WIXLIB

Protecting Systems from MalwareAntivirus and Anti-Malware SoftwareData Execution PreventionAdvanced Malware ToolsSpam FiltersEducating UsersNew VirusesPhishing AttacksZero-Day ExploitsWhy Social Engineering FamiliarityTrustChapter 6 Exam Topic ReviewChapter 6 Practice QuestionsChapter 6 Practice Question AnswersChapter 7 Protecting Against Advanced AttacksComparing Common AttacksDoS Versus DDoSPrivilege EscalationSpoofingSYN Flood AttacksMan-in-the-Middle AttacksARP Poisoning AttacksDNS AttacksDNS Poisoning AttacksPharming AttacksDDoS DNS AttacksAmplification AttacksPassword Attacks

Brute Force AttacksDictionary AttacksPassword HashesPass the Hash AttacksBirthday AttacksRainbow Table AttacksReplay AttacksKnown Plaintext AttacksHijacking and Related AttacksDomain HijackingMan-in-the-BrowserDriver ManipulationZero-Day AttacksMemory Buffer VulnerabilitiesMemory LeakInteger OverflowBuffer Overflows and Buffer Overflow AttacksPointer DereferenceDLL InjectionSummarizing Secure Coding ConceptsCompiled Versus Runtime CodeProper Input ValidationClient-Side and Server-Side Input ValidationOther Input Validation TechniquesAvoiding Race ConditionsProper Error HandlingCryptographic TechniquesCode Reuse and SDKsCode ObfuscationCode Quality and TestingDevelopment Life-Cycle ModelsSecure DevOpsVersion Control and Change ManagementProvisioning and Deprovisioning

Identifying Application AttacksWeb ServersDatabase ConceptsNormalizationSQL QueriesInjection AttacksCross-Site ScriptingCross-Site Request ForgeryUnderstanding Frameworks and GuidesChapter 7 Exam Topic ReviewChapter 7 Practice QuestionsChapter 7 Practice Question AnswersChapter 8 Using Risk Management ToolsUnderstanding Risk ManagementThreats and Threat AssessmentsVulnerabilitiesRisk ManagementRisk AssessmentRisk RegistersSupply Chain AssessmentComparing Scanning and Testing ToolsChecking for VulnerabilitiesPassword CrackersNetwork ScannersBanner GrabbingVulnerability ScanningCredentialed Versus Non-CredentialedConfiguration Compliance ScannerObtaining AuthorizationPenetration TestingPassive ReconnaissanceActive ReconnaissanceInitial ExploitationEscalation of PrivilegePivot

PersistenceWhite, Gray, and Black Box TestingIntrusive Versus Non-Intrusive TestingPassive Versus Active ToolsExploitation FrameworksUsing Security ToolsSniffing with a Protocol AnalyzerCommand-Line ToolsTcpdumpNmapNetcatMonitoring Logs for Event AnomaliesOperating System Event LogsFirewall and Router Access LogsLinux LogsOther LogsSIEMContinuous MonitoringUsage Auditing and ReviewsPermission Auditing and ReviewChapter 8 Exam Topic ReviewChapter 8 Practice QuestionsChapter 8 Practice Question AnswersChapter 9 Implementing Controls to Protect AssetsImplementing Defense in DepthComparing Physical Security ControlsUsing SignsComparing Door Lock TypesSecuring Door Access with Cipher LocksSecuring Door Access with CardsSecuring Door Access with BiometricsTailgatingPreventing Tailgating with MantrapsIncreasing Physical Security with Guards

Monitoring Areas with CamerasFencing, Lighting, and AlarmsSecuring Access with BarricadesUsing Hardware LocksSecuring Mobile Computers with Cable LocksSecuring Servers with Locking CabinetsSecuring Small Devices with a SafeAsset ManagementImplementing Environmental ControlsHeating, Ventilation, and Air ConditioningHot and Cold AislesHVAC and FireFire SuppressionEnvironmental MonitoringShieldingProtected CablingProtected Distribution of CablingFaraday CageAdding Redundancy and Fault ToleranceSingle Point of FailureDisk RedundanciesRAID-0RAID-1RAID-5 and RAID-6RAID-10Server Redundancy and High AvailabilityFailover Clusters for High AvailabilityLoad Balancers for High AvailabilityClustering Versus Load BalancingPower RedundanciesProtecting Data with BackupsComparing Backup TypesFull BackupsRestoring a Full Backup

Differential BackupsOrder of Restoration for a Full/Differential Backup SetIncremental BackupsOrder of Restoration for a Full/Incremental Backup SetChoosing Full/Incremental or Full/DifferentialSnapshot BackupTesting BackupsProtecting BackupsBackups and Geographic ConsiderationsComparing Business Continuity ElementsBusiness Impact Analysis ConceptsImpactPrivacy Impact and Threshold AssessmentsRecovery Time ObjectiveRecovery Point ObjectiveComparing MTBF and MTTRContinuity of Operations PlanningRecovery SitesOrder of RestorationDisaster RecoveryTesting Plans with ExercisesChapter 9 Exam Topic ReviewChapter 9 Practice Question AnswersChapter 10 Understanding Cryptography and PKIIntroducing Cryptography ConceptsProviding Integrity with HashingMD5SHAHMACRIPEMDHashing FilesHashing PasswordsKey StretchingHashing Messages

Using HMACProviding Confidentiality with EncryptionEncryption TermsBlock Versus Stream CiphersCipher ModesSymmetric EncryptionAESDES3DESRC4Blowfish and TwofishSymmetric Encryption SummaryAsymmetric EncryptionThe Rayburn BoxThe Rayburn Box Used to Send SecretsThe Rayburn Box Used for AuthenticationThe Rayburn Box DemystifiedCertificatesRSAStatic Versus Ephemeral KeysElliptic Curve CryptographyDiffie-HellmanSteganographyUsing Cryptographic ProtocolsProtecting EmailSigning Email with Digital SignaturesEncrypting EmailS/MIMEPGP/GPGHTTPS Transport EncryptionSSL Versus TLSEncrypting HTTPS Traffic with TLSCipher SuitesImplementation Versus Algorithm Selection

Downgrade Attacks on Weak ImplementationsExploring PKI ComponentsCertificate AuthorityCertificate Chaining and Trust ModelsRegistration and CSRsRevoking CertificatesCertificate IssuesPublic Key PinningKey EscrowRecovery AgentComparing Certificate TypesCertificate FormatsChapter 10 Exam Topic ReviewChapter 10 Practice QuestionsChapter 10 Practice Question AnswersChapter 11 Implementing Policies to Mitigate RisksExploring Security PoliciesPersonnel Management PoliciesAcceptable Use PolicyMandatory VacationsSeparation of DutiesJob RotationClean Desk PolicyBackground CheckNDAExit InterviewOnboardingPolicy Violations and Adverse ActionsOther General Security PoliciesAgreement TypesProtecting DataInformation ClassificationData Sensitivity Labeling and HandlingData Destruction and Media Sanitization

Data Retention PoliciesPII and PHIProtecting PII and PHILegal and Compliance IssuesData Roles and ResponsibilitiesResponding to IncidentsIncident Response PlanIncident Response ProcessImplementing Basic Forensic ProceduresOrder of VolatilityData Acquisition and Preservation of EvidenceChain of CustodyLegal HoldRecovery of DataActive Logging for Intelligence GatheringTrack Man-Hours and ExpenseProviding TrainingRole-Based Awareness TrainingContinuing EducationTraining and Compliance IssuesTroubleshooting Personnel IssuesChapter 11 Exam Topic ReviewChapter 11 Practice QuestionsChapter 11 Practice Question AnswersPost-Assessment ExamAssessment Exam AnswersAppendix A—GlossaryABCDEFGI

JKLMNOPQRSTUVWXZ

IntroductionCongratulations on your purchase of CompTIA Security : Get Certified Get Aheadstudy guide. You are one step closer to becoming CompTIA Security certified. Thiscertification has helped many individuals get ahead in their jobs and their careers, and it canhelp you get ahead, too.It is a popular certification within the IT field. One IT hiring manager told me that if arésumé doesn’t include the Security certification, or a higher-level security certification, hesimply sets it aside. He won’t even talk to applicants. That’s not the same with all IT hiringmanagers, but it does help illustrate how important security is within the IT field.Who This Book Is ForIf you’re studying for the CompTIA Security exam and want to pass it on your firstattempt, this book is for you. It covers 100 percent of the objectives identified by CompTIAfor the Security exam.The first target audience for this book is students in CompTIA Security classes. Mygoal is to give students a book they can use to study the relevant and important details ofCompTIA Security in adequate depth for the challenging topics, but without the minutiae intopics that are clear for most IT professionals. I regularly taught from the earlier editions ofthis book, and I’ll continue to teach using this edition. I also hear from instructors around theUnited States and in several other countries who use versions of the book to help studentsmaster the topics and pass the Security exam the first time they take it.Second, this book is for those people who like to study on their own. If you’re one ofthe people who can read a book and learn the material without sitting in a class, this book haswhat you need to take and pass the exam.Additionally, you can keep this book on your shelf (or in your Kindle) to remindyourself of important, relevant concepts. These concepts are important for securityprofessionals and IT professionals in the real world.Based on many conversations with students and readers of the previous versions ofthis book, I know that many people use the Security certification as the first step inachieving other security certifications. For example, you may follow Security with one ofthese cybersecurity certifications: (ISC)2 Systems Security Certified Practitioner (SSCP) (ISC)2 Certified Information Systems Security Professional (CISSP) CompTIA Advanced Security Practitioner (CASP) CompTIA Cybersecurity Analyst (CSA )If you plan to pursue any of these advanced security certifications, you’ll find thisbook will help you lay a solid foundation of security knowledge. Learn this material, andyou’ll be a step ahead on the other exams.

About This BookOver the past several years, I’ve taught literally hundreds of students, helping them tobecome CompTIA Security certified. During that time, I’ve learned what concepts are easyto grasp and what concepts need more explanation. I’ve developed handouts and analogiesthat help students grasp the elusive concepts.Feedback from students was overwhelmingly positive—both in their comments to meand their successful pass rates after taking the certification exam. When the objectiveschanged in 2008, I rewrote my handouts as the first edition of this book. When the objectiveschanged again in 2011 and 2014, I rewrote the book to reflect the new objectives. This bookreflects the objective changes released in 2017.Gratefully, this book has allowed me to reach a much larger audience and sharesecurity and IT-related information. Even if you aren’t in one of the classes I teach, this bookcan help you learn the relevant material to pass the exam the first time you take it.How to Use This BookOver the years, I’ve taught the Security course many times. During this process, Ilearned the best way to present the material so that students understand and retain the mostknowledge. The book is laid out the same way.For most people, the easiest way to use the book is by starting with the pre-assessmentexam (after the intro) to gauge your initial understanding of the topics. Then, go througheach chapter sequentially, including the end-of-chapter practice test questions. Doing so,you’ll build a solid foundation of knowledge. This helps make the more advanced topics inlater chapters easier to understand.If you have a high level of IT security knowledge and only want to study the topicsthat are unclear to you on this exam, you can review the objective map listed at the end of theintroduction. This lists all the objectives and identifies the chapter where the objective topicsare covered. Additionally, you can look at the index to locate the exact page for these topics.If you have the Kindle version, it includes an excellent search feature you can use to find aspecific topic. When practicing for any certification exam, the following steps are a goodrecipe for success: Review the objectives. The objectives for the SY0-501 exam are listed in the“Objective to Chapter Map” section in this Introduction. Learn the material related to the objectives. This book covers all theobjectives, and the introduction includes a map showing which chapter (or chapters)covers each objective. Along those lines, my goal when writing the book was tocover the objectives at sufficient depth to help you pass the exam. However, thesetopics all have a lot more depth. When I study for a certification exam, I typicallydig in much deeper than necessary, often because the topics interest me. You can,too, if you want, but don’t lose site of the exam objectives. Take practice questions. A key step when preparing for any certification examis to make sure you can answer the exam questions. Yes, you need the knowledge,but you also must be able to read a question and select the correct answer. Thissimply takes practice. When using practice test questions, ensure they have

explanations. Questions without explanations often encourage rote memorizationwithout understanding and sometimes even give you the wrong answers. Achieve high scores on practice exams. I typically tell people that they shouldget scores of at least 90 percent on practice tests for the CompTIA Security exam.However, don’t focus on only your scores. Read and understand the explanations. Ideally, you should be able to look atany practice test question and know why the correct answers are correct and why theincorrect answers are incorrect. Within this book, you’ll find this information in theexplanations. When you understand the explanations, you have the best chance ofaccurately interpreting the questions on the live exam and answering them correctlyno matter how CompTIA words or presents them.This book has over 300 practice test questions you can use to test your knowledge andyour ability to correctly answer them. Every question has a detailed explanation to help youunderstand why the correct answers are correct and why the incorrect answers are incorrect.You can find the practice questions in the following areas: Pre-assessment exam. Use these questions at the beginning of the book to get afeel for what you know and what you need to study more. End-of-chapter practice questions. Each chapter has practice questions to helpyou test your comprehension of the material in the chapter. Post-assessment exam. Use this as a practice exam to test your comprehensionof the subject matter and readiness to take the actual exam.It’s OK if you do the practice questions in a different order. You may decide to tackleall the chapters in the book and then do the pre-assessment and post-assessment questions.That’s fine. However, I strongly suggest you review all the questions in the book. Also, makesure you check out the additional free online resources at http://gcgapremium.com/501extras.The glossary provides a short definition of key terms. If you want more details on anytopic, check out the index to identify the page numbers. Many index entries also list relatedtopics.ConventionsWhile creating this book, I’ve followed specific conventions to give you insight intothe content. This includes the following items: Glossary terms. Important glossary items are presented in bold italics the firsttime they are mentioned, and/or when they are defined. The objectives include anextensive Security Acronyms list. Some of these are relevant to the current exam,so I’ve included them in Appendix A, “Glossary.” However, irrelevant acronyms arenot included in the Glossary. Commands. Some chapters include specific commands that I encourage you toenter so that you can see how they work. These are shown in bold. File names. File names such as md5sum.exe are shown in italics. Web site URLs. URLs such as http:/gcgapremium.com are shown in italics.

Remember ThisThroughout the book, you’ll see text boxes that highlight important information youshould remember to successfully pass the exam. The surrounding content provides theadditional information needed to fully understand these key points, and the text boxessummarize the important points.These text boxes will look like this:Remember thisI strongly encourage you to repeat the information in the text boxes toyourself as often as possible. The more you repeat the information, themore likely you are to remember it when you take the exam.A tried-and-true method of repeating key information is to take notes when you’refirst studying the material and then rewrite the notes later. This will expose you to thematerial a minimum of three times.Another method that students have told me has been successful for them is to use anMP3 player. Many MP3 players can record. Start your MP3 recorder and read theinformation in each text box for a chapter and the information in the Exam Topic Reviewsection of each chapter. Save the MP3 file and regularly listen to it. This allows you toreaffirm the important information in your own voice.You can play it while exercising, walking, or just about any time when it’s notdangerous to listen to any MP3 file. You can even burn the MP3 files to a CD and play themback from a CD player.If the MP3 method is successful for you, you can also record and listen to examquestions. Read the question, only the correct answer, and the first sentence or two of theexplanation in each practice question.If you don’t have time to create your own MP3 recordings, check out the companionweb site (http://gcgapremium.com) for this book. You can purchase MP3 recordings therethat you can download and use.Vendor NeutralCompTIA certifications are vendor neutral. In other words, certifications are notcentered on any single vendor, such as Microsoft, Apple, or Linux distributions. However,you can expect to see questions that are focused on specific vendors or operating systems.For example, many of the topics in this version of the CompTIA Security exam arespecific to Microsoft operating systems. Group Policy is one of many examples. More andmore security devices use Linux as their operating system and this version of the exam hassome specific topics on Linux. Command-line tools such as dig, ifconfig, and ip are a fewexamples. Most mobile devices use either the Apple iOS operating system or the Androidoperating system and some of the objectives (such as rooting and jailbreaking) focus onthese operating systems.

Free Online ResourcesThere are many additional free resources available to you athttp://gcgapremium.com/501-extras/, including: Free online labs Sample performance-based questions Additional fre

CompTIA Security Get Certified Get