eBook - ePub
CompTIA Security+: SY0-601 Certification Guide
Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, 2nd Edition
Ian Neil
This is a test
Condividi libro
- 516 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
CompTIA Security+: SY0-601 Certification Guide
Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, 2nd Edition
Ian Neil
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Learn IT security essentials and prepare for the Security+ exam with this CompTIA exam guide, complete with additional online resources—including flashcards, PBQs, and mock exams—at securityplus.training
Key Features
- Written by Ian Neil, one of the world's top CompTIA Security+ trainers
- Test your knowledge of cybersecurity jargon and acronyms with realistic exam questions
- Learn about cryptography, encryption, and security policies to deliver a robust infrastructure
Book Description
The CompTIA Security+ certification validates the fundamental knowledge required to perform core security functions and pursue a career in IT security. Authored by Ian Neil, a world-class CompTIA certification trainer, this book is a best-in-class study guide that fully covers the CompTIA Security+ 601 exam objectives.
Complete with chapter review questions, realistic mock exams, and worked solutions, this guide will help you master the core concepts to pass the exam the first time you take it. With the help of relevant examples, you'll learn fundamental security concepts from certificates and encryption to identity and access management (IAM). As you progress, you'll delve into the important domains of the exam, including cloud security, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, cryptography, and public key infrastructure (PKI).
You can access extra practice materials, including flashcards, performance-based questions, practical labs, mock exams, key terms glossary, and exam tips on the author's website at securityplus.training.
By the end of this Security+ book, you'll have gained the knowledge and understanding to take the CompTIA exam with confidence.
What you will learn
- Master cybersecurity fundamentals, from the CIA triad through to IAM
- Explore cloud security and techniques used in penetration testing
- Use different authentication methods and troubleshoot security issues
- Secure the devices and applications used by your company
- Identify and protect against various types of malware and viruses
- Protect yourself against social engineering and advanced attacks
- Understand and implement PKI concepts
- Delve into secure application development, deployment, and automation
Who this book is for
If you want to take and pass the CompTIA Security+ SY0-601 exam, even if you are not from an IT background, this book is for you. You'll also find this guide useful if you want to become a qualified security professional. This CompTIA book is also ideal for US Government and US Department of Defense personnel seeking cybersecurity certification.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
CompTIA Security+: SY0-601 Certification Guide è disponibile online in formato PDF/ePub?
Sì, puoi accedere a CompTIA Security+: SY0-601 Certification Guide di Ian Neil in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Computer Science e Certification Guides in Computer Science. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Section 1: Security Aims and Objectives
In this section, you will learn about security fundamentals, from the CIA triad through to identify and access management.
This section comprises the following chapters:
- Chapter 1, Understanding Security Fundamentals
- Chapter 2, Implementing Public Key Infrastructure
- Chapter 3, Investigating Identity and Access Management
- Chapter 4, Exploring Virtualization and Cloud Concepts
Chapter 1: Understanding Security Fundamentals
In this chapter, we are going to look at some security fundamentals that will help you identify security threats in the system and mitigate them. With cybercrime increasing day by day, as an Information Technology (IT) professional, it is essential to first understand these fundamental concepts.
In this chapter, we will be covering the following topics:
- Security Fundamentals
- Comparing Control Types
- Physical Security Controls
- Understanding Digital Forensics
Let's start by looking at security fundamentals.
Security Fundamentals
The fundamentals of security are the foundation of protecting our assets, and there must be a strategy or methodology that we adapt for security. This is the CIA triad; let's look at its breakdown.
CIA Triad Concept
Most security books start with the basics of security by featuring the CIA triad—this is a conceptual model designed to help those writing information security policies within an organization. It is a widely used security model and it stands for confidentiality, integrity, and availability, the three key principles that should be used to guarantee you have a secure system:
Figure 1.1 – CIA triad
We'll discuss these principles in more depth here:
- Confidentiality: Prevents the disclosure of data to unauthorized people so that only authorized people have access to data. This is known as the need-to-know basis. Only those who should know the contents should be given access. An example would be that your medical history is only available to your doctor and nobody else.We also tend to encrypt data to keep it confidential. There are two types of encryption, known as symmetric and asymmetric. Symmetric encryption uses one key, known as the secret key. Asymmetric encryption uses two keys, known as the private key and the public key.
- Integrity: This means that you know that data has not been altered or tampered with. We use a technique called hashing that takes the data and converts it into a numerical value called a hash or message digest. When you suspect changes have taken place, you would check the hash value against the original. If the hash value has changed, then the data has been tampered with. Common hashing algorithms covered in the exam are Secure Hash Algorithm Version 1 (SHA1) 160-bit and Message Digest Version 5 (MD5) 128-bit. SHA1 is more secure than MD5; however, MD5 is faster. The higher the number of bits, the more secure, and the lower the number, the faster it is.
- Availability: Availability ensures that data is always available; an example would be if you wanted to purchase an airplane ticket and the system came back with an error saying that you could not purchase it. This could be frustrating, and therefore, availability is important. Examples of availability include Redundant Array of Independent Disks (RAID), which allows one or two disks to fail while still keeping the data available. Another example may be a fail-over cluster. In this, two servers can access the same data, and if one fails, the other can still provide the data, a data backup, or Heating Ventilation Air Conditioning (HVAC) that regulates the temperature for critical servers. In a datacentre, if the temperature is too hot then the servers will shut down.
Least Privilege
Least Privilege is where you give someone only the most limited access required so that they can perform their job role; this is known as a need-to-know basis. The company will write a least privilege policy so that the administrators know how to manage it.
Defense in Depth Model
Defense in Depth is the concept of protecting a company's data with a series of protective layers so that if one layer fails, another layer will already be in place to thwart an attack. We start with our data, then we encrypt it to protect it:
- The data is stored on a server.
- The data has file permissions.
- The data is encrypted.
- The data is in a secure area of the building.
- There is a security guard at the building entrance checking identification.
- There is CCTV around the perimeter.
- There is a high fence around the perimeter.
Let's look at this from the intruder's perspective, trying to jump the fence, and see how many layers they have to circumvent:
Figure 1.2 – Defense in Depth model
Let's now compare the different control types.
Comparing Control Types
There is a wide variety of different security controls that are used to mitigate the risk of being attacked; the three main categories are managerial, operational, and technical. We are going to look at these in more detail; you need to be familiar with each of these controls and when each of them should be applied. Let's start by looking at the three main controls.
Managerial Controls
Managerial Controls are written by managers to create organizational policies and procedures to reduce risk within companies. They incorporate regulatory frameworks so that the companies are legally compliant. The following are examples of management controls:
- Annual Risk Assessment: A company will have a risk register where the financial director will look at all of the risks associated with money and the IT manager will look at all of the risks posed by the IT infrastructure. As technology changes and hackers get more sophisticated, the risks can become greater. Each department will identify their risks and the risk treatments, and place them in the risk register. These should be reviewed annually.
- Penetration Testing/Vulnerability Scanning: A vulnerability scan is not intrusive as it merely checks for vulnerabilities, whereas a penetration test is more intrusive, as it goes deeper into a computer and can exploit vulnerabilities. It could cause the system to crash unexpectantly. These will be explained further later in this book.
Operational Controls
Operational controls are executed by company personnel during their day-to-day operations. Examples of these are the following:
- Annual Security Awareness Training: This is an...