CompTIA security certification bundle exam SY0 401 Second Edition by Glen Clarke, Daniel Lachance 9780071834278 0071834273

CompTIA security certification bundle exam SY0 401 Second Edition by Glen Clarke, Daniel Lachance – Ebook PDF Instant Download/Delivery: 9780071834278, 0071834273
Full download CompTIA security certification bundle exam SY0 401 Second Edition after payment

Product details:

ISBN 10: 0071834273
ISBN 13: 9780071834278
Author: Glen Clarke, Daniel Lachance

Fully revised to cover the 2014 CompTIA Security+ objectives, this is a money-saving self-study bundle with bonus study materials Prepare for CompTIA Security+ Exam SY0-401 with McGraw-Hill Professional–a Platinum-Level CompTIA Authorized Partner offering Authorized CompTIA Approved Quality Content to give you the competitive edge on exam day. CompTIA Security+ Certification Bundle, Second Edition offers complete coverage of exam SY0-401 and provides a comprehensive self-study program with 1200+ practice exam questions. Pre-assessment tests help you gauge your readiness for the full-length practice exams included in the bundle. For a final overview of key exam topics, you can study the Quick Review Guide. Total electronic content includes: 500 practice exam questions Pre-assessment exam Test engine that provides full-length practice exams and customized quizzes by chapter Video clips Security Audit Checklist Review Guide URL Reference List PDF copies of both books

CompTIA security certification bundle exam SY0 401 Second Table of contents:

1. Networking Basics and Terminology
Understanding Network Devices and Cabling
Looking at Network Devices
Understanding Network Cabling
Exercise 1-1: Reviewing Networking Components
Understanding TCP/IP
Reviewing IP Addressing
Exercise 1-2: Understanding Valid Addresses
Understanding TCP/IP Protocols
Exercise 1-3: Viewing Protocol Information with Network Monitor
Application Layer Protocols
A Review of IPv6
Exercise 1-4: Identifying Protocols in TCP/IP
Network Security Best Practices
Device Usage
Cable and Protocol Usage
Two-Minute Drill
Self Test
Self Test Answers

2. Introduction to Security Terminology
Goals of Information Security
Confidentiality
Integrity
Availability
Accountability
Exercise 2-1: CIA Scenarios
Understanding Authentication and Authorization
Identification and Authentication
Authorization
Understanding Security Principles and Terminology
Types of Security
Least Privilege, Separation of Duties, and Rotation of Duties
Concept of Need to Know
Layered Security and Diversity of Defense
Due Care, Due Diligence
Vulnerability and Exploit
Looking at Security Roles
System and Data Owner
Custodian
User
Security Officer
Exercise 2-2: Security Terminology
Two-Minute Drill
Self Test
Self Test Answers

3. Security Policies and Standards
Introduction to Security Policies
Structure of a Policy
Identifying Types of Policies
Understanding Regulations and Standards
Looking at Security Policies
Policies Affecting Users
Policies Affecting Administrators
Exercise 3-1: Reviewing a Security Policy
Policies Affecting Management
Other Popular Policies
Human Resource Policies
Hiring Policy
Termination Policy
Mandatory Vacations
Security-Related HR Policies
Exercise 3-2: Creating a Security Policy
User Education and Awareness
General Training and Role-Based Training
User Habits
New Threats and Security Trends
Use of Social Network and P2P
Training Metrics and Follow Up
Exercise 3-3: Designing a Training Program
Two-Minute Drill
Self Test
Self Test Answers

4. Types of Attacks
Understanding Social Engineering
Social Engineering Overview
Popular Social Engineering Attacks
Reasons for Effectiveness
Preventing Social Engineering Attacks
Identifying Network Attacks
Popular Network Attacks
Exercise 4-1: DNS Poisoning by Modifying the Hosts File
Exercise 4-2: Performing a Port Scan
Other Network Attacks
Preventing Network Attacks
Looking at Password Attacks
Types of Password Attacks
Exercise 4-3: Password Cracking with LC4
Birthday Attacks and Rainbow Tables
Preventing Password Attacks
Understanding Application Attacks
Popular Application Attacks
Exercise 4-4: SQL Injection Attacks
Exercise 4-5: Exploiting an IIS Web Server with Folder Traversal
Other Application Attacks
Preventing Application Attacks
Two-Minute Drill
Self Test
Self Test Answers

5. System Security Threats
Identifying Physical Threats
Snooping
Theft and Loss of Assets
Human Error
Sabotage
Looking at Malicious Software
Privilege Escalation
Viruses
Exercise 5-1: Looking at the NetBus Trojan Virus
Other Malicious Software
Protecting Against Malicious Software
Threats Against Hardware
BIOS Settings
USB Devices
Cell Phones
Exercise 5-2: Exploiting a Bluetooth Device
Removable Storage
Network Attached Storage
PBX
Two-Minute Drill
Self Test
Self Test Answers

6. Mitigating Security Threats
Understanding Operating System Hardening
Uninstall Unnecessary Software
Disable Unnecessary Services
Exercise 6-1: Disabling the Messenger Service
Protect Management Interfaces and Applications
Disable Unnecessary Accounts
Patch System
Password Protection
System Hardening Procedures
Network Security Hardening
Exercise 6-2: Hardening a Network Switch
Tools for System Hardening
Exercise 6-3: Creating a Security Template
Security Posture and Reporting
Establishing Application Security
Secure Coding Concepts
Application Hardening
Server Hardening Best Practices
All Servers
HTTP Servers
DNS Servers
Exercise 6-4: Limiting DNS Zone Transfers
DHCP Servers
SMTP Servers and FTP Servers
Mitigate Risks in Static Environments
Two-Minute Drill
Self Test
Self Test Answers

7. Implementing System Security
Implementing Personal Firewalls and HIDS
Personal Firewalls
Exercise 7-1: Configuring TCP Wrappers in Linux
Host-Based IDS
Protecting Against Malware
Patch Management
Using Antivirus and Anti-spam Software
Spyware and Adware
Phish Filters and Pop-up Blockers
Exercise 7-2: Manually Testing a Web Site for Phishing
Practicing Good Habits
Device Security and Data Security
Hardware Security
Mobile Devices
Data Security
Exercise 7-3: Configuring Permissions in Windows 8
Application Security and BYOD Concerns
Host-Based Security
Understanding Virtualization and Cloud Computing
Virtualization and Security
Cloud Computing Issues
Two-Minute Drill
Self Test
Self Test Answers

8. Securing the Network Infrastructure
Understanding Firewalls
Firewalls
Using IPTables as a Firewall
Exercise 8-1: Configuring IPTables in Linux
Using Firewall Features on a Home Router
Proxy Servers
Other Security Devices and Technologies
Using Intrusion Detection Systems
IDS Overview
Exercise 8-2: Using Snort—A Network-Based IDS
Honeypots and Honeynets
Protocol Analyzers
Network Design and Administration Principles
Subnetting and VLANs
Network Address Translation (NAT)
Network Access Control (NAC)
Network Administration Principles
Securing Devices
Two-Minute Drill
Self Test
Self Test Answers

9. Wireless Networking and Security
Understanding Wireless Networking
Standards
Channels
Antenna Types
Authentication and Encryption
Securing a Wireless Network
Security Best Practices
Vulnerabilities with Wireless Networks
Exercise 9-1: Cracking WEP with BackTrack
Perform a Site Survey
Configuring a Wireless Network
Configuring the Access Point
Configuring the Client
Infrared and Bluetooth
Infrared
Bluetooth
Near Field Communication
Two-Minute Drill
Self Test
Self Test Answers

10. Authentication
Identifying Authentication Models
Authentication Terminology
Authentication Factors
Single Sign-on
Authentication Protocols
Windows Authentication Protocols
Remote Access Authentication
Authentication Services
Implementing Authentication
User Accounts
Tokens
Looking at Biometrics
Smartcard
Two-Minute Drill
Self Test
Self Test Answers

11. Access Control
Introducing Access Control
Types of Security Controls
Implicit Deny
Review of Security Principles
Access Control Models
Discretionary Access Control
Mandatory Access Control
Role-Based Access Control
Exercise 11-1: Assigning a User the sysadmin Role
Rule-Based Access Control
Implementing Access Control
Using Security Groups
Exercise 11-2: Configuring Security Groups and Assigning Permissions
Rights and Privileges
Exercise 11-3: Modifying User Rights on a Windows System
Securing Files and Printers
Access Control Lists (ACLs)
Group Policies
Exercise 11-4: Configuring Password Policies via Group Policies
Account Restrictions
Account Policy Enforcement
Monitoring Account Access
Two-Minute Drill
Self Test
Self Test Answers

12. Introduction to Cryptography
Introduction to Cryptography Services
Understanding Cryptography
Algorithms and Keys
Exercise 12-1: Encrypting Data with the Caesar Cipher
Other Cryptography Terms
Symmetric Encryption
Symmetric Encryption Concepts
Symmetric Encryption Algorithms
Exercise 12-2: Encrypting Data with the AES Algorithm
Asymmetric Encryption
Asymmetric Encryption Concepts
Asymmetric Encryption Algorithms
Quantum Cryptography
In-Band vs. Out-of-Band Key Exchange
Understanding Hashing
Hashing Concepts
Hashing Algorithms
Exercise 12-3: Generating Hashes to Verify Integrity
Identifying Encryption Uses
Encrypting Data
Encrypting Communication
Understanding Steganography
Two-Minute Drill
Self Test
Self Test Answers

13. Managing a Public Key Infrastructure
Introduction to Public Key Infrastructure
Understanding PKI Terminology
Certificate Authority and Registration Authority
Repository
Managing a Public Key Infrastructure
Certificate Life Cycle
Certificate Revocation Lists and OSCP
Other PKI Terms
Implementing a Public Key Infrastructure
How SSL Works
How Digital Signatures Work
Creating a PKI
Exercise 13-1: Installing a Certificate Authority
Exercise 13-2: SSL-Enabling a Web Site
Managing a PKI
Two-Minute Drill
Self Test
Self Test Answers

14. Physical Security
Choosing a Business Location
Facility Concerns
Lighting and Windows
Doors, Windows, and Walls
Safety Concerns
Physical Access Controls
Exercise 14-1: Erasing the Administrator Password with a Live CD
Fencing and Guards
Hardware Locks
Access Systems
Other Security Controls
Physical Access Lists and Logs
Video Surveillance
Implementing Environmental Controls
Understanding HVAC
Shielding
Fire Suppression
Two-Minute Drill
Self Test
Self Test Answers

15. Risk Analysis
Introduction to Risk Analysis
Risk Analysis Overview
Risk Analysis Process
Risk with Cloud Computing and Third Parties
Types of Risk Analysis
Qualitative
Exercise 15-1: Performing a Qualitative Risk Analysis
Quantitative
Exercise 15-2: Performing a Quantitative Risk Analysis
Risk Mitigation Strategies
Exercise 15-3: Identifying Mitigation Techniques
Two-Minute Drill
Self Test
Self Test Answers

16. Disaster Recovery and Business Continuity
Introduction to Disaster Recovery and Business Continuity
Introduction to Business Continuity
Understanding Disaster Recovery
Backing Up and Restoring Data
Security Considerations with Tapes

People also search for CompTIA security certification bundle exam SY0 401 Second:

comptia security+ bundle
    
comptia certification bundle
    
comptia security+ basic bundle
    
comptia cert bundle
    
comptia security + bundle

Tags:

ecurity certification,Glen Clarke,Daniel Lachance