Sybex

Home Certification IT Administration Architecture & Design
3D Animation & CGI Internet Marketing
Print this page Share

CompTIA Security+ Deluxe Study Guide: SY0-401, 3rd Edition

ISBN: 978-1-118-97868-9
640 pages
October 2014
CompTIA Security+ Deluxe Study Guide: SY0-401, 3rd Edition (1118978684) cover image

Description

Your complete guide to the CompTIA Security+ Certification Exam (SY0-401)

CompTIA Security+ Deluxe Study Guide provides a comprehensive study tool for the SY0-401 exam, launched in May 2014. With in-depth information on security essentials and standards, practical examples, and insights drawn from real-world experience, this guide provides you with the information you need to be a security administrator, as well as the preparing you for the Security+ exam. This deluxe edition of Sybex's CompTIA Security+ Study Guide features over one hundred additional pages of material, plus free software and bonus videos that help explain complex topics. The companion DVD also includes a robust set of learning tools, featuring Sybex's proprietary test engine with chapter review questions, a pre-assessment test, hundreds of practice questions, and over one hundred electronic flashcards.

The CompTIA Security+ exam is considered the "starting point" for security professionals looking to get a leg up on the competition. This ninety-minute exam contains up to one hundred questions, so candidates must be secure enough in the material to answer quickly with confidence. This study guide helps you master the material:

  • Review network, compliance, and operational security
  • Understand data, application, and host security
  • Master the complexities of cryptography
  • Get up to speed on threats, vulnerabilities, access control, and identity management

Practice makes perfect, and this guide provides hundreds of opportunities to get it right. Work through from beginning to end, or just focus on your weak areas – either way, you'll be getting clear, concise, complete information on key exam topics. For the SY0-401 candidate who wants to ace the exam, CompTIA Security+ Deluxe Study Guide provides the information, tools, and practice needed to succeed.

See More

Table of Contents

Foreword xxvii

Introduction xxix

Chapter 1 Measuring and Weighing Risk 1

Risk Assessment 3

Computing Risk Assessment 4

Acting on Your Risk Assessment 9

Risks Associated with Cloud Computing 17

Risks Associated with Virtualization 19

Developing Policies, Standards, and Guidelines 19

Implementing Policies 20

Understanding Control Types and

False Positives/Negatives 26

Risk Management Best Practices 28

Disaster Recovery 36

Tabletop Exercise 39

Summary 39

Exam Essentials 39

Review Questions 41

Chapter 2 Monitoring and Diagnosing Networks 45

Monitoring Networks 46

Network Monitors 46

Understanding Hardening 52

Working with Services 52

Patches 56

User Account Control 57

Filesystems 58

Securing the Network 60

Security Posture 61

Continuous Security Monitoring 61

Setting a Remediation Policy 62

Reporting Security Issues 63

Alarms 63

Alerts 63

Trends 63

Differentiating between Detection Controls and

Prevention Controls 64

Summary 65

Exam Essentials 66

Review Questions 67

Chapter 3 Understanding Devices and Infrastructure 71

Mastering TCP/IP 73

OSI Relevance 74

Working with the TCP/IP Suite 74

IPv4 and IPv6 78

Understanding Encapsulation 79

Working with Protocols and Services 80

Designing a Secure Network 87

Demilitarized Zones 87

Subnetting 89

Virtual Local Area Networks 89

Remote Access 92

Network Address Translation 93

Telephony 94

Network Access Control 95

Understanding the Various Network Infrastructure Devices 95

Firewalls 96

Routers 100

Switches 102

Load Balancers 103

Proxies 103

Web Security Gateway 103

VPNs and VPN Concentrators 103

Intrusion Detection Systems 105

Understanding Intrusion Detection Systems 106

IDS vs. IPS 110

Working with a Network-Based IDS 111

Working with a Host-Based IDS 116

Working with NIPSs 117

Protocol Analyzers 118

Spam Filters 118

UTM Security Appliances 119

Summary 122

Exam Essentials 123

Review Questions 124

Chapter 4 Access Control, Authentication,

and Authorization 129

Understanding Access Control Basics 131

Identification vs. Authentication 131

Authentication (Single Factor) and Authorization 132

Multifactor Authentication 133

Layered Security and Defense in Depth 133

Network Access Control 134

Tokens 135

Federations 135

Potential Authentication and Access Problems 136

Authentication Issues to Consider 137

Authentication Protocols 139

Account Policy Enforcement 139

Users with Multiple Accounts/Roles 141

Generic Account Prohibition 142

Group-based and User-assigned Privileges 142

Understanding Remote Access Connectivity 142

Using the Point-to-Point Protocol 143

Working with Tunneling Protocols 144

Working with RADIUS 145

TACACS/TACACS+/XTACACS 146

VLAN Management 146

SAML 147

Understanding Authentication Services 147

LDAP 147

Kerberos 148

Single Sign-On Initiatives 149

Understanding Access Control 150

Mandatory Access Control 151

Discretionary Access Control 151

Role-Based Access Control 152

Rule-Based Access Control 152

Implementing Access Controlling Best Practices 152

Least Privileges 153

Separation of Duties 153

Time of Day Restrictions 153

User Access Review 154

Smart Cards 154

Access Control Lists 156

Port Security 157

Working with 802.1X 158

Flood Guards and Loop Protection 158

Preventing Network Bridging 158

Log Analysis 159

Trusted OS 159

Secure Router Configuration 160

Summary 161

Exam Essentials 161

Review Questions 163

xvi Contents

Chapter 5 Protecting Wireless Networks 167

Working with Wireless Systems 169

IEEE 802.11x Wireless Protocols 169

WEP/WAP/WPA/WPA2 171

Wireless Transport Layer Security 173

Understanding Wireless Devices 174

Wireless Access Points 175

Extensible Authentication Protocol 181

Lightweight Extensible Authentication Protocol 182

Protected Extensible Authentication Protocol 182

Wireless Vulnerabilities to Know 183

Wireless Attack Analogy 187

Summary 188

Exam Essentials 189

Review Questions 190

Chapter 6 Securing the Cloud 195

Working with Cloud Computing 196

Software as a Service (SaaS) 197

Platform as a Service (PaaS) 198

Infrastructure as a Service (IaaS) 199

Private Cloud 200

Public Cloud 200

Community Cloud 200

Hybrid Cloud 201

Working with Virtualization 201

Snapshots 203

Patch Compatibility 203

Host Availability/Elasticity 204

Security Control Testing 204

Sandboxing 204

Security and the Cloud 205

Cloud Storage 206

Summary 207

Exam Essentials 207

Review Questions 208

Chapter 7 Host, Data, and Application Security 213

Application Hardening 215

Databases and Technologies 215

Fuzzing 218

Secure Coding 218

Application Configuration Baselining 219

Operating System Patch Management 220

Application Patch Management 220

Host Security 220

Permissions 220

Access Control Lists 221

Antimalware 221

Host Software Baselining 226

Hardening Web Servers 227

Hardening Email Servers 228

Hardening FTP Servers 229

Hardening DNS Servers 230

Hardening DHCP Services 231

Protecting Data Through Fault Tolerance 233

Backups 233

RAID 234

Clustering and Load Balancing 235

Application Security 235

Best Practices for Security 236

Data Loss Prevention 236

Hardware-Based Encryption Devices 237

Summary 238

Exam Essentials 238

Review Questions 239

Chapter 8 Cryptography 243

An Overview of Cryptography 245

Historical Cryptography 245

Modern Cryptography 249

Working with Symmetric Algorithms 249

Working with Asymmetric Algorithms 251

What Cryptography Should You Use? 254

Hashing Algorithms 255

Rainbow Tables and Salt 256

Key Stretching 256

Understanding Quantum Cryptography 257

Cryptanalysis Methods 257

Wi-Fi Encryption 258

Using Cryptographic Systems 258

Confidentiality and Strength 259

Integrity 259

Digital Signatures 261

Authentication 261

Nonrepudiation 262

Key Features 262

Understanding Cryptography Standards and Protocols 263

The Origins of Encryption Standards 263

Public-Key Infrastructure X.509

/Public-Key Cryptography Standards 266

X.509 267

SSL and TLS 268

Certificate Management Protocols 270

Secure Multipurpose Internet Mail Extensions 270

Secure Electronic Transaction 270

Secure Shell 271

Pretty Good Privacy 272

HTTP Secure 274

Secure HTTP 274

IP Security 274

Tunneling Protocols 277

Federal Information Processing Standard 278

Using Public-Key Infrastructure 278

Using a Certificate Authority 279

Working with Registration Authorities and

Local Registration Authorities 280

Implementing Certificates 281

Understanding Certificate Revocation 285

Implementing Trust Models 285

Hardware-Based Encryption Devices 290

Data Encryption 290

Summary 291

Exam Essentials 291

Review Questions 293

Chapter 9 Malware, Vulnerabilities, and Threats 297

Understanding Malware 300

Surviving Viruses 310

Symptoms of a Virus Infection 311

How Viruses Work 311

Types of Viruses 312

Managing Spam to Avoid Viruses 316

Antivirus Software 317

Understanding Various Types of Attacks 318

Identifying Denial-of-Service and

Distributed Denial-of-Service Attacks 319

Spoofing Attacks 321

Pharming Attacks 322

Phishing, Spear Phishing, and Vishing 323

Xmas Attack 324

Contents xix

Man-in-the-Middle Attacks 324

Replay Attacks 325

Smurf Attacks 326

Password Attacks 326

Privilege Escalation 328

Malicious Insider Threats 332

Transitive Access 332

Client-Side Attacks 333

Typo Squatting and URL Hijacking 333

Watering Hole Attack 334

Identifying Types of Application Attacks 334

Cross-Site Scripting and Forgery 334

SQL Injection 335

LDAP Injection 336

XML Injection 337

Directory Traversal/Command Injection 337

Buffer Overflow 338

Integer Overflow 338

Zero-Day Exploits 338

Cookies and Attachments 338

Locally Shared Objects and Flash Cookies 339

Malicious Add-Ons 339

Session Hijacking 340

Header Manipulation 340

Arbitrary Code and Remote Code Execution 341

Tools for Finding Threats 341

Interpreting Assessment Results 341

Tools to Know 342

Risk Calculations and Assessment Types 344

Summary 346

Exam Essentials 346

Review Questions 348

Chapter 10 Social Engineering and Other Foes 353

Understanding Social Engineering 355

Types of Social Engineering Attacks 356

What Motivates an Attack? 361

The Principles Behind Social Engineering 362

Social Engineering Attack Examples 363

Understanding Physical Security 366

Hardware Locks and Security 369

Mantraps 371

Video Surveillance 371

Fencing 372

Access List 373

Proper Lighting 374

Signs 374

Guards 374

Barricades 375

Biometrics 375

Protected Distribution 376

Alarms 376

Motion Detection 376

Environmental Controls 377

HVAC 378

Fire Suppression 378

EMI Shielding 380

Hot and Cold Aisles 382

Environmental Monitoring 383

Temperature and Humidity Controls 383

Control Types 384

A Control Type Analogy 385

Data Policies 385

Destroying a Flash Drive 386

Some Considerations 387

Optical Discs 388

Summary 389

Exam Essentials 389

Review Questions 391

Chapter 11 Security Administration 395

Third-Party Integration 397

Transitioning 397

Ongoing Operations 398

Understanding Security Awareness and Training 399

Communicating with Users to Raise Awareness 399

Providing Education and Training 399

Safety Topics 401

Training Topics 402

Classifying Information 409

Public Information 410

Private Information 411

Information Access Controls 413

Security Concepts 413

Complying with Privacy and Security Regulations 414

The Health Insurance Portability and

Accountability Act 415

The Gramm-Leach-Bliley Act 415

Contents xxi

The Computer Fraud and Abuse Act 416

The Family Educational Rights and Privacy Act 416

The Computer Security Act of 1987 416

The Cyberspace Electronic Security Act 417

The Cyber Security Enhancement Act 417

The Patriot Act 417

Familiarizing Yourself with International Efforts 418

Mobile Devices 418

BYOD Issues 419

Alternative Methods to Mitigate Security Risks 420

Summary 422

Exam Essentials 422

Review Questions 424

Chapter 12 Disaster Recovery and Incident Response 429

Issues Associated with Business Continuity 431

Types of Storage Mechanisms 432

Crafting a Disaster-Recovery Plan 433

Incident Response Policies 445

Understanding Incident Response 446

Succession Planning 454

Tabletop Exercises 454

Reinforcing Vendor Support 455

Service-Level Agreements 455

Code Escrow Agreements 457

Penetration Testing 458

What Should You Test? 458

Vulnerability Scanning 459

Summary 460

Exam Essentials 461

Review Questions 462

Appendix A Answers to Review Questions 467

Chapter 1: Measuring and Weighing Risk 468

Chapter 2: Monitoring and Diagnosing Networks 469

Chapter 3: Understanding Devices and Infrastructure 470

Chapter 4: Access Control, Authentication, and

Authorization 471

Chapter 5: Protecting Wireless Networks 473

Chapter 6: Securing the Cloud 474

Chapter 7: Host, Data, and Application Security 475

Chapter 8: Cryptography 476

Chapter 9: Malware, Vulnerabilities, and Threats 477

Chapter 10: Social Engineering and Other Foes 478

Chapter 11: Security Administration 480

Chapter 12: Disaster Recovery and Incident Response 481

Appendix B Labs, Questions, and Exam Preparation Miscellany 483

The Challenges 485

See Hidden Shares 485

Choose Problem Reporting Defaults 485

Open the Add/Remove Programs Applet 485

Delete Cookies 485

Remove All Currently Allowed Pop-ups 485

Synchronize Files 486

Configure the Crash File 486

Limit Computer Time 486

Hide Extensions 486

Allow Remote Desktop Connections 487

Display Statistics 488

MISC: Fire Extinguisher Types 488

Restore Connections 488

Open the Security Center Applet 489

Identify the Issue #1 489

Display All Information 489

MISC: Compute CIDR #1 490

Turn On the Archive Bit 490

Repair Damaged Files 490

MISC: Identify the Tool #1 490

Generate a System Health Report 491

Change Permissions for a File 491

Create a Legal Notice 492

Open the System Configuration Utility 492

Turn On the SmartScreen Filter 492

Prevent Sites from Knowing Your Location 493

Register with Websites 493

Create a Restore Point 494

Add Encrypted Files 494

Renew a DHCP Address 494

MISC: Algorithm Types 495

Enable Encryption 495

Identify the Issue #2 496

View Configuration for a Service 496

View Current Audit Policy 497

Display Network Path 497

MISC: Identify the Tool #2 497

Change Ownership on a File 498

Enable Drive Compression 498

Configure Program Compatibility 498

Configure Immediate Deletion 499

Change the Registered Organization for Windows 499

Display Disk Quota 499

Allow Pop-Ups from a Site 499

Turn On DEP 499

Enable Protection 500

Require Wake-Up Password 500

Open a Port in Windows Firewall 501

Open the User Accounts 501

Identify the Issue #3 501

Open the System Properties 502

View Group Policy Settings 502

MISC: Attack Types 502

Secure the Database 502

Call Up the Security Policy Manager 503

MISC: Identify the Tool #3 503

View Effective Permissions for a File 503

Create a Quota on Disk Space 504

Optimize a Folder 504

Choose Firewall Notifications 504

MISC: Identify the Tool #4 504

Turn Off Windows Firewall 505

Disable Toolbars 505

Reinstall Windows 505

Change UAC Settings 506

Synchronize Time 506

View All Processes Currently Running 507

Configure a Firewall 507

Display ARP Table 507

Display Windows Version 507

MISC: Compute CIDR #2 508

Summon the Event Viewer 508

Identify the Issue #4 508

Enable ReadyBoost 508

Encrypt Folder Contents 509

Clear Index Scores 509

Turn On BitLocker 509

Turn Off All AutoPlay 509

Choose Default Programs 510

Enable Shutdown Without Login 510

Open System Configuration Editor 510

Override Cookie Handling 511

Software Updates 511

Prohibit Remote Desktop 511

Uninstall 512

Change Notification Settings 512

Display Network Name 512

Flush the Cache 512

Backup and Recover Passwords 513

MISC: Identify the Tool #5 513

MISC: Identify the Tool #6 514

Restart Windows 515

Identify the Issue #5 515

Reduce the Number of Recently Used Programs 515

File Properties 516

Audit Views of a File 516

Configure Sharing of a Folder 516

Don’t Display Last User 516

The Answers 517

See Hidden Shares: Answer 517

Choose Problem Reporting Defaults: Answer 517

Open the Add/Remove Programs Applet: Answer 518

Delete Cookies: Answer 518

Remove All Currently Allowed Pop-ups: Answer 518

Synchronize Files: Answer 519

Configure the Crash File: Answer 519

Limit Computer Time: Answer 520

Hide Extensions: Answer 520

Allow Remote Desktop Connections: Answer 521

Display Statistics: Answer 522

MISC: Fire Extinguisher Types: Answer 522

Restore Connections: Answer 523

Open the Security Center Applet: Answer 523

Identify the Issue #1: Answer 523

Display All Information: Answer 524

MISC: Compute CIDR #1: Answer 524

Turn On the Archive Bit: Answer 525

Repair Damaged Files: Answer 525

MISC: Identify the Tool #1: Answer 525

Generate a System Health Report: Answer 526

Change Permissions for a File: Answer 527

Create a Legal Notice: Answer 528

Open the System Configuration Utility: Answer 529

Turn On the SmartScreen Filter: Answer 529

Prevent Sites from Knowing Your Location: Answer 530

Register with Websites: Answer 530

Create a Restore Point: Answer 531

Add Encrypted Files: Answer 531

Renew a DHCP Address: Answer 532

MISC: Algorithm Types: Answer 532

Enable Encryption: Answer 533

Identify the Issue #2: Answer 534

View Configuration for a Service: Answer 535

View Current Audit Policy: Answer 535

Display Network Path: Answer 535

MISC: Identify the Tool #2: Answer 536

Change Ownership on a File: Answer 536

Enable Drive Compression: Answer 537

Configure Program Compatibility: Answer 537

Configure Immediate Deletion: Answer 538

Change the Registered Organization for Windows: Answer 538

Display Disk Quota: Answer 539

Allow Pop-Ups from a Site: Answer 539

Turn On DEP: Answer 540

Enable Protection: Answer 540

Require Wake-Up Password: Answer 541

Open a Port in Windows Firewall: Answer 542

Open the User Accounts: Answer 543

Identify the Issue #3: Answer 543

Open the System Properties: Answer 543

View Group Policy Settings: Answer 543

MISC: Attack Types: Answer 544

Secure the Database: Answer 544

Call Up the Security Policy Manager: Answer 545

MISC: Identify the Tool #3: Answer 545

View Effective Permissions for a File: Answer 546

Create a Quota on Disk Space: Answer 546

Optimize a Folder: Answer 547

Choose Firewall Notifications: Answer 547

MISC: Identify the Tool #4: Answer 548

Turn Off Windows Firewall: Answer 549

Disable Toolbars: Answer 549

Reinstall Windows: Answer 550

Change UAC Settings: Answer 550

Synchronize Time: Answer 551

View All Processes Currently Running: Answer 551

Configure a Firewall: Answer 552

Display ARP Table: Answer 552

Display Windows Version: Answer 552

MISC: Compute CIDR #2: Answer 553

Summon the Event Viewer: Answer 553

Identify the Issue #4: Answer 553

Enable ReadyBoost: Answer 554

Encrypt Folder Contents: Answer 555

Clear Index Scores: Answer 555

Turn On BitLocker: Answer 556

Turn Off All AutoPlay: Answer 556

Choose Default Programs: Answer 556

Enable Shutdown Without Login: Answer 557

Open System Configuration Editor: Answer 557

Override Cookie Handling: Answer 558

Software Updates: Answer 559

Prohibit Remote Desktop: Answer 559

Uninstall: Answer 560

Change Notification Settings: Answer 560

Display Network Name: Answer 561

Flush the Cache: Answer 561

Backup and Recover Passwords: Answer 561

MISC: Identify the Tool #5: Answer 562

MISC: Identify the Tool #6: Answer 563

Restart Windows: Answer 564

Identify the Issue #5: Answer 564

Reduce the Number of Recently Used Programs: Answer 565

File Properties: Answer 566

Audit Views of a File: Answer 566

Configure Sharing of a Folder: Answer 567

Don’t Display Last User: Answer 567

Appendix C About the Companion CD 569

What You’ll Find on the CD 570

Test Engine 570

Electronic Flashcards 570

E-book in All Formats 570

Videos 571

PDF of Glossary of Terms 571

Adobe Reader 571

System Requirements 571

Using the Study Tools 572

Troubleshooting 572

Customer Care 572

Index

See More

Author Information

Emmett Dulaney, Security+, A+, Network+, is an Assistant Professor at Anderson University. He has written certification books on Windows, Security, IT project management, and UNIX, and co-authored two of Sybex’s leading certification titles: CompTIA Security+ Study Guide and CompTIA A+ Complete Study Guide.

See More

Downloads

Download TitleSizeDownload
CompTIA Voucher Discount 68.61 KB Click to Download
See More
Instructors Resources
Wiley Instructor Companion Site
Request a print evaluation copy
Contact us
See More
See Less

Learn more about