Mehr lesen
Master key exam objectives and crucial cybersecurity concepts for the CompTIA Security+ SY0-701 exam, along with an online test bank with hundreds of practice questions and flashcardsIn the newly revised ninth edition of CompTIA Security+ Study Guide: Exam SY0-701, veteran cybersecurity professionals and educators Mike Chapple and David Seidl deliver easy-to-follow coverage of the security fundamentals tested by the challenging CompTIA SY0-701 exam. You'll explore general security concepts, threats, vulnerabilities, mitigations, security architecture and operations, as well as security program management and oversight.You'll get access to the information you need to start a new career-or advance an existing one-in cybersecurity, with efficient and accurate content. You'll also find: Practice exams that get you ready to succeed on your first try at the real thing and help you conquer test anxiety Hundreds of review questions that gauge your readiness for the certification exam and help you retain and remember key concepts Complimentary access to the online Sybex learning environment, complete with hundreds of additional practice questions and flashcards, and a glossary of key terms, all supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions Perfect for everyone planning to take the CompTIA SY0-701 exam, as well as those aiming to secure a higher-level certification like the CASP+, CISSP, or CISA, this study guide will also earn a place on the bookshelves of anyone who's ever wondered if IT security is right for them. It's a must-read reference!And save 10% when you purchase your CompTIA exam voucher with our exclusive WILEY10 coupon code.
Inhaltsverzeichnis
Introduction xxxi
Chapter 1 Today's Security Professional 1
Cybersecurity Objectives 2
Data Breach Risks 3
The DAD Triad 4
Breach Impact 5
Implementing Security Controls 7
Gap Analysis 7
Security Control Categories 8
Security Control Types 9
Data Protection 10
Data Encryption 11
Data Loss Prevention 11
Data Minimization 12
Access Restrictions 13
Segmentation and Isolation 13
Summary 13
Exam Essentials 14
Review Questions 16
Chapter 2 Cybersecurity Threat Landscape 21
Exploring Cybersecurity Threats 23
Classifying Cybersecurity Threats 23
Threat Actors 25
Attacker Motivations 31
Threat Vectors and Attack Surfaces 32
Threat Data and Intelligence 35
Open Source Intelligence 35
Proprietary and Closed- Source Intelligence 38
Assessing Threat Intelligence 39
Threat Indicator Management and Exchange 40
Information Sharing Organizations 41
Conducting Your Own Research 42
Summary 42
Exam Essentials 43
Review Questions 45
Chapter 3 Malicious Code 49
Malware 50
Ransomware 51
Trojans 52
Worms 54
Spyware 55
Bloatware 56
Viruses 57
Keyloggers 59
Logic Bombs 60
Rootkits 60
Summary 62
Exam Essentials 62
Review Questions 64
Chapter 4 Social Engineering and Password Attacks 69
Social Engineering and Human Vectors 70
Social Engineering Techniques 71
Password Attacks 76
Summary 78
Exam Essentials 78
Review Questions 80
Chapter 5 Security Assessment and Testing 85
Vulnerability Management 87
Identifying Scan Targets 87
Determining Scan Frequency 89
Configuring Vulnerability Scans 91
Scanner Maintenance 95
Vulnerability Scanning Tools 98
Reviewing and Interpreting Scan Reports 101
Confirmation of Scan Results 111
Vulnerability Classification 112
Patch Management 112
Legacy Platforms 113
Weak Configurations 115
Error Messages 115
Insecure Protocols 116
Weak Encryption 117
Penetration Testing 118
Adopting the Hacker Mindset 119
Reasons for Penetration Testing 120
Benefits of Penetration Testing 120
Penetration Test Types 121
Rules of Engagement 123
Reconnaissance 125
Running the Test 125
Cleaning Up 126
Audits and Assessments 126
Security Tests 127
Security Assessments 128
Security Audits 129
Vulnerability Life Cycle 131
Vulnerability Identification 131
Vulnerability Analysis 132
Vulnerability Response and Remediation 132
Validation of Remediation 132
Reporting 133
Summary 133
Exam Essentials 134
Review Questions 136
Chapter 6 Application Security 141
Software Assurance Best Practices 143
The Software Development Life Cycle 143
Software Development Phases 144
DevSecOps and DevOps 146
Designing and Coding for Security 147
Secure Coding Practices 148
API Security 149
Software Security Testing 149
Analyzing and Testing Code 150
