Introduction xxxi Chapter 1 Today’s Security Professional 1 Cybersecurity Objectives 2 Data Breach Risks 3 The DAD Triad 4 Breach Impact 5 Implementing Security Controls 7 Gap Analysis 7 Security Control Categories 8 Security Control Types 9 Data Protection 10 Data Encryption 11 Data Loss Prevention 11 Data Minimization 12 Access Restrictions 13 Segmentation and Isolation 13 Summary 13 Exam Essentials 14 Review Questions 16 Chapter 2 Cybersecurity Threat Landscape 21 Exploring Cybersecurity Threats 23 Classifying Cybersecurity Threats 23 Threat Actors 25 Attacker Motivations 31 Threat Vectors and Attack Surfaces 32 Threat Data and Intelligence 35 Open Source Intelligence 35 Proprietary and Closed- Source Intelligence 38 Assessing Threat Intelligence 39 Threat Indicator Management and Exchange 40 Information Sharing Organizations 41 Conducting Your Own Research 42 Summary 42 Exam Essentials 43 Review Questions 45 Chapter 3 Malicious Code 49 Malware 50 Ransomware 51 Trojans 52 Worms 54 Spyware 55 Bloatware 56 Viruses 57 Keyloggers 59 Logic Bombs 60 Rootkits 60 Summary 62 Exam Essentials 62 Review Questions 64 Chapter 4 Social Engineering and Password Attacks 69 Social Engineering and Human Vectors 70 Social Engineering Techniques 71 Password Attacks 76 Summary 78 Exam Essentials 78 Review Questions 80 Chapter 5 Security Assessment and Testing 85 Vulnerability Management 87 Identifying Scan Targets 87 Determining Scan Frequency 89 Configuring Vulnerability Scans 91 Scanner Maintenance 95 Vulnerability Scanning Tools 98 Reviewing and Interpreting Scan Reports 101 Confirmation of Scan Results 111 Vulnerability Classification 112 Patch Management 112 Legacy Platforms 113 Weak Configurations 115 Error Messages 115 Insecure Protocols 116 Weak Encryption 117 Penetration Testing 118 Adopting the Hacker Mindset 119 Reasons for Penetration Testing 120 Benefits of Penetration Testing 120 Penetration Test Types 121 Rules of Engagement 123 Reconnaissance 125 Running the Test 125 Cleaning Up 126 Audits and Assessments 126 Security Tests 127 Security Assessments 128 Security Audits 129 Vulnerability Life Cycle 131 Vulnerability Identification 131 Vulnerability Analysis 132 Vulnerability Response and Remediation 132 Validation of Remediation 132 Reporting 133 Summary 133 Exam Essentials 134 Review Questions 136 Chapter 6 Application Security 141 Software Assurance Best Practices 143 The Software Development Life Cycle 143 Software Development Phases 144 DevSecOps and DevOps 146 Designing and Coding for Security 147 Secure Coding Practices 148 API Security 149 Software Security Testing 149 Analyzing and Testing Code 150 Injection Vulnerabilities 151 SQL Injection Attacks 151 Code Injection Attacks 155 Command Injection Attacks 155 Exploiting Authentication Vulnerabilities 156 Password Authentication 156 Session Attacks 157 Exploiting Authorization Vulnerabilities 160 Insecure Direct Object References 161 Directory Traversal 161 File Inclusion 163 Privilege Escalation 163 Exploiting Web Application Vulnerabilities 164 Cross- Site Scripting (XSS) 164 Request Forgery 167 Application Security Controls 168 Input Validation 168 Web Application Firewalls 170 Parameterized Queries 170 Sandboxing 171 Code Security 171 Secure Coding Practices 173 Source Code Comments 174 Error Handling 174 Hard- Coded Credentials 175 Package Monitoring 175 Memory Management 176 Race Conditions 177 Unprotected APIs 178 Automation and Orchestration 178 Use Cases of Automation and Scripting 179 Benefits of Automation and Scripting 179 Other Considerations 180 Summary 181 Exam Essentials 181 Review Questions 183 Chapter 7 Cryptography and the PKI 189 An Overview of Cryptography 190 Historical Cryptography 191 Goals of Cryptography 196 Confidentiality 197 Integrity 199 Authentication 200 Non-repudiation 200 Cryptographic Concepts 200 Cryptographic Keys 201 Ciphers 202 Modern Cryptography 202 Cryptographic Secrecy 202 Symmetric Key Algorithms 204 Asymmetric Key Algorithms 205 Hashing Algorithms 208 Symmetric Cryptography 208 Data Encryption Standard 208 Advanced Encryption Standard 209 Symmetric Key Management 209 Asymmetric Cryptography 211 RSA 212 Elliptic Curve 213 Hash Functions 214 Sha 215 md 5 216 Digital Signatures 216 HMAC 217 Public Key Infrastructure 218 Certificates 218 Certificate Authorities 219 Certificate Generation and Destruction 220 Certificate Formats 223 Asymmetric Key Management 224 Cryptographic Attacks 225 Brute Force 225 Frequency Analysis 225 Known Plain Text 226 Chosen Plain Text 226 Related Key Attack 226 Birthday Attack 226 Downgrade Attack 227 Hashing, Salting, and Key Stretching 227 Exploiting Weak Keys 228 Exploiting Human Error 228 Emerging Issues in Cryptography 229 Tor and the Dark Web 229 Blockchain 229 Lightweight Cryptography 230 Homomorphic Encryption 230 Quantum Computing 230 Summary 231 Exam Essentials 231 Review Questions 233 Chapter 8 Identity and Access Management 237 Identity 239 Authentication and Authorization 240 Authentication and Authorization Technologies 241 Authentication Methods 246 Passwords 247 Multifactor Authentication 251 One- Time Passwords 252 Biometrics 254 Accounts 256 Account Types 256 Provisioning and Deprovisioning Accounts 257 Access Control Schemes 259 Filesystem Permissions 260 Summary 262 Exam Essentials 262 Review Questions 264 Chapter 9 Resilience and Physical Security 269 Resilience and Recovery in Security Architectures 271 Architectural Considerations and Security 273 Storage Resiliency 274 Response and Recovery Controls 280 Capacity Planning for Resilience and Recovery 283 Testing Resilience and Recovery Controls and Designs 284 Physical Security Controls 285 Site Security 285 Detecting Physical Attacks 291 Summary 291 Exam Essentials 292 Review Questions 294 Chapter 10 Cloud and Virtualization Security 299 Exploring the Cloud 300 Benefits of the Cloud 301 Cloud Roles 303 Cloud Service Models 303 Cloud Deployment Models 307 Private Cloud 307 Shared Responsibility Model 309 Cloud Standards and Guidelines 312 Virtualization 314 Hypervisors 314 Cloud Infrastructure Components 316 Cloud Compute Resources 316 Cloud Storage Resources 319 Cloud Networking 322 Cloud Security Issues 325 Availability 325 Data Sovereignty 326 Virtualization Security 327 Application Security 327 Governance and Auditing of Third- Party Vendors 328 Hardening Cloud Infrastructure 328 Cloud Access Security Brokers 328 Resource Policies 329 Secrets Management 330 Summary 331 Exam Essentials 331 Review Questions 333 Chapter 11 Endpoint Security 337 Operating System Vulnerabilities 339 Hardware Vulnerabilities 340 Protecting Endpoints 341 Preserving Boot Integrity 342 Endpoint Security Tools 344 Hardening Techniques 350 Hardening 350 Service Hardening 350 Network Hardening 352 Default Passwords 352 Removing Unnecessary Software 353 Operating System Hardening 353 Configuration, Standards, and Schemas 356 Encryption 357 Securing Embedded and Specialized Systems 358 Embedded Systems 358 SCADA and ICS 361 Securing the Internet of Things 362 Communication Considerations 363 Security Constraints of Embedded Systems 364 Asset Management 365 Summary 368 Exam Essentials 369 Review Questions 371 Chapter 12 Network Security 375 Designing Secure Networks 377 Infrastructure Considerations 380 Network Design Concepts 380 Network Segmentation 383 Zero Trust 385 Network Access Control 387 Port Security and Port- Level Protections 388 Virtual Private Networks and Remote Access 390 Network Appliances and Security Tools 392 Deception and Disruption Technology 399 Network Security, Services, and Management 400 Secure Protocols 406 Using Secure Protocols 406 Secure Protocols 407 Network Attacks 410 On- Path Attacks 411 Domain Name System Attacks 412 Credential Replay Attacks 414 Malicious Code 415 Distributed Denial- of- Service Attacks 415 Summary 418 Exam Essentials 419 Review Questions 421 Chapter 13 Wireless and Mobile Security 425 Building Secure Wireless Networks 426 Connection Methods 427 Wireless Network Models 431 Attacks Against Wireless Networks and Devices 432 Designing a Network 435 Controller and Access Point Security 438 Wi- Fi Security Standards 438 Wireless Authentication 440 Managing Secure Mobile Devices 442 Mobile Device Deployment Methods 442 Hardening Mobile Devices 444 Mobile Device Management 444 Summary 448 Exam Essentials 449 Review Questions 450 Chapter 14 Monitoring and Incident Response 455 Incident Response 457 The Incident Response Process 458 Training 462 Threat Hunting 463 Understanding Attacks and Incidents 464 Incident Response Data and Tools 466 Monitoring Computing Resources 466 Security Information and Event Management Systems 466 Alerts and Alarms 469 Log Aggregation, Correlation, and Analysis 470 Rules 471 Benchmarks and Logging 478 Reporting and Archiving 478 Mitigation and Recovery 479 Secure Orchestration, Automation, and Response (SOAR) 479 Containment, Mitigation, and Recovery Techniques 479 Root Cause Analysis 482 Summary 483 Exam Essentials 484 Review Questions 485 Chapter 15 Digital Forensics 489 Digital Forensic Concepts 490 Legal Holds and e- Discovery 491 Conducting Digital Forensics 493 Acquiring Forensic Data 493 Acquisition Tools 497 Validating Forensic Data Integrity 500 Data Recovery 502 Forensic Suites and a Forensic Case Example 503 Reporting 507 Digital Forensics and Intelligence 508 Summary 508 Exam Essentials 509 Review Questions 511 Chapter 16 Security Governance and Compliance 515 Security Governance 518 Corporate Governance 518 Governance, Risk, and Compliance Programs 520 Information Security Governance 520 Types of Governance Structures 521 Understanding Policy Documents 521 Policies 522 Standards 524 Procedures 526 Guidelines 528 Exceptions and Compensating Controls 529 Monitoring and Revision 530 Change Management 531 Change Management Processes and Controls 532 Version Control 534 Documentation 535 Personnel Management 535 Least Privilege 535 Separation of Duties 535 Job Rotation and Mandatory Vacations 536 Clean Desk Space 536 Onboarding and Offboarding 536 Nondisclosure Agreements 537 Social Media 537 Third- Party Risk Management 537 Vendor Selection 537 Vendor Assessment 538 Vendor Agreements 538 Vendor Monitoring 539 Winding Down Vendor Relationships 540 Complying with Laws and Regulations 540 Common Compliance Requirements 541 Compliance Reporting 541 Consequences of Noncompliance 542 Compliance Monitoring 543 Adopting Standard Frameworks 543 NIST Cybersecurity Framework 544 NIST Risk Management Framework 546 ISO Standards 547 Benchmarks and Secure Configuration Guides 549 Security Awareness and Training 550 User Training 551 Ongoing Awareness Efforts 553 Summary 554 Exam Essentials 555 Review Questions 557 Chapter 17 Risk Management and Privacy 561 Analyzing Risk 563 Risk Identification 564 Risk Assessment 565 Risk Analysis 567 Managing Risk 570 Risk Mitigation 571 Risk Avoidance 572 Risk Transference 572 Risk Acceptance 573 Risk Tracking 574 Risk Register 575 Risk Reporting 576 Disaster Recovery Planning 577 Disaster Types 577 Business Impact Analysis 578 Privacy 578 Data Inventory 579 Information Classification 580 Data Roles and Responsibilities 581 Information Life Cycle 583 Privacy Enhancing Technologies 584 Privacy and Data Breach Notification 585 Summary 585 Exam Essentials 585 Review Questions 587 Appendix Answers to Review Questions 591 Chapter 1: Today’s Security Professional 592 Chapter 2: Cybersecurity Threat Landscape 593 Chapter 3: Malicious Code 595 Chapter 4: Social Engineering and Password Attacks 597 Chapter 5: Security Assessment and Testing 600 Chapter 6: Application Security 602 Chapter 7: Cryptography and the PKI 604 Chapter 8: Identity and Access Management 605 Chapter 9: Resilience and Physical Security 607 Chapter 10: Cloud and Virtualization Security 609 Chapter 11: Endpoint Security 611 Chapter 12: Network Security 614 Chapter 13: Wireless and Mobile Security 616 Chapter 14: Monitoring and Incident Response 619 Chapter 15: Digital Forensics 621 Chapter 16: Security Governance and Compliance 623 Chapter 17: Risk Management and Privacy 626 Index 629

Your Complete Guide to Passing CompTIA Security+ Exam SY0-701 The CompTIA Security+ exam has long been considered the first career step for security professionals. With the most recent upgrade of the exam, the venerable CompTIA® Security+® Study Guide: Exam SY0-701, Ninth Edition, has been fully updated to assure that you have the knowledge and skills to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments, including cloud, mobile, and Internet of Things (IoT); operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance; and identify, analyze, and respond to security events and incidents. Fully covering all exam objectives, this book also gives you access to the exclusive Sybex online learning environment with hundreds of practice questions, electronic flashcards, and more. Coverage of 100% of all exam objectives in this Study Guide means you’ll be ready for: General Security ConceptsThreats, Vulnerabilities, and MitigationsSecurity ArchitectureSecurity OperationsSecurity Program Management and Oversight ABOUT THE COMPTIA SECURITY+ CERTIFICATION CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. The exam certifies the successful candidate has the knowledge and skills required to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments, including cloud, mobile, and Internet of Things (IoT); operate with an awareness of applicable regulations and policies, including principles of governance, risk, and compliance; and identify, analyze, and respond to security events and incidents. Go to comptia.org for more information. Interactive learning environment Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit https//www.wiley.com/go/sybextestprep, register your book to receive your unique PIN, and instantly gain one year of FREE access after activation to: Interactive test bank with over 500 practice test questions to help you identify areas where further review is needed. Get more than 90% of the answers correct, and you’re ready to take the certification exam.100 electronic flashcards to reinforce learning and last-minute prep before the examComprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared