دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب CompTIA Security+ Review Guide: Exam SY0–601
دانلود کتاب CompTIA Security + راهنمای بررسی: آزمون SY0–601
مشخصات کتاب
CompTIA Security+ Review Guide: Exam SY0–601
ویرایش: [5 ed.]
نویسندگان: James Michael Stewart
سری:
ISBN (شابک) : 1119735386, 9781119735380
ناشر: Sybex
سال نشر: 2021
تعداد صفحات: 576
[579]
زبان: English
فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 14 Mb
قیمت کتاب (تومان) : 51,000
در صورت تبدیل فایل کتاب CompTIA Security+ Review Guide: Exam SY0–601 به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب CompTIA Security + راهنمای بررسی: آزمون SY0–601 نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب CompTIA Security + راهنمای بررسی: آزمون SY0–601
عوامل حوزه امنیت فناوری اطلاعات را بیاموزید و با یک منبع آسان برای دنبال کردن، برای آزمون CompTIA Security+ SY0-601 آماده شوید
CompTIA راهنمای بررسی Security+: Exam SY0-601, Fifth Edition به شما کمک میکند تا گواهینامه امنیتی پیشرو IT - CompTIA Security+ SY0-601 را بهطور مؤثر بررسی کنید. نویسنده ماهر و کارشناس امنیتی، جیمز مایکل استوارت، هر دامنه را به روشی ساده و عملی پوشش میدهد و تضمین میکند که اهداف را در سریعترین زمان ممکن درک کرده و درک میکنید.
چه دانش خود را تازهسازی میکنید یا درست قبل از شرکت در آزمون مرور لحظه آخری انجام میدهید، این راهنما شامل دسترسی به یک بانک آزمون آنلاین همراه است که صدها سؤال تمرینی، فلشکارت، و اصطلاحات واژهنامه را ارائه میدهد.
این راهنما با پوشش هر پنج دامنه آزمایششده توسط Exam SY0-601، موارد زیر را بررسی میکند:
- حملات، تهدیدها و آسیبپذیریها
- معماری و طراحی li>
- اجرای
- عملیات و واکنش به حوادث
- حاکمیت، ریسک و انطباق
این نسخه پنجم بهتازگی بهروزرسانی شده راهنمای بررسی CompTIA Security+: Exam SY0-601 نه فقط برای افرادی که امیدوارند در آزمون SY0-601 شرکت کنند عالی است، بلکه منبع عالی برای کسانی است که نمیخواهند وارد حوزه امنیت فناوری اطلاعات شوند.
توضیحاتی درمورد کتاب به خارجی
Learn the ins and outs of the IT security field and efficiently prepare for the CompTIA Security+ Exam SY0-601 with one easy-to-follow resource
CompTIA Security+ Review Guide: Exam SY0-601, Fifth Edition helps you to efficiently review for the leading IT security certification—CompTIA Security+ SY0-601. Accomplished author and security expert James Michael Stewart covers each domain in a straightforward and practical way, ensuring that you grasp and understand the objectives as quickly as possible.
Whether you’re refreshing your knowledge or doing a last-minute review right before taking the exam, this guide includes access to a companion online test bank that offers hundreds of practice questions, flashcards, and glossary terms.
Covering all five domains tested by Exam SY0-601, this guide reviews:
- Attacks, Threats, and Vulnerabilities
- Architecture and Design
- Implementation
- Operations and Incident Response
- Governance, Risk, and Compliance
This newly updated Fifth Edition of CompTIA Security+ Review Guide: Exam SY0-601 is not just perfect for anyone hoping to take the SY0-601 Exam, but it is also an excellent resource for those wondering about entering the IT security field.
فهرست مطالب
Cover Title page Copyright Acknowledgments About the Author About the Technical Editor Contents at a Glance Contents Introduction What Is Security+ Certification? Is This Book for You? How Is This Book Organized? Interactive Online Learning Environment and Test Bank Tips for Taking the Security+ Exam Performance-Based Questions Exam Specifics The Security+ Exam Objectives How to Contact the Publisher Chapter 1 Threats, Attacks, and Vulnerabilities 1.1 Compare and contrast different types of social engineering techniques. Phishing Smishing Vishing Spam Spam over instant messaging (SPIM) Spear phishing Dumpster diving Shoulder surfing Pharming Tailgating Eliciting information Whaling Prepending Identity fraud Invoice scams Credential harvesting Reconnaissance Hoax Impersonation Watering hole attack Typosquatting Pretexting Influence campaigns Principles (reasons for effectiveness) Exam Essentials 1.2 Given a scenario, analyze potential indicators to determine the type of attack. Malware Password attacks Physical attacks Adversarial artificial intelligence (AI) Supply-chain attacks Cloud-based vs. on-premises attacks Cryptographic attacks Exam Essentials 1.3 Given a scenario, analyze potential indicators associated with application attacks. Arbitrary Code Execution/Remote Code Execution Privilege escalation Cross-site scripting Injections Pointer/object dereference Directory traversal Buffer overflows Race conditions Error handling Improper input handling Replay attack Integer overflow Request forgeries Application programming interface (API) attacks Resource exhaustion Memory leak Secure Sockets Layer (SSL) stripping Driver manipulation Pass the hash Exam Essentials 1.4 Given a scenario, analyze potential indicators associated with network attacks. Wireless On-path attack (previously known as man-in-the-middle attack/man-in-the-browser attack) Layer 2 attacks Domain name system (DNS) Distributed denial-of-service (DDoS) Malicious code or script execution Exam Essentials 1.5 Explain different threat actors, vectors, and intelligence sources. Actors and threats Attributes of actors Vectors Threat intelligence sources Research sources Exam Essentials 1.6 Explain the security concerns associated with various types of vulnerabilities. Cloud-based vs. on-premises vulnerabilities Zero-day Weak configurations Third-party risks Improper or weak patch management Legacy platforms Impacts Exam Essentials 1.7 Summarize the techniques used in security assessments. Threat hunting Vulnerability scans Syslog/Security information and event management (SIEM) Security orchestration, automation, and response (SOAR) Exam Essentials 1.8 Explain the techniques used in penetration testing. Penetration testing Passive and active reconnaissance Exercise types Exam Essentials Review Questions Chapter 2 Architecture and Design 2.1 Explain the importance of security concepts in an enterprise environment. Configuration management Data sovereignty Data protection Geographical considerations Response and recovery controls Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection Hashing API considerations Site resiliency Deception and disruption Exam Essentials 2.2 Summarize virtualization and cloud computing concepts. Cloud models Cloud service providers Managed service provider (MSP)/ managed security service provider (MSSP) On-premises vs. off-premises Fog computing Edge computing Thin client Containers Microservices/API Infrastructure as code Serverless architecture Services integration Resource policies Transit gateway Virtualization Exam Essentials 2.3 Summarize secure application development, deployment, and automation concepts. Environment Provisioning and deprovisioning Integrity measurement Secure coding techniques Open Web Application Security Project (OWASP) Software diversity Automation/scripting Elasticity Scalability Version control Exam Essentials 2.4 Summarize authentication and authorization design concepts. Authentication methods Biometrics Multifactor authentication (MFA) factors and attributes Authentication, authorization, and accounting (AAA) Cloud vs. on-premises requirements Exam Essentials 2.5 Given a scenario, implement cybersecurity resilience. Redundancy Replication On-premises vs. cloud Backup types Non-persistence High availability Restoration order Diversity Exam Essentials 2.6 Explain the security implications of embedded and specialized systems. Embedded systems Supervisory control and data acquisition (SCADA)/industrial control system (ICS) Internet of Things (IoT) Specialized Voice over IP (VoIP) Heating, ventilation, air conditioning (HVAC) Drones Multifunction printer (MFP) Real-time operating system (RTOS) Surveillance systems System on chip (SoC) Communication considerations Constraints Exam Essentials 2.7 Explain the importance of physical security controls. Bollards/barricades Access control vestibules Badges Alarms Signage Cameras Closed-circuit television (CCTV) Industrial camouflage Personnel Locks USB data blocker Lighting Fencing Fire suppression Sensors Drones Visitor logs Faraday cages Air gap Screened subnet (previously known as demilitarized zone) Protected cable distribution Secure areas Secure data destruction Exam Essentials 2.8 Summarize the basics of cryptographic concepts. Digital signatures Key length Key stretching Salting Hashing Key exchange Elliptic-curve cryptography Perfect forward secrecy Quantum Post-quantum Ephemeral Modes of operation Blockchain Cipher suites Symmetric vs. asymmetric Lightweight cryptography Steganography Homomorphic encryption Common use cases Limitations Exam Essentials Review Questions Chapter 3 Implementation 3.1 Given a scenario, implement secure protocols. Protocols Use cases Exam Essentials 3.2 Given a scenario, implement host or application security solutions. Endpoint protection Boot integrity Database Application security Hardening Self-encrypting drive (SED)/full-disk encryption (FDE) Hardware root of trust Trusted Platform Module (TPM) Sandboxing Exam Essentials 3.3 Given a scenario, implement secure network designs. Load balancing Network segmentation Virtual private network (VPN) DNS Network access control (NAC) Out-of-band management Port security Network appliances Access control list (ACL) Route security Quality of service (QoS) Implications of IPv6 Port spanning/port mirroring Monitoring services File integrity monitors Exam Essentials 3.4 Given a scenario, install and configure wireless security settings. Cryptographic protocols Authentication protocols Methods Installation considerations Exam Essentials 3.5 Given a scenario, implement secure mobile solutions. Connection methods and receivers Mobile device management (MDM) Mobile devices Enforcement and monitoring of: Deployment models Exam Essentials 3.6 Given a scenario, apply cybersecurity solutions to the cloud. Cloud security controls Solutions Cloud native controls vs. third-party solutions Exam Essentials 3.7 Given a scenario, implement identity and account management controls. Identity Account types Account policies Exam Essentials 3.8 Given a scenario, implement authentication and authorization solutions. Authentication management Authentication/authorization Access control schemes Exam Essentials 3.9 Given a scenario, implement public key infrastructure. Public key infrastructure (PKI) Types of certificates Certificate formats Concepts Exam Essentials Review Questions Chapter 4 Operations and Incident Response 4.1 Given a scenario, use the appropriate tool to assess organizational security. Network reconnaissance and discovery File manipulation Shell and script environments Packet capture and replay Forensics Exploitation frameworks Password crackers Data sanitization Exam Essentials 4.2 Summarize the importance of policies, processes, and procedures for incident response. Incident response plans Incident response process Exercises Attack frameworks Stakeholder management Communication plan Disaster recovery plan Business continuity plan Continuity of operations planning (COOP) Incident response team Retention policies Exam Essentials 4.3 Given an incident, utilize appropriate data sources to support an investigation. Vulnerability scan output SIEM dashboards Log files syslog/rsyslog/syslog-ng journalctl NXLog Bandwidth monitors Metadata NetFlow/sFlow Protocol analyzer output Exam Essentials 4.4 Given an incident, apply mitigation techniques or controls to secure an environment. Reconfigure endpoint security solutions Configuration changes Isolation Containment Segmentation SOAR Exam Essentials 4.5 Explain the key aspects of digital forensics. Documentation/evidence Acquisition On-premises vs. cloud Integrity Preservation E-discovery Data recovery Non-repudiation Strategic intelligence/counterintelligence Exam Essentials Review Questions Chapter 5 Governance, Risk, and Compliance 5.1 Compare and contrast various types of controls. Category Control type Exam Essentials 5.2 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture. Regulations, standards, and legislation Key frameworks Benchmarks/secure configuration guides Exam Essentials 5.3 Explain the importance of policies to organizational security. Personnel Diversity of training techniques Third-party risk management Data Credential policies Organizational policies Exam Essentials 5.4 Summarize risk management processes and concepts. Risk types Risk management strategies Risk analysis Disasters Business impact analysis Exam Essentials 5.5 Explain privacy and sensitive data concepts in relation to security. Organizational consequences of privacy and data breaches Notifications of breaches Data types Privacy enhancing technologies Roles and responsibilities Information life cycle Impact assessment Terms of agreement Privacy notice Exam Essentials Review Questions Appendix Answers to ReviewQuestions Chapter 1: Threats, Attacks, and Vulnerabilities Chapter 2: Architecture and Design Chapter 3: Implementation Chapter 4: Operations and Incident Response Chapter 5: Governance, Risk, and Compliance Index EULA
