CompTIA security+ [electronic resource] : review guide / James Michael Stewart
- Author:
- Stewart, James Michael
- Published:
- Indianapolis : Wiley Pub., [2011]
- Copyright Date:
- ©2011
- Edition:
- 2nd ed.
- Physical Description:
- 1 online resource (xliii, 314, 54 pages) : illustrations
- Additional Creators:
- Ebooks Corporation
Access Online
- Contents:
- Machine generated contents note: ch. 1 Network Security -- 1.1.Explain the security function and purpose of network devices and technologies -- Firewalls -- Routers -- Switches -- Load balancers -- Proxies -- Web security gateways -- VPN concentrators -- NIDS and NIPS (behavior-based, signature-based, anomaly-based, heuristic) -- Protocol analyzers -- Sniffers -- Spam filter, all-in-one security appliances -- Web application firewall vs. network firewall -- URL filtering, content inspection, malware inspection -- Exam Essentials -- 1.2.Apply and implement secure network administration principles -- Rule-based management -- Firewall rules -- VLAN management -- Secure router configuration -- Access control lists -- Port security -- 802.1x -- Flood guards -- Loop protection -- Implicit deny -- Prevent network bridging by network separation -- Log analysis -- Exam Essentials -- 1.3.Distinguish and differentiate network design elements and compounds -- DMZ -- Subnetting -- VLAN -- NAT -- Remote access -- Telephony -- NAC -- Virtualization -- Cloud computing -- Exam Essentials -- 1.4.Implement and use common protocols -- IPSec -- SNMP -- SSH -- DNS -- TLS -- SSL -- TCP/IP -- FTPS -- HTTPS -- SFTP -- SCP -- ICMP -- IPv4 vs. IPv6 -- Exam Essentials -- 1.5.Identify commonly used default network ports -- Exam Essentials -- 1.6.Implement wireless network in a secure manner -- WPA -- WPA2 -- WEP -- EAP -- PEAP -- LEAP -- MAC filter -- SSID broadcast -- TKIP -- CCMP -- Antenna placement -- Power level controls -- Exam Essentials -- Review Questions -- Answers to Review Questions -- ch. 2 Compliance and Operational Security -- 2.1.Explain risk-related concepts -- Control types -- False positives -- Importance of policies in reducing risk -- Risk calculation -- Quantitative vs. qualitative -- Risk avoidance, transference, acceptance, mitigation, deterrence -- Risks associated to cloud computing and virtualization -- Exam Essentials -- 2.2.Carry out appropriate risk mitigation strategies -- Implement security controls based on risk -- Change management -- Incident management -- User rights and permissions reviews -- Perform routine audits -- Implement policies and procedures to prevent data loss or theft -- Exam Essentials -- 2.3.Execute appropriate incident response procedures -- Basic forensic procedures -- Damage and loss control -- Chain of custody -- Incident response: first responder -- Exam Essentials -- 2.4.Explain the importance of security-related awareness and training -- Security policy training and procedures -- Personally identifiable information -- Information classification: sensitivity of data (hard or soft) -- Data labeling, handling, and disposal -- Compliance with laws, best practices, and standards -- User habits -- Threat awareness -- Use of social networking and P2P -- Exam Essentials -- 2.5.Compare and contrast aspects of business continuity -- Business impact analysis -- Removing single points of failure -- Business continuity planning and testing -- Continuity of operations -- Disaster recovery -- IT contingency planning -- Succession planning -- Exam Essentials -- 2.6.Explain the impact and proper use of environmental controls -- HVAC -- Fire suppression -- EMI shielding -- Hot and cold aisles -- Environmental monitoring -- Temperature and humidity controls -- Video monitoring -- Exam Essentials -- 2.7.Execute disaster recovery plans and procedures -- Backup/backout contingency plans or policies -- Backups, execution, and frequency -- Redundancy and fault tolerance -- High availability -- Cold site, hot site, warm site -- Mean time to restore, mean time between failures, recovery time objectives, and recovery point objectives -- Exam Essentials -- 2.8.Exemplify the concepts of confidentiality, integrity, and availability (CIA) -- Exam Essentials -- Review Questions -- Answers to Review Questions -- ch. 3 Threats and Vulnerabilities -- 3.1.Analyze and differentiate among types of malware -- Adware -- Virus -- Worms -- Spyware -- Trojan -- Rootkits -- Back doors -- Logic bomb -- Botnets -- Exam Essentials -- 3.2.Analyze and differentiate among types of attacks -- Man-in-the-middle -- DoS and DDoS -- Replay -- Smurf attack -- Spoofing -- Spam -- Phishing -- Spim -- Vishing -- Spear phishing -- Xmas attack -- Pharming -- Privilege escalation -- Malicious insider threat -- DNS poisoning and ARP poisoning -- Transitive access -- Client-side attacks -- Exam Essentials -- 3.3.Analyze and differentiate among types of social-engineering attacks -- Shoulder surfing -- Dumpster diving -- Tailgating -- Impersonation -- Hoaxes -- Whaling -- Vishing -- Exam Essentials -- 3.4.Analyze and differentiate among types of wireless attacks -- Rogue access points -- Interference -- Evil twin -- War driving -- Bluejacking -- Bluesnarfing -- War chalking -- IV attack -- Packet sniffing -- Exam Essentials -- 3.5.Analyze and differentiate among types of application attacks -- Cross-site scripting -- SQL injection -- LDAP injection -- XML injection -- Directory traversal/command injection -- Buffer overflow -- Zero-day -- Cookies and attachments -- Malicious add-ons -- Session hijacking -- Header manipulation -- Exam Essentials -- 3.6.Analyze and differentiate among types of mitigation and deterrent techniques -- Manual bypassing of electronic controls -- Monitoring system logs -- Physical security -- Hardening -- Port security -- Security posture -- Reporting -- Detection controls vs. prevention controls -- Exam Essentials -- 3.7.Implement assessment tools and techniques to discover security threats and vulnerabilities -- Vulnerability scanning and interpreting results -- Tools -- Risk calculations -- Assessment types -- Assessment technique -- Exam Essentials -- 3.8.Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning -- Penetration testing -- Vulnerability scanning -- Black box -- White box -- Gray box -- Exam Essentials -- Review Questions -- Answers to Review Questions -- ch. 4 Application, Data, and Host Security -- 4.1.Explain the importance of application security -- Fuzzing -- Secure coding concepts -- Cross-site scripting prevention -- Cross-site Request Forgery (XSRF) prevention -- Application configuration baseline (proper settings) -- Application hardening -- Application patch management -- Exam Essentials -- 4.2.Carry out appropriate procedures to establish host security -- Operating system security and settings -- Anti-malware -- Patch management -- Hardware security -- Host software baselining -- Mobile devices -- Virtualization -- Exam Essentials -- 4.3.Explain the importance of data security -- Data Loss Prevention (DLP) -- Data encryption -- Hardware-based encryption devices -- Cloud computing -- Exam Essentials -- Review Questions -- Answers to Review Questions -- ch. 5 Access Control and Identity Management -- 5.1.Explain the function and purpose of authentication services -- RADIUS -- TACACS\TACACS+\XTACACS -- Kerberos -- LDAP -- Exam Essentials -- 5.2.Explain the fundamental concepts and best practices related to authentication, authorization, and access control -- Identification vs. authentication -- Authentication (single factor) and authorization -- Multifactor authentication -- Biometrics -- Tokens -- Common access card -- Personal identification verification card -- Smart card -- Least privilege -- Separation of duties -- Single sign-on -- ACLs -- Access control -- Mandatory access control -- Discretionary access control -- Role-/rule-based access control -- Implicit deny -- Time of day restrictions -- Trusted OS -- Mandatory vacations -- Job rotation -- Exam Essentials -- 5.3.Implement appropriate security controls when performing account management -- Mitigate issues associated with users with multiple account/roles -- Account policy enforcement -- Group-based privileges -- User-assigned privileges -- Exam Essentials -- Review Questions -- Answers to Review Questions -- ch. 6 Cryptography -- 6.1.Summarize general cryptography concepts -- Symmetric vs. asymmetric -- Fundamental differences and encryption methods -- Transport encryption -- Non-repudiation -- Hashing -- Key escrow -- Steganography -- Digital signatures -- Use of proven technologies -- Elliptic curve and quantum cryptography -- Exam Essentials -- 6.2.Use and apply appropriate cryptographic tools and products -- WEP vs. WPA/WPA2 and preshared key -- MD5 -- SHA -- RIPEMD -- AES -- DES -- 3DES -- HMAC -- RSA -- RC4 -- One-time pads -- CHAP -- PAP -- NTLM and NTLMv2 -- Blowfish -- PGP/GPG -- Whole-disk encryption -- Twofish -- Comparative strengths of algorithms -- Use of algorithms with transport encryption -- Exam Essentials -- 6.3.Explain the core concepts of Public Key Infrastructure -- Certificate authorities and digital certificates -- PKI -- Recovery agent -- Public key -- Private key -- Registration -- Key escrow -- Trust models -- Exam Essentials -- 6.4.Implement PKI, certificate management, and associated components -- Exam Essentials -- Review Questions -- Answers to Review Questions.
- Subject(s):
- ISBN:
- 1118113535 (electronic bk.)
9781118113530 (electronic bk.) - Note:
- Description based on print version record.
Includes index.
AVAILABLE ONLINE TO AUTHORIZED PSU USERS. - Reproduction Note:
- Electronic reproduction. Perth, W.A. Available via World Wide Web.
- Technical Details:
- Mode of access: World Wide Web.
View MARC record | catkey: 7659119