CompTIA's Security+ is the #1 international vendor-neutral baseline security certification. In 2017, CompTIA is releasing a thoroughly revised certification exam. CompTIA Security+ Exam Cram, Fifth Edition has been thoroughly updated to prepare candidates for the new exam, using the proven Exam Cram method of study.   As with all Exam Cram books, it includes: Chapters that map directly to the exam objectives Comprehensive foundational learning on all topics covered on the exam An extensive collection of practice questions Access to the Pearson Test Prep practice test software that provides real-time practice and feedback, online or offline The Cram Sheet tear-out card including tips, acronyms, and memory joggers not available anywhere else - perfect for last-minute study Topics covered in this book range from identifying threats, attacks, and vulnerabilities to implementing the correct tools and technologies to defend against these vectors; cryptography concepts and deployment techniques to identity and access  management; security architecture and design principles  to risk management. This book brings together all the knowledge professionals need to walk into the exam room with confidence - and pass their Security+ exams with flying colors.

Table of Contents:
Introduction Part I: Threats, Attacks, and Vulnerabilities Chapter 1: Indicators of Compromise and Malware Types Viruses Worms Ransomware Trojan Horses Rootkits Logic Bombs Bots Spyware What Next? Chapter 2: Attack Types Social Engineering     Phishing and Related Attacks     Tailgating     Impersonation     Dumpster Diving     Shoulder Surfing     Hoaxes     Watering Hole Attacks     Principles (Reasons for Effectiveness) Application/Service Attacks     Spoofing     Buffer and Integer Overflows     Zero-Day Attack     Code Injections     Hijacking and Related Attacks     Man-in-the-Middle     Denial of Service Cryptographic Attacks     Brute Force     Weak Implementations Wireless     Wi-Fi     Short Range Wireless Communications What Next? Chapter 3: Threat Actor Types and Attributes Threat Actor Attributes Threat Actor Types     Script Kiddies     Insiders     Hacktivists     Organized Crime     Competitors     Nation States Open Source Intelligence What Next? Chapter 4: Penetration Testing Testing Methodology     Planning     Discovery     Attack     Reporting What Next? Chapter 5: Vulnerability Scanning Types of Vulnerability Scans     Intrusive vs. Non-intrusive     Credentialed vs. Non-credentialed What Next? Chapter 6: Impacts Associated with Vulnerability Types People and Process Race Conditions Resource Exhaustion Architecture and Design Configuration Cryptographic Management Embedded Systems Lack of Vendor Support Improper Software Handling Leaks, Overflows, and Code Injection What Next? Part I Cram Quiz Part II: Technology and Tools Chapter 7: Network Components Perimeter Security     Firewalls     VPN Concentrators     NIDS and NIPS Internal Security     Routers     Switches     Protections     Bridges Boundary Devices     Proxies     Load Balancers     Access Points Enforcement Tools     SIEM     DLP     NAC     Gateways Cryptographic Devices     SSL/TLS Accelerators and Decryptors     HSM What Next? Chapter 8: Software Tools Vulnerability Assessment Tools     Analyzers and Scanners Detection and Protection Tools     Honeypots     Exploitation Frameworks     Password Crackers     Steganography     Backup Utilities     Data Sanitizing Tools     Command-line Tools What Next? Chapter 9: Security Issues Authentication, Authorization, and Access     Unencrypted Credentials and Clear Text     Permission Issues     Access Violations     Authentication Issues     Certificate Issues Misconfigurations and Deviations     Firewall     Content Filter     Access Points     Baseline Deviation     Weak Security Configurations and Data Exfiltration Personnel     Policy Violation     Insider Threat     Social Engineering     Social Media     Personal Email Logs and Event Anomalies Assets and Licensing     Asset Management     License Compliance Violation     Unauthorized Software What Next? Chapter 10: Security Technologies Security Technologies     Host Technologies     Enterprise Technologies What Next? Chapter 11: Mobile Devices Communication Methods Mobile Device Management Concepts     Device, Application, and Content Management     Protections Enforcement and Monitoring Deployment Models     BYOD, CYOD, COPE and Corporate-owned Devices     VDI     Deployment Strategies What Next? Chapter 12: Secure Protocols Secure Protocols     Securing Web Protocols     Securing File Transfer Protocols     Securing Email Protocols     Securing Internal Protocols Use Cases     Secure Web Communication     Secure File Transfer Communication     Secure Email Communication     Secured Internal Communication What Next? Part II Cram Quiz Part III: Architecture and Design Chapter 13: Use Cases, Frameworks, and Best Practices Industry-standard Frameworks and Reference Architectures     Regulatory and Non-regulatory     National vs. International     Industry-specific Frameworks Benchmarks and Secure Configuration Guides     Platform and Vendor-specific Guides     General Purpose Guides Defense in Depth and Layered Security     Vendor Diversity     Control Diversity     User Training What Next? Chapter 14: Network Architecture Zones and Topologies     DMZ, Intranet, and Extranet     Wireless, Guest, and Ad Hoc Networks     NAT     Honeynet Segregation, Segmentation, and Isolation     Physical     Logical (VLAN)     Virtualization VPN Tunneling Security Device and Technology Placement     Sensors, Collectors, and Correlation Engines     Firewalls, Proxies, and Filters     Accelerators, Concentrators, and Balancers     Switches, Taps, and Mirroring SDN What Next? Chapter 15: Secure Systems Design Hardware and Firmware Security     FDE and SED     TPM and HSM     BIOS and UEFI     Secure Boot     Attestation     Supply Chain     Hardware Root of Trust     EMI and EMP Operating Systems     Patch Management     Disabling Unnecessary Ports and Services     Least Functionality     Secure Configurations     Trusted Operating System     Application Whitelisting/Blacklisting     Disable Default Accounts and Passwords Peripherals     Wireless Keyboards and Mice     Displays     WiFi-Enabled MicroSD Cards and Digital Cameras     Printers and MFDs     External Storage Devices What Next? Chapter 16: Secure Staging Deployment Sandboxing Environment     Development and Test     Staging and Production Secure Baseline Integrity Measurement What Next? Chapter 17: Embedded Systems SCADA and ICS Smart Devices and IoT     Wearable Technology     Home Automation SoC and RTOS HVAC Printers, MFDs, and Camera Systems Special-Purpose Devices     Medical Devices     Vehicles     Aircraft and UAV     Protecting Embedded Systems What Next? Chapter 18: Secure Application Development and Deployment Development Life-cycle Models     Waterfall vs. Agile Secure DevOps     Continuous Integration and Security Automation     Baselining     Immutable Systems     Infrastructure As Code Change Management and Version Control Provisioning and Deprovisioning Secure Coding Techniques     Proper Error Handling     Proper Input Validation     Normalization     Stored Procedures     Code Signing     Encryption, Obfuscation, and Camouflage     Code Reuse and Dead Code     Use of Third-Party Libraries and SDKs     Server-side vs. Client-side Execution and Validation     Memory Management     Data Exposure Compiled vs. Runtime Code Code Quality and Testing     Static Code Analyzers     Dynamic Analysis     Stress Testing     Sandboxing     Model Verification What Next? Chapter 19: Cloud and Virtualization Virtualization Concepts     Hypervisors     VDE/VDI     VM Sprawl Avoidance     VM Escape Protection Cloud Concepts     Cloud Storage     Cloud Deployment Models     On-premises vs. Hosted vs. Cloud     Cloud Access Security Broker     Security as a Service What Next? Chapter 20: Reducing Risk Automation and Scripting Templates and Master Images Non-persistence     Snapshots     Revert to Known State and Rollback to Known Configuration     Live Boot Media Scalability and Elasticity Distributive Allocation Fault Tolerance and Redundancy High Availability RAID What Next? Chapter 21: Physical Security Controls Perimeter Security     Signs, Fencing, and Gates     Lighting     Barricades and Bollards     Cameras     Security Guards Internal Security     Alarms     Motion and Infrared Detection     Mantraps     Locks and Lock Types     Cards, Tokens, and Biometrics     Key Management     Logs Equipment Security     Cable Locks     Cages and Safes     Locking Cabinets and Enclosures     Screen Filters     Air Gap Environmental Controls     Protected Cabling, Protected Distribution, and Faraday Cages     HVAC     Fire Suppression     Hot and Cold Aisles What Next? Part III Cram Quiz Part IV: Identity and Access Management Chapter 22: Identity and Access Management Concepts Identification, Authentication, Authorization, and Accounting (AAA) Multifactor Authentication Federation, Single Sign-On, and Transitive Trust     Single Sign-On     Federation     Transitive Trust What Next? Chapter 23: Identity and Access Services Authentication Protocols Directory Services Protocols AAA Protocols and Services Federated Services What Next? Chapter 24: Identity and Access Controls Access Control Models Physical Access Controls Tokens Certificate-based Authentication File System Security Database Security What Next? Chapter 25: Account Management Practices Account Types General Concepts Account Policy Enforcement What Next? Part IV Cram Quiz Part V: Risk Management Chapter 26: Policies, Plans, and Procedures Related to Organizational Security Human Resource Management Policies     Background Checks     Onboarding     Mandatory Vacations     Separation of Duties     Job Rotation     Clean Desk Policies     Role-Based Awareness and Training     Continuing Education     Acceptable Use Policy/Rules of Behavior     Internet Usage     Nondisclosure Agreements     Disciplinary and Adverse Actions     Exit Interviews Interoperability Agreements What Next? Chapter 27: Business Impact Analysis Critical Functions     Identification of Critical Systems     Single Points of Failure Recovery Objectives MTTR MTTF and MTBF Impact Privacy What Next? Chapter 28: Risk Management Processes and Concepts Threat Assessment Risk Assessment     Qualitative Versus Quantitative Measures     Supply Chain Assessment     Change Management     Testing Authorization Risk Register Risk Response Techniques What Next? Chapter 29: Incident Response Procedures Incident Response Plan     Documented Incident Type/Category Definitions     Roles and Responsibilities     Reporting Requirements and Escalation     Cyber-incident Response Teams     Training, Tests, and Exercises Incident Response Process     Preparation     Incident Identification and Analysis     Containment, Eradication, and Recovery     Post-Incident Activities What Next? Chapter 30: Forensics Strategic Intelligence/Counterintelligence Gathering Track Man-hours Order of Volatility Chain of Custody Legal Hold Data Acquisition     Capture System Images     Capture Network Traffic and Logs     Capture Video     Record Time Offset     Take Hashes     Capture Screenshots     Collect Witness Interviews What Next? Chapter 31: Disaster Recovery and Continuity of Operations Disaster Recovery     Recovery Sites     Backups Geographic Considerations Continuity of Operation Planning What Next? Chapter 32: Controls Nature of Controls Functional Use of Controls     Deterrent     Preventive     Detective     Corrective Compensating Controls What Next? Chapter 33: Data Security and Privacy Practices Data Sensitivity Labeling and Handling     Privacy Laws and Regulatory Compliance Data Roles Data Retention and Disposal     Retention     Disposal What Next? Part V Cram Quiz Part VI: Cryptography and PKI Chapter 34: Cryptography Keys     Key Exchange Symmetric Algorithms Asymmetric Algorithms Elliptic Curve and Quantum Cryptography Session Keys Nonrepudiation and Digital Signatures Hashing Use of Proven Technologies and Implementation     Obfuscation Use Cases     Resource Constraints What Next? Chapter 35: Cryptography Algorithms Obfuscation Techniques Symmetric Algorithms     Cipher Modes Asymmetric Algorithms Hashing Algorithms Key Derivation Function What Next? Chapter 36: Wireless Security Settings Access Methods Wireless Cryptographic Protocols     Wireless Equivalent Privacy     Wi-Fi Protected Access     Wi-Fi Protected Access Version 2 Authentication Protocols What Next? Chapter 37: Public Key Infrastructure Certificate Authority (CA)     Certification Practice Statement     Trust Models     Key Escrow Digital Certificate     Public and Private Key Usage     Certificate Signing Request     Certificate Policy     Certificate Types     Certificate Formats Certificate Revocation OCSP Stapling Pinning What Next? Part VI Cram Quiz   Elements Available Online Glossary of Essential Terms and Components Cram Quizzes   9780789759009   TOC   11/21/2017