CompTIA Security+ Certification Guide

• Get to grips with security fundamentals from Certificates and Encryption to Identity and Access Management
• Secure devices and applications that are used by your company
• Identify the different types of malware and virus and take appropriate actions to protect against them
• Protect your environment against social engineering and advanced attacks
• Implement PKI concepts
• Learn about secure coding techniques, quality control, and testingTroubleshoot common security issues

CompTIA Security+ is a worldwide certification that establishes the fundamental knowledge required to perform core security functions and pursue an IT security career. CompTIA Security+ Certification Guide is a best-in-class exam study guide that covers all of CompTIA Security+ 501 exam objectives. It is authored by Ian Neil, who is a world-class trainer of CompTIA Security+ 501. Packed with self-assessment scenarios and realistic exam questions, this guide will help you master the core concepts to succeed in the exam the first time you take it. Using relevant examples, you will learn all the important security fundamentals from Certificates and Encryption to Identity and Access Management concepts. You will then dive into the important domains of the exam; namely, threats, attacks and vulnerabilities, technologies and tools, architecture and design, risk management, and cryptography and Public Key Infrastructure (PKI). This book comes with over 600 practice questions with detailed explanation that is at the exam level and also includes two mock exams to help you with your study plan. This guide will ensure that you are ready for certification exam.

• Learn cryptography and various cryptography algorithms for real-world implementations
• Discover security policies, plans, and procedures to protect your security infrastructure
• Written by Ian Neil, one of the world’s top CompTIA Security+ (SY0-501) trainer

Table of contents

1 Understanding Security Fundamentals
CIA triad concept
Identifying security controls
Hashing and data integrity
Defense in depth model
Review questions
Answers and explanations

2 Conducting Risk Analysis
Risk management
Importance of policy, plans, and procedures
Role-based awareness training
Business impact analysis concepts
Privacy threshold assessment/privacy impact assessment
Supply chain risk assessment
Business impact analysis concepts
Risk procedures and concepts
Risk register
Qualitative/quantitative risk analysis
Review questions
Answers and explanations

3 Implementing Security Policies and Procedures
Industry-standard frameworks and reference architecture
Policies and user guides
Implementing data security and privacy practices
Practical – creating a baseline
Review questions

4 Delving into Identity and Access Management
Understanding identity and access management concepts
Installing and configuring identity and access services
Learning about identity and access management controls
Common account management practices
Practical exercise – password policy
Review questions
Answers and explanations

5 Understanding Network Components
OSI – reference model
Installing and configuring network components
Security information and event management
Secure network architecture concepts
Implementing secure protocols
Implementing wireless security
Wireless bandwidth/band selection
Wireless channels
Wireless antenna types and signal strength
Wireless coverage
Wireless encryption
Review questions
Answers and explanations

6 Understanding Cloud Models and Virtualization
Cloud computing
Implementing different cloud deployment models
Cloud service models
Disk resiliency and redundancy
Storage area network
Understanding cloud storage concepts
Exploring virtual networks
Heating, ventilation, and air-conditioning (HVAC)
Network environments
Practical exercise – is the cloud cost-effective?
Review questions
Answers and explanations

7 Managing Hosts and Application Deployment
Deploying mobile devices securely
Mobile device management concepts
Device management
Device protection
Device data
Mobile device enforcement and monitoring
Industrial control system
Mobile devices – security implications of embedded systems
Special-purpose devices
Secure application development and deployment concepts
Development life cycle models – waterfall versus Agile
DevOps
Server-side versus client-side execution and validation
Review questions
Answers and explanations

8 Protecting Against Attacks and Vulnerabilities
Virus and malware attacks
Social engineering attacks
Common attacks
Programming attacks
Hijacking related attacks
Driver manipulation
Cryptographic attacks
Password attacks
Wireless attacks
Penetration testing
Vulnerability scanning concepts
Credentialed versus non-credentialed scans
Penetration testing versus vulnerability scanning
Practical exercise—running a vulnerability scanner
Review questions
Answers and explanations

9 Implementing the Public Key Infrastructure
PKI concepts
Asymmetric and symmetric encryption
Symmetric algorithms
Asymmetric algorithms
Symmetric versus asymmetric analogy
Key-stretching algorithms
Cipher modes
Hashing and data integrity
Comparing and contrasting the basic concepts of cryptography
Basic cryptographic terminology
Common use cases for cryptography
Practical exercises
Review questions
Answers and explanations

10 Responding to Security Incidents
Incident response procedures
Understanding the basic concepts of forensics
Software tools for assessing the security posture of an organization
Review questions
Answers and explanations

11 Managing Business Continuity
Implementing secure systems design
Hardware/firmware security
The importance of the secure staging deployment concepts
Troubleshooting common security issues
Disaster recovery and the continuity of operations concepts
Review questions
Answers and explanations

12 Mock Exam 1

13 Mock Exam 2