Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Introduction | p. xx |
Self-Assessment | p. xxviii |
CompTIA Certification Exams | p. 1 |
CompTIA Certification Programs Launch Your Career | p. 2 |
Development of the CompTIA Security+ Certification | p. 2 |
The Exam Situation | p. 3 |
Exam Layout and Design | p. 4 |
Using CompTIA's Exam Software Effectively | p. 6 |
Exam-Taking Techniques | p. 7 |
Question-Handling Strategies | p. 8 |
Mastering the Inner Game | p. 9 |
Weighted Averages of the Skill Sets | p. 10 |
Study Guide Checklist | p. 11 |
General Security Concepts | p. 11 |
Communication Security | p. 12 |
Infrastructure Security | p. 14 |
Basics of Cryptography | p. 17 |
Operational/Organizational Security | p. 18 |
Additional Resources | p. 21 |
General Security Practices | p. 23 |
Access Control | p. 24 |
Mandatory Access Control | p. 25 |
Discretionary Access Control | p. 25 |
Rule-Based Access Control | p. 26 |
Role-Based Access Control | p. 26 |
Authentication | p. 28 |
Kerberos Authentication | p. 29 |
Mutual Authentication | p. 31 |
Challenge Handshake Authentication Protocol (CHAP) | p. 32 |
Certificates | p. 32 |
Username and Password | p. 33 |
Tokens | p. 34 |
Biometrics | p. 34 |
Multifactor | p. 34 |
Nonessential Services and Protocols | p. 35 |
Practice Questions | p. 36 |
Need to Know More? | p. 41 |
Nonessential Services and Attacks | p. 43 |
Understanding and Identifying Common Services and Nonessential Services Posing Possible Security Threats | p. 44 |
Establishing a Server Role | p. 45 |
Required and Critical Services | p. 46 |
Determining Required Protocols | p. 46 |
Benefits of Removing Protocols and Services | p. 47 |
Attacks | p. 48 |
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks | p. 48 |
Back Door | p. 51 |
Spoofing | p. 52 |
Man in the Middle | p. 53 |
Replay | p. 54 |
TCP/IP Hijacking | p. 54 |
Weak Keys | p. 54 |
Mathematical | p. 55 |
Password Guessing | p. 55 |
Software Exploitation | p. 56 |
Malicious Code | p. 57 |
Viruses | p. 57 |
Trojan Horses | p. 59 |
Logic Bombs | p. 59 |
Worms | p. 59 |
Social Engineering | p. 61 |
System Scanning | p. 62 |
Auditing | p. 63 |
Practice Questions | p. 65 |
Need to Know More? | p. 70 |
Communication Security | p. 71 |
Remote Access | p. 72 |
802.11x Wireless Networking | p. 73 |
Virtual Private Network (VPN) Connections | p. 74 |
Dial-Up User Access | p. 75 |
Secure Shell (SSH) Connections | p. 76 |
Internet Protocol Security (IPSec) | p. 78 |
Securing Email | p. 79 |
Secure Multipurpose Internet Mail Extension (S/MIME) | p. 80 |
Pretty Good Privacy (PGP) | p. 80 |
Undesirable Email | p. 81 |
Instant Messaging | p. 82 |
Web Connectivity | p. 83 |
Secure Sockets Layer (SSL) | p. 83 |
Transport Layer Security (TLS) | p. 83 |
Hypertext Transport Protocol over Secure Sockets Layer (HTTPS) | p. 84 |
Practice Questions | p. 85 |
Need to Know More? | p. 91 |
Online Vulnerabilities | p. 93 |
Web Vulnerabilities | p. 94 |
Java and JavaScript | p. 94 |
ActiveX Controls | p. 96 |
Buffer Overflows | p. 96 |
Cookies | p. 97 |
Signed Applets | p. 98 |
Common Gateway Interface (CGI) Vulnerabilities | p. 98 |
Simple Mail Transport Protocol (SMTP) Relay | p. 100 |
Protocol Vulnerabilities | p. 101 |
SSL/TLS | p. 101 |
LDAP | p. 101 |
File Transfer Protocol (FTP) Vulnerabilities | p. 102 |
Anonymous Access | p. 102 |
Unencrypted Authentication | p. 103 |
Blind Access | p. 104 |
File Sharing | p. 104 |
Wireless Network Vulnerabilities | p. 104 |
Wireless Transport Layer Security (WTLS) | p. 105 |
Wireless Local Area Networks (WLANs) Using 802.11x or Buletooth Standards | p. 105 |
WAP and i-Mode | p. 106 |
Wired Equivalent Privacy (WEP) | p. 107 |
Site Surveys | p. 107 |
Practice Questions | p. 109 |
Need to Know More? | p. 114 |
Infrastructure Security | p. 115 |
Understanding the Basic Security Concepts of Communication and Network Devices | p. 116 |
Firewalls | p. 116 |
Routers | p. 118 |
Switches | p. 119 |
Wireless | p. 119 |
Modems | p. 121 |
RAS | p. 122 |
Telecom/PBX | p. 122 |
VPN | p. 122 |
IDS | p. 123 |
Network Monitoring/Diagnostics | p. 124 |
Workstations | p. 126 |
Servers | p. 127 |
Mobile Devices | p. 127 |
Understanding the Basic Security Concepts of Media | p. 127 |
Coax | p. 127 |
UTP/STP | p. 128 |
Fiber | p. 129 |
Removable Media | p. 130 |
Basic Security Concepts, Strengths, and Vulnerabilities of Security Topologies | p. 135 |
Security Zones | p. 136 |
VLANs | p. 139 |
NAT | p. 140 |
Tunneling | p. 142 |
Practice Questions | p. 143 |
Need to Know More? | p. 148 |
Intrusion Detection and Security Baselines | p. 149 |
Intrusion Detection | p. 150 |
Methods of Intrusion Detection | p. 150 |
Intrusion-Detection Sources | p. 152 |
Layered Intrusion Detection | p. 155 |
Honeypots and Honeynets | p. 155 |
Incident Handling | p. 156 |
Security Baselines | p. 157 |
Operating System Hardening | p. 157 |
Network Hardening | p. 158 |
Application Hardening | p. 160 |
Practice Questions | p. 163 |
Need to Know More? | p. 168 |
Basics of Cryptography | p. 169 |
Algorithms | p. 170 |
Hashing | p. 171 |
Symmetric Algorithms | p. 172 |
Asymmetric Algorithms | p. 175 |
Concepts of Using Cryptography | p. 178 |
Confidentiality | p. 179 |
Integrity | p. 180 |
Authentication | p. 182 |
Nonrepudiation | p. 182 |
Access Control | p. 183 |
Public Key Infrastructure (PKI) | p. 184 |
Certificates | p. 185 |
Revocation | p. 188 |
Trust Models | p. 188 |
Practice Questions | p. 190 |
Need to Know More? | p. 195 |
Deploying Cryptography | p. 197 |
Standards and Protocols | p. 198 |
X.509-Based Public Key Infrastructure | p. 198 |
Public Key Cryptography Standards (PKCS) | p. 198 |
X.509 Standards | p. 200 |
Other Standards and Protocols | p. 201 |
Key Management and the Certificate Lifecycle | p. 206 |
Centralized Versus Decentralized | p. 207 |
Escrow | p. 208 |
Expiration | p. 208 |
Revocation | p. 209 |
Suspension | p. 210 |
Recovery | p. 210 |
Renewal | p. 211 |
Destruction | p. 211 |
Key Usage | p. 211 |
Practice Questions | p. 213 |
Need to Know More? | p. 221 |
Organizational Security | p. 223 |
Physical Security | p. 224 |
Access Control | p. 225 |
Social Engineering | p. 230 |
Environment | p. 232 |
Disaster Recovery | p. 236 |
Backup and Recovery Planning | p. 236 |
Secure Recovery | p. 239 |
Disaster Recovery Plan | p. 241 |
Business Continuity Planning | p. 241 |
Security Policies and Procedures | p. 242 |
Practice Questions | p. 245 |
Need to Know More? | p. 250 |
Privilege Management, Forensics, Risk Identification, Education, and Documentation | p. 251 |
Understanding Privilege Management | p. 252 |
Single Sign-On | p. 252 |
Centralized Versus Decentralized | p. 253 |
Managing Access Control | p. 254 |
Monitoring Access Use | p. 254 |
Understanding Computer Forensics | p. 255 |
Chain of Custody | p. 255 |
Preservation of Evidence | p. 256 |
Collection of Evidence | p. 257 |
Identifying Risks | p. 258 |
Asset Identification | p. 258 |
Risk Assessment | p. 259 |
Vulnerabilities | p. 259 |
Implementing User Education | p. 261 |
Understanding Security Documentation | p. 262 |
Security Policies | p. 262 |
Architecture Documentation | p. 263 |
Change Documentation | p. 263 |
Logs and Inventories | p. 264 |
Classification | p. 264 |
Retention and Disposal | p. 266 |
Practice Questions | p. 267 |
Need to Know More? | p. 272 |
Sample Test #1 | p. 273 |
Answer Key to Sample Test #1 | p. 311 |
Sample Test #2 | p. 343 |
Answer Key to Sample Test #2 | p. 377 |
List of Resources | p. 409 |
Chapter 1 | p. 409 |
Chapter 2 | p. 409 |
Chapter 3 | p. 409 |
Chapter 4 | p. 410 |
Chapter 5 | p. 410 |
Chapter 6 | p. 410 |
Chapter 7 | p. 411 |
Chapter 8 | p. 411 |
Chapter 9 | p. 412 |
Chapter 10 | p. 413 |
Chapter 11 | p. 413 |
Other Resources | p. 413 |
List of Products and Vendors | p. 415 |
Chapter 2 | p. 415 |
Chapter 3 | p. 415 |
Chapter 4 | p. 416 |
Chapter 5 | p. 417 |
Chapter 6 | p. 418 |
Chapter 7 | p. 418 |
Chapter 8 | p. 419 |
Chapter 9 | p. 419 |
Chapter 10 | p. 419 |
What's on the CD-ROM | p. 421 |
PrepLogic Practice Tests, Preview Edition | p. 421 |
Exclusive Electronic Version of Text | p. 422 |
Easy Access to Online Pointers and References | p. 422 |
Using the PrepLogic Practice Tests, Preview Edition Software | p. 423 |
Exam Simulation | p. 423 |
Question Quality | p. 424 |
Interface Design | p. 424 |
Effective Learning Environment | p. 424 |
Software Requirements | p. 424 |
Installing PrepLogic Practice Tests, Preview Edition | p. 425 |
Removing PrepLogic Practice Tests, Preview Edition from Your Computer | p. 425 |
Using PrepLogic Practice Tests, Preview Edition | p. 425 |
Starting a Practice Test Mode Session | p. 426 |
Starting a Flash Review Mode Session | p. 427 |
Standard PrepLogic Practice Tests, Preview Edition Options | p. 427 |
Time Remaining | p. 428 |
Your Examination Score Report | p. 428 |
Review Your Exam | p. 428 |
Get More Exams | p. 428 |
Contacting PrepLogic | p. 429 |
Customer Service | p. 429 |
Product Suggestions and Comments | p. 429 |
License Agreement | p. 429 |
Glossary | p. 431 |
Index | p. 453 |
Table of Contents provided by Rittenhouse. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.