{"product_id":"comptia-security-study-guide-with-over-500-practice-test-questions-exam-sy0-701","title":"Comptia Security+ Study Guide with Over 500 Practice Test Questions: Exam Sy0-701","description":"\u003ctable align=\"center\" border=\"0\" cellpadding=\"2\" cellspacing=\"0\" width=\"100%\"\u003e\n\u003ctr\u003e\n\u003ctd class=\"productDetailSmallElements\"\u003e\n\u003cp\u003e\n\u003cstrong\u003eBiographical Note\u003c\/strong\u003e:\u003cbr\u003e\n\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eABOUT THE AUTHORS\u003c\/b\u003e \u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eMIKE CHAPPLE, PhD, SECURITY+, CYSA+, CISSP, \u003c\/b\u003e is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame's Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University's Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP (Certified Information Systems Security Professional), CySA+ (CompTIA Cybersecurity Analyst), CIPP\/US (Certified Information Privacy Professional), CompTIA PenTest+, and CompTIA Security+. Mike provides cybersecurity certification resources at his website, CertMike.com. \u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eDAVID SEIDL, CYSA+, CISSP, PENTEST+, \u003c\/b\u003e is Vice President for Information Technology and CIO at Miami University where he leads an award winning, nationally recognized IT organization. David is a bestselling author who has written over 20 books with a focus on cybersecurity certification and cyberwarfare.\u003c\/p\u003e\n\u003cbr\u003e\u003cbr\u003e\n\u003cstrong\u003eTable of Contents\u003c\/strong\u003e:\u003cbr\u003e\n\u003cp\u003eIntroduction xxxi\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 1 Today's Security Professional 1\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eCybersecurity Objectives 2\u003c\/p\u003e\n\u003cp\u003eData Breach Risks 3\u003c\/p\u003e\n\u003cp\u003eThe DAD Triad 4\u003c\/p\u003e\n\u003cp\u003eBreach Impact 5\u003c\/p\u003e\n\u003cp\u003eImplementing Security Controls 7\u003c\/p\u003e\n\u003cp\u003eGap Analysis 7\u003c\/p\u003e\n\u003cp\u003eSecurity Control Categories 8\u003c\/p\u003e\n\u003cp\u003eSecurity Control Types 9\u003c\/p\u003e\n\u003cp\u003eData Protection 10\u003c\/p\u003e\n\u003cp\u003eData Encryption 11\u003c\/p\u003e\n\u003cp\u003eData Loss Prevention 11\u003c\/p\u003e\n\u003cp\u003eData Minimization 12\u003c\/p\u003e\n\u003cp\u003eAccess Restrictions 13\u003c\/p\u003e\n\u003cp\u003eSegmentation and Isolation 13\u003c\/p\u003e\n\u003cp\u003eSummary 13\u003c\/p\u003e\n\u003cp\u003eExam Essentials 14\u003c\/p\u003e\n\u003cp\u003eReview Questions 16\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 2 Cybersecurity Threat Landscape 21\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eExploring Cybersecurity Threats 23\u003c\/p\u003e\n\u003cp\u003eClassifying Cybersecurity Threats 23\u003c\/p\u003e\n\u003cp\u003eThreat Actors 25\u003c\/p\u003e\n\u003cp\u003eAttacker Motivations 31\u003c\/p\u003e\n\u003cp\u003eThreat Vectors and Attack Surfaces 32\u003c\/p\u003e\n\u003cp\u003eThreat Data and Intelligence 35\u003c\/p\u003e\n\u003cp\u003eOpen Source Intelligence 35\u003c\/p\u003e\n\u003cp\u003eProprietary and Closed- Source Intelligence 38\u003c\/p\u003e\n\u003cp\u003eAssessing Threat Intelligence 39\u003c\/p\u003e\n\u003cp\u003eThreat Indicator Management and Exchange 40\u003c\/p\u003e\n\u003cp\u003eInformation Sharing Organizations 41\u003c\/p\u003e\n\u003cp\u003eConducting Your Own Research 42\u003c\/p\u003e\n\u003cp\u003eSummary 42\u003c\/p\u003e\n\u003cp\u003eExam Essentials 43\u003c\/p\u003e\n\u003cp\u003eReview Questions 45\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 3 Malicious Code 49\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eMalware 50\u003c\/p\u003e\n\u003cp\u003eRansomware 51\u003c\/p\u003e\n\u003cp\u003eTrojans 52\u003c\/p\u003e\n\u003cp\u003eWorms 54\u003c\/p\u003e\n\u003cp\u003eSpyware 55\u003c\/p\u003e\n\u003cp\u003eBloatware 56\u003c\/p\u003e\n\u003cp\u003eViruses 57\u003c\/p\u003e\n\u003cp\u003eKeyloggers 59\u003c\/p\u003e\n\u003cp\u003eLogic Bombs 60\u003c\/p\u003e\n\u003cp\u003eRootkits 60\u003c\/p\u003e\n\u003cp\u003eSummary 62\u003c\/p\u003e\n\u003cp\u003eExam Essentials 62\u003c\/p\u003e\n\u003cp\u003eReview Questions 64\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 4 Social Engineering and Password Attacks 69\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eSocial Engineering and Human Vectors 70\u003c\/p\u003e\n\u003cp\u003eSocial Engineering Techniques 71\u003c\/p\u003e\n\u003cp\u003ePassword Attacks 76\u003c\/p\u003e\n\u003cp\u003eSummary 78\u003c\/p\u003e\n\u003cp\u003eExam Essentials 78\u003c\/p\u003e\n\u003cp\u003eReview Questions 80\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 5 Security Assessment and Testing 85\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eVulnerability Management 87\u003c\/p\u003e\n\u003cp\u003eIdentifying Scan Targets 87\u003c\/p\u003e\n\u003cp\u003eDetermining Scan Frequency 89\u003c\/p\u003e\n\u003cp\u003eConfiguring Vulnerability Scans 91\u003c\/p\u003e\n\u003cp\u003eScanner Maintenance 95\u003c\/p\u003e\n\u003cp\u003eVulnerability Scanning Tools 98\u003c\/p\u003e\n\u003cp\u003eReviewing and Interpreting Scan Reports 101\u003c\/p\u003e\n\u003cp\u003eConfirmation of Scan Results 111\u003c\/p\u003e\n\u003cp\u003eVulnerability Classification 112\u003c\/p\u003e\n\u003cp\u003ePatch Management 112\u003c\/p\u003e\n\u003cp\u003eLegacy Platforms 113\u003c\/p\u003e\n\u003cp\u003eWeak Configurations 115\u003c\/p\u003e\n\u003cp\u003eError Messages 115\u003c\/p\u003e\n\u003cp\u003eInsecure Protocols 116\u003c\/p\u003e\n\u003cp\u003eWeak Encryption 117\u003c\/p\u003e\n\u003cp\u003ePenetration Testing 118\u003c\/p\u003e\n\u003cp\u003eAdopting the Hacker Mindset 119\u003c\/p\u003e\n\u003cp\u003eReasons for Penetration Testing 120\u003c\/p\u003e\n\u003cp\u003eBenefits of Penetration Testing 120\u003c\/p\u003e\n\u003cp\u003ePenetration Test Types 121\u003c\/p\u003e\n\u003cp\u003eRules of Engagement 123\u003c\/p\u003e\n\u003cp\u003eReconnaissance 125\u003c\/p\u003e\n\u003cp\u003eRunning the Test 125\u003c\/p\u003e\n\u003cp\u003eCleaning Up 126\u003c\/p\u003e\n\u003cp\u003eAudits and Assessments 126\u003c\/p\u003e\n\u003cp\u003eSecurity Tests 127\u003c\/p\u003e\n\u003cp\u003eSecurity Assessments 128\u003c\/p\u003e\n\u003cp\u003eSecurity Audits 129\u003c\/p\u003e\n\u003cp\u003eVulnerability Life Cycle 131\u003c\/p\u003e\n\u003cp\u003eVulnerability Identification 131\u003c\/p\u003e\n\u003cp\u003eVulnerability Analysis 132\u003c\/p\u003e\n\u003cp\u003eVulnerability Response and Remediation 132\u003c\/p\u003e\n\u003cp\u003eValidation of Remediation 132\u003c\/p\u003e\n\u003cp\u003eReporting 133\u003c\/p\u003e\n\u003cp\u003eSummary 133\u003c\/p\u003e\n\u003cp\u003eExam Essentials 134\u003c\/p\u003e\n\u003cp\u003eReview Questions 136\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 6 Application Security 141\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eSoftware Assurance Best Practices 143\u003c\/p\u003e\n\u003cp\u003eThe Software Development Life Cycle 143\u003c\/p\u003e\n\u003cp\u003eSoftware Development Phases 144\u003c\/p\u003e\n\u003cp\u003eDevSecOps and DevOps 146\u003c\/p\u003e\n\u003cp\u003eDesigning and Coding for Security 147\u003c\/p\u003e\n\u003cp\u003eSecure Coding Practices 148\u003c\/p\u003e\n\u003cp\u003eAPI Security 149\u003c\/p\u003e\n\u003cp\u003eSoftware Security Testing 149\u003c\/p\u003e\n\u003cp\u003eAnalyzing and Testing Code 150\u003c\/p\u003e\n\u003cp\u003eInjection Vulnerabilities 151\u003c\/p\u003e\n\u003cp\u003eSQL Injection Attacks 151\u003c\/p\u003e\n\u003cp\u003eCode Injection Attacks 155\u003c\/p\u003e\n\u003cp\u003eCommand Injection Attacks 155\u003c\/p\u003e\n\u003cp\u003eExploiting Authentication Vulnerabilities 156\u003c\/p\u003e\n\u003cp\u003ePassword Authentication 156\u003c\/p\u003e\n\u003cp\u003eSession Attacks 157\u003c\/p\u003e\n\u003cp\u003eExploiting Authorization Vulnerabilities 160\u003c\/p\u003e\n\u003cp\u003eInsecure Direct Object References 161\u003c\/p\u003e\n\u003cp\u003eDirectory Traversal 161\u003c\/p\u003e\n\u003cp\u003eFile Inclusion 163\u003c\/p\u003e\n\u003cp\u003ePrivilege Escalation 163\u003c\/p\u003e\n\u003cp\u003eExploiting Web Application Vulnerabilities 164\u003c\/p\u003e\n\u003cp\u003eCross- Site Scripting (XSS) 164\u003c\/p\u003e\n\u003cp\u003eRequest Forgery 167\u003c\/p\u003e\n\u003cp\u003eApplication Security Controls 168\u003c\/p\u003e\n\u003cp\u003eInput Validation 168\u003c\/p\u003e\n\u003cp\u003eWeb Application Firewalls 170\u003c\/p\u003e\n\u003cp\u003eParameterized Queries 170\u003c\/p\u003e\n\u003cp\u003eSandboxing 171\u003c\/p\u003e\n\u003cp\u003eCode Security 171\u003c\/p\u003e\n\u003cp\u003eSecure Coding Practices 173\u003c\/p\u003e\n\u003cp\u003eSource Code Comments 174\u003c\/p\u003e\n\u003cp\u003eError Handling 174\u003c\/p\u003e\n\u003cp\u003eHard- Coded Credentials 175\u003c\/p\u003e\n\u003cp\u003ePackage Monitoring 175\u003c\/p\u003e\n\u003cp\u003eMemory Management 176\u003c\/p\u003e\n\u003cp\u003eRace Conditions 177\u003c\/p\u003e\n\u003cp\u003eUnprotected APIs 178\u003c\/p\u003e\n\u003cp\u003eAutomation and Orchestration 178\u003c\/p\u003e\n\u003cp\u003eUse Cases of Automation and Scripting 179\u003c\/p\u003e\n\u003cp\u003eBenefits of Automation and Scripting 179\u003c\/p\u003e\n\u003cp\u003eOther Considerations 180\u003c\/p\u003e\n\u003cp\u003eSummary 181\u003c\/p\u003e\n\u003cp\u003eExam Essentials 181\u003c\/p\u003e\n\u003cp\u003eReview Questions 183\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 7 Cryptography and the PKI 189\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eAn Overview of Cryptography 190\u003c\/p\u003e\n\u003cp\u003eHistorical Cryptography 191\u003c\/p\u003e\n\u003cp\u003eGoals of Cryptography 196\u003c\/p\u003e\n\u003cp\u003eConfidentiality 197\u003c\/p\u003e\n\u003cp\u003eIntegrity 199\u003c\/p\u003e\n\u003cp\u003eAuthentication 200\u003c\/p\u003e\n\u003cp\u003eNon-repudiation 200\u003c\/p\u003e\n\u003cp\u003eCryptographic Concepts 200\u003c\/p\u003e\n\u003cp\u003eCryptographic Keys 201\u003c\/p\u003e\n\u003cp\u003eCiphers 202\u003c\/p\u003e\n\u003cp\u003eModern Cryptography 202\u003c\/p\u003e\n\u003cp\u003eCryptographic Secrecy 202\u003c\/p\u003e\n\u003cp\u003eSymmetric Key Algorithms 204\u003c\/p\u003e\n\u003cp\u003eAsymmetric Key Algorithms 205\u003c\/p\u003e\n\u003cp\u003eHashing Algorithms 208\u003c\/p\u003e\n\u003cp\u003eSymmetric Cryptography 208\u003c\/p\u003e\n\u003cp\u003eData Encryption Standard 208\u003c\/p\u003e\n\u003cp\u003eAdvanced Encryption Standard 209\u003c\/p\u003e\n\u003cp\u003eSymmetric Key Management 209\u003c\/p\u003e\n\u003cp\u003eAsymmetric Cryptography 211\u003c\/p\u003e\n\u003cp\u003eRSA 212\u003c\/p\u003e\n\u003cp\u003eElliptic Curve 213\u003c\/p\u003e\n\u003cp\u003eHash Functions 214\u003c\/p\u003e\n\u003cp\u003eSha 215\u003c\/p\u003e\n\u003cp\u003emd 5 216\u003c\/p\u003e\n\u003cp\u003eDigital Signatures 216\u003c\/p\u003e\n\u003cp\u003eHMAC 217\u003c\/p\u003e\n\u003cp\u003ePublic Key Infrastructure 218\u003c\/p\u003e\n\u003cp\u003eCertificates 218\u003c\/p\u003e\n\u003cp\u003eCertificate Authorities 219\u003c\/p\u003e\n\u003cp\u003eCertificate Generation and Destruction 220\u003c\/p\u003e\n\u003cp\u003eCertificate Formats 223\u003c\/p\u003e\n\u003cp\u003eAsymmetric Key Management 224\u003c\/p\u003e\n\u003cp\u003eCryptographic Attacks 225\u003c\/p\u003e\n\u003cp\u003eBrute Force 225\u003c\/p\u003e\n\u003cp\u003eFrequency Analysis 225\u003c\/p\u003e\n\u003cp\u003eKnown Plain Text 226\u003c\/p\u003e\n\u003cp\u003eChosen Plain Text 226\u003c\/p\u003e\n\u003cp\u003eRelated Key Attack 226\u003c\/p\u003e\n\u003cp\u003eBirthday Attack 226\u003c\/p\u003e\n\u003cp\u003eDowngrade Attack 227\u003c\/p\u003e\n\u003cp\u003eHashing, Salting, and Key Stretching 227\u003c\/p\u003e\n\u003cp\u003eExploiting Weak Keys 228\u003c\/p\u003e\n\u003cp\u003eExploiting Human Error 228\u003c\/p\u003e\n\u003cp\u003eEmerging Issues in Cryptography 229\u003c\/p\u003e\n\u003cp\u003eTor and the Dark Web 229\u003c\/p\u003e\n\u003cp\u003eBlockchain 229\u003c\/p\u003e\n\u003cp\u003eLightweight Cryptography 230\u003c\/p\u003e\n\u003cp\u003eHomomorphic Encryption 230\u003c\/p\u003e\n\u003cp\u003eQuantum Computing 230\u003c\/p\u003e\n\u003cp\u003eSummary 231\u003c\/p\u003e\n\u003cp\u003eExam Essentials 231\u003c\/p\u003e\n\u003cp\u003eReview Questions 233\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 8 Identity and Access Management 237\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eIdentity 239\u003c\/p\u003e\n\u003cp\u003eAuthentication and Authorization 240\u003c\/p\u003e\n\u003cp\u003eAuthentication and Authorization Technologies 241\u003c\/p\u003e\n\u003cp\u003eAuthentication Methods 246\u003c\/p\u003e\n\u003cp\u003ePasswords 247\u003c\/p\u003e\n\u003cp\u003eMultifactor Authentication 251\u003c\/p\u003e\n\u003cp\u003eOne- Time Passwords 252\u003c\/p\u003e\n\u003cp\u003eBiometrics 254\u003c\/p\u003e\n\u003cp\u003eAccounts 256\u003c\/p\u003e\n\u003cp\u003eAccount Types 256\u003c\/p\u003e\n\u003cp\u003eProvisioning and Deprovisioning Accounts 257\u003c\/p\u003e\n\u003cp\u003eAccess Control Schemes 259\u003c\/p\u003e\n\u003cp\u003eFilesystem Permissions 260\u003c\/p\u003e\n\u003cp\u003eSummary 262\u003c\/p\u003e\n\u003cp\u003eExam Essentials 262\u003c\/p\u003e\n\u003cp\u003eReview Questions 264\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 9 Resilience and Physical Security 269\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eResilience and Recovery in Security Architectures 271\u003c\/p\u003e\n\u003cp\u003eArchitectural Considerations and Security 273\u003c\/p\u003e\n\u003cp\u003eStorage Resiliency 274\u003c\/p\u003e\n\u003cp\u003eResponse and Recovery Controls 280\u003c\/p\u003e\n\u003cp\u003eCapacity Planning for Resilience and Recovery 283\u003c\/p\u003e\n\u003cp\u003eTesting Resilience and Recovery Controls and Designs 284\u003c\/p\u003e\n\u003cp\u003ePhysical Security Controls 285\u003c\/p\u003e\n\u003cp\u003eSite Security 285\u003c\/p\u003e\n\u003cp\u003eDetecting Physical Attacks 291\u003c\/p\u003e\n\u003cp\u003eSummary 291\u003c\/p\u003e\n\u003cp\u003eExam Essentials 292\u003c\/p\u003e\n\u003cp\u003eReview Questions 294\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 10 Cloud and Virtualization Security 299\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eExploring the Cloud 300\u003c\/p\u003e\n\u003cp\u003eBenefits of the Cloud 301\u003c\/p\u003e\n\u003cp\u003eCloud Roles 303\u003c\/p\u003e\n\u003cp\u003eCloud Service Models 303\u003c\/p\u003e\n\u003cp\u003eCloud Deployment Models 307\u003c\/p\u003e\n\u003cp\u003ePrivate Cloud 307\u003c\/p\u003e\n\u003cp\u003eShared Responsibility Model 309\u003c\/p\u003e\n\u003cp\u003eCloud Standards and Guidelines 312\u003c\/p\u003e\n\u003cp\u003eVirtualization 314\u003c\/p\u003e\n\u003cp\u003eHypervisors 314\u003c\/p\u003e\n\u003cp\u003eCloud Infrastructure Components 316\u003c\/p\u003e\n\u003cp\u003eCloud Compute Resources 316\u003c\/p\u003e\n\u003cp\u003eCloud Storage Resources 319\u003c\/p\u003e\n\u003cp\u003eCloud Networking 322\u003c\/p\u003e\n\u003cp\u003eCloud Security Issues 325\u003c\/p\u003e\n\u003cp\u003eAvailability 325\u003c\/p\u003e\n\u003cp\u003eData Sovereignty 326\u003c\/p\u003e\n\u003cp\u003eVirtualization Security 327\u003c\/p\u003e\n\u003cp\u003eApplication Security 327\u003c\/p\u003e\n\u003cp\u003eGovernance and Auditing of Third- Party Vendors 328\u003c\/p\u003e\n\u003cp\u003eHardening Cloud Infrastructure 328\u003c\/p\u003e\n\u003cp\u003eCloud Access Security Brokers 328\u003c\/p\u003e\n\u003cp\u003eResource Policies 329\u003c\/p\u003e\n\u003cp\u003eSecrets Management 330\u003c\/p\u003e\n\u003cp\u003eSummary 331\u003c\/p\u003e\n\u003cp\u003eExam Essentials 331\u003c\/p\u003e\n\u003cp\u003eReview Questions 333\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 11 Endpoint Security 337\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eOperating System Vulnerabilities 339\u003c\/p\u003e\n\u003cp\u003eHardware Vulnerabilities 340\u003c\/p\u003e\n\u003cp\u003eProtecting Endpoints 341\u003c\/p\u003e\n\u003cp\u003ePreserving Boot Integrity 342\u003c\/p\u003e\n\u003cp\u003eEndpoint Security Tools 344\u003c\/p\u003e\n\u003cp\u003eHardening Techniques 350\u003c\/p\u003e\n\u003cp\u003eHardening 350\u003c\/p\u003e\n\u003cp\u003eService Hardening 350\u003c\/p\u003e\n\u003cp\u003eNetwork Hardening 352\u003c\/p\u003e\n\u003cp\u003eDefault Passwords 352\u003c\/p\u003e\n\u003cp\u003eRemoving Unnecessary Software 353\u003c\/p\u003e\n\u003cp\u003eOperating System Hardening 353\u003c\/p\u003e\n\u003cp\u003eConfiguration, Standards, and Schemas 356\u003c\/p\u003e\n\u003cp\u003eEncryption 357\u003c\/p\u003e\n\u003cp\u003eSecuring Embedded and Specialized Systems 358\u003c\/p\u003e\n\u003cp\u003eEmbedded Systems 358\u003c\/p\u003e\n\u003cp\u003eSCADA and ICS 361\u003c\/p\u003e\n\u003cp\u003eSecuring the Internet of Things 362\u003c\/p\u003e\n\u003cp\u003eCommunication Considerations 363\u003c\/p\u003e\n\u003cp\u003eSecurity Constraints of Embedded Systems 364\u003c\/p\u003e\n\u003cp\u003eAsset Management 365\u003c\/p\u003e\n\u003cp\u003eSummary 368\u003c\/p\u003e\n\u003cp\u003eExam Essentials 369\u003c\/p\u003e\n\u003cp\u003eReview Questions 371\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 12 Network Security 375\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eDesigning Secure Networks 377\u003c\/p\u003e\n\u003cp\u003eInfrastructure Considerations 380\u003c\/p\u003e\n\u003cp\u003eNetwork Design Concepts 380\u003c\/p\u003e\n\u003cp\u003eNetwork Segmentation 383\u003c\/p\u003e\n\u003cp\u003eZero Trust 385\u003c\/p\u003e\n\u003cp\u003eNetwork Access Control 387\u003c\/p\u003e\n\u003cp\u003ePort Security and Port- Level Protections 388\u003c\/p\u003e\n\u003cp\u003eVirtual Private Networks and Remote Access 390\u003c\/p\u003e\n\u003cp\u003eNetwork Appliances and Security Tools 392\u003c\/p\u003e\n\u003cp\u003eDeception and Disruption Technology 399\u003c\/p\u003e\n\u003cp\u003eNetwork Security, Services, and Management 400\u003c\/p\u003e\n\u003cp\u003eSecure Protocols 406\u003c\/p\u003e\n\u003cp\u003eUsing Secure Protocols 406\u003c\/p\u003e\n\u003cp\u003eSecure Protocols 407\u003c\/p\u003e\n\u003cp\u003eNetwork Attacks 410\u003c\/p\u003e\n\u003cp\u003eOn- Path Attacks 411\u003c\/p\u003e\n\u003cp\u003eDomain Name System Attacks 412\u003c\/p\u003e\n\u003cp\u003eCredential Replay Attacks 414\u003c\/p\u003e\n\u003cp\u003eMalicious Code 415\u003c\/p\u003e\n\u003cp\u003eDistributed Denial- of- Service Attacks 415\u003c\/p\u003e\n\u003cp\u003eSummary 418\u003c\/p\u003e\n\u003cp\u003eExam Essentials 419\u003c\/p\u003e\n\u003cp\u003eReview Questions 421\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 13 Wireless and Mobile Security 425\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eBuilding Secure Wireless Networks 426\u003c\/p\u003e\n\u003cp\u003eConnection Methods 427\u003c\/p\u003e\n\u003cp\u003eWireless Network Models 431\u003c\/p\u003e\n\u003cp\u003eAttacks Against Wireless Networks and Devices 432\u003c\/p\u003e\n\u003cp\u003eDesigning a Network 435\u003c\/p\u003e\n\u003cp\u003eController and Access Point Security 438\u003c\/p\u003e\n\u003cp\u003eWi- Fi Security Standards 438\u003c\/p\u003e\n\u003cp\u003eWireless Authentication 440\u003c\/p\u003e\n\u003cp\u003eManaging Secure Mobile Devices 442\u003c\/p\u003e\n\u003cp\u003eMobile Device Deployment Methods 442\u003c\/p\u003e\n\u003cp\u003eHardening Mobile Devices 444\u003c\/p\u003e\n\u003cp\u003eMobile Device Management 444\u003c\/p\u003e\n\u003cp\u003eSummary 448\u003c\/p\u003e\n\u003cp\u003eExam Essentials 449\u003c\/p\u003e\n\u003cp\u003eReview Questions 450\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 14 Monitoring and Incident Response 455\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eIncident Response 457\u003c\/p\u003e\n\u003cp\u003eThe Incident Response Process 458\u003c\/p\u003e\n\u003cp\u003eTraining 462\u003c\/p\u003e\n\u003cp\u003eThreat Hunting 463\u003c\/p\u003e\n\u003cp\u003eUnderstanding Attacks and Incidents 464\u003c\/p\u003e\n\u003cp\u003eIncident Response Data and Tools 466\u003c\/p\u003e\n\u003cp\u003eMonitoring Computing Resources 466\u003c\/p\u003e\n\u003cp\u003eSecurity Information and Event Management Systems 466\u003c\/p\u003e\n\u003cp\u003eAlerts and Alarms 469\u003c\/p\u003e\n\u003cp\u003eLog Aggregation, Correlation, and Analysis 470\u003c\/p\u003e\n\u003cp\u003eRules 471\u003c\/p\u003e\n\u003cp\u003eBenchmarks and Logging 478\u003c\/p\u003e\n\u003cp\u003eReporting and Archiving 478\u003c\/p\u003e\n\u003cp\u003eMitigation and Recovery 479\u003c\/p\u003e\n\u003cp\u003eSecure Orchestration, Automation, and Response (SOAR) 479\u003c\/p\u003e\n\u003cp\u003eContainment, Mitigation, and Recovery Techniques 479\u003c\/p\u003e\n\u003cp\u003eRoot Cause Analysis 482\u003c\/p\u003e\n\u003cp\u003eSummary 483\u003c\/p\u003e\n\u003cp\u003eExam Essentials 484\u003c\/p\u003e\n\u003cp\u003eReview Questions 485\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 15 Digital Forensics 489\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eDigital Forensic Concepts 490\u003c\/p\u003e\n\u003cp\u003eLegal Holds and e- Discovery 491\u003c\/p\u003e\n\u003cp\u003eConducting Digital Forensics 493\u003c\/p\u003e\n\u003cp\u003eAcquiring Forensic Data 493\u003c\/p\u003e\n\u003cp\u003eAcquisition Tools 497\u003c\/p\u003e\n\u003cp\u003eValidating Forensic Data Integrity 500\u003c\/p\u003e\n\u003cp\u003eData Recovery 502\u003c\/p\u003e\n\u003cp\u003eForensic Suites and a Forensic Case Example 503\u003c\/p\u003e\n\u003cp\u003eReporting 507\u003c\/p\u003e\n\u003cp\u003eDigital Forensics and Intelligence 508\u003c\/p\u003e\n\u003cp\u003eSummary 508\u003c\/p\u003e\n\u003cp\u003eExam Essentials 509\u003c\/p\u003e\n\u003cp\u003eReview Questions 511\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 16 Security Governance and Compliance 515\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eSecurity Governance 518\u003c\/p\u003e\n\u003cp\u003eCorporate Governance 518\u003c\/p\u003e\n\u003cp\u003eGovernance, Risk, and Compliance Programs 520\u003c\/p\u003e\n\u003cp\u003eInformation Security Governance 520\u003c\/p\u003e\n\u003cp\u003eTypes of Governance Structures 521\u003c\/p\u003e\n\u003cp\u003eUnderstanding Policy Documents 521\u003c\/p\u003e\n\u003cp\u003ePolicies 522\u003c\/p\u003e\n\u003cp\u003eStandards 524\u003c\/p\u003e\n\u003cp\u003eProcedures 526\u003c\/p\u003e\n\u003cp\u003eGuidelines 528\u003c\/p\u003e\n\u003cp\u003eExceptions and Compensating Controls 529\u003c\/p\u003e\n\u003cp\u003eMonitoring and Revision 530\u003c\/p\u003e\n\u003cp\u003eChange Management 531\u003c\/p\u003e\n\u003cp\u003eChange Management Processes and Controls 532\u003c\/p\u003e\n\u003cp\u003eVersion Control 534\u003c\/p\u003e\n\u003cp\u003eDocumentation 535\u003c\/p\u003e\n\u003cp\u003ePersonnel Management 535\u003c\/p\u003e\n\u003cp\u003eLeast Privilege 535\u003c\/p\u003e\n\u003cp\u003eSeparation of Duties 535\u003c\/p\u003e\n\u003cp\u003eJob Rotation and Mandatory Vacations 536\u003c\/p\u003e\n\u003cp\u003eClean Desk Space 536\u003c\/p\u003e\n\u003cp\u003eOnboarding and Offboarding 536\u003c\/p\u003e\n\u003cp\u003eNondisclosure Agreements 537\u003c\/p\u003e\n\u003cp\u003eSocial Media 537\u003c\/p\u003e\n\u003cp\u003eThird- Party Risk Management 537\u003c\/p\u003e\n\u003cp\u003eVendor Selection 537\u003c\/p\u003e\n\u003cp\u003eVendor Assessment 538\u003c\/p\u003e\n\u003cp\u003eVendor Agreements 538\u003c\/p\u003e\n\u003cp\u003eVendor Monitoring 539\u003c\/p\u003e\n\u003cp\u003eWinding Down Vendor Relationships 540\u003c\/p\u003e\n\u003cp\u003eComplying with Laws and Regulations 540\u003c\/p\u003e\n\u003cp\u003eCommon Compliance Requirements 541\u003c\/p\u003e\n\u003cp\u003eCompliance Reporting 541\u003c\/p\u003e\n\u003cp\u003eConsequences of Noncompliance 542\u003c\/p\u003e\n\u003cp\u003eCompliance Monitoring 543\u003c\/p\u003e\n\u003cp\u003eAdopting Standard Frameworks 543\u003c\/p\u003e\n\u003cp\u003eNIST Cybersecurity Framework 544\u003c\/p\u003e\n\u003cp\u003eNIST Risk Management Framework 546\u003c\/p\u003e\n\u003cp\u003eISO Standards 547\u003c\/p\u003e\n\u003cp\u003eBenchmarks and Secure Configuration Guides 549\u003c\/p\u003e\n\u003cp\u003eSecurity Awareness and Training 550\u003c\/p\u003e\n\u003cp\u003eUser Training 551\u003c\/p\u003e\n\u003cp\u003eOngoing Awareness Efforts 553\u003c\/p\u003e\n\u003cp\u003eSummary 554\u003c\/p\u003e\n\u003cp\u003eExam Essentials 555\u003c\/p\u003e\n\u003cp\u003eReview Questions 557\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eChapter 17 Risk Management and Privacy 561\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eAnalyzing Risk 563\u003c\/p\u003e\n\u003cp\u003eRisk Identification 564\u003c\/p\u003e\n\u003cp\u003eRisk Assessment 565\u003c\/p\u003e\n\u003cp\u003eRisk Analysis 567\u003c\/p\u003e\n\u003cp\u003eManaging Risk 570\u003c\/p\u003e\n\u003cp\u003eRisk Mitigation 571\u003c\/p\u003e\n\u003cp\u003eRisk Avoidance 572\u003c\/p\u003e\n\u003cp\u003eRisk Transference 572\u003c\/p\u003e\n\u003cp\u003eRisk Acceptance 573\u003c\/p\u003e\n\u003cp\u003eRisk Tracking 574\u003c\/p\u003e\n\u003cp\u003eRisk Register 575\u003c\/p\u003e\n\u003cp\u003eRisk Reporting 576\u003c\/p\u003e\n\u003cp\u003eDisaster Recovery Planning 577\u003c\/p\u003e\n\u003cp\u003eDisaster Types 577\u003c\/p\u003e\n\u003cp\u003eBusiness Impact Analysis 578\u003c\/p\u003e\n\u003cp\u003ePrivacy 578\u003c\/p\u003e\n\u003cp\u003eData Inventory 579\u003c\/p\u003e\n\u003cp\u003eInformation Classification 580\u003c\/p\u003e\n\u003cp\u003eData Roles and Responsibilities 581\u003c\/p\u003e\n\u003cp\u003eInformation Life Cycle 583\u003c\/p\u003e\n\u003cp\u003ePrivacy Enhancing Technologies 584\u003c\/p\u003e\n\u003cp\u003ePrivacy and Data Breach Notification 585\u003c\/p\u003e\n\u003cp\u003eSummary 585\u003c\/p\u003e\n\u003cp\u003eExam Essentials 585\u003c\/p\u003e\n\u003cp\u003eReview Questions 587\u003c\/p\u003e\n\u003cp\u003eAppendix Answers to Review Questions 591\u003c\/p\u003e\n\u003cp\u003eChapter 1: Today's Security Professional 592\u003c\/p\u003e\n\u003cp\u003eChapter 2: Cybersecurity Threat Landscape 593\u003c\/p\u003e\n\u003cp\u003eChapter 3: Malicious Code 595\u003c\/p\u003e\n\u003cp\u003eChapter 4: Social Engineering and Password Attacks 597\u003c\/p\u003e\n\u003cp\u003eChapter 5: Security Assessment and Testing 600\u003c\/p\u003e\n\u003cp\u003eChapter 6: Application Security 602\u003c\/p\u003e\n\u003cp\u003eChapter 7: Cryptography and the PKI 604\u003c\/p\u003e\n\u003cp\u003eChapter 8: Identity and Access Management 605\u003c\/p\u003e\n\u003cp\u003eChapter 9: Resilience and Physical Security 607\u003c\/p\u003e\n\u003cp\u003eChapter 10: Cloud and Virtualization Security 609\u003c\/p\u003e\n\u003cp\u003eChapter 11: Endpoint Security 611\u003c\/p\u003e\n\u003cp\u003eChapter 12: Network Security 614\u003c\/p\u003e\n\u003cp\u003eChapter 13: Wireless and Mobile Security 616\u003c\/p\u003e\n\u003cp\u003eChapter 14: Monitoring and Incident Response 619\u003c\/p\u003e\n\u003cp\u003eChapter 15: Digital Forensics 621\u003c\/p\u003e\n\u003cp\u003eChapter 16: Security Governance and Compliance 623\u003c\/p\u003e\n\u003cp\u003eChapter 17: Risk Management and Privacy 626\u003c\/p\u003e\n\u003cp\u003eIndex 629\u003c\/p\u003e\n\u003cbr\u003e\u003cbr\u003e\n\u003cstrong\u003eJacket Description\/Back\u003c\/strong\u003e:\u003cbr\u003e\n\u003cp\u003e\u003cb\u003eYour Complete Guide to Passing CompTIA Security+ Exam SY0-701\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eThe CompTIA Security+ exam has long been considered the first career step for security professionals. With the most recent upgrade of the exam, the venerable \u003ci\u003eCompTIA(R) Security+(R) Study Guide: Exam SY0-701, Ninth Edition, \u003c\/i\u003e has been fully updated to assure that you have the knowledge and skills to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments, including cloud, mobile, and Internet of Things (IoT); operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance; and identify, analyze, and respond to security events and incidents. Fully covering all exam objectives, this book also gives you access to the exclusive Sybex online learning environment with hundreds of practice questions, electronic flashcards, and more.\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eCoverage of 100% of all exam objectives in this Study Guide means you'll be ready for: \u003c\/b\u003e\u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003eGeneral Security Concepts\u003c\/li\u003e\n\u003cli\u003eThreats, Vulnerabilities, and Mitigations\u003c\/li\u003e\n\u003cli\u003eSecurity Architecture\u003c\/li\u003e\n\u003cli\u003eSecurity Operations\u003c\/li\u003e\n\u003cli\u003eSecurity Program Management and Oversight\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003e\u003cb\u003eABOUT THE COMPTIA SECURITY+ CERTIFICATION\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eCompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. The exam certifies the successful candidate has the knowledge and skills required to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments, including cloud, mobile, and Internet of Things (IoT); operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance; and identify, analyze, and respond to security events and incidents. Go to comptia.org for more information.\u003c\/p\u003e\n\u003cp\u003e\u003cb\u003eInteractive learning environment\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eTake your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, simply visit \u003cb\u003ehttps\/\/www.wiley.com\/go\/sybextestprep\u003c\/b\u003e, register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to: \u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cb\u003eInteractive test bank\u003c\/b\u003e with over 500 practice test questions to help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam.\u003c\/li\u003e\n\u003cli\u003e\n\u003cb\u003e100 electronic flashcards\u003c\/b\u003e to reinforce learning and last-minute prep before the exam\u003c\/li\u003e\n\u003cli\u003e\n\u003cb\u003eComprehensive glossary\u003c\/b\u003e in PDF format gives you instant access to the key terms so you are fully prepared\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cbr\u003e\u003cbr\u003e\n\u003cstrong\u003ePublisher Marketing\u003c\/strong\u003e:\u003cbr\u003e\n\u003cp\u003e\u003cb\u003eMaster key exam objectives and crucial cybersecurity concepts for the CompTIA Security+ SY0-701 exam, along with an online test bank with hundreds of practice questions and flashcards\u003c\/b\u003e\u003c\/p\u003e\n\u003cp\u003eIn the newly revised ninth edition of \u003ci\u003eCompTIA Security+ Study Guide: Exam SY0-701\u003c\/i\u003e, veteran cybersecurity professionals and educators Mike Chapple and David Seidl deliver easy-to-follow coverage of the security fundamentals tested by the challenging CompTIA SY0-701 exam. You'll explore general security concepts, threats, vulnerabilities, mitigations, security architecture and operations, as well as security program management and oversight.\u003c\/p\u003e\n\u003cp\u003eYou'll get access to the information you need to start a new career--or advance an existing one--in cybersecurity, with efficient and accurate content. You'll also find: \u003c\/p\u003e\n\u003cul\u003e\n\u003cli\u003ePractice exams that get you ready to succeed on your first try at the real thing and help you conquer test anxiety\u003c\/li\u003e\n\u003cli\u003eHundreds of review questions that gauge your readiness for the certification exam and help you retain and remember key concepts\u003c\/li\u003e\n\u003cli\u003eComplimentary access to the online Sybex learning environment, complete with hundreds of additional practice questions and flashcards, and a glossary of key terms, all supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions\u003c\/li\u003e\n\u003c\/ul\u003e\n\u003cp\u003ePerfect for everyone planning to take the CompTIA SY0-701 exam, as well as those aiming to secure a higher-level certification like the CASP+, CISSP, or CISA, this study guide will also earn a place on the bookshelves of anyone who's ever wondered if IT security is right for them. It's a must-read reference!\u003c\/p\u003e\n\u003cbr\u003e\u003cbr\u003e\n\n\u003cbr\u003e\n\u003cbr\u003e\n\u003c\/td\u003e\n\u003c\/tr\u003e\n\u003c\/table\u003e\u003cp\u003e\u003cb\u003eAuthor:\u003c\/b\u003e Chapple, Mike\u003cbr\u003e\u003cb\u003ePublisher:\u003c\/b\u003e Sybex\u003cbr\u003e\u003cb\u003eBinding:\u003c\/b\u003e Paperback\u003cbr\u003e\u003cb\u003ePub Date:\u003c\/b\u003e 2023-11-21\u003cbr\u003e\u003cb\u003eBISAC:\u003c\/b\u003e Computers|Certification Guides|CompTIA (incl. A+)|Computers|Security|Network Security\u003cbr\u003e\u003cb\u003eSubjects:\u003c\/b\u003e Examinations|Electronic data processing personnel|Certification|Computer security|Raeseaux d'ordinateurs|Computer networks|Security measures|Saecuritae|Mesures|Examens|Saecuritae informatique|COMPUTERS \/ Certification Guides \/ CompTIA (i|COMPUTERS \/ Security \/ Network Security|Examination study guides|Study guides|Guides de l'aetudiant\u003cbr\u003e\u003cb\u003eWeight:\u003c\/b\u003e 2.55 lbs\u003cbr\u003e\u003cb\u003eISBN:\u003c\/b\u003e 9781394211418\u003cbr\u003e\u003cb\u003eASIN:\u003c\/b\u003e -\u003cbr\u003e\u003cb\u003eSKU:\u003c\/b\u003e SP-9781394211418\u003c\/p\u003e","brand":"Sybex","offers":[{"title":"Default Title","offer_id":51154036785430,"sku":"SP-9781394211418","price":68.75,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0857\/9910\/8886\/files\/9781394211418_spiral.png?v=1774931053","url":"https:\/\/lusper.myshopify.com\/products\/comptia-security-study-guide-with-over-500-practice-test-questions-exam-sy0-701","provider":"Lusperbooks","version":"1.0","type":"link"}