Cover
Title page
Copyright
Acknowledgments
About the Author
About the Technical Editor
Contents at a Glance
Contents
Introduction
What Is Security+ Certification?
Is This Book for You?
How Is This Book Organized?
Interactive Online Learning Environment and Test Bank
Tips for Taking the Security+ Exam
Performance-Based Questions
Exam Specifics
The Security+ Exam Objectives
How to Contact the Publisher
Chapter 1 Threats, Attacks, and Vulnerabilities
1.1 Compare and contrast different types of social engineering techniques.
Phishing
Smishing
Vishing
Spam
Spam over instant messaging (SPIM)
Spear phishing
Dumpster diving
Shoulder surfing
Pharming
Tailgating
Eliciting information
Whaling
Prepending
Identity fraud
Invoice scams
Credential harvesting
Reconnaissance
Hoax
Impersonation
Watering hole attack
Typosquatting
Pretexting
Influence campaigns
Principles (reasons for effectiveness)
Exam Essentials
1.2 Given a scenario, analyze potential indicators to determine the type of attack.
Malware
Password attacks
Physical attacks
Adversarial artificial intelligence (AI)
Supply-chain attacks
Cloud-based vs. on-premises attacks
Cryptographic attacks
Exam Essentials
1.3 Given a scenario, analyze potential indicators associated with application attacks.
Arbitrary Code Execution/Remote Code Execution
Privilege escalation
Cross-site scripting
Injections
Pointer/object dereference
Directory traversal
Buffer overflows
Race conditions
Error handling
Improper input handling
Replay attack
Integer overflow
Request forgeries
Application programming interface (API) attacks
Resource exhaustion
Memory leak
Secure Sockets Layer (SSL) stripping
Driver manipulation
Pass the hash
Exam Essentials
1.4 Given a scenario, analyze potential indicators associated with network attacks.
Wireless
On-path attack (previously known as man-in-the-middle attack/man-in-the-browser attack)
Layer 2 attacks
Domain name system (DNS)
Distributed denial-of-service (DDoS)
Malicious code or script execution
Exam Essentials
1.5 Explain different threat actors, vectors, and intelligence sources.
Actors and threats
Attributes of actors
Vectors
Threat intelligence sources
Research sources
Exam Essentials
1.6 Explain the security concerns associated with various types of vulnerabilities.
Cloud-based vs. on-premises vulnerabilities
Zero-day
Weak configurations
Third-party risks
Improper or weak patch management
Legacy platforms
Impacts
Exam Essentials
1.7 Summarize the techniques used in security assessments.
Threat hunting
Vulnerability scans
Syslog/Security information and event management (SIEM)
Security orchestration, automation, and response (SOAR)
Exam Essentials
1.8 Explain the techniques used in penetration testing.
Penetration testing
Passive and active reconnaissance
Exercise types
Exam Essentials
Review Questions
Chapter 2 Architecture and Design
2.1 Explain the importance of security concepts in an enterprise environment.
Configuration management
Data sovereignty
Data protection
Geographical considerations
Response and recovery controls
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection
Hashing
API considerations
Site resiliency
Deception and disruption
Exam Essentials
2.2 Summarize virtualization and cloud computing concepts.
Cloud models
Cloud service providers
Managed service provider (MSP)/ managed security service provider (MSSP)
On-premises vs. off-premises
Fog computing
Edge computing
Thin client
Containers
Microservices/API
Infrastructure as code
Serverless architecture
Services integration
Resource policies
Transit gateway
Virtualization
Exam Essentials
2.3 Summarize secure application development, deployment, and automation concepts.
Environment
Provisioning and deprovisioning
Integrity measurement
Secure coding techniques
Open Web Application Security Project (OWASP)
Software diversity
Automation/scripting
Elasticity
Scalability
Version control
Exam Essentials
2.4 Summarize authentication and authorization design concepts.
Authentication methods
Biometrics
Multifactor authentication (MFA) factors and attributes
Authentication, authorization, and accounting (AAA)
Cloud vs. on-premises requirements
Exam Essentials
2.5 Given a scenario, implement cybersecurity resilience.
Redundancy
Replication
On-premises vs. cloud
Backup types
Non-persistence
High availability
Restoration order
Diversity
Exam Essentials
2.6 Explain the security implications of embedded and specialized systems.
Embedded systems
Supervisory control and data acquisition (SCADA)/industrial control system (ICS)
Internet of Things (IoT)
Specialized
Voice over IP (VoIP)
Heating, ventilation, air conditioning (HVAC)
Drones
Multifunction printer (MFP)
Real-time operating system (RTOS)
Surveillance systems
System on chip (SoC)
Communication considerations
Constraints
Exam Essentials
2.7 Explain the importance of physical security controls.
Bollards/barricades
Access control vestibules
Badges
Alarms
Signage
Cameras
Closed-circuit television (CCTV)
Industrial camouflage
Personnel
Locks
USB data blocker
Lighting
Fencing
Fire suppression
Sensors
Drones
Visitor logs
Faraday cages
Air gap
Screened subnet (previously known as demilitarized zone)
Protected cable distribution
Secure areas
Secure data destruction
Exam Essentials
2.8 Summarize the basics of cryptographic concepts.
Digital signatures
Key length
Key stretching
Salting
Hashing
Key exchange
Elliptic-curve cryptography
Perfect forward secrecy
Quantum
Post-quantum
Ephemeral
Modes of operation
Blockchain
Cipher suites
Symmetric vs. asymmetric
Lightweight cryptography
Steganography
Homomorphic encryption
Common use cases
Limitations
Exam Essentials
Review Questions
Chapter 3 Implementation
3.1 Given a scenario, implement secure protocols.
Protocols
Use cases
Exam Essentials
3.2 Given a scenario, implement host or application security solutions.
Endpoint protection
Boot integrity
Database
Application security
Hardening
Self-encrypting drive (SED)/full-disk encryption (FDE)
Hardware root of trust
Trusted Platform Module (TPM)
Sandboxing
Exam Essentials
3.3 Given a scenario, implement secure network designs.
Load balancing
Network segmentation
Virtual private network (VPN)
DNS
Network access control (NAC)
Out-of-band management
Port security
Network appliances
Access control list (ACL)
Route security
Quality of service (QoS)
Implications of IPv6
Port spanning/port mirroring
Monitoring services
File integrity monitors
Exam Essentials
3.4 Given a scenario, install and configure wireless security settings.
Cryptographic protocols
Authentication protocols
Methods
Installation considerations
Exam Essentials
3.5 Given a scenario, implement secure mobile solutions.
Connection methods and receivers
Mobile device management (MDM)
Mobile devices
Enforcement and monitoring of:
Deployment models
Exam Essentials
3.6 Given a scenario, apply cybersecurity solutions to the cloud.
Cloud security controls
Solutions
Cloud native controls vs. third-party solutions
Exam Essentials
3.7 Given a scenario, implement identity and account management controls.
Identity
Account types
Account policies
Exam Essentials
3.8 Given a scenario, implement authentication and authorization solutions.
Authentication management
Authentication/authorization
Access control schemes
Exam Essentials
3.9 Given a scenario, implement public key infrastructure.
Public key infrastructure (PKI)
Types of certificates
Certificate formats
Concepts
Exam Essentials
Review Questions
Chapter 4 Operations and Incident Response
4.1 Given a scenario, use the appropriate tool to assess organizational security.
Network reconnaissance and discovery
File manipulation
Shell and script environments
Packet capture and replay
Forensics
Exploitation frameworks
Password crackers
Data sanitization
Exam Essentials
4.2 Summarize the importance of policies, processes, and procedures for incident response.
Incident response plans
Incident response process
Exercises
Attack frameworks
Stakeholder management
Communication plan
Disaster recovery plan
Business continuity plan
Continuity of operations planning (COOP)
Incident response team
Retention policies
Exam Essentials
4.3 Given an incident, utilize appropriate data sources to support an investigation.
Vulnerability scan output
SIEM dashboards
Log files
syslog/rsyslog/syslog-ng
journalctl
NXLog
Bandwidth monitors
Metadata
NetFlow/sFlow
Protocol analyzer output
Exam Essentials
4.4 Given an incident, apply mitigation techniques or controls to secure an environment.
Reconfigure endpoint security solutions
Configuration changes
Isolation
Containment
Segmentation
SOAR
Exam Essentials
4.5 Explain the key aspects of digital forensics.
Documentation/evidence
Acquisition
On-premises vs. cloud
Integrity
Preservation
E-discovery
Data recovery
Non-repudiation
Strategic intelligence/counterintelligence
Exam Essentials
Review Questions
Chapter 5 Governance, Risk, and Compliance
5.1 Compare and contrast various types of controls.
Category
Control type
Exam Essentials
5.2 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture.
Regulations, standards, and legislation
Key frameworks
Benchmarks/secure configuration guides
Exam Essentials
5.3 Explain the importance of policies to organizational security.
Personnel
Diversity of training techniques
Third-party risk management
Data
Credential policies
Organizational policies
Exam Essentials
5.4 Summarize risk management processes and concepts.
Risk types
Risk management strategies
Risk analysis
Disasters
Business impact analysis
Exam Essentials
5.5 Explain privacy and sensitive data concepts in relation to security.
Organizational consequences of privacy and data breaches
Notifications of breaches
Data types
Privacy enhancing technologies
Roles and responsibilities
Information life cycle
Impact assessment
Terms of agreement
Privacy notice
Exam Essentials
Review Questions
Appendix Answers to ReviewQuestions
Chapter 1: Threats, Attacks, and Vulnerabilities
Chapter 2: Architecture and Design
Chapter 3: Implementation
Chapter 4: Operations and Incident Response
Chapter 5: Governance, Risk, and Compliance
Index
EULA