Home > Store

CompTIA Security+ SY0-501 Exam Cram Premium Edition and Practice Tests, 5th Edition

CompTIA Security+ SY0-501 Exam Cram Premium Edition and Practice Tests, 5th Edition

Premium Edition eBook

  • Your Price: $35.99
  • List Price: $44.99
  • Estimated Release: Jan 8, 2018
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Tests. Click on the "Premium Edition" tab (on the left side of this page) to learn more about this product.

    Your purchase will deliver:

    • Link to download the enhanced Pearson IT Certification Practice Test exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    The eBooks require no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    Watermarked eBook FAQ

    eBook Download Instructions

Also available in other formats.

Register your product to gain access to bonus material or receive a coupon.

Description

  • Copyright 2018
  • Dimensions: 6" x 9"
  • Pages: 600
  • Edition: 5th
  • Premium Edition eBook
  • ISBN-10: 0-13-478370-0
  • ISBN-13: 978-0-13-478370-3

CompTIA's Security+ is the #1 international vendor-neutral baseline security certification. In 2017, CompTIA is releasing a thoroughly revised certification exam. CompTIA Security+ Exam Cram, Fifth Edition has been thoroughly updated to prepare candidates for the new exam, using the proven Exam Cram method of study.

As with all Exam Cram books, it includes:

  • Chapters that map directly to the exam objectives
  • Comprehensive foundational learning on all topics covered on the exam
  • An extensive collection of practice questions
  • Access to the Pearson Test Prep practice test software that provides real-time practice and feedback, online or offline
  • The Cram Sheet tear-out card including tips, acronyms, and memory joggers not available anywhere else - perfect for last-minute study

Topics covered in this book range from identifying threats, attacks, and vulnerabilities to implementing the correct tools and technologies to defend against these vectors; cryptography concepts and deployment techniques to identity and access  management; security architecture and design principles  to risk management. This book brings together all the knowledge professionals need to walk into the exam room with confidence - and pass their Security+ exams with flying colors.


About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with more than 300 practice test questions. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package
--Enables you to focus on individual topic areas or take complete, timed exams
--Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
--Provides unique sets of exam-realistic practice questions
--Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements: 
Windows XP (SP3), Windows Vista (SP2), Windows 7, or Windows 8.1 (desktop UI only); Microsoft .NET Framework 4.0 Client; Pentium class 1GHz processor (or equivalent); 512 MB RAM; 650 MB disc space plus 50 MB for each downloaded practice exam

About the Premium Edition eBook

CompTIA® Security+ Exam Cram, Fifth Edition, Premium Edition, is the perfect study guide to help you pass CompTIA’s newly updated version of the Security+ exam. It provides coverage on all the critical information you need to know to score higher on your Security+ exam!

--Categorize types of attacks, threats, and risks to your systems

--Secure devices, communications, and network infrastructure

-- Troubleshoot issues related to networking components

-- Effectively manage risks associated with a global business environment

-- Differentiate between control methods used to secure the physical domain

-- Identify solutions to secure hosts, data, and applications

-- Compare techniques to mitigate risks in static environments

-- Determine relevant access control, authorization, and authentication procedures

-- Select appropriate mitigation techniques in response to attacks and vulnerabilities

-- Apply principles of cryptography and effectively deploy related solutions

--Implement security practices from both a technical and an organizational standpoint


Sample Content

Table of Contents

Introduction

Part I: Threats, Attacks, and Vulnerabilities

Chapter 1: Indicators of Compromise and Malware Types

Viruses

Worms

Ransomware

Trojan Horses

Rootkits

Logic Bombs

Bots

Spyware

What Next?

Chapter 2: Attack Types

Social Engineering

    Phishing and Related Attacks

    Tailgating

    Impersonation

    Dumpster Diving

    Shoulder Surfing

    Hoaxes

    Watering Hole Attacks

    Principles (Reasons for Effectiveness)

Application/Service Attacks

    Spoofing

    Buffer and Integer Overflows

    Zero-Day Attack

    Code Injections

    Hijacking and Related Attacks

    Man-in-the-Middle

    Denial of Service

Cryptographic Attacks

    Brute Force

    Weak Implementations

Wireless

    Wi-Fi

    Short Range Wireless Communications

What Next?

Chapter 3: Threat Actor Types and Attributes

Threat Actor Attributes

Threat Actor Types

    Script Kiddies

    Insiders

    Hacktivists

    Organized Crime

    Competitors

    Nation States

Open Source Intelligence

What Next?

Chapter 4: Penetration Testing

Testing Methodology

    Planning

    Discovery

    Attack

    Reporting

What Next?

Chapter 5: Vulnerability Scanning

Types of Vulnerability Scans

    Intrusive vs. Non-intrusive

    Credentialed vs. Non-credentialed

What Next?

Chapter 6: Impacts Associated with Vulnerability Types

People and Process

Race Conditions

Resource Exhaustion

Architecture and Design

Configuration

Cryptographic Management

Embedded Systems

Lack of Vendor Support

Improper Software Handling

Leaks, Overflows, and Code Injection

What Next?

Part I Cram Quiz

Part II: Technology and Tools

Chapter 7: Network Components

Perimeter Security

    Firewalls

    VPN Concentrators

    NIDS and NIPS

Internal Security

    Routers

    Switches

    Protections

    Bridges

Boundary Devices

    Proxies

    Load Balancers

    Access Points

Enforcement Tools

    SIEM

    DLP

    NAC

    Gateways

Cryptographic Devices

    SSL/TLS Accelerators and Decryptors

    HSM

What Next?

Chapter 8: Software Tools

Vulnerability Assessment Tools

    Analyzers and Scanners

Detection and Protection Tools

    Honeypots

    Exploitation Frameworks

    Password Crackers

    Steganography

    Backup Utilities

    Data Sanitizing Tools

    Command-line Tools

What Next?

Chapter 9: Security Issues

Authentication, Authorization, and Access

    Unencrypted Credentials and Clear Text

    Permission Issues

    Access Violations

    Authentication Issues

    Certificate Issues

Misconfigurations and Deviations

    Firewall

    Content Filter

    Access Points

    Baseline Deviation

    Weak Security Configurations and Data Exfiltration

Personnel

    Policy Violation

    Insider Threat

    Social Engineering

    Social Media

    Personal Email

Logs and Event Anomalies

Assets and Licensing

    Asset Management

    License Compliance Violation

    Unauthorized Software

What Next?

Chapter 10: Security Technologies

Security Technologies

    Host Technologies

    Enterprise Technologies

What Next?

Chapter 11: Mobile Devices

Communication Methods

Mobile Device Management Concepts

    Device, Application, and Content Management

    Protections

Enforcement and Monitoring

Deployment Models

    BYOD, CYOD, COPE and Corporate-owned Devices

    VDI

    Deployment Strategies

What Next?

Chapter 12: Secure Protocols

Secure Protocols

    Securing Web Protocols

    Securing File Transfer Protocols

    Securing Email Protocols

    Securing Internal Protocols

Use Cases

    Secure Web Communication

    Secure File Transfer Communication

    Secure Email Communication

    Secured Internal Communication

What Next?

Part II Cram Quiz

Part III: Architecture and Design

Chapter 13: Use Cases, Frameworks, and Best Practices

Industry-standard Frameworks and Reference Architectures

    Regulatory and Non-regulatory

    National vs. International

    Industry-specific Frameworks

Benchmarks and Secure Configuration Guides

    Platform and Vendor-specific Guides

    General Purpose Guides

Defense in Depth and Layered Security

    Vendor Diversity

    Control Diversity

    User Training

What Next?

Chapter 14: Network Architecture

Zones and Topologies

    DMZ, Intranet, and Extranet

    Wireless, Guest, and Ad Hoc Networks

    NAT

    Honeynet

Segregation, Segmentation, and Isolation

    Physical

    Logical (VLAN)

    Virtualization

VPN Tunneling

Security Device and Technology Placement

    Sensors, Collectors, and Correlation Engines

    Firewalls, Proxies, and Filters

    Accelerators, Concentrators, and Balancers

    Switches, Taps, and Mirroring

SDN

What Next?

Chapter 15: Secure Systems Design

Hardware and Firmware Security

    FDE and SED

    TPM and HSM

    BIOS and UEFI

    Secure Boot

    Attestation

    Supply Chain

    Hardware Root of Trust

    EMI and EMP

Operating Systems

    Patch Management

    Disabling Unnecessary Ports and Services

    Least Functionality

    Secure Configurations

    Trusted Operating System

    Application Whitelisting/Blacklisting

    Disable Default Accounts and Passwords

Peripherals

    Wireless Keyboards and Mice

    Displays

    WiFi-Enabled MicroSD Cards and Digital Cameras

    Printers and MFDs

    External Storage Devices

What Next?

Chapter 16: Secure Staging Deployment

Sandboxing

Environment

    Development and Test

    Staging and Production

Secure Baseline

Integrity Measurement

What Next?

Chapter 17: Embedded Systems

SCADA and ICS

Smart Devices and IoT

    Wearable Technology

    Home Automation

SoC and RTOS

HVAC

Printers, MFDs, and Camera Systems

Special-Purpose Devices

    Medical Devices

    Vehicles

    Aircraft and UAV

    Protecting Embedded Systems

What Next?

Chapter 18: Secure Application Development and Deployment

Development Life-cycle Models

    Waterfall vs. Agile

Secure DevOps

    Continuous Integration and Security Automation

    Baselining

    Immutable Systems

    Infrastructure As Code

Change Management and Version Control

Provisioning and Deprovisioning

Secure Coding Techniques

    Proper Error Handling

    Proper Input Validation

    Normalization

    Stored Procedures

    Code Signing

    Encryption, Obfuscation, and Camouflage

    Code Reuse and Dead Code

    Use of Third-Party Libraries and SDKs

    Server-side vs. Client-side Execution and Validation

    Memory Management

    Data Exposure

Compiled vs. Runtime Code

Code Quality and Testing

    Static Code Analyzers

    Dynamic Analysis

    Stress Testing

    Sandboxing

    Model Verification

What Next?

Chapter 19: Cloud and Virtualization

Virtualization Concepts

    Hypervisors

    VDE/VDI

    VM Sprawl Avoidance

    VM Escape Protection

Cloud Concepts

    Cloud Storage

    Cloud Deployment Models

    On-premises vs. Hosted vs. Cloud

    Cloud Access Security Broker

    Security as a Service

What Next?

Chapter 20: Reducing Risk

Automation and Scripting

Templates and Master Images

Non-persistence

    Snapshots

    Revert to Known State and Rollback to Known Configuration

    Live Boot Media

Scalability and Elasticity

Distributive Allocation

Fault Tolerance and Redundancy

High Availability

RAID

What Next?

Chapter 21: Physical Security Controls

Perimeter Security

    Signs, Fencing, and Gates

    Lighting

    Barricades and Bollards

    Cameras

    Security Guards

Internal Security

    Alarms

    Motion and Infrared Detection

    Mantraps

    Locks and Lock Types

    Cards, Tokens, and Biometrics

    Key Management

    Logs

Equipment Security

    Cable Locks

    Cages and Safes

    Locking Cabinets and Enclosures

    Screen Filters

    Air Gap

Environmental Controls

    Protected Cabling, Protected Distribution, and Faraday Cages

    HVAC

    Fire Suppression

    Hot and Cold Aisles

What Next?

Part III Cram Quiz

Part IV: Identity and Access Management

Chapter 22: Identity and Access Management Concepts

Identification, Authentication, Authorization, and Accounting (AAA)

Multifactor Authentication

Federation, Single Sign-On, and Transitive Trust

    Single Sign-On

    Federation

    Transitive Trust

What Next?

Chapter 23: Identity and Access Services

Authentication Protocols

Directory Services Protocols

AAA Protocols and Services

Federated Services

What Next?

Chapter 24: Identity and Access Controls

Access Control Models

Physical Access Controls

Tokens

Certificate-based Authentication

File System Security

Database Security

What Next?

Chapter 25: Account Management Practices

Account Types

General Concepts

Account Policy Enforcement

What Next?

Part IV Cram Quiz

Part V: Risk Management

Chapter 26: Policies, Plans, and Procedures Related to Organizational Security

Human Resource Management Policies

    Background Checks

    Onboarding

    Mandatory Vacations

    Separation of Duties

    Job Rotation

    Clean Desk Policies

    Role-Based Awareness and Training

    Continuing Education

    Acceptable Use Policy/Rules of Behavior

    Internet Usage

    Nondisclosure Agreements

    Disciplinary and Adverse Actions

    Exit Interviews

Interoperability Agreements

What Next?

Chapter 27: Business Impact Analysis

Critical Functions

    Identification of Critical Systems

    Single Points of Failure

Recovery Objectives

MTTR

MTTF and MTBF

Impact

Privacy

What Next?

Chapter 28: Risk Management Processes and Concepts

Threat Assessment

Risk Assessment

    Qualitative Versus Quantitative Measures

    Supply Chain Assessment

    Change Management

    Testing Authorization

Risk Register

Risk Response Techniques

What Next?

Chapter 29: Incident Response Procedures

Incident Response Plan

    Documented Incident Type/Category Definitions

    Roles and Responsibilities

    Reporting Requirements and Escalation

    Cyber-incident Response Teams

    Training, Tests, and Exercises

Incident Response Process

    Preparation

    Incident Identification and Analysis

    Containment, Eradication, and Recovery

    Post-Incident Activities

What Next?

Chapter 30: Forensics

Strategic Intelligence/Counterintelligence Gathering

Track Man-hours

Order of Volatility

Chain of Custody

Legal Hold

Data Acquisition

    Capture System Images

    Capture Network Traffic and Logs

    Capture Video

    Record Time Offset

    Take Hashes

    Capture Screenshots

    Collect Witness Interviews

What Next?

Chapter 31: Disaster Recovery and Continuity of Operations

Disaster Recovery

    Recovery Sites

    Backups

Geographic Considerations

Continuity of Operation Planning

What Next?

Chapter 32: Controls

Nature of Controls

Functional Use of Controls

    Deterrent

    Preventive

    Detective

    Corrective

Compensating Controls

What Next?

Chapter 33: Data Security and Privacy Practices

Data Sensitivity Labeling and Handling

    Privacy Laws and Regulatory Compliance

Data Roles

Data Retention and Disposal

    Retention

    Disposal

What Next?

Part V Cram Quiz

Part VI: Cryptography and PKI

Chapter 34: Cryptography

Keys

    Key Exchange

Symmetric Algorithms

Asymmetric Algorithms

Elliptic Curve and Quantum Cryptography

Session Keys

Nonrepudiation and Digital Signatures

Hashing

Use of Proven Technologies and Implementation

    Obfuscation

Use Cases

    Resource Constraints

What Next?

Chapter 35: Cryptography Algorithms

Obfuscation Techniques

Symmetric Algorithms

    Cipher Modes

Asymmetric Algorithms

Hashing Algorithms

Key Derivation Function

What Next?

Chapter 36: Wireless Security Settings

Access Methods

Wireless Cryptographic Protocols

    Wireless Equivalent Privacy

    Wi-Fi Protected Access

    Wi-Fi Protected Access Version 2

Authentication Protocols

What Next?

Chapter 37: Public Key Infrastructure

Certificate Authority (CA)

    Certification Practice Statement

    Trust Models

    Key Escrow

Digital Certificate

    Public and Private Key Usage

    Certificate Signing Request

    Certificate Policy

    Certificate Types

    Certificate Formats

Certificate Revocation

OCSP Stapling

Pinning

What Next?

Part VI Cram Quiz

Elements Available Online

Glossary of Essential Terms and Components

Cram Quizzes

9780789759009   TOC   11/21/2017

Updates

Submit Errata

More Information

Unlimited one-month access with your purchase
Free Safari Membership