Skip to main content

CompTIA Security+ Review Guide: Exam SY0-501

CompTIA Security+ Review Guide: Exam SY0-501

James M. Stewart

ISBN: 978-1-119-41694-4

Dec 2017

672 pages

Description

Consolidate your knowledge base with critical Security+ review

CompTIA Security+ Review Guide, Fourth Edition, is the smart candidate's secret weapon for passing Exam SY0-501 with flying colors. You've worked through your study guide, but are you sure you're prepared? This book provides tight, concise reviews of all essential topics throughout each of the exam's six domains to help you reinforce what you know. Take the pre-assessment test to identify your weak areas while there is still time to review, and use your remaining prep time to turn weaknesses into strengths. The Sybex online learning environment gives you access to portable study aids, including electronic flashcards and a glossary of key terms, so you can review on the go. Hundreds of practice questions allow you to gauge your readiness, and give you a preview of the big day.

Avoid exam-day surprises by reviewing with the makers of the test—this review guide is fully approved and endorsed by CompTIA, so you can be sure that it accurately reflects the latest version of the exam. The perfect companion to the CompTIA Security+ Study Guide, Seventh Edition, this review guide can be used with any study guide to help you:

  • Review the critical points of each exam topic area
  • Ensure your understanding of how concepts translate into tasks
  • Brush up on essential terminology, processes, and skills
  • Test your readiness with hundreds of practice questions

You've put in the time, gained hands-on experience, and now it's time to prove what you know. The CompTIA Security+ certification tells employers that you're the person they need to keep their data secure; with threats becoming more and more sophisticated, the demand for your skills will only continue to grow. Don't leave anything to chance on exam day—be absolutely sure you're prepared with the CompTIA Security+ Review Guide, Fourth Edition.

Related Resources

Instructor

Request an Evaluation Copy for this title

Introduction xxvii

Chapter 1 Threats, Attacks, and Vulnerabilities 1

1.1 Given a scenario, analyze indicators of compromise and determine the type of malware. 6

Viruses 6

Crypto-malware 7

Ransomware 8

Worm 8

Trojan 8

Rootkit 9

Keylogger 10

Adware 10

Spyware 10

Bots 11

RAT 12

Logic bomb 12

Backdoor 13

Exam Essentials 14

1.2 Compare and contrast types of attacks. 15

Social engineering 15

Application/service attacks 21

Wireless attacks 45

Cryptographic attacks 54

Exam Essentials 63

1.3 Explain threat actor types and attributes. 69

Types of actors 69

Attributes of actors 72

Use of open-source intelligence 73

Exam Essentials 73

1.4 Explain penetration testing concepts. 74

Active reconnaissance 75

Passive reconnaissance 75

Pivot 76

Initial exploitation 76

Persistence 77

Escalation of privilege 77

Black box 77

White box 77

Gray box 78

Pen testing vs. vulnerability scanning 78

Exam Essentials 81

1.5 Explain vulnerability scanning concepts. 82

Passively test security controls 84

Identify vulnerability 84

Identify lack of security controls 84

Identify common misconfigurations 85

Intrusive vs. non-intrusive 85

Credentialed vs. non-credentialed 85

False positive 85

Exam Essentials 86

1.6 Explain the impact associated with types of vulnerabilities. 87

Race conditions 87

Vulnerabilities due to: 88

Improper input handling 89

Improper error handling 89

Misconfiguration/weak configuration 90

Default configuration 90

Resource exhaustion 91

Untrained users 91

Improperly configured accounts 91

Vulnerable business processes 91

Weak cipher suites and implementations 91

Memory/buffer vulnerability 92

System sprawl/undocumented assets 93

Architecture/design weaknesses 94

New threats/zero day 94

Improper certificate and key management 95

Exam Essentials 95

Review Questions 98

Chapter 2 Technologies and Tools 103

2.1 Install and configure network components, both hardware- and software-based, to support organizational security. 110

Firewall 110

VPN concentrator 114

NIPS/NIDS 118

Router 125

Switch 127

Proxy 130

Load balancer 131

Access point 133

SIEM 139

DLP 142

NAC 143

Mail gateway 144

Bridge 147

SSL/TLS accelerators 147

SSL decryptors 147

Media gateway 147

Hardware security module 148

Exam Essentials 148

2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization. 152

Protocol analyzer 152

Network scanners 154

Wireless scanners/cracker 155

Password cracker 155

Vulnerability scanner 156

Configuration compliance scanner 157

Exploitation frameworks 157

Data sanitization tools 158

Steganography tools 158

Honeypot 158

Backup utilities 159

Banner grabbing 159

Passive vs. active 160

Command line tools 161

Exam Essentials 169

2.3 Given a scenario, troubleshoot common security issues. 170

Unencrypted credentials/clear text 170

Logs and events anomalies 171

Permission issues 172

Access violations 172

Certificate issues 173

Data exfiltration 173

Misconfigured devices 174

Weak security configurations 175

Personnel issues 176

Unauthorized software 177

Baseline deviation 178

xviii Contents

License compliance violation (availability/integrity) 178

Asset management 178

Authentication issues 179

Exam Essentials 179

2.4 Given a scenario, analyze and interpret output from security technologies. 180

HIDS/HIPS 180

Antivirus 181

File integrity check 182

Host-based firewall 183

Application whitelisting 183

Removable media control 184

Advanced malware tools 185

Patch management tools 186

UTM 187

DLP 187

Data execution prevention 188

Web application firewall 188

Exam Essentials 189

2.5 Given a scenario, deploy mobile devices securely. 190

Connection methods 190

Mobile device management concepts 193

Enforcement and monitoring for: 201

Deployment models 207

Exam Essentials 210

2.6 Given a scenario, implement secure protocols. 213

Protocols 213

Use cases 224

Exam Essentials 231

Review Questions 233

Chapter 3 Architecture and Design 237

3.1 Explain use cases and purpose for frameworks,

best practices and secure configuration guides. 244

Industry-standard frameworks and reference

architectures 244

Benchmarks/secure configuration guides 246

Defense-in-depth/layered security 248

Exam Essentials 249

3.2 Given a scenario, implement secure network

architecture concepts. 249

Zones/topologies 250

Segregation/segmentation/isolation 255

Tunneling/VPN 258

Security device/technology placement 261

SDN 265

Exam Essentials 266

3.3 Given a scenario, implement secure systems design. 268

Hardware/firmware security 268

Operating systems 272

Peripherals 280

Exam Essentials 282

3.4 Explain the importance of secure staging

deployment concepts. 284

Sandboxing 284

Environment 284

Secure baseline 285

Integrity measurement 288

Exam Essentials 288

3.5 Explain the security implications of embedded systems. 288

SCADA/ICS 289

Smart devices/IoT 290

HVAC 293

SoC 293

RTOS 294

Printers/MFDs 294

Camera systems 294

Special purpose 295

Exam Essentials 296

3.6 Summarize secure application development and

deployment concepts. 297

Development life-cycle models 297

Secure DevOps 300

Version control and change management 302

Provisioning and deprovisioning 303

Secure coding techniques 303

Code quality and testing 306

Compiled vs. runtime code 308

Exam Essentials 309

3.7 Summarize cloud and virtualization concepts. 311

Hypervisor 312

VM sprawl avoidance 314

VM escape protection 314

Cloud storage 315

Cloud deployment models 315

On-premise vs. hosted vs. cloud 317

VDI/VDE 317

Cloud access security broker 317

Security as a Service 317

Exam Essentials 318

3.8 Explain how resiliency and automation strategies reduce risk. 319

Automation/scripting 319

Templates 320

Master image 320

Non-persistence 320

Elasticity 322

Scalability 322

Distributive allocation 322

Redundancy 322

Fault tolerance 323

High availability 324

RAID 326

Exam Essentials 326

3.9 Explain the importance of physical security controls. 328

Lighting 329

Signs 329

Fencing/gate/cage 330

Security guards 330

Alarms 331

Safe 333

Secure cabinets/enclosures 333

Protected distribution/Protected cabling 333

Airgap 333

Mantrap 333

Faraday cage 334

Lock types 335

Biometrics 335

Barricades/bollards 336

Tokens/cards 336

Environmental controls 336

Cable locks 338

Screen filters 338

Cameras 339

Contents xxi

Motion detection 340

Logs 340

Infrared detection 340

Key management 340

Exam Essentials 341

Review Questions 343

Chapter 4 Identity and Access Management 347

4.1 Compare and contrast identity and access

management concepts. 350

Identification, authentication, authorization and accounting (AAA) 350

Multifactor authentication 352

Federation 353

Single sign-on 353

Transitive trust 354

Exam Essentials 354

4.2 Given a scenario, install and configure identity and access services. 355

LDAP 355

Kerberos 355

TACACS+ 357

CHAP 358

PAP 359

MSCHAP 359

RADIUS 360

SAML 361

OpenID Connect 362

OAuth 362

Shibboleth 362

Secure token 362

NTLM 363

Exam Essentials 364

4.3 Given a scenario, implement identity and access management controls. 365

Access control models 365

Physical access control 369

Biometric factors 369

Tokens 372

Certificate-based authentication 374

File system security 376

Database security 376

Exam Essentials 380

4.4 Given a scenario, differentiate common account management practices. 382

Account types 382

General Concepts 384

Account policy enforcement 387

Exam Essentials 393

Review Questions 395

Chapter 5 Risk Management 399

5.1 Explain the importance of policies, plans and procedures related to organizational security. 405

Standard operating procedure 405

Agreement types 405

Personnel management 407

General security policies 416

Exam Essentials 418

5.2 Summarize business impact analysis concepts. 420

RTO/RPO 420

MTBF 421

MTTR 421

Mission-essential functions 421

Identification of critical systems 422

Single point of failure 422

Impact 422

Privacy impact assessment 423

Privacy threshold assessment 423

Exam Essentials 424

5.3 Explain risk management processes and concepts. 425

Threat assessment 425

Risk assessment 426

Change management 434

Exam Essentials 434

5.4 Given a scenario, follow incident response procedures. 436

Incident response plan 436

Incident response process 438

Exam Essentials 441

5.5 Summarize basic concepts of forensics. 442

Order of volatility 443

Chain of custody 443

Legal hold 444

Data acquisition 444

Contents xxiii

Preservation 447

Recovery 447

Strategic intelligence/counterintelligence gathering 447

Track man-hours 448

Exam Essentials 448

5.6 Explain disaster recovery and continuity of

operation concepts. 449

Recovery sites 453

Order of restoration 454

Backup concepts 455

Geographic considerations 456

Continuity of operation planning 458

Exam Essentials 460

5.7 Compare and contrast various types of controls. 461

Deterrent 461

Preventive 462

Detective 462

Corrective 462

Compensating 463

Technical 463

Administrative 463

Physical 463

Exam Essentials 463

5.8 Given a scenario, carry out data security and privacy practices. 464

Data destruction and media sanitization 464

Data sensitivity labeling and handling 467

Data roles 473

Data retention 474

Legal and compliance 474

Exam Essentials 475

Review Questions 476

Chapter 6 Cryptography and PKI 481

6.1 Compare and contrast basic concepts of cryptography. 486

Symmetric algorithms 487

Modes of operation 489

Asymmetric algorithms 490

Hashing 493

Salt, IV, nonce 496

Elliptic curve 496

Weak/deprecated algorithms 497

Key exchange 497

Digital signatures 497

Diffusion 499

Confusion 499

Collision 499

Steganography 499

Obfuscation 500

Stream vs. block 500

Key strength 501

Session keys 501

Ephemeral key 502

Secret algorithm 502

Data-in-transit 502

Data-at-rest 502

Data-in-use 503

Random/pseudo-random number generation 503

Key stretching 504

Implementation vs. algorithm selection 504

Perfect forward secrecy 505

Security through obscurity 505

Common use cases 505

Exam Essentials 509

6.2 Explain cryptography algorithms and their basic characteristics. 512

Symmetric algorithms 513

Cipher modes 515

Asymmetric algorithms 516

Hashing algorithms 519

Key stretching algorithms 521

Obfuscation 522

Exam Essentials 525

6.3 Given a scenario, install and configure wireless security settings. 527

Cryptographic protocols 527

Authentication protocols 529

Methods 530

Exam Essentials 531

6.4 Given a scenario, implement public key infrastructure. 532

Components 532

Concepts 539

Types of certificates 547

Certificate formats 548

Exam Essentials 549

Review Questions 554

Appendix Answers to Review Questions 559

Chapter 1: Threats, Attacks, and Vulnerabilities 560

Chapter 2: Technologies and Tools 561

Chapter 3: Architecture and Design 564

Chapter 4: Identity and Access Management 566

Chapter 5: Risk Management 568

Chapter 6: Cryptography and PKI 571

Index 575