CompTIA Security+ SY0-701 Exam Cram (Exam Cram) (7TH)

個数:

CompTIA Security+ SY0-701 Exam Cram (Exam Cram) (7TH)

  • 提携先の海外書籍取次会社に在庫がございます。通常3週間で発送いたします。
    重要ご説明事項
    1. 納期遅延や、ご入手不能となる場合が若干ございます。
    2. 複数冊ご注文の場合、分割発送となる場合がございます。
    3. 美品のご指定は承りかねます。

    ●3Dセキュア導入とクレジットカードによるお支払いについて
  • 【入荷遅延について】
    世界情勢の影響により、海外からお取り寄せとなる洋書・洋古書の入荷が、表示している標準的な納期よりも遅延する場合がございます。
    おそれいりますが、あらかじめご了承くださいますようお願い申し上げます。
  • ◆画像の表紙や帯等は実物とは異なる場合があります。
  • ◆ウェブストアでの洋書販売価格は、弊社店舗等での販売価格とは異なります。
    また、洋書販売価格は、ご注文確定時点での日本円価格となります。
    ご注文確定後に、同じ洋書の販売価格が変動しても、それは反映されません。
  • 製本 Paperback:紙装版/ペーパーバック版/ページ数 688 p.
  • 言語 ENG
  • 商品コード 9780138225575
  • DDC分類 005.8076

Full Description

CompTIA Security+ SY0-701 Exam Cram is an all-inclusive study guide designed to help you pass the updated version of the CompTIA Security+ exam. Prepare for test day success with complete coverage of exam objectives and topics, plus hundreds of realistic practice questions. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time assessment and feedback with two complete exams.

This edition comes with a Pearson Test Prep Practice Test access code that is delivered upon product registration. Follow the instructions in the book's introduction to register your product.  

 

Covers the critical information needed to score higher on your Security+ SY0-701 exam!

 



General security concepts
Threats, vulnerabilities, and mitigations
Security architecture
Security operations
Security program management and oversight

 

Prepare for your exam with Pearson Test Prep

 



Realistic practice questions and answers
Comprehensive reporting and feedback
Customized testing in study, practice exam, or flash card modes
Complete coverage of CompTIA Security+ SY0-701 exam objectives

Contents

Introduction. . . . . . . . . . . . . . . . . . . . . . . xxvi

Part 1: General Security Concepts 1

CHAPTER 1: Security Controls.. . . . . . . . . . . . . . . . . . . . . . 3

                Nature of Controls.. . . . . . . . . . . . . . . . . . . 3

                Functional Use of Controls.. . . . . . . . . . . . . . . . 4

                What Next?.. . . . . . . . . . . . . . . . . . . . . . 9

CHAPTER 2: Fundamental Security Concepts.. . . . . . . . . . . . . . . . 11

                Confidentiality, Integrity, and Availability (CIA).. . . . . . . . . 12

                Non-Repudiation.. . . . . . . . . . . . . . . . . . . 13

                Authentication, Authorization, and Accounting (AAA).. . . . . . . 13

                Gap Analysis. . . . . . . . . . . . . . . . . . . . . 14

                Zero Trust.. . . . . . . . . . . . . . . . . . . . . . 15

                Physical Security. . . . . . . . . . . . . . . . . . . . 18

                Video Surveillance. . . . . . . . . . . . . . . . . . . 20

                Deception and Disruption Technology. . . . . . . . . . . . 23

                What Next?.. . . . . . . . . . . . . . . . . . . . . 26

CHAPTER 3: Change Management Processes and the Impact to Security.. . . . . 27

                Change Management. . . . . . . . . . . . . . . . . . 28

                Business Processes Impacting Security Operations. . . . . . . . 28

                Technical Implications.. . . . . . . . . . . . . . . . . . 31

                Documentation. . . . . . . . . . . . . . . . . . . . 35

                Version Control.. . . . . . . . . . . . . . . . . . . . 36

                What Next?.. . . . . . . . . . . . . . . . . . . . . 38

CHAPTER 4: Cryptographic Solutions. . . . . . . . . . . . . . . . . . . 39

                Public Key Infrastructure (PKI).. . . . . . . . . . . . . . 40

                Encryption. . . . . . . . . . . . . . . . . . . . . . 43

                Tools.. . . . . . . . . . . . . . . . . . . . . . . . 55

                What Next?.. . . . . . . . . . . . . . . . . . . . . 80

Part 2: Threats, Vulnerabilities, and Mitigations 81

CHAPTER 5: Threat Actors and Motivations.. . . . . . . . . . . . . . . . 83

                Threat Actors.. . . . . . . . . . . . . . . . . . . . . 84

                Motivations.. . . . . . . . . . . . . . . . . . . . . 90

                What Next?.. . . . . . . . . . . . . . . . . . . . . 96

CHAPTER 6: Threat Vectors and Attack Surfaces.. . . . . . . . . . . . 97

                Types of Threat Vectors and Attack Surfaces. . . . . . . . . . 98

                What Next?.. . . . . . . . . . . . . . . . . . . . . 114

CHAPTER 7: Vulnerability Types.. . . . . . . . . . . . . . . . . . .. 115

                Application. . . . . . . . . . . . . . . . . . . . . . 116

                Operating System-Based.. . . . . . . . . . . . . . . . . 118

                Web-Based. . . . . . . . . . . . . . . . . . . . . . 119

                Hardware. . . . . . . . . . . . . . . . . . . . . . 120

                Virtualization.. . . . . . . . . . . . . . . . . . . . . 121

                Cloud-Specific.. . . . . . . . . . . . . . . . . . . . 122

                Supply Chain.. . . . . . . . . . . . . . . . . . . . . 123

                Cryptographic.. . . . . . . . . . . . . . . . . . . . 125

                Misconfiguration. . . . . . . . . . . . . . . . . . . . 126

                Mobile Device.. . . . . . . . . . . . . . . . . . . . 127

                Zero-Day. . . . . . . . . . . . . . . . . . . . . . 127

                What Next?.. . . . . . . . . . . . . . . . . . . . . 130

CHAPTER 8: Malicious Attacks and Indicators.. . . . . . . . .. . . . . 131

                Malware Attacks.. . . . . . . . . . . . . . . . . . . . 132

                Physical Attacks.. . . . . . . . . . . . . . . . . . . . 138

                Network Attacks.. . . . . . . . . . . . . . . . . . . . 139

                Application Attacks.. . . . . . . . . . . . . . . . . . . 148

                Cryptographic Attacks.. . . . . . . . . . . . . . . . . . 153

                Password Attacks. . . . . . . . . . . . . . . . . . . . 154

                Indicators of Malicious Activity. . . . . . . . . . . . . . . 156

                What Next?.. . . . . . . . . . . . . . . . . . . . . 160

CHAPTER 9 Mitigation Techniques for Securing the Enterprise..  . . . . 161

                Segmentation.. . . . . . . . . . . . . . . . . . . . . 162

                Access Control.. . . . . . . . . . . . . . . . . . . . 162

                Application Allow List.. . . . . . . . . . . . . . . . . . 164

                Isolation. . . . . . . . . . . . . . . . . . . . . . . 165

                Patching.. . . . . . . . . . . . . . . . . . . . . . 165

                What Next?.. . . . . . . . . . . . . . . . . . . . . 176

Part 3: Security Architecture 177

CHAPTER 10: Security Implications of Architecture Models. . . . . . . . 179

                Architecture and Infrastructure Concepts. . . . . . . . . . . 180

                Considerations.. . . . . . . . . . . . . . . . . . . . 201

                What Next?.. . . . . . . . . . . . . . . . . . . . . 209

CHAPTER 11: Enterprise Architecture Security Principles.. . .  . . . . . . 211

                Infrastructure Considerations.. . . . . . . . . . . . . . . 212

                Secure Communication/Access.. . . . . . . . . . . . . . . 224

                Selection of Effective Controls.. . . . . . . . . . . . . . . 228

                What Next?.. . . . . . . . . . . . . . . . . . . . . 232

CHAPTER 12: Data Protection Strategies.. . . . . . . . . . . . . . . . . . 233

                Data Types. . . . . . . . . . . . . . . . . . . . . . 234

                Data Classifications.. . . . . . . . . . . . . . . . . . . 237

                General Data Considerations.. . . . . . . . . . . . . . . 238

                Methods to Secure Data. . . . . . . . . . . . . . . . . 240

                What Next?.. . . . . . . . . . . . . . . . . . . . . 246

CHAPTER 13: Resilience and Recovery in Security Architecture.. . . .. . 247

                High Availability.. . . . . . . . . . . . . . . . . . . . 248

                Site Considerations.. . . . . . . . . . . . . . . . . . . 249

                Platform Diversity. . . . . . . . . . . . . . . . . . . 251

                Multicloud Systems.. . . . . . . . . . . . . . . . . . . 252

                Continuity of Operations.. . . . . . . . . . . . . . . . . 252

                Capacity Planning. . . . . . . . . . . . . . . . . . . 253

                Testing.. . . . . . . . . . . . . . . . . . . . . . . 254

                Backups.. . . . . . . . . . . . . . . . . . . . . . . 255

                Power.. . . . . . . . . . . . . . . . . . . . . . . 261

                What Next?.. . . . . . . . . . . . . . . . . . . . . 264

Part 4: Security Operations 265

CHAPTER 14: Securing Resources. . . . . . . . . . . . . . . . . . . . 267

                Secure Baselines.. . . . . . . . . . . . . . . . . . . . 268

                Hardening Targets.. . . . . . . . . . . . . . . . . . . 270

                Wireless Devices. . . . . . . . . . . . . . . . . . . . 278

                Mobile Solutions. . . . . . . . . . . . . . . . . . . . 281

                Wireless Security Settings.. . . . . . . . . . . . . . . . 285

                Application Security.. . . . . . . . . . . . . . . . . . 289

                Sandboxing.. . . . . . . . . . . . . . . . . . . . . 290

                Monitoring.. . . . . . . . . . . . . . . . . . . . . 291

                What Next?.. . . . . . . . . . . . . . . . . . . . . 293

CHAPTER 15: Hardware, Software, and Data Asset Management.. . . . . . . . . 295

                Acquisition/Procurement Process.. . . . . . . . . . . . . . 296

                Assignment/Accounting.. . . . . . . . . . . . . . . . . 297

                Monitoring and Asset Tracking.. . . . . . . . . . . . . . . 299

                Disposal/Decommissioning.. . . . . . . . . . . . . . . . 300

                What Next?.. . . . . . . . . . . . . . . . . . . . . 305

CHAPTER 16: Vulnerability Management.. . . . . . . . . . . . . . . . . . 307

                Identification Methods. . . . . . . . . . . . . . . . . . 308

                Analysis.. . . . . . . . . . . . . . . . . . . . . . . 316

                Vulnerability Response and Remediation.. . . . . . . . . . . 322

                Validation of Remediation.. . . . . . . . . . . . . . . . 325

                Reporting. . . . . . . . . . . . . . . . . . . . . . 326

                What Next?.. . . . . . . . . . . . . . . . . . . . . 328

CHAPTER 17: Security Alerting and Monitoring. . . . . . . . . . . . . . . . 329

                Monitoring Computing Resources.. . . . . . . . . . . . . 330

                Activities.. . . . . . . . . . . . . . . . . . . . . . 332

                Tools.. . . . . . . . . . . . . . . . . . . . . . . . 336

                What Next?.. . . . . . . . . . . . . . . . . . . . . 347

CHAPTER 18: Enterprise Security Capabilities.. . . . . . . . . . . . . . . . 349

                Firewall.. . . . . . . . . . . . . . . . . . . . . . . 350

                IDS/IPS. . . . . . . . . . . . . . . . . . . . . . . 354

                Web Filter.. . . . . . . . . . . . . . . . . . . . . . 357

                Operating System Security.. . . . . . . . . . . . . . . . 361

                Implementation of Secure Protocols.. . . . . . . . . . . . . 363

                DNS Filtering.. . . . . . . . . . . . . . . . . . . . 366

                Email Security.. . . . . . . . . . . . . . . . . . . . 367

                File Integrity Monitoring. . . . . . . . . . . . . . . . . 369

                Data Loss Prevention (DLP).. . . . . . . . . . . . . . . 370

                Network Access Control (NAC).. . . . . . . . . . . . . . 371

                Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)..372

                User Behavior Analytics.. . . . . . . . . . . . . . . . . 373

                What Next?.. . . . . . . . . . . . . . . . . . . . . 375

CHAPTER 19: Identity and Access Management.. . . . . . . . . . . . . . . 377

                Provisioning/De-provisioning User Accounts.. . . . . . . . . . 378

                Permission Assignments and Implications. . . . . . . . . . . 379

                Identity Proofing.. . . . . . . . . . . . . . . . . . . 381

                Federation and Single Sign-On (SSO).. . . . . . . . . . . . 382

                Interoperability. . . . . . . . . . . . . . . . . . . . 385

                Attestation.. . . . . . . . . . . . . . . . . . . . . . 385

                Access Controls.. . . . . . . . . . . . . . . . . . . . 386

                Multifactor Authentication (MFA).. . . . . . . . . . . . . . 388

                Password Concepts.. . . . . . . . . . . . . . . . . . . 395

                Privileged Access Management Tools. . . . . . . . . . . . . 397

                What Next?.. . . . . . . . . . . . . . . . . . . . . 400

CHAPTER 20: Security Automation and Orchestration. . . . . . . . . . . . . 401

                Use Cases of Automation and Scripting.. . . . . . . . . . . . 402

                Benefits.. . . . . . . . . . . . . . . . . . . . . . . 405

                Other Considerations.. . . . . . . . . . . . . . . . . . 406

                What Next?.. . . . . . . . . . . . . . . . . . . . . 408

CHAPTER 21: Incident Response Activities. . . . . . . . . . . . . . . . . 409

                Incident Response Process.. . . . . . . . . . . . . . . . 410

                Training and Testing.. . . . . . . . . . . . . . . . . . 411

                Root Cause Analysis (RCA).. . . . . . . . . . . . . . . . 412

                Threat Hunting.. . . . . . . . . . . . . . . . . . . . 413

                Digital Forensics. . . . . . . . . . . . . . . . . . . . 414

                What Next?.. . . . . . . . . . . . . . . . . . . . . 417

CHAPTER 22: Data Sources for Supporting Investigations. . . . . . . . . . . . 419

                Log Data.. . . . . . . . . . . . . . . . . . . . . . 419

                Data Sources.. . . . . . . . . . . . . . . . . . . . . 421

                What Next?.. . . . . . . . . . . . . . . . . . . . . 423

Part 5: Security Program Management and Oversight 425

CHAPTER 23: Effective Security Governance.. . . . . . . . . . . . . . . . 427

                Governing Framework. . . . . . . . . . . . . . . . . . 428

                Policies.. . . . . . . . . . . . . . . . . . . . . . . 433

                Standards.. . . . . . . . . . . . . . . . . . . . . . 445

                Procedures.. . . . . . . . . . . . . . . . . . . . . . 447

                Guidelines.. . . . . . . . . . . . . . . . . . . . . . 452

                External Considerations. . . . . . . . . . . . . . . . . 453

                Roles and Responsibilities for Systems and Data.. . . . . . . . . 460

                What Next?.. . . . . . . . . . . . . . . . . . . . . 464

CHAPTER 24: Risk Management.. . . . . . . . . . . . . . . . . . . . . 465

                Risk Identification. . . . . . . . . . . . . . . . . . . 466

                Risk Assessment.. . . . . . . . . . . . . . . . . . . . 466

                Risk Analysis. . . . . . . . . . . . . . . . . . . . . 468

                Risk Register.. . . . . . . . . . . . . . . . . . . . . 472

                Risk Appetite and Tolerance.. . . . . . . . . . . . . . . . 474

                Risk Management Strategies. . . . . . . . . . . . . . . . 475

                Risk Reporting.. . . . . . . . . . . . . . . . . . . . 477

                Business Impact Analysis.. . . . . . . . . . . . . . . . . 478

                What Next?.. . . . . . . . . . . . . . . . . . . . . 483

CHAPTER 25: Third-Party Risk Assessment and Management. . . . . . . . . . 485

                Third-Party Risk Management.. . . . . . . . . . . . . . . 486

                What Next?.. . . . . . . . . . . . . . . . . . . . . 494

CHAPTER 26: Security Compliance.. . . . . . . . . . . . . . . . . . . . 495

                Compliance Reporting and Monitoring.. . . . . . . . . . . . 496

                Privacy.. . . . . . . . . . . . . . . . . . . . . . . 501

                What Next?.. . . . . . . . . . . . . . . . . . . . . 507

CHAPTER 27: Security Audits and Assessments.. . . . . . . . . . . . . . . 509

                Audits and Assessments.. . . . . . . . . . . . . . . . . 510

                Penetration Testing.. . . . . . . . . . . . . . . . . . . 513

                What Next?.. . . . . . . . . . . . . . . . . . . . . 523

CHAPTER 28: Security Awareness Practices. . . . . . . . . . . . . . . . . 525

                Security Awareness.. . . . . . . . . . . . . . . . . . . 526

                What Next?.. . . . . . . . . . . . . . . . . . . . . 550

Glossary of Essential Terms.. . . . . . . . . . . . . . . . . 551

Cram Sheet.. . . . . . . . . . . . . . . . . . . . . . . 603

 

9780138225575, TOC, 7/3/2024

最近チェックした商品