Sybex

Home Certification IT Administration Architecture & Design
3D Animation & CGI Internet Marketing
Print this page Share

CompTIA Security+ Study Guide: SY0-401, 6th Edition

ISBN: 978-1-118-87507-0
552 pages
May 2014
CompTIA Security+ Study Guide: SY0-401, 6th Edition (1118875079) cover image

Description


NOTE: The exam this book covered, CompTIA Security+: SY0-401, was retired by CompTIA in 2017 and is no longer offered. For coverage of the current exam CompTIA Security+: Exam SY0-501, please look for the latest edition of this guide: CompTIA Security+ Study Guide: Exam SY0-501 (9781119416876).



Join over 250,000 IT professionals who've earned Security+ certification

If you're an IT professional hoping to progress in your career, then you know that the CompTIA Security+ exam is one of the most valuable certifications available. Since its introduction in 2002, over a quarter million professionals have achieved Security+ certification, itself a springboard to prestigious certifications like the CASP, CISSP, and CISA. The CompTIA Security+ Study Guide: SY0-401 covers 100% of the Security+ exam objectives, with clear and concise information on crucial security topics.

You'll find everything you need to prepare for the 2014 version of the Security+ certification exam, including insight from industry experts on a wide range of IT security topics. Readers also get access to a robust set of learning tools, featuring electronic flashcards, assessment tests, robust practice test environment, with hundreds of practice questions, and electronic flashcards.

  • CompTIA authorized and endorsed
  • Includes updates covering the latest changes to the exam, including better preparation for real-world applications
  • Covers key topics like network security, compliance and operational security, threats and vulnerabilities, access control and identity management, and cryptography
  • Employs practical examples and insights to provide real-world context from two leading certification experts
  • Provides the necessary tools to take that first important step toward advanced security certs like CASP, CISSP, and CISA, in addition to satisfying the DoD's 8570 directive

If you're serious about jump-starting your security career, you need the kind of thorough preparation included in the CompTIA Security+ Study Guide: SY0-401.

See More

Table of Contents

Foreword xxi

Introduction xxiii

Chapter 1 Measuring and Weighing Risk 1

Risk Assessment 3

Computing Risk Assessment 4

Acting on Your Risk Assessment 9

Risks Associated with Cloud Computing 17

Risks Associated with Virtualization 19

Developing Policies, Standards, and Guidelines 19

Implementing Policies 20

Understanding Control Types and

False Positives/Negatives 26

Risk Management Best Practices 28

Disaster Recovery 36

Tabletop Exercise 39

Summary 39

Exam Essentials 39

Review Questions 41

Chapter 2 Monitoring and Diagnosing Networks 45

Monitoring Networks 46

Network Monitors 46

Understanding Hardening 52

Working with Services 52

Patches 56

User Account Control 57

Filesystems 58

Securing the Network 60

Security Posture 61

Continuous Security Monitoring 61

Setting a Remediation Policy 62

Reporting Security Issues 63

Alarms 63

Alerts 63

Trends 63

Differentiating between Detection Controls and Prevention Controls 64

Summary 65

Exam Essentials 66

Review Questions 67

Chapter 3 Understanding Devices and Infrastructure 71

Mastering TCP/IP 73

OSI Relevance 74

Working with the TCP/IP Suite 74

IPv4 and IPv6 78

Understanding Encapsulation 79

Working with Protocols and Services 80

Designing a Secure Network 87

Demilitarized Zones 87

Subnetting 89

Virtual Local Area Networks 89

Remote Access 92

Network Address Translation 93

Telephony 94

Network Access Control 95

Understanding the Various Network Infrastructure Devices 95

Firewalls 96

Routers 100

Switches 102

Load Balancers 103

Proxies 103

Web Security Gateway 103

VPNs and VPN Concentrators 103

Intrusion Detection Systems 105

Understanding Intrusion Detection Systems 106

IDS vs. IPS 110

Working with a Network-Based IDS 111

Working with a Host-Based IDS 116

Working with NIPSs 117

Protocol Analyzers 118

Spam Filters 118

UTM Security Appliances 119

Summary 122

Exam Essentials 123

Review Questions 124

Chapter 4 Access Control, Authentication, and Authorization 129

Understanding Access Control Basics 131

Identification vs. Authentication 131

Authentication (Single Factor) and Authorization 132

Multifactor Authentication 133

Layered Security and Defense in Depth 133

Network Access Control 134

Tokens 135

Federations 135

Potential Authentication and Access Problems 136

Authentication Issues to Consider 137

Authentication Protocols 139

Account Policy Enforcement 139

Users with Multiple Accounts/Roles 141

Generic Account Prohibition 142

Group-based and User-assigned Privileges 142

Understanding Remote Access Connectivity 142

Using the Point-to-Point Protocol 143

Working with Tunneling Protocols 144

Working with RADIUS 145

TACACS/TACACS+/XTACACS 146

VLAN Management 146

SAML 147

Understanding Authentication Services 147

LDAP 147

Kerberos 148

Single Sign-On Initiatives 149

Understanding Access Control 150

Mandatory Access Control 151

Discretionary Access Control 151

Role-Based Access Control 152

Rule-Based Access Control 152

Implementing Access Controlling Best Practices 152

Least Privileges 153

Separation of Duties 153

Time of Day Restrictions 153

User Access Review 154

Smart Cards 154

Access Control Lists 156

Port Security 157

Working with 802.1X 158

Flood Guards and Loop Protection 158

Preventing Network Bridging 158

Log Analysis 159

Trusted OS 159

Secure Router Configuration 160

Summary 161

Exam Essentials 161

Review Questions 163

Chapter 5 Protecting Wireless Networks 167

Working with Wireless Systems 169

IEEE 802.11x Wireless Protocols 169

WEP/WAP/WPA/WPA2 171

Wireless Transport Layer Security 173

Understanding Wireless Devices 174

Wireless Access Points 175

Extensible Authentication Protocol 181

Lightweight Extensible Authentication Protocol 182

Protected Extensible Authentication Protocol 182

Wireless Vulnerabilities to Know 183

Wireless Attack Analogy 187

Summary 188

Exam Essentials 189

Review Questions 190

Chapter 6 Securing the Cloud 195

Working with Cloud Computing 196

Software as a Service (SaaS) 197

Platform as a Service (PaaS) 198

Infrastructure as a Service (IaaS) 199

Private Cloud 200

Public Cloud 200

Community Cloud 200

Hybrid Cloud 201

Working with Virtualization 201

Snapshots 203

Patch Compatibility 203

Host Availability/Elasticity 204

Security Control Testing 204

Sandboxing 204

Security and the Cloud 205

Cloud Storage 206

Summary 207

Exam Essentials 207

Review Questions 208

Chapter 7 Host, Data, and Application Security 213

Application Hardening 215

Databases and Technologies 215

Fuzzing 218

Secure Coding 218

Application Configuration Baselining 219

Operating System Patch Management 220

Application Patch Management 220

Host Security 220

Permissions 220

Access Control Lists 221

Antimalware 221

Host Software Baselining 226

Hardening Web Servers 227

Hardening Email Servers 228

Hardening FTP Servers 229

Hardening DNS Servers 230

Hardening DHCP Services 231

Protecting Data Through Fault Tolerance 233

Backups 233

RAID 234

Clustering and Load Balancing 235

Application Security 235

Best Practices for Security 236

Data Loss Prevention 236

Hardware-Based Encryption Devices 237

Summary 238

Exam Essentials 238

Review Questions 239

Chapter 8 Cryptography 243

An Overview of Cryptography 245

Historical Cryptography 245

Modern Cryptography 249

Working with Symmetric Algorithms 249

Working with Asymmetric Algorithms 251

What Cryptography Should You Use? 254

Hashing Algorithms 255

Rainbow Tables and Salt 256

Key Stretching 256

Understanding Quantum Cryptography 257

Cryptanalysis Methods 257

Wi-Fi Encryption 258

Using Cryptographic Systems 258

Confidentiality and Strength 259

Integrity 259

Digital Signatures 261

Authentication 261

Nonrepudiation 262

Key Features 262

Understanding Cryptography Standards and Protocols 263

The Origins of Encryption Standards 263

Public-Key Infrastructure X.509/Public-Key Cryptography Standards 266

X.509 267

SSL and TLS 268

Certificate Management Protocols 270

Secure Multipurpose Internet Mail Extensions 270

Secure Electronic Transaction 270

Secure Shell 271

Pretty Good Privacy 272

HTTP Secure 274

Secure HTTP 274

IP Security 274

Tunneling Protocols 277

Federal Information Processing Standard 278

Using Public-Key Infrastructure 278

Using a Certificate Authority 279

Working with Registration Authorities and Local Registration Authorities 280

Implementing Certificates 281

Understanding Certificate Revocation 285

Implementing Trust Models 285

Hardware-Based Encryption Devices 290

Data Encryption 290

Summary 291

Exam Essentials 291

Review Questions 293

Chapter 9 Malware, Vulnerabilities, and Threats 297

Understanding Malware 300

Surviving Viruses 310

Symptoms of a Virus Infection 311

How Viruses Work 311

Types of Viruses 312

Managing Spam to Avoid Viruses 316

Antivirus Software 317

Understanding Various Types of Attacks 318

Identifying Denial-of-Service and

Distributed Denial-of-Service Attacks 319

Spoofing Attacks 321

Pharming Attacks 322

Phishing, Spear Phishing, and Vishing 323

Xmas Attack 324

Man-in-the-Middle Attacks 324

Replay Attacks 325

Smurf Attacks 326

Password Attacks 326

Privilege Escalation 328

Malicious Insider Threats 332

Transitive Access 332

Client-Side Attacks 333

Typo Squatting and URL Hijacking 333

Watering Hole Attack 334

Identifying Types of Application Attacks 334

Cross-Site Scripting and Forgery 334

SQL Injection 335

LDAP Injection 336

XML Injection 337

Directory Traversal/Command Injection 337

Buffer Overflow 338

Integer Overflow 338

Zero-Day Exploits 338

Cookies and Attachments 338

Locally Shared Objects and Flash Cookies 339

Malicious Add-Ons 339

Session Hijacking 340

Header Manipulation 340

Arbitrary Code and Remote Code Execution 341

Tools for Finding Threats 341

Interpreting Assessment Results 341

Tools to Know 342

Risk Calculations and Assessment Types 344

Summary 346

Exam Essentials 346

Review Questions 348

Chapter 10 Social Engineering and Other Foes 353

Understanding Social Engineering 355

Types of Social Engineering Attacks 356

What Motivates an Attack? 361

The Principles Behind Social Engineering 362

Social Engineering Attack Examples 363

Understanding Physical Security 366

Hardware Locks and Security 369

Mantraps 371

Video Surveillance 371

Fencing 372

Access List 373

Proper Lighting 374

Signs 374

Guards 374

Barricades 375

Biometrics 375

Protected Distribution 376

Alarms 376

Motion Detection 376

Environmental Controls 377

HVAC 378

Fire Suppression 378

EMI Shielding 380

Hot and Cold Aisles 382

Environmental Monitoring 383

Temperature and Humidity Controls 383

Control Types 384

A Control Type Analogy 385

Data Policies 385

Destroying a Flash Drive 386

Some Considerations 387

Optical Discs 388

Summary 389

Exam Essentials 389

Review Questions 391

Chapter 11 Security Administration 395

Third-Party Integration 397

Transitioning 397

Ongoing Operations 398

Understanding Security Awareness and Training 399

Communicating with Users to Raise Awareness 399

Providing Education and Training 399

Safety Topics 401

Training Topics 402

Classifying Information 409

Public Information 410

Private Information 411

Information Access Controls 413

Security Concepts 413

Complying with Privacy and Security Regulations 414

The Health Insurance Portability and

Accountability Act 415

The Gramm-Leach-Bliley Act 415

The Computer Fraud and Abuse Act 416

The Family Educational Rights and Privacy Act 416

The Computer Security Act of 1987 416

The Cyberspace Electronic Security Act 417

The Cyber Security Enhancement Act 417

The Patriot Act 417

Familiarizing Yourself with International Efforts 418

Mobile Devices 418

BYOD Issues 419

Alternative Methods to Mitigate Security Risks 420

Summary 422

Exam Essentials 422

Review Questions 424

Chapter 12 Disaster Recovery and Incident Response 429

Issues Associated with Business Continuity 431

Types of Storage Mechanisms 432

Crafting a Disaster-Recovery Plan 433

Incident Response Policies 445

Understanding Incident Response 446

Succession Planning 454

Tabletop Exercises 454

Reinforcing Vendor Support 455

Service-Level Agreements 455

Code Escrow Agreements 457

Penetration Testing 458

What Should You Test? 458

Vulnerability Scanning 459

Summary 460

Exam Essentials 461

Review Questions 462

Appendix A Answers to Review Questions 467

Chapter 1: Measuring and Weighing Risk 468

Chapter 2: Monitoring and Diagnosing Networks 469

Chapter 3: Understanding Devices and Infrastructure 470

Chapter 4: Access Control, Authentication, and Authorization 471

Chapter 5: Protecting Wireless Networks 473

Chapter 6: Securing the Cloud 474

Chapter 7: Host, Data, and Application Security 475

Chapter 8: Cryptography 476

Chapter 9: Malware, Vulnerabilities, and Threats 477

Chapter 10: Social Engineering and Other Foes 478

Chapter 11: Security Administration 480

Chapter 12: Disaster Recovery and Incident Response 481

Appendix B About the Additional Study Tools 483

Additional Study Tools 484

Sybex Test Engine 484

Electronic Flashcards 484

PDF of Glossary of Terms 484

Adobe Reader 484

System Requirements 485

Using the Study Tools 485

Troubleshooting 485

Customer Care 486

Index 487

See More

Author Information

Emmett Dulaney is an Assistant Professor at Anderson University. He has written several certification books on Windows, security, IT project management, and UNIX, and was the co-author of CompTIA A+ Complete Study Guide (Sybex).

Chuck Easttom is CEO and Chief Trainer for CEC-Security, which specializes in IT security training and CISP and Security+ exam preparation. He has over 18 years in the IT industry, 10 years teaching and training, and has authored 15 published books.

See More

Downloads

Download TitleSizeDownload
See More

Errata

Do you think you've discovered an error in this book? Please check the list of errata below to see if we've already addressed the error. If not, please submit the error via our Errata Form. We will attempt to verify your error; if you're right, we will post a correction below.

ChapterPageDetailsDatePrint Run
See More

Press Release

May 22, 2014
CompTIA Security+ Study Guide: SY0-401, 6th Edition

May 22, 2014 (San Francisco, CA) – To support CompTIA’s recent announcement of the new Security+ exam, SY0-401, Sybex, an imprint of Wiley, announces CompTIA Security+ Study Guide: SY0-401, 6th Edition (Sybex; ISBN: 978-1-118-87507-0; May 2014). The guide covers 100 percent of the Security+ exam objectives with clear and concise information on crucial security topics.

 

The CompTIA Security+ Study Guide: SY0-401, 6th Edition features everything readers need to prepare for the 2014 version of the Security+ certification exam, including:

  • Key topics like network security, compliance and operational security, threats and vulnerabilities, access control and identity management and cryptography
  • Practical examples and insights to provide real-world context from two leading certification experts
  • Tools to take that first step toward advanced security certifications like CASP, CISSP, and CISA, in addition to satisfying the DoD's 8570 directive

 

Additionally, as a CompTIA Authorized Partner, Sybex is offering readers 10 percent off the non-member price of CompTIA exam vouchers when purchased through the CompTIA Marketplace. View additional information about the CompTIA exam voucher from Sybex.

 

“We’re thrilled to be working with CompTIA and be first to market with training materials for their latest Security+ certification exam,” said Chris Webb, Associate Publisher for Sybex. “Candidates who prepare with our training products will be able to approach the exam with confidence.”

 

“Strategic partners such as Wiley are on the front lines improving workforce development, student employability and delivering long-term education value,” said Terry Erdle, executive vice president, skills certification and learning, CompTIA. “Expanding our engagement with Wiley helps CompTIA fulfill one of its primary objectives – to prepare the IT workforce of today and tomorrow.”

 

CompTIA Security+ Study Guide: SY0-401, 6th Edition is available for purchase online and at retailers nationwide. The book is available in both print and all e-book formats. For additional information, visit http://www.wiley.com/buy/9781118875070.

 

About Sybex®

For over 30 years, Sybex has published premium learning products and solutions for current and aspiring professionals working with cutting edge technologies. Our customers come from every corner of the globe and work in a variety of industries, but they all have one thing in common—the drive to acquire the serious technical skills needed to excel in a competitive marketplace. Wherever you are in your career, Sybex can help you achieve your goals. For more information, visit sybex.com. Sybex is an imprint of Wiley.

 

About CompTIA

CompTIA is the voice of the world’s information technology (IT) industry. Its members are the companies at the forefront of innovation; and the professionals responsible for maximizing the benefits organizations receive from their investments in technology. CompTIA is dedicated to advancing industry growth through educational programs, market research, networking events, professional certifications and public policy advocacy. For more information, visit CompTIA online and on Facebook, LinkedIn and Twitter.

See More
Instructors Resources
Wiley Instructor Companion Site
Request a print evaluation copy
Contact us
See More
See Less

Learn more about