CompTIA Security+ Review Guide – Exam SY0–601

Introduction xix Chapter 1 Threats, Attacks, and Vulnerabilities 1 1.1 Compare and contrast different types of social engineering techniques 5 1.2 Given a scenario, analyze potential indicators to determine the type of attack 20 1.3 Given a scenario, analyze potential indicators associated with application attacks 37 1.4 Given a scenario, analyze potential indicators associated with network attacks 57 1.5 Explain different threat actors, vectors, and intelligence sources 80 1.6 Explain the security concerns associated with various types of vulnerabilities 91 1.7 Summarize the techniques used in security assessments 99 1.8 Explain the techniques used in penetration testing 109 Review Questions 118 Chapter 2 Architecture and Design 123 2.1 Explain the importance of security concepts in an enterprise environment 128 2.2 Summarize virtualization and cloud computing concepts 139 2.3 Summarize secure application development, deployment, and automation concepts 152 2.4 Summarize authentication and authorization design concepts 167 2.5 Given a scenario, implement cybersecurity resilience 183 2.6 Explain the security implications of embedded and specialized systems 196 2.7 Explain the importance of physical security controls 208 2.8 Summarize the basics of cryptographic concepts 220 Review Questions 240 Chapter 3 Implementation 245 3.1 Given a scenario, implement secure protocols 248 3.2 Given a scenario, implement host or application security solutions 262 3.3 Given a scenario, implement secure network designs 280 3.4 Given a scenario, install and configure wireless security settings 304 3.5 Given a scenario, implement secure mobile solutions 315 3.6 Given a scenario, apply cybersecurity solutions to the cloud 330 3.7 Given a scenario, implement identity and account management controls 336 3.8 Given a scenario, implement authentication and authorization solutions 344 3.9 Given a scenario, implement public key infrastructure 355 Review Questions 370 Chapter 4 Operations and Incident Response 375 4.1 Given a scenario, use the appropriate tool to assess organizational security 377 4.2 Summarize the importance of policies, processes, and procedures for incident response 398 4.3 Given an incident, utilize appropriate data sources to support an investigation 409 4.4 Given an incident, apply mitigation techniques or controls to secure an environment 418 4.5 Explain the key aspects of digital forensics 422 Review Questions 435 Chapter 5 Governance, Risk, and Compliance 441 5.1 Compare and contrast various types of controls 443 5.2 Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture 446 5.3 Explain the importance of policies to organizational security 456 5.4 Summarize risk management processes and concepts 469 5.5 Explain privacy and sensitive data concepts in relation to security 486 Review Questions 494 Appendix Answers to Review Questions 499 Chapter 1: Threats, Attacks, and Vulnerabilities 500 Chapter 2: Architecture and Design 505 Chapter 3: Implementation 508 Chapter 4: Operations and Incident Response 511 Chapter 5: Governance, Risk, and Compliance 514 Index 519