- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Reflecting the latest developments and emerging trends from the field, COMPTIA SECURITY+ GUIDE TO NETWORK SECURITY FUNDAMENTALS, Seventh Edition, helps you prepare for professional certification -- and career success. The text fully maps to the new CompTIA Security+ SY0-601 Certification Exam, providing thorough coverage of all domain objectives. In addition to its comprehensive coverage of the fundamental essentials of network and computer security, the seventh edition includes expanded coverage of security evaluations, embedded device and Internet of Things (IoT) security, and cloud and virtualization security. Practical, Hands-On Projects, case activities and online virtual labs help you put what you learn into real-world practice, while the innovative Information Security Community Site connects you to up-to-the-minute news and insights from the information security field.
Contents
I. SECURITY FUNDAMENTALS
1. Introduction to Security
a. Who are the attackers?
i. Categories of threat actors
ii. Attributes of actors
b. Attack vectors and their causes
i. Avenues of attacks
ii. Vulnerabilities that create attack vectors
iii. Social engineering attacks
c. Cybersecurity standards
i. Regulations and standards
ii. Frameworks
iii. Configuration guidelines
d. Sources of information
i. Threat intelligence sources
ii. Research sources
2. Security Evaluations
a. Security assessments
i. Threat hunting
ii. Vulnerability scans
iii. Security information and event management (SIEM)
iv. Security orchestration, automation, response (SOAR)
b. Penetration testing
i. What is penetration testing?
ii. Types of reconnaissance
iii. Exercise types (
II. DEVICE SECURITY
3. Threats and Attacks on Devices
a. Attacks using malware
i. Circulation
ii. Infection
iii. Concealment
iv. Payload capabilities
b. Adversarial AI attacks
c. Application attacks
i. Web server application attacks
ii. Hijacking
iii. Overflow attacks
iv. Advertising attacks
v. Browser vulnerabilities
4. Client and Application Security
a. Securing client devices
i. Endpoint protection
ii. Boot integrity
iii. Database protection
iv. Hardware and software protection
b. Creating and deploying SecDevOps
i. Application development
ii. Secure coding techniques
iii. Code testing
5. Mobile, Embedded and Specialized Device Security
a. Securing mobile devices
i. Mobile device types and deployment
ii. Mobile device risks
iii. Securing mobile devices
iv. Mobile management tools
b. Embedded and IoT device security
i. Types of embedded systems
ii. IoT devices
iii. Specialized devices
c. Keeping specialized devices secure
i. Vulnerabilities
ii. Securing communications
III. CRYPTOGRAPHY
6. Basic Cryptography
a. Defining cryptography
b. Cryptographic algorithms
c. Cryptographic attacks
d. Using cryptography
7. Advanced Cryptography and PKI
a. Implementing cryptography
b. Digital certificates
c. Public Key Infrastructure (PKI)
d. Cryptographic transport protocols
IV. NETWORK SECURITY
8. Network Threats, Assessments, and Defenses
a. Attacks on networks
i. Interception
ii. Poisoning
iii. Denial of Service
b. Assessing network and organizational security
i. Network reconnaissance and discovery
ii. File manipulation
iii. Shell and script environments
iv. Packet capture and replay
c. Physical security defenses
i. External perimeter defenses
ii. Internal physical access security
iii. Computer hardware security
9. Network Security Design and Technologies
a. Security through network devices
i. Standard network devices
ii. Network security hardware
b. Security through architecture and design
c. Implementing secure protocols
d. Enterprise network security concepts
i. Configuration management
ii. Data protection
10. Wireless Network Security
a. Wireless attacks
i. Bluetooth attacks
ii. Near field communication attacks
iii. Radio frequency identification attacks
iv. Wireless local area network attacks
b. Vulnerabilities of IEEE wireless security
c. Wireless security solutions
i. Wi-Fi Protected Access
ii. Wi-Fi Protected Access 2
iii. Additional wireless security protections
11. Cloud and Virtualization Security
a. Cloud security
i. Cloud concepts and models
ii. Cloud security solutions
1. Cloud security controls
2. Cloud security solutions
b. Virtualization security
i. Virtualization concepts
ii. Securing virtual environments
ENTERPRISE SECURITY
12. Identity and Access Management (IAM)
a. Authentication credentials
i. What you know: passwords
ii. What you have: tokens, cards, and cell phones
iii. What you are: biometrics
iv. What you do: behavioral biometrics
v. Where you are: geolocation
b. Identity and account management controls
c. Access services
13. Incident Response and Investigation
a. Incident response plans and procedures
i. What is an incident response plan?
ii. Incident response exercises
iii. Attack frameworks
b. Investiga
