Home > Store

CompTIA Security+ SY0-501 Exam Cram Premium Edition and Practice Tests, 5th Edition

Register your product to gain access to bonus material or receive a coupon.

CompTIA Security+ SY0-501 Exam Cram Premium Edition and Practice Tests, 5th Edition

Premium Edition eBook

  • Your Price: $35.99
  • List Price: $44.99
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice tests.

    Your purchase will deliver:

    • Link to download the Pearson Test Prep exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    PDF The popular standard, which reproduces the look and layout of the printed page.

    This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    eBook FAQ

    eBook Download Instructions


  • Copyright 2018
  • Dimensions: 6" x 9"
  • Pages: 720
  • Edition: 5th
  • Premium Edition eBook
  • ISBN-10: 0-13-478370-0
  • ISBN-13: 978-0-13-478370-3

The exciting CompTIA Security+ SY0-501 Exam Cram Premium Edition and Practice Test is a digital-only certification preparation product combining an eBook with the powerful Pearson Test Prep practice test software. The Premium Edition eBook and Practice Test contains the following items:

·         The CompTIA Security+ SY0-501 Exam Cram Premium Edition Practice Test, including three full practice exams and enhanced practice test features

·         PDF and EPUB formats of the CompTIA Security+ SY0-501 Exam Cram from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone

·         Access to the digital edition of the Cram Sheet, available through product registration at Pearson IT Certification; or see the instructions in the back pages of your eBook

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson Test Prep practice test software with three full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package

·         Enables you to focus on individual topic areas or take complete, timed exams

·         Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions

·         Provides unique sets of exam-realistic practice questions

·         Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson Test Prep online system requirements:

Browsers: Chrome version 40 and above; Firefox version 35 and above; Safari version 7; Internet Explorer 10, 11; Microsoft Edge; Opera

Devices: Desktop and laptop computers, tablets running on Android and iOS, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1, or Windows 7; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

About the Premium Edition eBook

CompTIA Security+ SY0-501 Exam Cram, Fifth Edition, is the perfect study guide to help you pass CompTIA’s newly updated version of the Security+ exam. It provides coverage and practice questions for every exam topic. The book contains a set of 150 questions. The powerful Pearson Test Prep practice test software provides real-time practice and feedback with all the questions so you can simulate the exam.

Covers the critical information you need to know to score higher on your Security+ exam!

·         Analyze indicators of compromise and determine types of attacks, threats, and risks to systems

·         Minimize the impact associated with types of attacks and vulnerabilities

·         Secure devices, communications, and network infrastructure

·         Effectively manage risks associated with a global business environment

·         Differentiate between control methods used to secure the physical domain

·         Identify solutions for the implementation of secure network architecture

·         Compare techniques for secure application development and deployment

·         Determine relevant identity and access management procedures

·         Implement security policies, plans, and procedures related to organizational security

·         Apply principles of cryptography and effectively deploy related solutions

Sample Content

Table of Contents


Part I: Threats, Attacks, and Vulnerabilities

Chapter 1: Indicators of Compromise and Malware Types




Trojan Horses


Logic Bombs



What Next?

Chapter 2: Attack Types

Social Engineering

    Phishing and Related Attacks



    Dumpster Diving

    Shoulder Surfing


    Watering Hole Attacks

    Principles (Reasons for Effectiveness)

Application/Service Attacks


    Buffer and Integer Overflows

    Zero-Day Attack

    Code Injections

    Hijacking and Related Attacks


    Denial of Service

Cryptographic Attacks

    Brute Force

    Weak Implementations



    Short Range Wireless Communications

What Next?

Chapter 3: Threat Actor Types and Attributes

Threat Actor Attributes

Threat Actor Types

    Script Kiddies



    Organized Crime


    Nation States

Open Source Intelligence

What Next?

Chapter 4: Penetration Testing

Testing Methodology





What Next?

Chapter 5: Vulnerability Scanning

Types of Vulnerability Scans

    Intrusive vs. Non-intrusive

    Credentialed vs. Non-credentialed

What Next?

Chapter 6: Impacts Associated with Vulnerability Types

People and Process

Race Conditions

Resource Exhaustion

Architecture and Design


Cryptographic Management

Embedded Systems

Lack of Vendor Support

Improper Software Handling

Leaks, Overflows, and Code Injection

What Next?

Part I Cram Quiz

Part II: Technology and Tools

Chapter 7: Network Components

Perimeter Security


    VPN Concentrators

    NIDS and NIPS

Internal Security





Boundary Devices


    Load Balancers

    Access Points

Enforcement Tools





Cryptographic Devices

    SSL/TLS Accelerators and Decryptors


What Next?

Chapter 8: Software Tools

Vulnerability Assessment Tools

    Analyzers and Scanners

Detection and Protection Tools


    Exploitation Frameworks

    Password Crackers


    Backup Utilities

    Data Sanitizing Tools

    Command-line Tools

What Next?

Chapter 9: Security Issues

Authentication, Authorization, and Access

    Unencrypted Credentials and Clear Text

    Permission Issues

    Access Violations

    Authentication Issues

    Certificate Issues

Misconfigurations and Deviations


    Content Filter

    Access Points

    Baseline Deviation

    Weak Security Configurations and Data Exfiltration


    Policy Violation

    Insider Threat

    Social Engineering

    Social Media

    Personal Email

Logs and Event Anomalies

Assets and Licensing

    Asset Management

    License Compliance Violation

    Unauthorized Software

What Next?

Chapter 10: Security Technologies

Security Technologies

    Host Technologies

    Enterprise Technologies

What Next?

Chapter 11: Mobile Devices

Communication Methods

Mobile Device Management Concepts

    Device, Application, and Content Management


Enforcement and Monitoring

Deployment Models

    BYOD, CYOD, COPE and Corporate-owned Devices


    Deployment Strategies

What Next?

Chapter 12: Secure Protocols

Secure Protocols

    Securing Web Protocols

    Securing File Transfer Protocols

    Securing Email Protocols

    Securing Internal Protocols

Use Cases

    Secure Web Communication

    Secure File Transfer Communication

    Secure Email Communication

    Secured Internal Communication

What Next?

Part II Cram Quiz

Part III: Architecture and Design

Chapter 13: Use Cases, Frameworks, and Best Practices

Industry-standard Frameworks and Reference Architectures

    Regulatory and Non-regulatory

    National vs. International

    Industry-specific Frameworks

Benchmarks and Secure Configuration Guides

    Platform and Vendor-specific Guides

    General Purpose Guides

Defense in Depth and Layered Security

    Vendor Diversity

    Control Diversity

    User Training

What Next?

Chapter 14: Network Architecture

Zones and Topologies

    DMZ, Intranet, and Extranet

    Wireless, Guest, and Ad Hoc Networks



Segregation, Segmentation, and Isolation


    Logical (VLAN)


VPN Tunneling

Security Device and Technology Placement

    Sensors, Collectors, and Correlation Engines

    Firewalls, Proxies, and Filters

    Accelerators, Concentrators, and Balancers

    Switches, Taps, and Mirroring


What Next?

Chapter 15: Secure Systems Design

Hardware and Firmware Security

    FDE and SED

    TPM and HSM

    BIOS and UEFI

    Secure Boot


    Supply Chain

    Hardware Root of Trust

    EMI and EMP

Operating Systems

    Patch Management

    Disabling Unnecessary Ports and Services

    Least Functionality

    Secure Configurations

    Trusted Operating System

    Application Whitelisting/Blacklisting

    Disable Default Accounts and Passwords


    Wireless Keyboards and Mice


    WiFi-Enabled MicroSD Cards and Digital Cameras

    Printers and MFDs

    External Storage Devices

What Next?

Chapter 16: Secure Staging Deployment



    Development and Test

    Staging and Production

Secure Baseline

Integrity Measurement

What Next?

Chapter 17: Embedded Systems


Smart Devices and IoT

    Wearable Technology

    Home Automation

SoC and RTOS


Printers, MFDs, and Camera Systems

Special-Purpose Devices

    Medical Devices


    Aircraft and UAV

    Protecting Embedded Systems

What Next?

Chapter 18: Secure Application Development and Deployment

Development Life-cycle Models

    Waterfall vs. Agile

Secure DevOps

    Continuous Integration and Security Automation


    Immutable Systems

    Infrastructure As Code

Change Management and Version Control

Provisioning and Deprovisioning

Secure Coding Techniques

    Proper Error Handling

    Proper Input Validation


    Stored Procedures

    Code Signing

    Encryption, Obfuscation, and Camouflage

    Code Reuse and Dead Code

    Use of Third-Party Libraries and SDKs

    Server-side vs. Client-side Execution and Validation

    Memory Management

    Data Exposure

Compiled vs. Runtime Code

Code Quality and Testing

    Static Code Analyzers

    Dynamic Analysis

    Stress Testing


    Model Verification

What Next?

Chapter 19: Cloud and Virtualization

Virtualization Concepts



    VM Sprawl Avoidance

    VM Escape Protection

Cloud Concepts

    Cloud Storage

    Cloud Deployment Models

    On-premises vs. Hosted vs. Cloud

    Cloud Access Security Broker

    Security as a Service

What Next?

Chapter 20: Reducing Risk

Automation and Scripting

Templates and Master Images



    Revert to Known State and Rollback to Known Configuration

    Live Boot Media

Scalability and Elasticity

Distributive Allocation

Fault Tolerance and Redundancy

High Availability


What Next?

Chapter 21: Physical Security Controls

Perimeter Security

    Signs, Fencing, and Gates


    Barricades and Bollards


    Security Guards

Internal Security


    Motion and Infrared Detection


    Locks and Lock Types

    Cards, Tokens, and Biometrics

    Key Management


Equipment Security

    Cable Locks

    Cages and Safes

    Locking Cabinets and Enclosures

    Screen Filters

    Air Gap

Environmental Controls

    Protected Cabling, Protected Distribution, and Faraday Cages


    Fire Suppression

    Hot and Cold Aisles

What Next?

Part III Cram Quiz

Part IV: Identity and Access Management

Chapter 22: Identity and Access Management Concepts

Identification, Authentication, Authorization, and Accounting (AAA)

Multifactor Authentication

Federation, Single Sign-On, and Transitive Trust

    Single Sign-On


    Transitive Trust

What Next?

Chapter 23: Identity and Access Services

Authentication Protocols

Directory Services Protocols

AAA Protocols and Services

Federated Services

What Next?

Chapter 24: Identity and Access Controls

Access Control Models

Physical Access Controls


Certificate-based Authentication

File System Security

Database Security

What Next?

Chapter 25: Account Management Practices

Account Types

General Concepts

Account Policy Enforcement

What Next?

Part IV Cram Quiz

Part V: Risk Management

Chapter 26: Policies, Plans, and Procedures Related to Organizational Security

Human Resource Management Policies

    Background Checks


    Mandatory Vacations

    Separation of Duties

    Job Rotation

    Clean Desk Policies

    Role-Based Awareness and Training

    Continuing Education

    Acceptable Use Policy/Rules of Behavior

    Internet Usage

    Nondisclosure Agreements

    Disciplinary and Adverse Actions

    Exit Interviews

Interoperability Agreements

What Next?

Chapter 27: Business Impact Analysis

Critical Functions

    Identification of Critical Systems

    Single Points of Failure

Recovery Objectives





What Next?

Chapter 28: Risk Management Processes and Concepts

Threat Assessment

Risk Assessment

    Qualitative Versus Quantitative Measures

    Supply Chain Assessment

    Change Management

    Testing Authorization

Risk Register

Risk Response Techniques

What Next?

Chapter 29: Incident Response Procedures

Incident Response Plan

    Documented Incident Type/Category Definitions

    Roles and Responsibilities

    Reporting Requirements and Escalation

    Cyber-incident Response Teams

    Training, Tests, and Exercises

Incident Response Process


    Incident Identification and Analysis

    Containment, Eradication, and Recovery

    Post-Incident Activities

What Next?

Chapter 30: Forensics

Strategic Intelligence/Counterintelligence Gathering

Track Man-hours

Order of Volatility

Chain of Custody

Legal Hold

Data Acquisition

    Capture System Images

    Capture Network Traffic and Logs

    Capture Video

    Record Time Offset

    Take Hashes

    Capture Screenshots

    Collect Witness Interviews

What Next?

Chapter 31: Disaster Recovery and Continuity of Operations

Disaster Recovery

    Recovery Sites


Geographic Considerations

Continuity of Operation Planning

What Next?

Chapter 32: Controls

Nature of Controls

Functional Use of Controls





Compensating Controls

What Next?

Chapter 33: Data Security and Privacy Practices

Data Sensitivity Labeling and Handling

    Privacy Laws and Regulatory Compliance

Data Roles

Data Retention and Disposal



What Next?

Part V Cram Quiz

Part VI: Cryptography and PKI

Chapter 34: Cryptography


    Key Exchange

Symmetric Algorithms

Asymmetric Algorithms

Elliptic Curve and Quantum Cryptography

Session Keys

Nonrepudiation and Digital Signatures


Use of Proven Technologies and Implementation


Use Cases

    Resource Constraints

What Next?

Chapter 35: Cryptography Algorithms

Obfuscation Techniques

Symmetric Algorithms

    Cipher Modes

Asymmetric Algorithms

Hashing Algorithms

Key Derivation Function

What Next?

Chapter 36: Wireless Security Settings

Access Methods

Wireless Cryptographic Protocols

    Wireless Equivalent Privacy

    Wi-Fi Protected Access

    Wi-Fi Protected Access Version 2

Authentication Protocols

What Next?

Chapter 37: Public Key Infrastructure

Certificate Authority (CA)

    Certification Practice Statement

    Trust Models

    Key Escrow

Digital Certificate

    Public and Private Key Usage

    Certificate Signing Request

    Certificate Policy

    Certificate Types

    Certificate Formats

Certificate Revocation

OCSP Stapling


What Next?

Part VI Cram Quiz

Elements Available Online

Glossary of Essential Terms and Components

Cram Quizzes

9780789759009   TOC   11/21/2017


Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020