Published by Pearson IT Certification (March 15, 2021) © 2021
Martin WeissPrepare for CompTIA Security+ SY0-601 exam success with this Exam Cram from Pearson IT Certification, a leader in IT certification.
This is the eBook edition of the CompTIA Security+ SY0-601 Exam Cram, Sixth Edition. This eBook does not include access to the Pearson Test Prep practice exams that comes with the print edition.
CompTIA Security+ SY0-601 Exam Cram, Sixth Edition, is the perfect study guide to help you pass the newly updated version of the CompTIA Security+ exam. It provides coverage and practice questions for every exam topic. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet.
Covers the critical information you'll need to know to score higher on your Security+ SY0-601 exam!
- Assess the different types of threats, attacks, and vulnerabilities organizations face
- Understand security concepts across traditional, cloud, mobile, and IoT environments
- Explain and implement security controls across multiple environments
- Identify, analyze, and respond to operational needs and security incidents
- Understand and explain the relevance of concepts related to governance, risk and compliance
Introduction . . . . . . . . . . . . . . . . . . . . . . xxvii
Part I: Attacks, Threats, and Vulnerabilities 1
CHAPTER 1: Social Engineering Techniques.. . . . . . . . . . . . . . . . 3
The Social Engineer.. . . . . . . . . . . . . . . . . . 4
Phishing and Related Attacks.. . . . . . . . . . . . . . . 6
Principles of Influence (Reasons for Effectiveness). . . . . . . . 10
What Next?.. . . . . . . . . . . . . . . . . . . . . 14
CHAPTER 2: Attack Basics.. . . . . . . . . . . . . . . . . . . . . . 15
Malware. . . . . . . . . . . . . . . . . . . . . . . 16
Physical Attacks.. . . . . . . . . . . . . . . . . . . . 26
Adversarial Artificial Intelligence (AI).. . . . . . . . . . . . 27
Password Attacks. . . . . . . . . . . . . . . . . . . . 28
Downgrade Attacks.. . . . . . . . . . . . . . . . . . . 31
What Next?.. . . . . . . . . . . . . . . . . . . . . 34
CHAPTER 3: Application Attacks.. . . . . . . . . . . . . . . . . . . . 35
Race Conditions.. . . . . . . . . . . . . . . . . . . . 36
Improper Software Handling.. . . . . . . . . . . . . . . 37
Resource Exhaustion.. . . . . . . . . . . . . . . . . . 37
Overflows.. . . . . . . . . . . . . . . . . . . . . . 38
Code Injections. . . . . . . . . . . . . . . . . . . . 39
Driver Manipulation.. . . . . . . . . . . . . . . . . . 40
Request Forgeries.. . . . . . . . . . . . . . . . . . . 41
Directory Traversal.. . . . . . . . . . . . . . . . . . . 44
Replay Attack.. . . . . . . . . . . . . . . . . . . . . 45
Secure Sockets Layer (SSL) Stripping.. . . . . . . . . . . . 45
Application Programming Interface (API) Attacks.. . . . . . . . 47
Pass-the-Hash Attack. . . . . . . . . . . . . . . . . . 49
What Next?.. . . . . . . . . . . . . . . . . . . . . 52
CHAPTER 4: Network Attacks.. . . . . . . . . . . . . . . . . . . . . 53
Wireless. . . . . . . . . . . . . . . . . . . . . . . 54
On-Path Attack. . . . . . . . . . . . . . . . . . . . 58
Layer 2 Attacks. . . . . . . . . . . . . . . . . . . . 59
Domain Name System (DNS) Attacks.. . . . . . . . . . . . 62
Denial of Service. . . . . . . . . . . . . . . . . . . . 64
Malicious Code and Script Execution.. . . . . . . . . . . . 68
What Next?.. . . . . . . . . . . . . . . . . . . . . 71
CHAPTER 5: Threat Actors, Vectors, and Intelligence Sources. . . . . . . . . . 73
Threat Actor Attributes.. . . . . . . . . . . . . . . . . 74
Threat Actor Types.. . . . . . . . . . . . . . . . . . . 75
Vectors.. . . . . . . . . . . . . . . . . . . . . . . 80
Threat Intelligence and Research Sources.. . . . . . . . . . . 81
What Next?.. . . . . . . . . . . . . . . . . . . . . 87
CHAPTER 6: Vulnerabilities.. . . . . . . . . . . . . . . . . . . . . . 89
Cloud-Based vs. On-Premises. . . . . . . . . . . . . . . 90
Zero-Day. . . . . . . . . . . . . . . . . . . . . . 90
Weak Configurations. . . . . . . . . . . . . . . . . . 91
Third-Party Risks.. . . . . . . . . . . . . . . . . . . 95
Impacts.. . . . . . . . . . . . . . . . . . . . . . . 96
What Next?.. . . . . . . . . . . . . . . . . . . . . 98
CHAPTER 7: Security Assessment Techniques.. . . . . . . . . . . . . . . 99
Vulnerability Scans.. . . . . . . . . . . . . . . . . . . 100
Threat Assessment.. . . . . . . . . . . . . . . . . . . 103
What Next?.. . . . . . . . . . . . . . . . . . . . . 110
CHAPTER 8: Penetration Testing Techniques.. . . . . . . . . . . . . . . . 111
Testing Methodology. . . . . . . . . . . . . . . . . . 112
Team Exercises.. . . . . . . . . . . . . . . . . . . . 118
What Next?.. . . . . . . . . . . . . . . . . . . . . 120
Part II: Architecture and Design 121
CHAPTER 9: Enterprise Security Concepts.. . . . . . . . . . . . . . . . . 123
Configuration Management.. . . . . . . . . . . . . . . . 124
Data Confidentiality.. . . . . . . . . . . . . . . . . . 126
Deception and Disruption.. . . . . . . . . . . . . . . . 139
What Next?.. . . . . . . . . . . . . . . . . . . . . 143
CHAPTER 10: Virtualization and Cloud Computing.. . . . . . . . . . . . . . 145
Virtualization.. . . . . . . . . . . . . . . . . . . . . 145
On-Premises vs. Off-Premises. . . . . . . . . . . . . . . 154
Cloud Models. . . . . . . . . . . . . . . . . . . . . 155
What Next?.. . . . . . . . . . . . . . . . . . . . . 164
CHAPTER 11: Secure Application Development, Deployment, and Automation.. . . . 165
Application Environment.. . . . . . . . . . . . . . . . . 166
Integrity Measurement.. . . . . . . . . . . . . . . . . 168
Change Management and Version Control.. . . . . . . . . . . 169
Secure Coding Techniques.. . . . . . . . . . . . . . . . 170
Automation and Scripting.. . . . . . . . . . . . . . . . 180
Scalability and Elasticity. . . . . . . . . . . . . . . . . 184
What Next?.. . . . . . . . . . . . . . . . . . . . . 187
CHAPTER 12: Authentication and Authorization Design. . . . . . . . . . . . . 189
Identification and Authentication, Authorization, and
Accounting (AAA).. . . . . . . . . . . . . . . . . . . 189
Multifactor Authentication.. . . . . . . . . . . . . . . . 190
Single Sign-on.. . . . . . . . . . . . . . . . . . . . 192
Authentication Technologies. . . . . . . . . . . . . . . . 195
What Next?.. . . . . . . . . . . . . . . . . . . . . 204
CHAPTER 13: Cybersecurity Resilience.. . . . . . . . . . . . . . . . . . 205
Redundancy.. . . . . . . . . . . . . . . . . . . . . 205
Backups.. . . . . . . . . . . . . . . . . . . . . . . 214
Defense in Depth.. . . . . . . . . . . . . . . . . . . 221
What Next?.. . . . . . . . . . . . . . . . . . . . . 224
CHAPTER 14: Embedded and Specialized Systems. . . . . . . . . . . . . . 225
Embedded Systems.. . . . . . . . . . . . . . . . . . . 225
SCADA and ICS. . . . . . . . . . . . . . . . . . . . 227
Smart Devices and IoT.. . . . . . . . . . . . . . . . . 229
What Next?.. . . . . . . . . . . . . . . . . . . . . 238
CHAPTER 15: Physical Security Controls.. . . . . . . . . . . . . . . . . . 239
Perimeter Security.. . . . . . . . . . . . . . . . . . . 239
Internal Security.. . . . . . . . . . . . . . . . . . . . 243
Equipment Security. . . . . . . . . . . . . . . . . . . 246
Environmental Controls.. . . . . . . . . . . . . . . . . 249
Secure Data Destruction.. . . . . . . . . . . . . . . . . 255
What Next?.. . . . . . . . . . . . . . . . . . . . . 259
CHAPTER 16: Cryptographic Concepts. . . . . . . . . . . . . . . . . . . 261
Cryptosystems.. . . . . . . . . . . . . . . . . . . . 262
Use of Proven Technologies and Implementation.. . . . . . . . 272
Steganography.. . . . . . . . . . . . . . . . . . . . 273
Cryptography Use Cases.. . . . . . . . . . . . . . . . . 274
Cryptography Constraints.. . . . . . . . . . . . . . . . 276
What Next?.. . . . . . . . . . . . . . . . . . . . . 277
Part III: Implementation 279
CHAPTER 17: Secure Protocols.. . . . . . . . . . . . . . . . . . . . . 281
Secure Web Protocols.. . . . . . . . . . . . . . . . . . 282
Secure File Transfer Protocols.. . . . . . . . . . . . . . . 286
Secure Email Protocols.. . . . . . . . . . . . . . . . . 287
Secure Internet Protocols. . . . . . . . . . . . . . . . . 288
Secure Protocol Use Cases.. . . . . . . . . . . . . . . . 293
What Next?.. . . . . . . . . . . . . . . . . . . . . 305
CHAPTER 18: Host and Application Security Solutions.. . . . . . . . . . . . . 307
Endpoint Protection.. . . . . . . . . . . . . . . . . . 308
Firewalls and HIPS/HIDS Solutions.. . . . . . . . . . . 308
Anti-Malware and Other Host Protections. . . . . . . . . 310
Application Security.. . . . . . . . . . . . . . . . . . 318
Hardware and Firmware Security.. . . . . . . . . . . . . . 322
Operating System Security.. . . . . . . . . . . . . . . . 330
What Next?.. . . . . . . . . . . . . . . . . . . . . 338
CHAPTER 19: Secure Network Design.. . . . . . . . . . . . . . . . . . . 339
Network Devices and Segmentation.. . . . . . . . . . . . . 340
Security Devices and Boundaries. . . . . . . . . . . . . . 347
What Next?.. . . . . . . . . . . . . . . . . . . . . 369
CHAPTER 20: Wireless Security Settings.. . . . . . . . . . . . . . . . . . 371
Access Methods.. . . . . . . . . . . . . . . . . . . . 372
Wireless Cryptographic Protocols.. . . . . . . . . . . . . . 373
Authentication Protocols.. . . . . . . . . . . . . . . . . 377
Wireless Access Installations. . . . . . . . . . . . . . . . 379
What Next?.. . . . . . . . . . . . . . . . . . . . . 387
CHAPTER 21: Secure Mobile Solutions. . . . . . . . . . . . . . . . . . . 389
Communication Methods. . . . . . . . . . . . . . . . . 389
Mobile Device Management Concepts. . . . . . . . . . . . 393
Enforcement and Monitoring.. . . . . . . . . . . . . . . 405
Deployment Models.. . . . . . . . . . . . . . . . . . 412
What Next?.. . . . . . . . . . . . . . . . . . . . . 420
CHAPTER 22: Cloud Cybersecurity Solutions.. . . . . . . . . . . . . . . . 421
Cloud Workloads.. . . . . . . . . . . . . . . . . . . 422
Third-Party Cloud Security Solutions.. . . . . . . . . . . . 428
What Next?.. . . . . . . . . . . . . . . . . . . . . 431
CHAPTER 23: Identity and Account Management Controls.. . . . . . . . . . . 433
Account Types.. . . . . . . . . . . . . . . . . . . . 433
Account Management.. . . . . . . . . . . . . . . . . . 435
Account Policy Enforcement.. . . . . . . . . . . . . . . 441
What Next?.. . . . . . . . . . . . . . . . . . . . . 448
CHAPTER 24: Authentication and Authorization Solutions.. . . . . . . . . . . . 449
Authentication.. . . . . . . . . . . . . . . . . . . . 450
Access Control.. . . . . . . . . . . . . . . . . . . . 466
What Next?.. . . . . . . . . . . . . . . . . . . . . 472
CHAPTER 25: Public Key Infrastructure.. . . . . . . . . . . . . . . . . . 473
What Next?.. . . . . . . . . . . . . . . . . . . . . 489
Part IV: Operations and Incident Response 491
CHAPTER 26: Organizational Security.. . . . . . . . . . . . . . . . . . . 493
Shell and Script Environments.. . . . . . . . . . . . . . . 494
Network Reconnaissance and Discovery. . . . . . . . . . . . 496
Packet Capture and Replay. . . . . . . . . . . . . . . . 502
Password Crackers.. . . . . . . . . . . . . . . . . . . 504
Forensics and Data Sanitization.. . . . . . . . . . . . . . 505
What Next?.. . . . . . . . . . . . . . . . . . . . . 508
CHAPTER 27: Incident Response.. . . . . . . . . . . . . . . . . . . . . 509
Attack Frameworks.. . . . . . . . . . . . . . . . . . . 509
Incident Response Plan.. . . . . . . . . . . . . . . . . 512
Incident Response Process.. . . . . . . . . . . . . . . . 517
Continuity and Recovery Plans.. . . . . . . . . . . . . . . 522
What Next?.. . . . . . . . . . . . . . . . . . . . . 528
CHAPTER 28: Incident Investigation. . . . . . . . . . . . . . . . . . . . 529
SIEM Dashboards. . . . . . . . . . . . . . . . . . . 530
Logging. . . . . . . . . . . . . . . . . . . . . . . 531
Network Activity. . . . . . . . . . . . . . . . . . . . 536
What Next?.. . . . . . . . . . . . . . . . . . . . . 539
CHAPTER 29: Incident Mitigation.. . . . . . . . . . . . . . . . . . . . . 541
Containment and Eradication.. . . . . . . . . . . . . . . 541
What Next?.. . . . . . . . . . . . . . . . . . . . . 549
CHAPTER 30: Digital Forensics.. . . . . . . . . . . . . . . . . . . . . 551
Data Breach Notifications.. . . . . . . . . . . . . . . . 552
Strategic Intelligence/Counterintelligence Gathering. . . . . . . 554
Track Person-hours.. . . . . . . . . . . . . . . . . . . 555
Order of Volatility. . . . . . . . . . . . . . . . . . . 555
Chain of Custody.. . . . . . . . . . . . . . . . . . . 556
Data Acquisition.. . . . . . . . . . . . . . . . . . . . 559
Capture System Images.. . . . . . . . . . . . . . . 560
Capture Network Traffic and Logs.. . . . . . . . . . . 560
Capture Video and Photographs.. . . . . . . . . . . . 561
Record Time Offset.. . . . . . . . . . . . . . . . 562
Take Hashes. . . . . . . . . . . . . . . . . . . 562
Capture Screenshots.. . . . . . . . . . . . . . . . 563
Collect Witness Interviews. . . . . . . . . . . . . . 563
What Next?.. . . . . . . . . . . . . . . . . . . . . 565
Part V: Governance, Risk, and Compliance 567
CHAPTER 31: Control Types.. . . . . . . . . . . . . . . . . . . . . . 569
Nature of Controls.. . . . . . . . . . . . . . . . . . . 570
Functional Use of Controls.. . . . . . . . . . . . . . . . 570
Compensating Controls.. . . . . . . . . . . . . . . . . 572
What Next?.. . . . . . . . . . . . . . . . . . . . . 574
CHAPTER 32: Regulations, Standards, and Frameworks.. . . . . . . . . . . . 575
Industry-Standard Frameworks and Reference Architectures. . . . . 575
Benchmarks and Secure Configuration Guides.. . . . . . . . . 579
What Next?.. . . . . . . . . . . . . . . . . . . . . 581
CHAPTER 33: Organizational Security Policies.. . . . . . . . . . . . . . . . 583
Policy Framework.. . . . . . . . . . . . . . . . . . . 583
Human Resource Management Policies.. . . . . . . . . . . . 584
Third-Party Risk Management.. . . . . . . . . . . . . . . 592
What Next?.. . . . . . . . . . . . . . . . . . . . . 596
CHAPTER 34: Risk Management.. . . . . . . . . . . . . . . . . . . . . 597
Risk Analysis. . . . . . . . . . . . . . . . . . . . . 598
Risk Assessment.. . . . . . . . . . . . . . . . . . . . 602
Business Impact Analysis.. . . . . . . . . . . . . . . . . 606
What Next?.. . . . . . . . . . . . . . . . . . . . . 612
CHAPTER 35: Sensitive Data and Privacy.. . . . . . . . . . . . . . . . . . 613
Sensitive Data Protection. . . . . . . . . . . . . . . . . 613
Privacy Impact Assessment.. . . . . . . . . . . . . . . . 621
What Next?.. . . . . . . . . . . . . . . . . . . . . 623
Glossary of Essential Terms and Components.. . . . . . . . . . . . 625
9780136798675, TOC, 10/9/2020