CompTIA Security+ Review Guide: Exam SY0–401

THE PERFECT COMPANION TO SYBEXS COMPTIA SECURITY+ STUDY GUIDE: SY0–401 Approach the CompTIA Security+ exam with confidence Before you take the CompTIA Security+ Exam (SY0–401), reinforce your test prep with this concise guide that reviews all six exam domains: Network Security; Compliance and Operational Security; Threats and Vulnerabilities; Application, Data, and Host Security; Access Control and Identity Management; and Cryptography. Youll find full coverage of all exam objectivesplus gain access to a practical and targeted set of study tools. Easy–to–use book is organized by exam objectives for quick review Flexible review guide goes hand–in–hand with any learning tool on the market, including the Sybex CompTIA Security+ Study Guide: SY0–401 Exam Essentials section in each chapter helps you zero in on what you need to know Gain access to a complete set of exam prep and review tools, including 100 practice exam questions, electronic flash cards, and a Glossary of Key Terms Go to www.sybex.com/go/securityplusrg for a full set of online review tools Targeted Review Tool for the CompTIA Security+ Exam Includes Access to a Full Set of Study Tools The Perfect Companion to Any CompTIA Security+ Courseware

Introduction xxv Chapter 1 Network Security 1 1.1 Implement security configuration parameters on network devices and other technologies 5 1.2 Given a scenario, use secure network administration principles 22 1.3 Explain network design elements and components 27 1.4 Given a scenario, implement common protocols and services 40 1.5 Given a scenario, troubleshoot security issues related to wireless networking 56 Chapter 2 Compliance and Operational Security 69 2.1 Explain the importance of risk–related concepts 76 2.2 Summarize the security implications of integrating systems and data with third parties 92 2.3 Given a scenario, implement appropriate riskmitigation strategies 96 2.4 Given a scenario, implement basic forensic procedures 101 2.5 Summarize common incident response procedures 106 2.6 Explain the importance of security–related awareness and training 111 2.7 Compare and contrast physical security and environmental controls 123 2.8 Summarize risk–management best practices 135 2.9 Given a scenario, select the appropriate control to meet the goals of security 148 Chapter 3 Threats and Vulnerabilities 155 3.1 Explain types of malware 161 3.2 Summarize various types of attacks 167 3.3 Summarize social engineering attacks and the associated effectiveness with each attack 184 3.4 Explain types of wireless attacks 188 3.5 Explain types of application attacks 194 3.6 Analyze a scenario and select the appropriate type of mitigation and deterrent techniques 201 3.7 Given a scenario, use appropriate tools and techniques to discover security threats and vulnerabilities 211 3.8 Explain the proper use of penetration testing versus vulnerability scanning 217 Chapter 4 Application, Data, and Host Security 225 4.1 Explain the importance of application security controls and techniques 229 4.2 Summarize mobile security concepts and technologies 235 4.3 Given a scenario, select the appropriate solution to establish host security 244 4.4 Implement the appropriate controls to ensure data security 251 4.5 Compare and contrast alternative methods to mitigate security risks in static environments 257 Chapter 5 Access Control and Identity Management 267 5.1 Compare and contrast the function and purpose of authentication services 270 5.2 Given a scenario, select the appropriate authentication, authorization, or access control 275 5.3 Install and configure security controls when performing account management, based on best practices 289 Chapter 6 Cryptography 299 6.1 Given a scenario, utilize general cryptography concepts 302 6.2 Given a scenario, use appropriate cryptographic methods 331 6.3 Given a scenario, use appropriate PKI, certificate management, and associated components 344 Appendix A Answers to Review Questions 359 Chapter 1: Network Security 360 Chapter 2: Compliance and Operational Security 360 Chapter 3: Threats and Vulnerabilities 361 Chapter 4: Application, Data, and Host Security 362 Chapter 5: Access Control and Identity Management 363 Chapter 6: Cryptography 364 Appendix B About the Additional Study Tools 367 Additional Study Tools 368 Sybex Test Engine 368 Electronic Flashcards 368 PDF of Glossary of Terms 368 Adobe Reader 368 System Requirements 369 Using the Study Tools 369 Troubleshooting 369 Customer Care 370 Index 371

James Michael Stewart, Security+, CISSP, CEH, CHFI, is a security expert, full–time writer, trainer, and researcher for Impact Online, an independent courseware development company. He has authored and contributed to over 75 books, including previous editions of the CompTIA Security+ Review Guide, and the CISSP Study Guide, both by Sybex. Stewart provides IT instruction across the globe for various public and private organizations.