CompTIA Security+ Review Guide: Exam SY0-301, 2nd Edition
Before you take CompTIA's new Security+ exam SY0-301, reinforce your learning with a thorough review and lots of practice. The new edition of this concise guide helps you do just that. It covers all six domains of exam SY0-301, all exam objectives, and includes a helpful "Exam Essentials" section after each domain to help you zero in on what you need to know for the exam. A companion CD offers additional study tools, including two complete practice exams, over a hundred electronic flashcards, and more.
- Reviews and reinforces the material you need to know for CompTIA's new Security+ exam SY0-301
- Covers all exam objectives and the six domain areas of the Security+ exam: Network Security; Compliance and Operational Security; Threats and Vulnerabilities; Application, Data and Host Security; Access Control and Identity Management; and Cryptography
- Helps you drill and prepare with over 120 review questions, two practice exams, over 100 electronic flashcards, and more on a companion CD
- Goes hand in hand with any learning tool, including Sybex's CompTIA Security+ Study Guide, 5th Edition
Earn your Security+ certification, then use it as a springboard to more difficult certifications. Start by acing exam SY0-301 with the help of this practical review guide!
Chapter 1 Network Security.
1.1 Explain the security function and purpose of network devices and technologies.
1.2 Apply and implement secure network administration principles.
1.3 Distinguish and differentiate network design elements and compounds.
1.4 Implement and use common protocols.
1.5 Identify commonly used default network ports.
1.6 Implement wireless network in a secure manner.
Chapter 2 Compliance and Operational Security.
2.1 Explain risk-related concepts.
2.2 Carry out appropriate risk mitigation strategies.
2.3 Execute appropriate incident response procedures.
2.4 Explain the importance of security-related awareness and training.
2.5 Compare and contrast aspects of business continuity.
2.6 Explain the impact and proper use of environmental controls.
2.7 Execute disaster recovery plans and procedures.
2.8 Exemplify the concepts of confidentiality, integrity, and availability (CIA).
Chapter 3 Threats and Vulnerabilities.
3.1 Analyze and differentiate among types of malware.
3.2 Analyze and differentiate among types of attacks.
3.3 Analyze and differentiate among types of social-engineering attacks.
3.4 Analyze and differentiate among types of wireless attacks.
3.5 Analyze and differentiate among types of application attacks.
3.6 Analyze and differentiate among types of mitigation and deterrent techniques.
3.7 Implement assessment tools and techniques to discover security threats and vulnerabilities.
3.8 Within the realm of vulnerability assessments, explain the proper use of penetration testing versus vulnerability scanning.
Chapter 4 Application, Data, and Host Security.
4.1 Explain the importance of application security.
4.2 Carry out appropriate procedures to establish host security.
4.3 Explain the importance of data security.
Chapter 5 Access Control and Identity Management.
5.1 Explain the function and purpose of authentication services.
5.2 Explain the fundamental concepts and best practices related to authentication, authorization, and access control.
5.3 Implement appropriate security controls when performing account management.
Chapter 6 Cryptography.
6.1 Summarize general cryptography concepts.
6.2 Use and apply appropriate cryptographic tools and products.
6.3 Explain the core concepts of Public Key Infrastructure.
6.4 Implement PKI, certificate management, and associated components.
Answers to Review Questions.
Appendix About the Companion CD.
James Michael Stewart, Security+, CISSP, is a security expert, writer, trainer, and researcher for Impact Online, an independent courseware development company located in Austin, Texas. He has contributed to over 75 books covering topics from IT security and certification to network administration and Microsoft certification. Michael provides IT instruction around the globe for various public and private organizations and holds numerous IT and security certifications. He is also a regular contributor to publications such as C|Net, InfoWorld, and Windows NT Magazine.