دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش:
نویسندگان: Glen E. Clarke
سری:
ISBN (شابک) : 1260467937, 9781260467932
ناشر: McGraw-Hill Education
سال نشر: 2022
تعداد صفحات:
زبان: English
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 40 Mb
در صورت تبدیل فایل کتاب CompTIA Security+ Certification Study Guide (Exam SY0-601) به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب راهنمای مطالعه گواهینامه CompTIA Security+ (Exam SY0-601) نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
این راهنمای کاملاً بهروز شده خودآموزی، پوشش 100 درصدی هر هدفی را در آزمون CompTIA Security+ ارائه میکند، با صدها سؤال امتحانی تمرینی، از جمله سؤالات دشوار مبتنی بر عملکرد، راهنمای مطالعه گواهینامه CompTIA Security+TM، نسخه چهارم آنچه را که باید بدانید را پوشش میدهد. و به شما نشان می دهد که چگونه برای این امتحان چالش برانگیز آماده شوید. پوشش 100٪ کامل از تمام اهداف رسمی آزمون SY0-601 یادداشتهای ساعت امتحانی توجه را به اطلاعات و مشکلات احتمالی در آزمون جلب میکند. پایان هر فصل سؤالات امتحان شبیه سازی شده - از جمله سؤالات مبتنی بر عملکرد - مطابق با فرمت، موضوعات و دشواری آزمون واقعی همه مباحث امتحان را پوشش می دهد، از جمله: مبانی شبکه و اصطلاحات • اصطلاحات امنیتی • سیاست ها و استانداردهای امنیتی • انواع حملات • آسیب پذیری ها و تهدیدها • کاهش تهدیدات امنیتی • پیاده سازی امنیت مبتنی بر میزبان • ایمن سازی زیرساخت شبکه • شبکه بی سیم و امنیت • احراز هویت • مجوز و کنترل دسترسی • رمزنگاری • مدیریت زیرساخت کلید عمومی • امنیت فیزیکی • حملات برنامه و امنیت • مجازی سازی و Cloud امنیت • تجزیه و تحلیل خطر • بازیابی بلایا و تداوم کسب و کار • نظارت و ممیزی • ارزیابی ها و ممیزی های امنیتی • پاسخ به حوادث و محتوای آنلاین پزشکی قانونی کامپیوتری شامل: بیش از 50 تمرین آزمایشگاهی و راه حل در قالب PDF آزمون های تمرینی کامل و آزمون ها قابل تنظیم بر اساس دامنه یا فصل 4+ ساعت ها آموزش تصویری از نویسنده 12+ شبیه سازی سوال مبتنی بر عملکرد واژه نامه و چک لیست آمادگی امتحان در فرمت PDF
This fully updated self-study guide offers 100% coverage of every objective on the CompTIA Security+ exam With hundreds of practice exam questions, including difficult performance-based questions, CompTIA Security+TM Certification Study Guide, Fourth Edition covers what you need to know—and shows you how to prepare—for this challenging exam. 100% complete coverage of all official objectives for exam SY0-601 Exam Watch notes call attention to information about, and potential pitfalls in, the exam Inside the Exam sections in every chapter highlight key exam topics covered Two-Minute Drills for quick review at the end of every chapter Simulated exam questions—including performance-based questions—match the format, topics, and difficulty of the real exam Covers all exam topics, including: Networking Basics and Terminology • Security Terminology • Security Policies and Standards • Types of Attacks • Vulnerabilities and Threats • Mitigating Security Threats • Implementing Host-Based Security • Securing the Network Infrastructure • Wireless Networking and Security • Authentication • Authorization and Access Control • Cryptography • Managing a Public Key Infrastructure • Physical Security • Application Attacks and Security • Virtualization and Cloud Security • Risk Analysis • Disaster Recovery and Business Continuity • Monitoring and Auditing • Security Assessments and Audits • Incident Response and Computer Forensics Online Content Includes: 50+ lab exercises and solutions in PDF format Complete practice exams and quizzes customizable by domain or chapter 4+ hours of video training from the author 12+ performance-based question simulations Glossary and Exam Readiness Checklist in PDF format
Cover Title Page Copyright Page Dedication About the Author Contents at a Glance Contents Preface Acknowledgments Introduction 1 Networking Basics and Terminology Understanding Network Devices and Cabling Looking at Network Devices Understanding Network Cabling Exercise 1-1: Reviewing Networking Components Understanding TCP/IP Reviewing IP Addressing Exercise 1-2: Understanding Valid Addresses Understanding TCP/IP Protocols Exercise 1-3: Viewing Protocol Information with Wireshark Understanding Application Layer Protocols Understanding IPv6 Exercise 1-4: Identifying Protocols in TCP/IP Network Security Best Practices Device Usage Cable and Protocol Usage Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 2 Introduction to Security Terminology Goals of Information Security Confidentiality Integrity Availability Accountability Exercise 2-1: CIA Scenarios Understanding Authentication and Authorization Identification and Authentication Authorization Understanding Security Principles and Terminology Types of Security Least Privilege, Separation of Duties, and Rotation of Duties Concept of Need to Know Layered Security and Diversity of Defense Due Care and Due Diligence Vulnerability and Exploit Threat Actors Threat Vectors Threat Intelligence Sources Research Sources Looking at Security Roles and Responsibilities System Owner and Data Owner Data Controller and Data Processor System Administrator User Privileged User Executive User Data Roles and Responsibilities Security Officer Exercise 2-2: Security Terminology Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 3 Security Policies and Standards Introduction to Security Policies Structure of a Policy Identifying Types of Policies General Security Policies Policies Affecting Users Policies Affecting Personnel Management Policies Affecting Administrators Exercise 3-1: Reviewing a Security Policy Policies Affecting Management Other Popular Policies Human Resources Policies Hiring Policy Termination Policy Mandatory Vacations Security-Related HR Policies Exercise 3-2: Creating a Security Policy User Education and Awareness General Training and Role-Based Training User Habits New Threats and Security Trends Use of Social Networks and P2P Programs Training Metrics and Follow-Up Exercise 3-3: Designing a Training Program Importance of Policies to Organization Security Privacy and Sensitive Data Concepts Regulations and Standards Regulations, Standards, and Legislation Frameworks and Security Guides Benchmark/Secure Configuration Guides Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 4 Types of Attacks Understanding Social Engineering Social Engineering Overview Popular Social Engineering Attacks Physical Attacks Adversarial Artificial Intelligence Supply-Chain Attacks Cloud-Based vs. On-Premises Attacks Reasons for Effectiveness Preventing Social Engineering Attacks Identifying Network Attacks Popular Network Attacks Exercise 4-1: DNS Poisoning After Exploit Using Kali Linux Exercise 4-2: Performing a Port Scan Other Network Attacks Malicious Code or Script Execution Preventing Network Attacks Looking at Password Attacks Types of Password Attacks Cryptographic Attacks and Concepts Online vs. Offline Attacks Other Password Attack Terms Preventing Password Attacks Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 5 Vulnerabilities and Threats Security Concerns with Vulnerabilities Reasons for Vulnerable Systems Understanding the Impact of Vulnerabilities Common Security Issues and Device Output Exercise 5-1: Removable Media Control Cloud-Based vs. On-Premises Vulnerabilities Identifying Physical Threats Snooping Theft and Loss of Assets Human Error Sabotage Looking at Malicious Software Privilege Escalation Viruses Other Malicious Software Protecting Against Malicious Software Threats Against Hardware BIOS Settings USB Devices Smart Phones and Tablets Exercise 5-2: Exploiting a Bluetooth Device Removable Storage Network Attached Storage PBX Security Risks with Embedded and Specialized Systems Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 6 Mitigating Security Threats Understanding Operating System Hardening Uninstall Unnecessary Software Disable Unnecessary Services Exercise 6-1: Disabling the Remote Desktop Services Service Protect Management Interfaces and Applications Disable Unnecessary Accounts Patch Management Password Protection Registry Hardening Disk Encryption System Hardening Procedures Network Security Hardening Exercise 6-2: Hardening a Network Switch Tools for System Hardening Exercise 6-3: Creating a Security Template Security Posture and Reporting Server Hardening Best Practices All Servers HTTP Servers DNS Servers Exercise 6-4: Limiting DNS Zone Transfers DHCP Servers SMTP Servers and FTP Servers Common Mitigation Strategies Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 7 Implementing Host-Based Security Host and Application Security Solutions Endpoint Protection Boot Integrity Database Implementing Host-Based Firewalls and HIDS Host-Based Firewalls Exercise 7-1: Configuring TCP Wrappers in Linux Host-Based IDS and Host-Based IPS Protecting Against Malware Patch Management Using Antivirus and Anti-Spam Software Spyware and Adware Phish Filters and Pop-Up Blockers Exercise 7-2: Manually Testing a Web Site for Phishing Practicing Good Habits Device Security and Data Security Hardware Security Mobile Device Security Data Security Exercise 7-3: Configuring Permissions in Windows 10 Application Security and BYOD Concerns Secure System Design Secure Staging Deployment Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 8 Securing the Network Infrastructure Understanding Firewalls Firewalls Using IPTables as a Firewall Exercise 8-1: Configuring IPTables in Linux Using Firewall Features on a Home Router NAT and Ad Hoc Networking Proxy Servers Routers and ACLs Other Security Devices and Technologies Using Intrusion Detection Systems IDS Overview Exercise 8-2: Using Snort: A Network-Based IDS Deception and Disruption Protocol Analyzers Network Design and Administration Principles Network Segmentation Network Switches Network Address Translation Network Access Control Data Protection Data Sovereignty Mail Gateway Network Communication Encryption API Considerations Network Administration Principles Business Connectivity Considerations Placement of Security Devices and Network Appliances Configuration Management Securing Devices Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 9 Wireless Networking and Security Understanding Wireless Networking Standards Channels Antenna Types Authentication and Encryption Securing a Wireless Network Security Best Practices Vulnerabilities with Wireless Networks Exercise 9-1: Cracking WEP with Kali Linux Installation Considerations Configuring a Wireless Network Configuring the Access Point Configuring the Client Other Wireless Technologies Infrared Bluetooth Near Field Communication RFID Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 10 Authentication Identifying Authentication Models Authentication Terminology Authentication Methods and Technologies Multifactor Authentication Factors and Attributes Exercise 10-1: Configuring MFA in Outlook Web Mail Authentication Management Single Sign-On Cloud vs. On-Premises Requirements Authentication Protocols Windows Authentication Protocols Common Authentication Protocols Authentication Services Implementing Authentication User Accounts Tokens Looking at Biometrics Certificate-Based Authentication Claims-Based Authentication/Federation Services Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 11 Authorization and Access Control Introducing Access Control Types of Security Controls Implicit Deny Review of Security Principles/General Concepts Access Control Schemes Discretionary Access Control Mandatory Access Control Role-Based Access Control Exercise 11-1: Assigning a User the sysadmin Role Rule-Based Access Control Group-Based Access Control Attribute-Based Access Control Other Access Control Tools Implementing Access Control Identities Account Types Using Security Groups Exercise 11-2: Configuring Security Groups and Assigning Permissions Rights and Privileges Exercise 11-3: Modifying User Rights on a Windows System File System Security and Printer Security Access Control Lists Group Policies Exercise 11-4: Configuring Password Policies via Group Policies Database Security Exercise 11-5: Encrypting Sensitive Information in the Database Account Restrictions Account Policy Enforcement Monitoring Account Access Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 12 Introduction to Cryptography Introduction to Cryptography Services Understanding Cryptography Algorithms and Keys Exercise 12-1: Encrypting Data with the Caesar Cipher Other Cryptography Terms Symmetric Encryption Symmetric Encryption Concepts Symmetric Encryption Algorithms Exercise 12-2: Encrypting Data with the AES Algorithm Asymmetric Encryption Asymmetric Encryption Concepts Asymmetric Encryption Algorithms Quantum Cryptography In-Band vs. Out-of-Band Key Exchange Understanding Hashing Hashing Concepts Hashing Algorithms Exercise 12-3: Generating Hashes to Verify Integrity Identifying Encryption Uses Common Use Cases Understanding Limitations Encrypting Data Encrypting Communication Understanding Steganography Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 13 Managing a Public Key Infrastructure Introduction to Public Key Infrastructure Understanding PKI Terminology Certificate Authority and Registration Authority Repository Managing a Public Key Infrastructure Certificate Life Cycle Certificate Revocation Lists and OCSP Other PKI Terms Implementing a Public Key Infrastructure How SSL/TLS Works How Digital Signatures Work Creating a PKI Exercise 13-1: Installing a Certificate Authority Exercise 13-2: SSL-Enabling a Web Site Managing a PKI Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 14 Physical Security Choosing a Business Location Facility Concerns Lighting and Windows Doors, Windows, and Walls Safety Concerns Physical Access Controls Exercise 14-1: Gaining Access to a System with No Physical Security Fencing and Personnel Hardware Locks/Lock Types Access Systems Other Physical Security Controls Physical Access Lists and Logs Video Surveillance Types of Sensors Implementing Environmental Controls Understanding HVAC Shielding Fire Suppression Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 15 Application Attacks and Security Understanding Application Attacks Directory Traversal Exercise 15-1: Exploiting an IIS Web Server with Directory Traversal Injection Attacks Exercise 15-2: SQL Injection Attacks Buffer Overflow Attacks Cross-Site Scripting Cross-Site Request Forgery Pass the Hash Privilege Escalation SSL Stripping Driver Manipulation and Refactoring Other Application Attacks Why Application Vulnerabilities Exist Secure Application Development Concepts Secure Coding Concepts Application Environments Secure Coding Techniques Application Frameworks and Scripting Implement Host and Application Security Host Security Application Security Code Quality and Testing Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 16 Virtualization and Cloud Security Virtualization and Virtualization Security Introducing Virtualization Benefits to Virtualization Hypervisor Security Issues with Virtualization Cloud Computing Concepts Cloud Computing Overview Cloud Computing Considerations Resiliency and Automation Cloud Features Cybersecurity Solutions for the Cloud Cloud Security Controls Cloud Security Solutions Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 17 Risk Analysis Introduction to Risk Analysis Risk Analysis Overview Risk Analysis Process Tools to Help Analyze Risk Risk with Cloud Computing and Third Parties Risk Assessment Types Qualitative Exercise 17-1: Performing a Qualitative Risk Analysis Quantitative Exercise 17-2: Performing a Quantitative Risk Analysis Risk Mitigation Strategies Exercise 17-3: Identifying Mitigation Techniques Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 18 Disaster Recovery and Business Continuity Introduction to Business Continuity and Disaster Recovery Introduction to Business Continuity Understanding Disaster Recovery Backing Up and Restoring Data: Backup Concepts Backup Destination Media Security Considerations with Tapes Types of Backups Scheduling Backups Exercise 18-1: Backing Up and Restoring Data on a Windows Server Geographic Considerations Implementing Fault Tolerance Introducing Redundancy Nonpersistence and Diversity Understanding RAID Exercise 18-2: Configuring RAID 0 on a Windows System Exercise 18-3: Creating a Mirrored Volume on a Windows Server Exercise 18-4: Creating a RAID 5 Volume on a Windows Server Understanding High Availability Failover Clustering Network Load Balancing Redundant Hardware Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 19 Understanding Monitoring and Auditing Introduction to Monitoring Monitoring Tools Useful System Commands SNMP Performance Monitor Protocol Analyzer and Sniffer Exercise 19-1: Monitoring Network Traffic with Wireshark Understanding Syslog Security Information and Event Management Working with SOAR Implementing Logging and Auditing Understanding Auditing Exercise 19-2: Implementing Auditing in Windows Understanding Logging Exercise 19-3: Configuring Logging in IIS Exercise 19-4: Configuring Windows Firewall Popular Areas to Audit Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 20 Security Assessments and Audits Understanding Types of Assessments Assessment Types Assessment Techniques Performing a Security Assessment Threat Hunting Vulnerability Scans Exercise 20-1: Manually Searching CVE for Windows 10 Vulnerabilities Performing a Penetration Test Considerations and Techniques Used in a Penetration Test Understanding the Hacking Process Exercise 20-2: Profiling an Organization Exercise 20-3: Using a Port Scanner Steps to Perform a Penetration Test Performing a Vulnerability Assessment Exercise 20-4: Performing a Vulnerability Scan with Nessus Tools Used to Assess Security Fundamental Tools Network Reconnaissance and Discovery File Manipulation Shell and Script Environments Packet Capture and Replay Other Common Tools Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers 21 Incident Response and Computer Forensics Working with Evidence Admissibility Types of Evidence Collecting Evidence Collecting Digital Evidence Understanding the Process Where to Find Evidence Tools Used Exercise 21-1: Using FTK Imager to Capture an Image of a Suspect’s Drive Exercise 21-2: Using FTK Imager to Create an Image of the Contents of Memory Exercise 21-3: Using FTK Imager to Locate Deleted Files Exercise 21-4: Using Autopsy to Investigate the Local Disk Exercise 21-5: Using FTK Imager to View File Headers Exercise 21-6: Performing Cell Phone Forensics Exercise 21-7: Looking at Exif Metadata On-Premises vs. Cloud Looking at Incident Response Incident Response Team Incident Response Plan Incident Response Process First Responders Damage and Loss Control Exercises Policies and Procedures for Incident Response Data Sources to Support an Investigation Mitigation Techniques as a Response to an Incident Certification Summary Two-Minute Drill Q&A Self Test Self Test Answers A About the Online Content System Requirements Your Total Seminars Training Hub Account Privacy Notice Single User License Terms and Conditions TotalTester Online Pre-Assessment Test Other Book Resources Performance-Based Questions Video Training from the Author Downloadable Content Technical Support Index