CompTIA Security+ Certification Guide
eBook - ePub

CompTIA Security+ Certification Guide

Master IT security essentials and exam topics for CompTIA Security+ SY0-501 certification

Ian Neil

  1. 532 pages
  2. English
  3. ePUB (adapté aux mobiles)
  4. Disponible sur iOS et Android
eBook - ePub

CompTIA Security+ Certification Guide

Master IT security essentials and exam topics for CompTIA Security+ SY0-501 certification

Ian Neil

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres

À propos de ce livre

This is a practical certification guide covering all the exam topics in an easy-to-follow manner backed with mock tests and self-assesment scenarios for better preparation.

Key Features

  • Learn cryptography and various cryptography algorithms for real-world implementations
  • Discover security policies, plans, and procedures to protect your security infrastructure
  • Written by Ian Neil, one of the world's top CompTIA Security+ (SY0-501) trainer

Book Description

CompTIA Security+ is a worldwide certification that establishes the fundamental knowledge required to perform core security functions and pursue an IT security career. CompTIA Security+ Certification Guide is a best-in-class exam study guide that covers all of CompTIA Security+ 501 exam objectives. It is authored by Ian Neil, who is a world-class trainer of CompTIA Security+ 501. Packed with self-assessment scenarios and realistic exam questions, this guide will help you master the core concepts to succeed in the exam the first time you take it.

Using relevant examples, you will learn all the important security fundamentals from Certificates and Encryption to Identity and Access Management concepts. You will then dive into the important domains of the exam; namely, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, and cryptography and Public Key Infrastructure (PKI).

This book comes with over 600 practice questions with detailed explanation that is at the exam level and also includes two mock exams to help you with your study plan. This guide will ensure that encryption and certificates are made easy for you.

What you will learn

  • Get to grips with security fundamentals from Certificates and Encryption to Identity and Access Management
  • Secure devices and applications that are used by your company
  • Identify the different types of malware and virus and take appropriate actions to protect against them
  • Protect your environment against social engineering and advanced attacks
  • Implement PKI concepts
  • Learn about secure coding techniques, quality control, and testing
  • Troubleshoot common security issues

Who this book is for

This book is designed for anyone who is seeking to pass the CompTIA Security+ SY0-501 exam. It is a stepping stone for anyone who wants to become a security professional or move into cyber security. This certification guide assumes no prior knowledge of the product.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que CompTIA Security+ Certification Guide est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  CompTIA Security+ Certification Guide par Ian Neil en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Informatik et Informationstechnologie. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.



Mock Exam 1

  1. What type of attack is a Padding Oracle On Downgrading Legacy Encryption attack? Choose two options from the following list:
A. IV attack
B. Replay attack
C. Man-in-the-middle attack
D. TLS 1.0 with electronic code book
E. SSL 3.0 with chain block cipher
  1. You are the security administrator for the British secret service. What type of access method will you use for secret and top-secret data?
A. You will use DAC, with the owner of the data giving the access
B. You will use DAC, with the custodian of the data giving access
C. You will use DAC, with the security administrator giving access
D. You will use MAC, with the security administrator giving access
  1. Your company wants to encrypt DNS traffic by using DNSSEC. Once you have signed the zone, what records are created for each host?
  1. You are a security administrator. A user called Ben is having a discussion with one of his colleagues. They have four choices for two-factor authentication. They have asked for your advice as to which of the following is a two-factor authentication method. Select the best answer:
A. Smart card
B. Password and PIN
C. Passphrase and username
D. Retina and fingerprint scan
  1. Two separate CAs need to work together on a joint venture. What can they implement so that certificates can be used for cross certification?
A. Bridge trust model
B. Certificate pinning
C. Certificate stapling
D. Wildcard certificates
  1. John goes to a sports website and gets the following error:
What two actions does the website administrator need to take to resolve this error?
A. Ask the key escrow to store their private key
B. Ensure that the website uses a valid SAN certificate
C. Update the root certificate in the client computer Trusted Root Certificate Authorities Store
D. Verify that the certificate on the server has not expired
  1. A security administrator discovers that an attacker used a compromised host as a platform for launching attacks deeper in a company's network. What terminology best describes the use of the compromised host?
A. Brute force
B. Active reconnaissance
C. Pivoting
D. Passing point
  1. Mary is managing the company's wireless network, which uses WPA2-PSK. What kind of encryption is most likely to be used?
A. SHA-1
C. MD5
  1. Who is responsible for setting permissions when using a Mandatory Access Control (MAC) model?
A. Owner
B. Manager
C. Administrator
D. User
  1. Company A is due to upgrade all of its IT systems, and has been investigating the possibility of moving to the cloud, as there is no capital expenditure because the CSP provides the hardware. Company A would still like to control the IT systems in the cloud. Which cloud model would best serve company A's needs?
A. Software as a Service (SaaS)
B. Infrastructure as a Service (IaaS)
C. Monitoring as a Service (MaaS)
D. Platform as a Service (PaaS)
  1. You are the security administrator and the IT director has tasked you with collecting the volatile memory on Server 1, as it is currently experiencing a cyberattack. Which of the following are the two best forms of volatile memory to collect?
A. Secure boot
B. Swap/page file
C. USB flash drive
  1. Bill and Ben, the flowerpot men are going to encrypt data using asymmetric encryption, which uses public and private keys. What is the first step they need to take?
A. Exchange public keys
B. Exchange private keys
C. Exchange digital signatures
D. Exchange telephone numbers
  1. At what stage in the SDLC are computer systems no longer supported by the original vendor?
A. Sandboxing
B. End-of-life systems
C. Resource exhaustion
D. System sprawl
  1. Company A has just developed a bespoke system for booking airline tickets. What is it called if a freelance coding specialist tests it for security flaws?
A. Code review
B. Static code review
C. Regression testing
D. Dynamic code review
  1. You are the security administrator for a company that has just replaced two file servers. Which of the following is the best solution for disposing of the hard drives that are used to store top-secret data?
A. Hashing
B. Degaussing
C. Low-level formatting
D. Shredding
  1. You are the security administrator for an airline company whose systems suffered a loss of availability last month. Which of the following attacks would most likely affect the availability of your IT systems?
A. Spear phishing
B. Replay
C. Man-in-the-middle (MITM)
C. DoS
  1. You are a network administrator setting up an L2TP/IPSec VPN tunnel, as your company needs to move a large amount of encrypted data between a branch office and the head office. Why is Diffie Hellman used for an IKE phase before the data is forwarded via symmetric encryption?
A. It is a symmetric encryption technique that protects keys
B. It is a hashing technique that protects keys
C It is an ephemeral technique that protects keys
D. It is an asymmetric technique that protects keys by setting up a secure channel
  1. You are a lecturer at a college and you need to deliver a session on salting passwords. What are the two main reasons you would salt passwords?
A. To prevent brute force attacks
B. To make access to the password slower
C. To prevent duplicate passwords being stored
D. To stop simple passwords from being used
  1. Which of the following methods of authentication are known as two-factor authen...

Table des matiĂšres

  1. Title Page
  2. Copyright and Credits
  3. About Packt
  4. Contributor
  5. Preface
  6. Understanding Security Fundamentals
  7. Conducting Risk Analysis
  8. Implementing Security Policies and Procedures
  9. Delving into Identity and Access Management
  10. Understanding Network Components
  11. Understanding Cloud Models and Virtualization
  12. Managing Hosts and Application Deployment
  13. Protecting Against Attacks and Vulnerabilities
  14. Implementing the Public Key Infrastructure
  15. Responding to Security Incidents
  16. Managing Business Continuity
  17. Mock Exam 1
  18. Mock Exam 2
  19. Preparing for the CompTIA Security+ 501 Exam
  20. Acronyms
  21. Assessment
  22. Other Books You May Enjoy
Normes de citation pour CompTIA Security+ Certification Guide

APA 6 Citation

Neil, I. (2018). CompTIA Security+ Certification Guide (1st ed.). Packt Publishing. Retrieved from (Original work published 2018)

Chicago Citation

Neil, Ian. (2018) 2018. CompTIA Security+ Certification Guide. 1st ed. Packt Publishing.

Harvard Citation

Neil, I. (2018) CompTIA Security+ Certification Guide. 1st edn. Packt Publishing. Available at: (Accessed: 14 October 2022).

MLA 7 Citation

Neil, Ian. CompTIA Security+ Certification Guide. 1st ed. Packt Publishing, 2018. Web. 14 Oct. 2022.