Transcription
CompTIA Security SY0-601 Cert GuideOmar SantosRon TaylorJoseph MlodzianowskiA01 Santos Fm pi-plii 1.indd 101/06/21 2:49 pm
CompTIA Security SY0-601 Cert GuideCopyright 2022 by Pearson Education, Inc.Editor-in-ChiefMark TaubAll rights reserved. No part of this book shall be reproduced, stored ina retrieval system, or transmitted by any means, electronic, mechanical,photocopying, recording, or otherwise, without written permission fromthe publisher. No patent liability is assumed with respect to the use of theinformation contained herein. Although every precaution has been taken inthe preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damagesresulting from the use of the information contained herein.Product Line ManagerBrett BartowISBN-13: 978-0-13-677031-2Managing EditorSandra SchroederISBN-10: 0-13-677031-2Library of Congress Control Number: 2021935686ScoutAutomatedPrintCodeTrademarksAll terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certificationcannot attest to the accuracy of this information. Use of a term in this bookshould not be regarded as affecting the validity of any trademark or servicemark.Warning and DisclaimerEvery effort has been made to make this book as complete and as accurateas possible, but no warranty or fitness is implied. The information providedis on an “as is” basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss ordamages arising from the information contained in this book.Special SalesFor information about buying this title in bulk quantities, or for specialsales opportunities (which may include electronic versions; custom coverdesigns; and content particular to your business, training goals, marketingfocus, or branding interests), please contact our corporate sales departmentat corpsales@pearsoned.com or (800) 382-3419.Executive EditorNancy DavisDevelopment EditorChristopher A. ClevelandSenior Project EditorTonya SimpsonCopy EditorChuck HutchinsonIndexerErika MillenProofreaderAbigail ManheimTechnical EditorChris CraytonPublishing CoordinatorCindy TeetersCover DesignerChuti PrasertsithCompositorcodeMantraFor government sales inquiries, please contactgovernmentsales@pearsoned.com.For questions about sales outside the U.S., please contactintlcs@pearson.com.9780136770312 print.indb 230/05/21 4:24 pm
Contents at a GlanceIntroductionxlivPart I: Threats, Attacks, and VulnerabilitiesCHAPTER 1 Comparing and Contrasting Different Types of Social EngineeringTechniques 3CHAPTER 2Analyzing Potential Indicators to Determine the Type of Attack29CHAPTER 3 Analyzing Potential Indicators Associated withApplication AttacksCHAPTER 461Analyzing Potential Indicators Associated with Network Attacks95CHAPTER 5 Understanding Different Threat Actors, Vectors, and IntelligenceSources 117CHAPTER 6 Understanding the Security Concerns Associated with VariousTypes of Vulnerabilities133CHAPTER 7Summarizing the Techniques Used in Security AssessmentsCHAPTER 8Understanding the Techniques Used in Penetration Testing171193Part II: Architecture and DesignCHAPTER 9 Understanding the Importance of Security Concepts inan Enterprise EnvironmentCHAPTER 10209Summarizing Virtualization and Cloud Computing Concepts227CHAPTER 11 Summarizing Secure Application Development, Deployment,and Automation Concepts253CHAPTER 12 Summarizing Authentication and Authorization Design ConceptsCHAPTER 13Implementing Cybersecurity Resilience285311CHAPTER 14 Understanding the Security Implications of Embeddedand Specialized Systems 335CHAPTER 15Understanding the Importance of Physical Security Controls 367CHAPTER 16Summarizing the Basics of Cryptographic Concepts391Part III: ImplementationCHAPTER 17Implementing Secure Protocols 423CHAPTER 18Implementing Host or Application Security SolutionsCHAPTER 19Implementing Secure Network DesignsCHAPTER 20Installing and Configuring Wireless Security Settings9780136770312 print.indb 344748354730/05/21 4:24 pm
ivCompTIA Security SY0-601 Cert GuideCHAPTER 21Implementing Secure Mobile Solutions567CHAPTER 22Applying Cybersecurity Solutions to the CloudCHAPTER 23Implementing Identity and Account Management ControlsCHAPTER 24Implementing Authentication and Authorization SolutionsCHAPTER 25Implementing Public Key Infrastructure595619651685Part IV: Operations and Incident ResponseCHAPTER 26Using the Appropriate Tool to Assess Organizational Security703CHAPTER 27 Summarizing the Importance of Policies, Processes,and Procedures for Incident Response755CHAPTER 28Using Appropriate Data Sources to Support an InvestigationCHAPTER 29Applying Mitigation Techniques or Controls to Secure anEnvironment 819CHAPTER 30Understanding the Key Aspects of Digital Forensics781837Part V: Governance, Risk, and ComplianceCHAPTER 31Comparing and Contrasting the Various Types of Controls 865CHAPTER 32Understanding the Importance of Applicable Regulations, Standards,or Frameworks That Impact Organizational Security Posture 875CHAPTER 33Understanding the Importance of Policies toOrganizational Security 893CHAPTER 34Summarizing Risk Management Processes and ConceptsCHAPTER 35Understanding Privacy and Sensitive Data Conceptsin Relation to Security 935913Part VI: Final PreparationCHAPTER 36Final Preparation953Glossary of Key Terms955APPENDIX AAnswers to the “Do I Know This Already?”Quizzes and Review Questions 1023APPENDIX BCompTIA Security (SY0-601) Cert Guide Exam UpdatesIndex10871089Online Elements:APPENDIX CStudy PlannerGlossary of Key Terms9780136770312 print.indb 430/05/21 4:24 pm
Table of ContentsIntroduction xlivPart I: Threats, Attacks, and VulnerabilitiesComparing and Contrasting Different Types of Social EngineeringChapter 1 Techniques 3“Do I Know This Already?” QuizFoundation Topics37Social Engineering Fundamentals7Phishing and Spear Phishing9Smishing12Vishing12Spam and Spam over Internet Messaging (SPIM)Dumpster Diving13Shoulder Surfing14Pharming14Piggybacking or TailgatingEliciting InformationWhaling13151516Prepending 17Identity Fraud17Invoice Scams17Credential HarvestingReconnaissanceHoaxes181819Impersonation or PretextingEavesdroppingBaiting191920Watering Hole AttackTypo Squatting2020Influence Campaigns, Principles of Social Engineering,and Reasons for Effectiveness 219780136770312 print.indb 530/05/21 4:24 pm
viCompTIA Security SY0-601 Cert GuideUser Security Awareness Education22Chapter Review Activities 24Chapter 2Review Key Topics24Define Key Terms25Review Questions26Analyzing Potential Indicators to Determine the Type of Attack“Do I Know This Already?” QuizFoundation Topics2933Malicious Software (Malware)33Ransomware and CryptomalwareTrojans3335Remote Access Trojans (RATs) and RootkitsWorms293536Fileless Virus37Command and Control, Bots, and Botnets3739Logic BombsPotentially Unwanted Programs (PUPs) and SpywareKeyloggersBackdoors404243Malware Delivery Mechanisms43You Can’t Save Every Computer from Malware!Password Attacks4545Dictionary-based and Brute-force AttacksPassword Spraying4546Offline and Online Password Cracking 46Rainbow Tables47Plaintext/UnencryptedPhysical Attacks4748Malicious Flash Drives48Malicious Universal Serial Bus (USB) CablesCard Cloning AttacksSkimming9780136770312 print.indb 648484930/05/21 4:24 pm
Table of ContentsAdversarial Artificial Intelligencevii50Tainted Training Data for Machine LearningSecurity of Machine Learning Algorithms5050Supply-Chain Attacks 51Cloud-based vs. On-premises AttacksCloud Security Threats52Cloud Computing AttacksCryptographic er Review ActivitiesReview Key Topics57Define Key Terms58Review Questions5957Analyzing Potential Indicators Associated with ApplicationChapter 3 Attacks 61“Do I Know This Already?” QuizFoundation Topics6767Privilege EscalationCross-Site Scripting (XSS) AttacksInjection Attacks616870Structured Query Language (SQL) Injection Attacks70SQL Injection Categories 73Dynamic Link Library (DLL) Injection Attacks74Lightweight Directory Access Protocol (LDAP) Injection AttacksExtensible Markup Language (XML) Injection Attacks7474Pointer/Object Dereference 75Directory TraversalBuffer Overflows7677Arbitrary Code Execution/Remote Code ExecutionRace ConditionsError Handling9780136770312 print.indb 778797930/05/21 4:24 pm
viiiCompTIA Security SY0-601 Cert GuideImproper Input Handling80Compile-Time Errors vs. Runtime ErrorsReplay Attacks8182Request Forgeries85Application Programming Interface (API) AttacksResource Exhaustion8687Memory Leaks 88Secure Socket Layer (SSL) StrippingDriver ManipulationPass the Hash8989Chapter Review ActivitiesChapter 488Review Key Topics90Define Key Terms92Review Questions9290Analyzing Potential Indicators Associated with Network Attacks“Do I Know This Already?” QuizFoundation TopicsWireless Attacks959898Evil Twin Attacks98Rogue Access Points99Bluesnarfing Attacks99Bluejacking Attacks100Disassociation and Deauthentication AttacksJamming Attacks101102Radio Frequency Identifier (RFID) Attacks102Near-Field Communication (NFC) Attacks102Initialization Vector (IV) AttacksOn-Path AttacksLayer 2 Attacks103103105Address Resolution Protocol (ARP) Poisoning AttacksMedia Access Control (MAC) Flooding AttacksMAC Cloning Attacks105106106Best Practices to Protect Against Layer 2 Attacks9780136770312 print.indb 89510630/05/21 4:24 pm
Table of ContentsDomain Name System (DNS) Attacksix107Domain Hijacking Attacks 108DNS Poisoning Attacks108Uniform Resource Locator (URL) Redirection AttacksDomain Reputation110Distributed Denial-of-Service (DDoS) AttacksMalicious Code or Script Execution AttacksChapter Review ActivitiesReview Key Topics114Define Key Terms115Review Questions115110111113114Understanding Different Threat Actors, Vectors, and IntelligenceChapter 5 Sources 117“Do I Know This Already?” QuizFoundation Topics120Actors and Threats120Attributes of Threat ActorsAttack Vectors117122122Threat Intelligence and Threat Intelligence Sources123Structured Threat Information eXpression (STIX) and the TrustedAutomated eXchange of Indicator Information (TAXII) 125Research Sources127The MITRE ATT&CK FrameworkChapter Review ActivitiesReview Key Topics129Define Key Terms130Review Questions131128129Chapter 6 Understanding the Security Concerns Associated with Various Typesof Vulnerabilities 133“Do I Know This Already?” QuizFoundation Topics133137Cloud-based vs. On-premises VulnerabilitiesOther “Cloud”-based Concerns137143Server Defense 1449780136770312 print.indb 930/05/21 4:24 pm
xCompTIA Security SY0-601 Cert GuideFile Servers 144Network Controllers 144Email Servers145Web Servers146FTP Server147Zero-day Vulnerabilities 149Weak ConfigurationsThird-party Risks150155Improper or Weak Patch Management160Patches and Hotfixes 161Patch Management 163Legacy Platforms165The Impact of Cybersecurity Attacks and BreachesChapter Review ActivitiesChapter 7Review Key Topics166Define Key Terms167Review Questions168165166Summarizing the Techniques Used in Security Assessments“Do I Know This Already?” QuizFoundation Topics171171175Threat Hunting 175Security Advisories and BulletinsVulnerability Scans177180Credentialed vs. Noncredentialed 182Intrusive vs. Nonintrusive182Common Vulnerability Scoring System (CVSS)182Logs and Security Information and Event Management (SIEM)Security Orchestration, Automation, and Response (SOAR)Chapter Review Activities9780136770312 print.indb 10Review Key Topics189Define Key Terms190Review Questions19018618818930/05/21 4:24 pm
Table of ContentsChapter 8Understanding the Techniques Used in Penetration Testing“Do I Know This Already?” QuizFoundation Topicsxi193193197Penetration Testing197Bug Bounties vs. Penetration TestingPassive and Active Reconnaissance202203Exercise Types 205Chapter Review ActivitiesReview Key Topics206Define Key Terms207Review Questions207206Part II: Architecture and DesignUnderstanding the Importance of Security Concepts in an EnterpriseChapter 9 Environment 209“Do I Know This Already?” QuizFoundation Topics209213Configuration Management213Data Sovereignty and Data Protection214Secure Sockets Layer (SSL)/Transport Layer Security (TLS)Inspection 215API Considerations216Data Masking and Obfuscation216Encryption at Rest, in Transit/Motion, and in ProcessingHashing218Rights Management219Geographical Considerations220Data Breach Response and Recovery ControlsSite Resiliency218220221Deception and DisruptionFake Telemetry222223DNS Sinkhole 223Chapter Review Activities9780136770312 print.indb 1122430/05/21 4:24 pm
xiiCompTIA Security SY0-601 Cert GuideReview Key Topics 224Chapter 10Define Key Terms225Review Questions225Summarizing Virtualization and Cloud Computing Concepts 227“Do I Know This Already?” QuizFoundation TopicsCloud Models227231231Public, Private, Hybrid, and Community CloudsCloud Service Providers233234Cloud Architecture ComponentsFog and Edge ComputingThin ClientsContainers232234235236Microservices and APIsInfrastructure as Code240241Serverless Architecture 243Services IntegrationResource PoliciesTransit Gateway246246246Virtual Machine (VM) Sprawl Avoidance and VM Escape ProtectionUnderstanding and Avoiding VM SprawlProtecting Against VM Escape AttacksChapter Review ActivitiesReview Key Topics250Define Key Terms251Review Questions251247247248250Summarizing Secure Application Development, Deployment, andChapter 11 Automation Concepts 253“Do I Know This Already?” QuizFoundation Topics253257Software Development Environments and MethodologiesApplication Provisioning and DeprovisioningSoftware Integrity Measurement9780136770312 print.indb 1225726026130/05/21 4:24 pm
Table of ContentsxiiiSecure Coding Techniques 261Core SDLC and DevOps PrinciplesProgramming Testing Methods266Compile-Time Errors vs. Runtime ErrorsInput Validation266267Static and Dynamic Code AnalysisFuzz Testing263269269Programming Vulnerabilities and AttacksTesting for Backdoors270271Memory/Buffer Vulnerabilities 271XSS and XSRF 272More Code Injection Examples 273Directory Traversal274Zero-Day Attack 275Open Web Application Security Project (OWASP)276Software Diversity 278Automation/Scripting278Elasticity and ScalabilityChapter Review ActivitiesReview Key Topics280Define Key Terms281Review Questions281279280Summarizing Authentication and Authorization DesignChapter 12 Concepts 285“Do I Know This Already?” QuizFoundation Topics285289Authentication Methods289Directory Services 291FederationsAttestation292294Authentication Methods and Technologies295Time-Based One-Time Password (TOTP) 295HMAC-Based One-Time Password (HOTP)9780136770312 print.indb 1329530/05/21 4:24 pm
xivCompTIA Security SY0-601 Cert GuideShort Message Service (SMS) 296Token Key297Static Codes 298Authentication Applications 298Push Notifications 299Phone Call Authentication299Smart Card aIris300301Facial301Voice302Vein 302Gait AnalysisEfficacy Rates302302False AcceptanceFalse Rejection303303Crossover Error Rate304Multifactor Authentication (MFA) Factors and AttributesAuthentication, Authorization, and Accounting (AAA)Cloud vs. On-premises RequirementsChapter Review ActivitiesChapter 13Review Key Topics308Define Key Terms308Review Questions308308“Do I Know This Already?” QuizRedundancy311311315315Geographic DispersalDisk Redundancy315315Redundant Array of Inexpensive Disks9780136770312 print.indb 14306306Implementing Cybersecurity ResilienceFoundation Topics30431630/05/21 4:24 pm
Table of ContentsMultipathxv319Network Resilience 319Load Balancers 319Network Interface Card (NIC) TeamingPower Resilience320Uninterruptible Power Supply (UPS)Generators320320321Dual Supply321Managed Power Distribution Units (PDUs)322323ReplicationStorage Area NetworkVirtual Machines323324On-premises vs. Cloud 325Backup Types326Full Backup328Differential Backup328Incremental Backup328Non-persistence328High Availability329Restoration ols331331331332Chapter Review ActivitiesReview Key Topics332Define Key Terms333Review Questions333332Understanding the Security Implications of Embedded andChapter 14 Specialized Systems 335“Do I Know This Already?” QuizFoundation Topics9780136770312 print.indb 1533533930/05/21 4:24 pm
xviCompTIA Security SY0-601 Cert GuideEmbedded Systems339Supervisory Control and Data Acquisition (SCADA)/Industrial ControlSystems (ICS) 341Internet of Things (IoT)344346Specialized SystemsMedical Systems347Vehicles 347Aircraft348Smart Meters350Voice over IP (VoIP) 351Heating, Ventilation, and Air Conditioning (HVAC)Drones352353Multifunction Printers (MFP)354Real-Time Operating Systems (RTOS)355Surveillance Systems 355System on a Chip (SoC) 356Communication Considerations5G357357NarrowBand358359Baseband RadioSubscriber Identity Module (SIM) CardsZigbee360360Embedded System Constraints361Power 361Compute361Network362Crypto362Inability to PatchAuthenticationRangeCost363363363Implied Trust9780136770312 print.indb 1636236330/05/21 4:24 pm
Table of ContentsxviiChapter Review Activities 364Chapter 15Review Key Topics364Define Key Terms365Review Questions365Understanding the Importance of Physical Security Controls 367“Do I Know This Already?” QuizFoundation Topics370Bollards/Barricades370Access Control s375Closed-Circuit Television (CCTV)Industrial Camouflage376377Personnel 377Locks378USB Data BlockersLighting380Fencing380Fire SuppressionSensors381Drones382Visitor LogsFaraday CagesAir Gap379381383383384Screened Subnet (Previously Known as Demilitarized Zone [DMZ]) 384Protected Cable DistributionSecure Areas385Secure Data DestructionChapter Review Activities9780136770312 print.indb 17385Review Key Topics387Define Key Terms388Review Questions38938638730/05/21 4:24 pm
xviiiCompTIA Security SY0-601 Cert GuideChapter 16Summarizing the Basics of Cryptographic Concepts“Do I Know This Already?” QuizFoundation Topics395Digital Signatures395391391Key Length 396Key Stretching 397Salting397Hashing398Key Exchange 399399Elliptic-Curve CryptographyPerfect Forward Secrecy hemeral401402402403Modes of Operation403Electronic Code Book Mode404Cipher Block Chaining Mode 405Cipher Feedback Mode406Output Feedback Mode407Counter Mode 408Blockchain409Cipher Suites 410Symmetric vs. Asymmetric EncryptionLightweight CryptographySteganography415415Video Steganography416Image Steganography416Homomorphic Encryption417Common Use Cases9780136770312 print.indb 18414Audio SteganographyLimitations41141741830/05/21 4:24 pm
Table of ContentsxixChapter Review Activities 420Review Key Topics420Define Key Terms421Review Questions421Part III: ImplementationChapter 17Implementing Secure Protocols“Do I Know This Already?” QuizFoundation TopicsProtocols423423426426Domain Name System Security ExtensionsSSH426427Secure/Multipurpose Internet Mail ExtensionsSecure Real-Time Transport Protocol428430Lightweight Directory Access Protocol over SSLFile Transfer Protocol, Secure432Secure (or SSH) File Transfer Protocol434Simple Network Management Protocol Version 3Hypertext Transfer Protocol over SSL/TLSIPsec432434436437Authentication Header/Encapsulating Security Payloads 437Tunnel/Transport438Post Office Protocol/Internet Message Access ProtocolUse Cases438439Voice and Video440Time SynchronizationEmail and WebFile Transfer440441441Directory Services 442Remote Access442Domain Name ResolutionRouting and Switching443Network Address AllocationSubscription Services9780136770312 print.indb 1944244344430/05/21 4:24 pm
xxCompTIA Security SY0-601 Cert GuideChapter Review Activities 444Chapter 18Review Key Topics444Define Key Terms445Review Questions445Implementing Host or Application Security Solutions 447“Do I Know This Already?” QuizFoundation Topics451Endpoint ProtectionAntivirus447451451452AntimalwareEndpoint Detection and ResponseData Loss Prevention453Next-Generation Firewall453452Host-based Intrusion Prevention SystemHost-based Intrusion Detection System456457Host-based FirewallBoot Integrity454458Boot Security/Unified Extensible Firmware Interface 459Measured Boot459Boot Hashing463463Application SecurityInput ValidationsSecure Cookies464465Hypertext Transfer Protocol Headers465End-to-End Headers 466Hop-by-Hop Headers 466Code SigningAllow List466467Block List/Deny List9780136770312 print.indb 2046730/05/21 4:24 pm
Table of ContentsxxiSecure Coding Practices 468Static Code Analysis468Manual Code Review470Dynamic Code AnalysisFuzzingHardening470471471Open Ports and ServicesRegistry471472Disk Encryption473Operating System473Patch Management 474Self-Encrypting Drive/Full-Disk EncryptionOPAL476Hardware Root of Trust476Trusted Platform ModuleSandboxing477478Chapter Review ActivitiesChapter 19475Review Key Topics479Define Key Terms481Review Questions481479Implementing Secure Network Designs“Do I Know This Already?” QuizFoundation TopicsLoad Balancing488488Active/PassiveVirtual 8488489Network Segmentation 489Application-Based Segmentation and MicrosegmentationVirtual Local Area Network489490Screened Subnet 4919780136770312 print.indb 2130/05/21 4:24 pm
xxiiCompTIA Security SY0-601 Cert GuideEast-West Traffic 492Intranets and ExtranetsZero Trust492494Virtual Private Network494Remote Access vs. Site-to-SiteIPsec496497IKEv1 Phase 1498IKEv1 Phase 2501IKEv2504505SSL/TLSHTML5508Layer 2 Tunneling Protocol508DNS 509Network Access Control510Out-of-Band Management510Port Security 511Broadcast Storm Prevention512Bridge Protocol Data Unit GuardLoop Prevention512512Dynamic Host Configuration Protocol SnoopingMedia Access Control FilteringNetwork Appliances512513513Jump Servers 514Proxy Servers 514Network-Based Intrusion Detection System/Network-Based IntrusionPrevention System 516NIDS517NIPS518Summary of NIDS vs. 521Inline vs. Passive9780136770312 print.indb 2251952330/05/21 4:24 pm
Table of ContentsxxiiiHSM 26Hardware vs. Software534Appliance vs. Host-based vs. VirtualAccess Control ListRoute Security534535535Quality of Service 536Implications of IPv6536Port Spanning/Port Mirroring537Monitoring Services 538Performance Baselining 539File Integrity Monitors542542Chapter Review ActivitiesChapter 20Review Key Topics542Define Key Terms543Review Questions544Installing and Configuring Wireless Security Settings“Do I Know This Already?” QuizFoundation Topics547551Cryptographic Protocols551Wi-Fi Protected Access 2 (WPA2)551Wi-Fi Protected Access 3 (WPA3)551Counter-mode/CBC-MAC Protocol (CCMP)Simultaneous Authentication of EqualsAuthentication Protocols802.1X and EAP552552Wireless Cryptographic Protocol SummaryIEEE 802.1x547552553553556Remote Authentication Dial-In User Service (RADIUS)Federation 5569780136770312 print.indb 2330/05/21 4:24 pm
xxivCompTIA Security SY0-601 Cert GuideMethods 557Wi-Fi Protected SetupCaptive Portals559Installation Considerations559Controller and Access Point Security562Wireless Access Point Vulnerabilities563Chapter Review ActivitiesChapter 21558Review Key Topics564Define Key Terms564Review Questions565564Implementing Secure Mobile Solutions 567“Do I Know This Already?” QuizFoundation Topics567570Connection Methods and ReceiversRFID and NFC570571More Wireless Connection Methods and Receivers572Secure Implementation Best Practices 573Mobile Device Management 574MDM Security Feature Concerns: Application and ContentManagement 576MDM Security Feature Concerns: Remote Wipe, Geofencing,Geolocation, Screen Locks, Passwords and PINs, Full DeviceEncryption 578Mobile Device Management Enforcement and MonitoringMobile Devices585MDM/Unified Endpoint ManagementSEAndroid581587588Deployment Models588Secure Implementation of BYOD, CYOD, and COPE 589Chapter Review Activities9780136770312 print.indb 24Review Key Topics591Define Key Terms592Review Questions59259130/05/21 4:24 pm
Table of ContentsChapter 22Applying Cybersecurity Solutions to the Cloud“Do I Know This Already?” QuizFoundation Topicsxxv595595598Cloud Security Controls598Security Assessment in the Cloud598Understanding the Different Cloud Security ThreatsCloud Computing Attacks598601High Availability Across Zones603Resource Policies 603Integration and AuditingSecrets ManagementStorage604604605Permissions605Encryption 605Replication605High Availability 606Network606Virtual Networks606Public and Private Subnets606Segmentation 607API Inspection and IntegrationCompute607607Security Groups 607Dynamic Resource AllocationInstance Awareness607608Virtual Private Cloud Endpoint 608Container Security608Summary of Cloud Security ControlsSolutionsCASB609611611Application Security612Next-Generation Secure Web Gateway613Firewall Considerations in a Cloud Environment9780136770312 print.indb 2561330/05/21 4:24 pm
xxviCompTIA Security SY0-601 Cert GuideCost 613Need for Segmentation613Open Systems Interconnection Layers614Summary of Cybersecurity Solutions to the CloudCloud Native Controls vs. Third-Party SolutionsChapter Review ActivitiesChapter 23Review Key Topics615Define Key Terms616Review Questions616614615615Implementing Identity and Account Management Controls619“Do I Know This Already?” Quiz 619Foundation TopicsIdentity623623Identity Provider (IdP)Authentication623625Authentication by Knowledge625Authentication by Ownership625Authentication by Characteristic AttributesCertificatesTokens625626627SSH Keys 628Smart CardsAccount Types629629Account Policies633Introduction to Identity and Access ManagementPhases of the Identity and Access LifecycleRegistration and Identity ValidationPrivileges ProvisioningAccess Review633633634635635Access Revocation635Password Management 636Password Creation 636Attribute-Based Access Control (ABAC)9780136770312 print.indb 2663830/05/21 4:24 pm
Table of ContentsxxviiRights, Permissions, and Policies 640Users, Groups, and Account Permissions640Permission Inheritance and PropagationChapter Review ActivitiesChapter 24Review Key Topics647Define Key Terms647Review Questions648645647Implementing Authentication and Authorization Solutions 651“Do I Know This Already?” QuizFoundation Topics651655Authentication Management 655Password KeysPassword Vaults655655Trusted Platform Module656Hardware Security Modules656Knowledge-Based Authentication 656Authentication/Authorization657Security Assertion Markup LanguageOAuth661663OpenID and OpenID Connect802.1X and EAPLDAP659664667Kerberos and Mutual Authentication668Remote Authentication Technologies 670Remote Access Service670RADIUS versus TACACS Access Control Schemes672674Discretionary Access Control674Mandatory Access Control676Role-Based Access Control677Attribute-Based Access ControlRule-Based Access ControlConditional Access678678Privileged Access Management9780136770312 print.indb 2767867830/05/21 4:24 pm
xxviiiCompTIA Security SY0-601 Cert GuideSummary of Access Control Models679Access Control Wise Practices 680Chapter Review ActivitiesChapter 25Review Key Topics681Define Key Terms682Review Questions682681Implementing Public Key Infrastructure“Do I Know This Already?” QuizFoundation TopicsKey Management688688Certificate AuthoritiesCertificate Attributes689691Subject Alternative Name693693Types of Certificates694SSL Certificate TypesCertificate ChainingCertificate FormatsPKI Concepts685688Public Key InfrastructureExpiration685694696697698Trust Model698Certificate Pinning 698Stapling, Key Escrow, Certificate Chaining, Online vs. Offline CAChapter Review ActivitiesReview Key Topics700Define Key Terms700Review Questions701698700Part IV: Operations and Incident ResponseChapter 26Using the Appropriate Tool to Assess Organizational Security“Do I Know This Already?” QuizFoundation Topics703707Network Reconnaissance and Discoverytracert/traceroute9780136770312 print.indb 2870370770730/05/21 4:24 pm
Table of Contentsnslookup/digxxix709ipconfig/ifconfig 710nmap711ping/pathping714hping 717netstat718netcat720IP Scanners 721arp721routecurl723724theHarvester 1File Manipulationhead733tail734cat734grep732735chmod 736Logger737Shell and Script EnvironmentsSSH738739PowerShell 740Python 741OpenSSL 741Packet Capture and ReplayTcpreplay742Tcpdump742Wireshark9780136770312 print.indb 2974274330/05/21 4:24 pm
xxxCompTIA Security SY0-601 Cert GuideForensicsdd744744MemdumpWinHex745746FTK ImagerAutopsy747747Exploitation FrameworksPassword CrackersData Sanitization747748750750Chapter Review ActivitiesReview Key Topics750Define Key Terms752Review Questions752Summarizing the Importance of Policies, Processes, and ProceduresChapter 27 for Incident Response 755“Do I Know This Already?” QuizFoundation Topics760Incident Response Plans760Incident Response essons ck Frameworks767MITRE ATT&CK 767The Diamond Model of Intrusion Analysis768Cyber Kill Chain 7709780136770312 print.indb 3030/05/21 4:24 pm
Table of ContentsxxxiStakeholder Management 771Communication Plan771Disaster Recovery Plan772Business Continuity Plan 773Continuity of Operations Planning (COOP)Incident Response TeamRetention Policies775776Chapter Review ActivitiesChapter 28774Review Key Topics776Define Key Terms777Review Questions778776Using Appropriate Data Sources to Support an Investigation“Do I Know This Already?” QuizFoundation Topics781785Vulnerability Scan Output785786SIEM lertsCorrelationLog 92793Web794DNS795AuthenticationDump Files796797VoIP and Call Managers 799Session Initiation Protoc
x CompTIA Security SY0-601 Cert Guide File Servers 144 Network Controllers 144 Email Servers 145 Web Servers 146 FTP Server 147 Zero-day Vulnerabilities 149 Weak Configurations 150 Third-party Risks 155 Improper or Weak Patch Management 160 Patches and Hotfixes 161 Patch Management 163 Leg
