understanding Hash Collisions
Understanding Password Attacks
Dictionary Attacks
Brute Force Attacks
Spraying Attacks
Pass the Hash Attacks
Birthday Attacks
Rainbow Table Attacks
Salting Passwords
Key Stretching
Providing Confidentiality with Encryption
Symmetric Encryption
Block Versus Stream Ciphers
Common Symmetric Algorithms
AES
3DES
Blowfish and Twofish
Asymmetric Encryption
Key Exchange
The Rayburn Box
Certificates
Ephemeral Keys
Elliptic Curve Cryptography
Quantum Computing
Quantum Cryptography
Post-Quantum Cryptography
Lightweight Cryptography
Homomorphic Encryption
Key Length
Modes of Operation
Steganography
Audio Steganography
Image Steganography
Video Steganography
Using Cryptographic Protocols
Protecting Email
Signing Email with Digital Signatures
Encrypting Email
S/MIME
HTTPS Transport Encryption
TLS Versus SSL
Encrypting HTTPS Traffic with TLS
Downgrade Attacks on Weak Implementations
Blockchain
Crypto Diversity
Identifying Limitations
Resource Versus Security Constraints
Speed and Time
Size and Computational Overhead
Entropy
Predictability
Weak Keys
Longevity
Reuse
Plaintext Attack
Common Use Cases
Exploring PKI Components
Certificate Authority
Certificate Trust Models
Registration Authority and CSRs
Online Versus Offline CAs
Updating and Revoking Certificates
Certificate Revocation List
Validating a Certificate
Public Key Pinning
Key Escrow
Key Management
Comparing Certificate Types
Comparing Certificate Formats
Chapter 10 Exam Topic Review
Chapter 10 Practice Questions
Chapter 10 Practice Question Answers
Chapter 11 Implementing Policies to Mitigate Risks
Exploring Security Policies
Personnel Policies
Acceptable Use Policy
Mandatory Vacations
Separation of Duties
Least Privilege
Job Rotation
Clean Desk Space
Background Check
Onboarding
Offboarding
Non-Disclosure Agreement
Social Media Analysis
Third-Party Risk Management
Terms of Agreement
Measurement Systems Analysis
Incident Response Policies
Incident Response Plan
Communication Plan
Data Breach Responses
Stakeholder Management
Incident Response Process
Understanding SOAR
Playbooks
Runbooks
Understanding Digital Forensics
Key Aspects of Digital Forensics
Admissibility of Documentation and Evidence
On-Premises Versus Cloud Concerns
Acquisition and Preservation
Order of Volatility
Data Acquisition
Forensic Tools
Electronic Discovery
Data Recovery
Strategic Intelligence and Counterintelligence
Protecting Data
Classifying Data Types
PII and Health Information
Impact Assessment
Data Governance
Privacy Enhancing Technologies
Data Masking
Anonymization
Pseudo-Anonymization
Tokenization
Data Retention Policies
Data Sanitization
Training Users
Computer-Based Training
Phishing Campaigns
Phishing Simulations
Gamification
Capture the Flag
Role-Based Awareness Training
Chapter 11 Exam Topic Review
Chapter 11 Practice Questions
Chapter 11 Practice Question Answers
Post-Assessment Questions
Post-Assessment Answers
← Prev
Back
Next →
← Prev
Back
Next →