This fully updated, money-saving collection covers every objective on the CompTIA Security+ exam SY0-501 and contains bonus content This up-to-date test preparation bundle covers every objective on the latest version of the CompTIA Security+ exam. Designed to be the ultimate self-study resource, the bundle includes the current editions of CompTIA Security+ Certification Study Guide and CompTIA Security+ Certification Practice Exams and exclusive electronic content—all at a discount of 12% off of the suggested retail price. CompTIA Security+ Certification Bundle, Third Edition, provides examinees with a wide variety of exam-focused preparation resources. Bonus content includes a quick review guide, a security audit checklist, and a URL reference list. Electronic content from the two books features author-led video training, lab simulations, and customizable test engine software that contains four complete practice exams. • 12% cheaper than purchasing the books individually, and features content unavailable elsewhere • Includes a 10% off exam voucher coupon, a $37 value • CompTIA Approved Quality Content (CAQC)—provides complete coverage of every objective on exam SY0-501

Table of Contents:
Section I: “How to Access the Bonus Content” Section II: CompTIA Security+ Certification Study Guide, Third Edition (Exam SY0-501) Cover Title Page Copyright Page Dedication About the Author Contents at a Glance Contents Preface Acknowledgments Introduction Exam Readiness Checklist 1 Networking Basics and Terminology Understanding Network Devices and Cabling Looking at Network Devices Understanding Network Cabling Exercise 1-1: Reviewing Networking Components Understanding TCP/IP Reviewing IP Addressing Exercise 1-2: Understanding Valid Addresses Understanding TCP/IP Protocols Exercise 1-3: Viewing Protocol Information with Network Monitor Understanding Application Layer Protocols Understanding IPv6 Exercise 1-4: Identifying Protocols in TCP/IP Network Security Best Practices Device Usage Cable and Protocol Usage Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 2 Introduction to Security Terminology Goals of Information Security Confidentiality Integrity Availability Accountability Exercise 2-1: CIA Scenarios Understanding Authentication and Authorization Identification and Authentication Authorization Understanding Security Principles and Terminology Types of Security Least Privilege, Separation of Duties, and Rotation of Duties Concept of Need to Know Layered Security and Diversity of Defense Due Care and Due Diligence Vulnerability and Exploit Threat Actors Looking at Security Roles System Owner and Data Owner System Administrator User Privileged User Executive User Data Roles Security Officer Exercise 2-2: Security Terminology Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 3 Security Policies and Standards Introduction to Security Policies Structure of a Policy Identifying Types of Policies Understanding Regulations and Standards General Security Policies Policies Affecting Users Policies Affecting Personnel Management Policies Affecting Administrators Exercise 3-1: Reviewing a Security Policy Policies Affecting Management Other Popular Policies Human Resources Policies Hiring Policy Termination Policy Mandatory Vacations Security-Related HR Policies Exercise 3-2: Creating a Security Policy User Education and Awareness General Training and Role-Based Training User Habits New Threats and Security Trends Use of Social Networks and P2P Programs Training Metrics and Follow-Up Exercise 3-3: Designing a Training Program Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 4 Types of Attacks Understanding Social Engineering Social Engineering Overview Popular Social Engineering Attacks Reasons for Effectiveness Preventing Social Engineering Attacks Identifying Network Attacks Popular Network Attacks Exercise 4-1: DNS Poisoning After Exploit Using Kali Linux Exercise 4-2: Performing a Port Scan Other Network Attacks Preventing Network Attacks Looking at Password Attacks Types of Password Attacks Exercise 4-3: Password Cracking with LC4 Birthday Attacks, Rainbow Tables, and Known-Plaintext Attacks Online vs. Offline Attacks Other Password Attack Terms Preventing Password Attacks Understanding Application Attacks Popular Application Attacks Exercise 4-4: SQL Injection Attacks Exercise 4-5: Exploiting an IIS Web Server with Folder Traversal Other Application Attacks Preventing Application Attacks Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 5 System Security Threats Identifying Physical Threats Snooping Theft and Loss of Assets Human Error Sabotage Looking at Malicious Software Privilege Escalation Viruses Exercise 5-1: Looking at the NetBus Trojan Virus Other Malicious Software Protecting Against Malicious Software Threats Against Hardware BIOS Settings USB Devices Smart Phones and Tablets Exercise 5-2: Exploiting a Bluetooth Device Removable Storage Network Attached Storage PBX Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 6 Mitigating Security Threats Understanding Operating System Hardening Uninstall Unnecessary Software Disable Unnecessary Services Exercise 6-1: Disabling the Remote Desktop Services Service Protect Management Interfaces and Applications Disable Unnecessary Accounts Patch System Password Protection System Hardening Procedures Network Security Hardening Exercise 6-2: Hardening a Network Switch Tools for System Hardening Exercise 6-3: Creating a Security Template Security Posture and Reporting Establishing Application Security Secure Coding Concepts Secure Coding Techniques Application Hardening Server Hardening Best Practices All Servers HTTP Servers DNS Servers Exercise 6-4: Limiting DNS Zone Transfers DHCP Servers SMTP Servers and FTP Servers Mitigate Risks in Static Environments Common Security Issues and Device Output Troubleshooting Common Security Issues Analyzing and Interpreting Output from Security Technologies Exercise 6-5: Removable Media Control Frameworks and Security Guides Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 7 Implementing System Security Implementing Host-Based Firewalls and HIDS Host-Based Firewalls Exercise 7-1: Configuring TCP Wrappers in Linux Host-Based IDS and Host-Based IPS Protecting Against Malware Patch Management Using Antivirus and Anti-spam Software Spyware and Adware Phish Filters and Pop-up Blockers Exercise 7-2: Manually Testing a Web Site for Phishing Practicing Good Habits Device Security and Data Security Hardware Security Mobile Devices Data Security Exercise 7-3: Configuring Permissions in Windows 8 Application Security and BYOD Concerns Secure System Design Secure Staging Deployment Understanding Virtualization and Cloud Computing Virtualization and Security Cloud Computing Overview Cloud Computing Considerations Resiliency and Automation Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 8 Securing the Network Infrastructure Understanding Firewalls Firewalls Using IPTables as a Firewall Exercise 8-1: Configuring IPTables in Linux Using Firewall Features on a Home Router NAT and Ad Hoc Networking Proxy Servers Routers and ACLs Other Security Devices and Technologies Using Intrusion Detection Systems IDS Overview Exercise 8-2: Using Snort: A Network-Based IDS Honeypots and Honeynets Protocol Analyzers Network Design and Administration Principles Subnetting and VLANs Network Switches Network Address Translation (NAT) Network Access Control (NAC) Data Loss Prevention (DLP) Mail Gateway Network Communication Encryption Network Administration Principles Security Device Placement Securing Devices Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 9 Wireless Networking and Security Understanding Wireless Networking Standards Channels Antenna Types Authentication and Encryption Securing a Wireless Network Security Best Practices Vulnerabilities with Wireless Networks Exercise 9-1: Cracking WEP with Kali Linux Perform a Site Survey Configuring a Wireless Network Configuring the Access Point Configuring the Client Other Wireless Technologies Infrared Bluetooth Near Field Communication RFID Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 10 Authentication Identifying Authentication Models Authentication Terminology Authentication Factors Single Sign-on Authentication Protocols Windows Authentication Protocols Remote Access Authentication Authentication Services Implementing Authentication User Accounts Tokens Looking at Biometrics Certificate-Based Authentication Claims-Based Authentication/Federation Services Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 11 Access Control Introducing Access Control Types of Security Controls Implicit Deny Review of Security Principles/General Concepts Access Control Models Discretionary Access Control Mandatory Access Control Role-Based Access Control Exercise 11-1: Assigning a User the sysadmin Role Rule-Based Access Control Group-Based Access Control Attribute-Based Access Control Implementing Access Control User Account Types Using Security Groups Exercise 11-2: Configuring Security Groups and Assigning Permissions Rights and Privileges Exercise 11-3: Modifying User Rights on a Windows System File System Security and Printer Security Access Control Lists (ACLs) Group Policies Exercise 11-4: Configuring Password Policies via Group Policies Database Security Exercise 11-5: Encrypting Sensitive Information in the Database Account Restrictions Account Policy Enforcement Monitoring Account Access Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 12 Introduction to Cryptography Introduction to Cryptography Services Understanding Cryptography Algorithms and Keys Exercise 12-1: Encrypting Data with the Caesar Cipher Other Cryptography Terms Symmetric Encryption Symmetric Encryption Concepts Symmetric Encryption Algorithms Exercise 12-2: Encrypting Data with the AES Algorithm Asymmetric Encryption Asymmetric Encryption Concepts Asymmetric Encryption Algorithms Quantum Cryptography In-Band vs. Out-of-Band Key Exchange Understanding Hashing Hashing Concepts Hashing Algorithms Exercise 12-3: Generating Hashes to Verify Integrity Identifying Encryption Uses Common Use Cases Encrypting Data Encrypting Communication Understanding Steganography Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 13 Managing a Public Key Infrastructure Introduction to Public Key Infrastructure Understanding PKI Terminology Certificate Authority and Registration Authority Repository Managing a Public Key Infrastructure Certificate Life Cycle Certificate Revocation Lists and OCSP Other PKI Terms Implementing a Public Key Infrastructure How SSL/TLS Works How Digital Signatures Work Creating a PKI Exercise 13-1: Installing a Certificate Authority Exercise 13-2: SSL-Enabling a Web Site Managing a PKI Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 14 Physical Security Choosing a Business Location Facility Concerns Lighting and Windows Doors, Windows, and Walls Safety Concerns Physical Access Controls Exercise 14-1: Erasing the Administrator Password with a Live DVD Fencing and Guards Hardware Locks/Lock Types Access Systems Other Security Controls Physical Access Lists and Logs Video Surveillance Implementing Environmental Controls Understanding HVAC Shielding Fire Suppression Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 15 Risk Analysis Introduction to Risk Analysis Risk Analysis Overview Risk Analysis Process Risk with Cloud Computing and Third Parties Types of Risk Analysis Qualitative Exercise 15-1: Performing a Qualitative Risk Analysis Quantitative Exercise 15-2: Performing a Quantitative Risk Analysis Risk Mitigation Strategies Exercise 15-3: Identifying Mitigation Techniques Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 16 Disaster Recovery and Business Continuity Introduction to Disaster Recovery and Business Continuity Introduction to Business Continuity Understanding Disaster Recovery Backing Up and Restoring Data (Backup Concepts) Security Considerations with Tapes Full, Incremental, and Differential Backups Scheduling Backups Backup Plan Example Exercise 16-1: Backing Up and Restoring Data on a Windows Server Geographic Considerations Implementing Fault Tolerance RAID 0 RAID 1 RAID 5 Understanding High Availability Failover Clustering Network Load Balancing Redundant Hardware Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 17 Introduction to Computer Forensics and Incident Response Working with Evidence Types of Evidence Collecting Evidence Collecting Digital Evidence Understanding the Process Where to Find Evidence Tools Used Exercise 17-1: Using ProDiscover Basic for Forensics Analysis Exercise 17-2: Performing Cell Phone Forensics Exercise 17-3: Looking at Exif Metadata Looking at Incident Response Incident Response Team Incident Response Plan Incident Response Process First Responders Damage and Loss Control Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 18 Security Assessments and Audits Understanding Types of Assessments Assessment Types Assessment Techniques Performing a Security Assessment Performing a Penetration Test Exercise 18-1: Profiling an Organization Exercise 18-2: Using a Port Scanner Performing a Vulnerability Assessment Exercise 18-3: Performing a Vulnerability Scan with MBSA Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers 19 Understanding Monitoring and Auditing Introduction to Monitoring Monitoring Tools Useful System Commands SNMP Performance Monitor Protocol Analyzer and Sniffer Exercise 19-1: Monitoring Network Traffic with Network Monitor Security Information and Event Management (SIEM) Implementing Logging and Auditing Understanding Auditing Exercise 19-2: Implementing Auditing in Windows Understanding Logging Exercise 19-3: Configuring Logging in IIS Exercise 19-4: Configuring Windows Firewall Popular Areas to Audit Certification Summary ✓ Two-Minute Drill Q&A Self Test Self Test Answers A About the Download System Requirements Total Tester Premium Practice Exam Software Installing and Running Total Tester Pre-assessment Test McGraw-Hill Professional Media Center Download Performance-Based Question Simulations Video Training from the Author Pre-assessment Exam in Total Tester: Analyzing Your Results Glossary Lab Book, Lab Solutions, and Lab Files Technical Support Total Seminars Technical Support McGraw-Hill Education Content Support Index Section III: CompTIA Security+ Certification Practice Exams, Third Edition (Exam SY0-501) Cover Title Page Copyright Page Dedication About the Authors About the Technical Editor Contents at a Glance Contents Acknowledgments Introduction Exam Readiness Checklist 1 Networking Basics and Terminology Questions Quick Answer Key In-Depth Answers 2 Introduction to Security Terminology Questions Quick Answer Key In-Depth Answers 3 Security Policies and Standards Questions Quick Answer Key In-Depth Answers 4 Types of Attacks Questions Quick Answer Key In-Depth Answers 5 System Security Threats Questions Quick Answer Key In-Depth Answers 6 Mitigating Security Threats Questions Quick Answer Key In-Depth Answers 7 Implementing System Security Questions Quick Answer Key In-Depth Answers 8 Securing the Network Infrastructure Questions Quick Answer Key In-Depth Answers 9 Wireless Networking and Security Questions Quick Answer Key In-Depth Answers 10 Authentication Questions Quick Answer Key In-Depth Answers 11 Access Control Questions Quick Answer Key In-Depth Answers 12 Introduction to Cryptography Questions Quick Answer Key In-Depth Answers 13 Managing a Public Key Infrastructure Questions Quick Answer Key In-Depth Answers 14 Physical Security Questions Quick Answer Key In-Depth Answers 15 Risk Analysis Questions Quick Answer Key In-Depth Answers 16 Disaster Recovery and Business Continuity Questions Quick Answer Key In-Depth Answers 17 Introduction to Computer Forensics and Incident Response Questions Quick Answer Key In-Depth Answers 18 Security Assessments and Audits Questions Quick Answer Key In-Depth Answers 19 Understanding Monitoring and Auditing Questions Quick Answer Key In-Depth Answers A Pre-assessment Exam Questions Quick Answer Key In-Depth Answers B About the CD-ROM System Requirements Installing and Running Total Tester Premium Practice Exam Software Total Tester Premium Practice Exam Software Performance-Based Questions Secured Book PDF Technical Support