Home > Store

CompTIA Security+ SY0-501 Cert Guide Premium Edition and Practice Tests, 4th Edition

CompTIA Security+ SY0-501 Cert Guide Premium Edition and Practice Tests, 4th Edition

Premium Edition eBook

  • Your Price: $39.99
  • List Price: $49.99
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Tests. Click on the "Premium Edition" tab (on the left side of this page) to learn more about this product.

    Your purchase will deliver:

    • Link to download the enhanced Pearson IT Certification Practice Test exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    The eBooks require no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    Watermarked eBook FAQ

    eBook Download Instructions

Also available in other formats.

Register your product to gain access to bonus material or receive a coupon.

Description

  • Copyright 2018
  • Dimensions: 7-3/8" x 9-1/8"
  • Pages: 800
  • Edition: 4th
  • Premium Edition eBook
  • ISBN-10: 0-13-478106-6
  • ISBN-13: 978-0-13-478106-8

The exciting new CompTIA Security+ SY0-501 Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson Test Prep practice test software. The Premium Edition eBook and Practice Test contains the following items:

·         The Security+ SY0-501 Premium Edition Practice Test, including five full practice exams and enhanced practice test features

·         PDF and EPUB formats of the CompTIA Security+ SY0-501 Cert Guide from Pearson IT Certification, which are accessible via your PC, tablet, and smartphone


About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson Test Prep practice test software (PTP) software with five full practice exams. In addition, it contains all the chapter-ending assessment questions from the book. This integrated learning package

·         Allows you to focus on individual topic areas or take complete, timed exams

·         Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions

·         Provides unique sets of exam-realistic practice questions

·         Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most


Pearson Test Prep online system requirements:

Browsers: Chrome version 40 and above; Firefox version 35 and above; Safari version 7; Internet Explorer 10, 11; Microsoft Edge; Opera. Devices: Desktop and laptop computers, tablets running on Android and iOS, smartphones with a minimum screen size of 4.7". Internet access required.


Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1, or Windows 7; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases


About the Premium Edition eBook

Learn, prepare, and practice for CompTIA Security+ SY0-501 exam success with this CompTIA approved Cert Guide from Pearson IT Certification, a leader in IT certification learning and a CompTIA Authorized Platinum Partner.

·         Master CompTIA Security+ SY0-501 exam topics

·         Assess your knowledge with chapter-ending quizzes

·         Review key concepts with exam preparation tasks

·         Practice with realistic exam questions


CompTIA Security+ SY0-501 Cert Guide is a best-of-breed exam study guide. Best-selling author and expert instructor David L. Prowse shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.


The book presents you with an organized test-preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending chapter review activities help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge, and a final preparation chapter guides you through tools and resources to help you craft your final study plan.


The Premium Edition eBook contains access to the companion files. Go to the back pages of your eBook for instructions on how to access the personal video mentoring content. 


Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this CompTIA approved study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.


The CompTIA approved study guide helps you master all the topics on the Security+ exam, including

·         Core computer system security

·         OS hardening and virtualization

·         Application security

·         Network design elements

·         Networking ports, protocols, and threats

·         Network perimeter security

·         Physical security and authentication models

·         Access control

·         Vulnerability and risk assessment

·         Monitoring and auditing

·         Cryptography, including PKI

·         Redundancy and disaster recovery

·         Social Engineering

·         Policies and procedures

Sample Content

Sample Pages

Download the sample pages (includes Chapter 8 and the Index)

Table of Contents

Introduction xxiv

Chapter 1 Introduction to Security 3

Foundation Topics 4

Security 101 4

    The CIA of Computer Security 4

    The Basics of Information Security 6

Think Like a Hacker 9

Threat Actor Types and Attributes 10

Chapter Review Activities 12

    Review Key Topics 12

    Define Key Terms 12

    Review Questions 13

    Answers and Explanations 15

Chapter 2 Computer Systems Security Part I 19

Foundation Topics 19

Malicious Software Types 19

    Viruses 20

    Worms 21

    Trojan Horses 22

    Ransomware 22

    Spyware 23

    Rootkits 24

    Spam 25

    Summary of Malware Threats 25

Delivery of Malware 26

    Via Software, Messaging, and Media 26

    Botnets and Zombies 28

    Active Interception 28

    Privilege Escalation 29

    Backdoors 29

    Logic Bombs 29

Preventing and Troubleshooting Malware 30

    Preventing and Troubleshooting Viruses 31

    Preventing and Troubleshooting Worms and Trojans 35

    Preventing and Troubleshooting Spyware 35

    Preventing and Troubleshooting Rootkits 38

    Preventing and Troubleshooting Spam 38

    You Can’t Save Every Computer from Malware! 40

    Summary of Malware Prevention Techniques 40

Chapter Summary 41

Chapter Review Activities 42

    Review Key Topics 42

    Define Key Terms 42

    Complete the Real-World Scenarios 43

    Review Questions 43

    Answers and Explanations 48

Chapter 3 Computer Systems Security Part II 53

Foundation Topics 53

Implementing Security Applications 53

    Personal Software Firewalls 53

    Host-Based Intrusion Detection Systems 55

    Pop-Up Blockers 57

    Data Loss Prevention Systems 59

Securing Computer Hardware and Peripherals 59

    Securing the BIOS 60

    Securing Storage Devices 62

        Removable Storage 62

        Network Attached Storage 63

        Whole Disk Encryption 64

        Hardware Security Modules 65

    Securing Wireless Peripherals 66

Securing Mobile Devices 66

    Malware 67

    Botnet Activity 68

    SIM Cloning and Carrier Unlocking 68

    Wireless Attacks 69

    Theft 70

    Application Security 71

    BYOD Concerns 74

Chapter Summary 78

Chapter Review Activities 79

    Review Key Topics 79

    Define Key Terms 79

    Complete the Real-World Scenarios 80

    Review Questions 80

    Answers and Explanations 83

Chapter 4 OS Hardening and Virtualization 89

Foundation Topics 89

Hardening Operating Systems 89

    Removing Unnecessary Applications and Services 90

    Windows Update, Patches, and Hotfixes 97

        Patches and Hotfixes 99

        Patch Management 101

    Group Policies, Security Templates, and Configuration Baselines 102

    Hardening File Systems and Hard Drives 105

Virtualization Technology 109

    Types of Virtualization and Their Purposes 110

    Hypervisor 111

    Securing Virtual Machines 113

Chapter Summary 115

Chapter Review Activities 117

    Review Key Topics 117

    Define Key Terms 118

    Complete the Real-World Scenarios 118

    Review Questions 118

    Answers and Explanations 122

Chapter 5 Application Security 127

Foundation Topics 127

Securing the Browser 127

    General Browser Security Procedures 129

        Implement Policies 129

        Train Your Users 133

        Use a Proxy and Content Filter 133

        Secure Against Malicious Code 135

    Web Browser Concerns and Security Methods 135

        Basic Browser Security 135

        Cookies 136

        LSOs 137

        Add-ons 137

        Advanced Browser Security 138

Securing Other Applications 140

Secure Programming 144

    Software Development Life Cycle 145

    Core SDLC and DevOps Principles 146

    Programming Testing Methods 149

        White-box and Black-box Testing 149

        Compile-Time Errors Versus Runtime Errors 150

        Input Validation 150

        Static and Dynamic Code Analysis 151

        Fuzz Testing 152

    Programming Vulnerabilities and Attacks 152

        Backdoors 153

        Memory/Buffer Vulnerabilities 153

        Arbitrary Code Execution/Remote Code Execution 155

        XSS and XSRF 155

        More Code Injection Examples 156

        Directory Traversal 158

        Zero Day Attack 158

Chapter Summary 160

Chapter Review Activities 161

    Review Key Topics 161

    Define Key Terms 162

    Complete the Real-World Scenarios 162

    Review Questions 162

    Answers and Explanations 167

Chapter 6 Network Design Elements 173

Foundation Topics 173

Network Design 173

    The OSI Model 173

    Network Devices 175

        Switch 175

        Bridge 178

        Router 178

    Network Address Translation, and Private Versus Public IP 180

    Network Zones and Interconnections 182

        LAN Versus WAN 182

        Internet 183

        Demilitarized Zone (DMZ) 183

        Intranets and Extranets 184

    Network Access Control (NAC) 185

    Subnetting 186

    Virtual Local Area Network (VLAN) 188

    Telephony 190

        Modems 190

        PBX Equipment 191

        VoIP 191

Cloud Security and Server Defense 192

    Cloud Computing 192

    Cloud Security 195

    Server Defense 198

        File Servers 198

        Network Controllers 199

        E-mail Servers 199

        Web Servers 200

        FTP Server 202

Chapter Summary 203

Chapter Review Activities 205

    Review Key Topics 205

    Define Key Terms 205

    Complete the Real-World Scenarios 205

    Review Questions 206

    Answers and Explanations 210

Chapter 7 Networking Protocols and Threats 217

Foundation Topics 217

Ports and Protocols 217

    Port Ranges, Inbound Versus Outbound, and Common Ports 217

    Protocols That Can Cause Anxiety on the Exam 225

Malicious Attacks 226

    DoS 226

    DDoS 229

    Sinkholes and Blackholes 230

    Spoofing 231

    Session Hijacking 232

    Replay 234

    Null Sessions 235

    Transitive Access and Client-Side Attacks 236

    DNS Poisoning and Other DNS Attacks 236

    ARP Poisoning 238

    Summary of Network Attacks 238

Chapter Summary 242

Chapter Review Activities 243

    Review Key Topics 243

    Define Key Terms 243

    Complete the Real-World Scenarios 243

    Review Questions 244

    Answers and Explanations 250

Chapter 8 Network Perimeter Security 255

Foundation Topics 256

Firewalls and Network Security 256

    Firewalls 256

    Proxy Servers 263

    Honeypots and Honeynets 266

    Data Loss Prevention (DLP) 267

NIDS Versus NIPS 268

    NIDS 268

    NIPS 269

    Summary of NIDS Versus NIPS 271

    The Protocol Analyzer’s Role in NIDS and NIPS 271

    Unified Threat Management 272

Chapter Summary 273

Chapter Review Activities 274

    Review Key Topics 274

    Define Key Terms 274

    Complete the Real-World Scenarios 274

    Review Questions 275

    Answers and Explanations 280

Chapter 9 Securing Network Media and Devices 285

Foundation Topics 285

Securing Wired Networks and Devices 285

    Network Device Vulnerabilities 285

        Default Accounts 286

        Weak Passwords 286

        Privilege Escalation 287

        Back Doors 288

        Network Attacks 289

        Other Network Device Considerations 289

    Cable Media Vulnerabilities 289

        Interference 290

        Crosstalk 291

        Data Emanation 292

        Tapping into Data and Conversations 293

Securing Wireless Networks 295

    Wireless Access Point Vulnerabilities 295

        The Administration Interface 295

        SSID Broadcast 296

        Rogue Access Points 296

        Evil Twin 297

        Weak Encryption 297

        Wi-Fi Protected Setup 299

        Ad Hoc Networks 299

        VPN over Open Wireless 300

    Wireless Access Point Security Strategies 300

    Wireless Transmission Vulnerabilities 304

    Bluetooth and Other Wireless Technology Vulnerabilities 305

        Bluejacking 306

        Bluesnarfing 306

        RFID and NFC 307

        More Wireless Technologies 308

Chapter Summary 310

Chapter Review Activities 312

    Review Key Topics 312

    Define Key Terms 312

    Complete the Real-World Scenarios 312

    Review Questions 313

    Answers and Explanations 317

Chapter 10 Physical Security and Authentication Models 321

Foundation Topics 322

Physical Security 322

    General Building and Server Room Security 323

    Door Access 324

    Biometric Readers 326

Authentication Models and Components 327

    Authentication Models 327

    Localized Authentication Technologies 329

        802.1X and EAP 330

        LDAP 333

        Kerberos and Mutual Authentication 334

        Remote Desktop Services 336

    Remote Authentication Technologies 337

        Remote Access Service 337

        Virtual Private Networks 340

        RADIUS Versus TACACS 343

Chapter Summary 345

Chapter Review Activities 346

    Review Key Topics 346

    Define Key Terms 347

    Complete the Real-World Scenarios 347

    Review Questions 347

    Answers and Explanations 355

Chapter 11 Access Control Methods and Models 361

Foundation Topic 361

Access Control Models Defined 361

    Discretionary Access Control 361

    Mandatory Access Control 363

    Role-Based Access Control (RBAC) 364

    Attribute-based Access Control (ABAC) 365

    Access Control Wise Practices 366

Rights, Permissions, and Policies 369

    Users, Groups, and Permissions 369

    Permission Inheritance and Propagation 374

    Moving and Copying Folders and Files 376

    Usernames and Passwords 376

    Policies 379

    User Account Control (UAC) 383

Chapter Summary 384

Chapter Review Activities 385

    Review Key Topics 385

    Define Key Terms 386

    Complete the Real-World Scenarios 386

    Review Questions 386

    Answers and Explanations 392

Chapter 12 Vulnerability and Risk Assessment 397

Foundation Topics 397

Conducting Risk Assessments 397

    Qualitative Risk Assessment 399

    Quantitative Risk Assessment 400

    Security Analysis Methodologies 402

    Security Controls 404

    Vulnerability Management 405

        Penetration Testing 407

        OVAL 408

        Additional Vulnerabilities 409

Assessing Vulnerability with Security Tools 410

    Network Mapping 411

    Vulnerability Scanning 412

    Network Sniffing 415

    Password Analysis 417

Chapter Summary 420

Chapter Review Activities 421

    Review Key Topics 421

    Define Key Terms 422

    Complete the Real-World Scenarios 422

    Review Questions 422

    Answers and Explanations 428

Chapter 13 Monitoring and Auditing 435

Foundation Topics 435

Monitoring Methodologies 435

    Signature-Based Monitoring 435

    Anomaly-Based Monitoring 436

    Behavior-Based Monitoring 436

Using Tools to Monitor Systems and Networks 437

    Performance Baselining 438

    Protocol Analyzers 440

        Wireshark 441

    SNMP 443

    Analytical Tools 445

    Use Static and Dynamic Tools 447

Conducting Audits 448

    Auditing Files 448

    Logging 451

    Log File Maintenance and Security 455

    Auditing System Security Settings 457

    SIEM 460

Chapter Summary 461

Chapter Review Activities 462

    Review Key Topics 462

    Define Key Terms 463

    Complete the Real-World Scenarios 463

    Review Questions 463

    Answers and Explanations 470

Chapter 14 Encryption and Hashing Concepts 477

Foundation Topics 477

Cryptography Concepts 477

    Symmetric Versus Asymmetric Key Algorithms 481

        Symmetric Key Algorithms 481

    Asymmetric Key Algorithms 483

    Public Key Cryptography 483

    Key Management 484

    Steganography 485

Encryption Algorithms 486

    DES and 3DES 486

    AES 487

    RC 488

    Blowfish and Twofish 489

    Summary of Symmetric Algorithms 489

    RSA 490

    Diffie-Hellman 491

    Elliptic Curve 492

    More Encryption Types 493

        One-Time Pad 493

        PGP 494

        Pseudorandom Number Generators 495

Hashing Basics 496

    Cryptographic Hash Functions 498

        MD5 498

        SHA 498

        RIPEMD and HMAC 499

    LANMAN, NTLM, and NTLMv2 500

        LANMAN 500

        NTLM and NTLMv2 501

    Hashing Attacks 502

        Pass the Hash 502

        Happy Birthday! 503

    Additional Password Hashing Concepts 503

Chapter Summary 505

Chapter Review Activities 507

    Review Key Topics 507

    Define Key Terms 507

    Complete the Real-World Scenarios 508

    Review Questions 508

    Answers and Explanations 515

Chapter 15 PKI and Encryption Protocols 521

Foundation Topics 521

Public Key Infrastructure 521

    Certificates 522

        SSL Certificate Types 522

        Single-Sided and Dual-Sided Certificates 523

        Certificate Chain of Trust 523

        Certificate Formats 523

    Certificate Authorities 525

    Web of Trust 529

Security Protocols 529

    S/MIME 530

    SSL/TLS 531

    SSH 532

    PPTP, L2TP, and IPsec 533

        PPTP 533

        L2TP 534

        IPsec 534

Chapter Summary 535

Chapter Review Activities 536

    Review Key Topics 536

    Define Key Terms 536

    Complete the Real-World Scenarios 537

    Review Questions 537

    Answers and Explanations 542

Chapter 16 Redundancy and Disaster Recovery 547

Foundation Topics 547

Redundancy Planning 547

    Redundant Power 549

    Redundant Power Supplies 551

    Uninterruptible Power Supplies 551

    Backup Generators 553

    Redundant Data 555

    Redundant Networking 558

    Redundant Servers 560

    Redundant Sites 561

    Redundant People 562

Disaster Recovery Planning and Procedures 562

    Data Backup 562

    DR Planning 567

Chapter Summary 571

Chapter Review Activities 572

    Review Key Topics 572

    Define Key Terms 572

    Complete the Real-World Scenarios 573

    Review Questions 573

    Answers and Explanations 577

Chapter 17 Social Engineering, User Education, and Facilities Security 583

Foundation Topics 583

Social Engineering 583

    Pretexting 584

    Malicious Insider 585

    Diversion Theft 586

    Phishing 586

    Hoaxes 587

    Shoulder Surfing 588

    Eavesdropping 588

    Dumpster Diving 588

    Baiting 589

    Piggybacking/Tailgating 589

    Watering Hole Attack 589

    Summary of Social Engineering Types 590

User Education 591

Facilities Security 593

    Fire Suppression 594

        Fire Extinguishers 594

        Sprinkler Systems 595

        Special Hazard Protection Systems 596

    HVAC 597

    Shielding 598

    Vehicles 600

Chapter Summary 602

Chapter Review Activities 603

    Review Key Topics 603

    Define Key Terms 603

    Complete the Real-World Scenarios 603

    Review Questions 604

    Answers and Explanations 608

Chapter 18 Policies and Procedures 613

Foundation Topics 614

Legislative and Organizational Policies 614

    Data Sensitivity and Classification of Information 615

    Personnel Security Policies 617

        Privacy Policies 618

        Acceptable Use 618

        Change Management 619

        Separation of Duties/Job Rotation 619

        Mandatory Vacations 620

        Onboarding and Offboarding 620

        Due Diligence 621

        Due Care 621

        Due Process 621

        User Education and Awareness Training 621

        Summary of Personnel Security Policies 622

    How to Deal with Vendors 623

    How to Dispose of Computers and Other IT Equipment Securely 625

Incident Response Procedures 627

IT Security Frameworks 633

Chapter Summary 635

Chapter Review Activities 636

    Review Key Topics 636

    Define Key Terms 636

    Complete the Real-World Scenarios 637

    Review Questions 637

    Answers and Explanations 641

Chapter 19 Taking the Real Exam 647

Getting Ready and the Exam Preparation Checklist 647

Tips for Taking the Real Exam 651

Beyond the CompTIA Security+ Certification 655

Practice Exam 1: SY0-501 657

Answers to Practice Exam 1 679

Answers with Explanations 680

Glossary 718

Elements Available Online

View Recommended Resources

Real-World Scenarios

9780789758996   TOC   9/19/2017

Updates

Submit Errata

More Information

Unlimited one-month access with your purchase
Free Safari Membership